Privacy policy

The following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.


The data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.

On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form.

Other data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. internet browser, operating system or time of page view). The collection of this data takes place automatically as soon as you enter this website.

Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time at the address given in the imprint.

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).

Our hoster will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

We use the following hoster:

• Squarespace

To ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We point out that data transmission over the Internet (eg communication by e-mail) security gaps. A complete protection of the data against access by third parties is not possible.

The responsible party for data processing on this website is:

Leja Johannson
Gebrüder-Wahl Straße 21
35619 Braunfels

E-mail: hello@lejajohannson.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.

Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

If the data processing is based on Art. 6 (1) lit. E or F DSGVO, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection pursuant to art. 21 para. 1 DSGVO).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) DSGVO).

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies.


You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.


This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.


You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

• If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.

• If the processing of your personal data happened/is happening unlawfully, you may request the restriction of data processing instead of erasure.

• If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.

• If you have lodged an objection pursuant to Art. 21 (1) DSGVO, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

The use of contact data published within the framework of the imprint obligation to send advertising and information materials not expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Our Internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to store cookies has been requested, the cookies in question are stored exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and, if necessary, request your consent.

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and version

Operating system used

Referrer URL

Host name of the accessing computer

Time of the server request

IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be collected.

If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this was requested.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this was requested.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

We use Adobe Typekit for the visual design of our website. Typekit is a service provided by Adobe Systems Software Ireland Companies (4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland; hereinafter "Adobe"), which gives us access to a font library. In order to integrate the fonts we use, your browser must establish a connection to an Adobe server in the USA and download the font required for our website. Adobe thereby receives the information that our website was accessed from your IP address. You can find more information about Adobe Typekit in Adobe's privacy policy, which you can access here: https://www.adobe.com/de/privacy/policy.html.

The legal basis for the integration of Adobe Typekit and the associated data transfer to Adobe is your consent (Art. 6 para. 1 lit. a DSGVO).

Calling script libraries or font libraries automatically triggers a connection to the library operator. For information about how Adobe Typekit Web Fonts uses your data, visit https://typekit.com/ and read Adobe Typekit's privacy policy: https://www.adobe.com/de/privacy/policies/typekit.html.

We do not collect any personal data through the integration of Adobe Typekit web fonts.

Adobe is certified under the Privacy Shield agreement, which provides a guarantee of compliance with European data protection law(https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).

The provision of personal data is not required by law or contract. However, without the correct display of the contents of standard fonts can not be enabled.

What is social media?

In addition to our website, we are also active on various social media platforms. In this context, user data may be processed so that we can target users who are interested in us via the social networks. In addition, elements of a social media platform may also be embedded directly in our website. This is the case, for example, when you click on a so-called social button on our website and are redirected directly to our social media presence. So-called social media or social media are websites and apps through which registered members can produce content, share content openly or in specific groups, and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and get in touch online. Our social media presences enable us to bring our products and services closer to prospective customers. The social media elements embedded on our website help you switch to our social media content quickly and without complications.

The data that is stored and processed through your use of a social media channel is primarily for the purpose of being able to perform web analyses. The aim of these analyses is to be able to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, appropriate conclusions can be drawn about your interests with the help of the evaluated data and so-called user profiles can be created. This also enables the platforms to present you with tailored advertisements. In most cases, cookies are set in your browser for this purpose, which store data about your usage behavior.

We generally assume that we remain responsible under data protection law, even if we use services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 DSGVO. Insofar as this is the case, we point this out separately and work on the basis of an agreement in this regard. The essence of the agreement is then reproduced below for the platform concerned.

Please note that when using the social media platforms or our built-in elements, data about you may also be processed outside the European Union, as many social media channels, for example Facebook or Twitter, are American companies. This may make it less easy for you to claim or enforce your rights regarding your personal data.

What data is processed?

Exactly what data is stored and processed depends on the provider of the social media platform. But usually it is data such as phone numbers, email addresses, data you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Especially if you yourself have a profile on the visited social media channel and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the servers of the providers. Thus, only the providers have access to the data and can give you the appropriate information or make changes.

If you want to know exactly what data is stored and processed by the social media providers and how you can object to the data processing, you should carefully read the respective privacy policy of the company. Even if you have questions about data storage and data processing or want to assert corresponding rights, we recommend that you contact the provider directly.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. However, customer data that is matched with our own user data is already deleted within two days. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of accounting, this storage period may be exceeded.

Right of objection

You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy statements of the respective tools.

Legal basis

If you have consented that data from you can be processed and stored by integrated social media elements, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, if consent is given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 (1) (f) DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools insofar as you have given your consent. Most social media platforms also set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.

Information on specific social media platforms - if available - can be found in the following sections.

What is Instagram?

We have integrated Instagram functions on our website. Instagram is a social media platform of the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and is part of the Facebook products. Embedding Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos or videos from Instagram directly on our website. When you call up web pages on our website that have an Instagram function integrated, data is transmitted to Instagram, stored and processed. Instagram uses the same systems and technologies as Facebook. Your data is thus processed across all Facebook companies.

In the following, we want to give you a more detailed insight into why Instagram collects data, what kind of data it is and how you can largely control the data processing. Since Instagram belongs to Meta Platforms Inc., we obtain our information on the one hand from the Instagram policies, but on the other hand also from the Meta Privacy Policy itself.

Instagram is one of the most popular social media networks in the world. Instagram combines the advantages of a blog with those of audiovisual platforms like YouTube or Vimeo. You can upload photos and short videos on "Insta" (as many of the users casually call the platform), edit them with various filters and also distribute them on other social networks. And if you don't want to be active yourself, you can just follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really gone through the roof in recent years. And of course we have also responded to this boom. We want you to feel as comfortable as possible on our website. That's why a varied preparation of our content is a matter of course for us. Through the embedded Instagram features, we can enrich our content with helpful, funny or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also serve us for personalized advertising on Facebook. This way, only people who are really interested in our products or services receive our ads.

Instagram also uses the collected data for measurement and analytics purposes. We get aggregate statistics and thus more insight about your likes and interests. It's important to note that these reports do not identify you personally.

What data is stored by Instagram?

When you come across one of our pages that have Instagram features (such as Instagram images or plug-ins) built in, your browser automatically connects to Instagram's servers. In the process, data is sent to Instagram, stored and processed. And this is regardless of whether you have an Instagram account or not. This includes information about our website, about your computer, about purchases made, about advertisements you see and how you use our offer. Furthermore, the date and time of your interaction with Instagram is also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that this is exactly the same for Instagram. Customer data is, for example, name, address, phone number and IP address. This customer data is only transmitted to Instagram after it has been hashed. Hashing means that a data record is transformed into a character string. This makes it possible to encrypt the contact data. In addition, the "event data" mentioned above is also transmitted. By "event data" Facebook - and consequently Instagram - understands data about your user behavior. It may also happen that contact data is combined with event data. The collected contact data is matched with the data that Instagram already has from you.

Via small text files (cookies), which are usually set in your browser, the collected data is transmitted to Facebook. Depending on the Instagram functions used and whether you have an Instagram account yourself, different amounts of data are stored.

We assume that Instagram's data processing works in the same way as Facebook's. This means that if you have an Instagram account or have visited www.instagram.com, Instagram has at least set a cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram function. After 90 days at the latest (after matching), this data is deleted again or anonymized. Although we have intensively studied Instagram's data processing, we cannot say exactly what data Instagram collects and stores.

Below we show you cookies that are set in your browser at least when you click on an Instagram feature (such as button or an Insta image). In our test, we assume that you do not have an Instagram account. Of course, if you are logged in to Instagram, significantly more cookies are set in your browser.

These cookies were used in our test:

Name: csrftoken

Value: ""

Purpose: This cookie is most likely set for security reasons to prevent falsification of requests. However, we could not find out more precisely.

Expiration date: after one year

Name: mid

Value: ""

Purpose: Instagram sets this cookie to optimize its own services and offers on and off Instagram. The cookie sets a unique user ID.

Expiration date: after the end of the session

Name: fbsr_312007122124024

Value: no data

Purpose: This cookie stores the log-in request for users of the Instagram app.

Expiration date: after the end of the session

Name: rur

Value: ATN

Purpose: This is an Instagram cookie that ensures functionality on Instagram.

Expiration date: after the end of the session

Name: urlgen

Wert: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe312007122”

Purpose: This cookie is used for Instagram's marketing purposes.

Expiration date: after the end of the session

Note: We cannot claim completeness here. Which cookies are set in individual cases depends on the embedded features and your use of Instagram.

How long and where is the data stored?

Instagram shares the information it receives between Facebook companies with external partners and with people you connect with around the world. The data processing is done in compliance with its own data policy. Your data is distributed, among other things for security reasons, on Facebook servers around the world. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the Basic Data Protection Regulation, you have the right of access, portability, rectification and deletion of your data. You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

And this is how the deletion of the Instagram account works:

First, open the Instagram app. On your profile page, go down and click on "Help section". Now you will get to the company's website. On the webpage, click "Manage account" and then click "Delete your account".

When you delete your account entirely, Instagram deletes posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and consequently will not be deleted.

As mentioned above, Instagram stores your data primarily via cookies. You can manage, disable or delete these cookies in your browser. Depending on your browser, the management always works a bit differently. Under the section "Cookies" you will find the corresponding links to the respective instructions of the most popular browsers.

You can also basically set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented that data from you can be processed and stored by integrated social media elements, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements insofar as you have given your consent. Most social media platforms also set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.

Instagram and Facebook, respectively, also process data in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

Facebook uses standard contractual clauses approved by the EU Commission (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. These clauses oblige Facebook to comply with the EU level of data protection when processing relevant data outside the EU as well. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here, among other places: https://germany.representation.ec.europa.eu/index_de.

We have tried to bring you closer to the most important information about Instagram's data processing. Auf https://help.instagram.com/519522125107875

you can take a closer look at Instagram's data policies.

What is Pinterest?

We use buttons and widgets of the social media network Pinterest, of the company Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA on our site. For the European area, the Irish company Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all data protection-relevant aspects.

Pinterest is a social network that specializes in graphic representations or photographs. The name is made up of the two words "pin" and "interest". Users can share various hobbies and interests via Pinterest and view the respective profiles with pictures openly or in defined groups.

Why do we use Pinterest?

Pinterest has been around for a few years now and is still one of the most visited and appreciated social media platforms. Pinterest is especially suitable for our industry because the platform is primarily known for beautiful and interesting images. That's why we are naturally also represented on Pinterest and want to showcase our content accordingly away from our website. The data collected can also be used for advertising purposes, so that we can show advertising messages to precisely those people who are interested in our services or products.

What data is processed by Pinterest?

So-called log data may be stored. This includes information about your browser, IP address, the address of our website and the activities performed on it (for example, when you click the bookmark or pin button), search histories, date and time of the request and cookie and device data. When you interact with an embedded Pinterest feature, cookies that store various data may also be set in your browser. Mostly, the log data mentioned above, preset language settings, and clickstream data are stored in cookies. By clickstream data, Pinterest means information about your website behavior.

If you have a Pinterest account yourself and are logged in, the data collected via our site can be added to your account and used for advertising purposes. When you interact with our embedded Pinterest features, you are usually redirected to the Pinterest page.

Here you can see an exemplary selection of cookies that are then set in your browser.

Name: _auth

Value: 0

Purpose: The cookie is used for authentication. For example, a value such as your "username" can be stored in it.

Expiration date: after one year

Name: _pinterest_referrer

Value: 1

Purpose: The cookie stores that you reached Pinterest via our website. Thus, the URL of our website is stored.

Expiration date: after end of session

Name: _pinterest_sess

Value: ...9HRHZvVE0rQlUxdG89

Purpose: The cookie is used to log in to Pinterest and contains user IDs, authentication tokens and timestamps.

Expiration date: after one year

Name: _routing_id

Wert: “8d850ddd-4fb8-499c-961c-77efae9d4065312007122-8”

Purpose: The cookie contains an assigned value that is used to identify a specific routing destination.

Expiration date: after one day

Name: cm_sub

Value: denied

Purpose: This cookie stores a user ID and timestamp.

Expiration date: after one year

Name: csrftoken

Wert: 9e49145c82a93d34fd933b0fd8446165312007122-1

Purpose: This cookie is most likely set for security reasons to prevent falsification of requests. However, we could not find out more precisely.

Expiration date: after one year

Name: sessionFunnelEventLogged

Value: 1

Purpose: We have not yet been able to find out any more information about this cookie.

Expiration date: after one day

How long and where is the data stored?

Pinterest generally stores the collected data until it is no longer needed for the company's purposes. As soon as data storage is no longer necessary, for example to comply with legal regulations, the data is either deleted or anonymized so that you can no longer be identified as a person. The data may also be stored on American servers.

Right of objection

You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers such as Pinterest at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser.

Since cookies may be used with embedded Pinterest elements, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy statements of the respective tools.

Legal basis

If you have consented that data from you can be processed and stored by integrated social media elements, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tool insofar as you have given your consent. Most social media platforms also set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.

Pinterest also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, thus in particular in the USA) or a data transfer there, Pinterest uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Pinterest undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

For more information on Pinterest's standard contractual clauses, please visit https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.

We have tried to bring you closer to the most important information about Pinterest's data processing. You can learn more about Pinterest's data policies at https://policy.pinterest.com/de/privacy-policy.

What is reCAPTCHA?

Our primary goal is to secure and protect our website for you and for us in the best possible way. To ensure this, we use Google reCAPTCHA from the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA we can determine whether you are really a flesh and blood human being and not a robot or other spam software. By spam we mean any unsolicited information sent to us electronically. With the classic CAPTCHAS, you usually had to solve text or image puzzles to verify the information. With reCAPTCHA from Google, we usually don't have to bother you with such puzzles. Here, in most cases, it is enough to simply check a box to confirm that you are not a bot. With the new Invisible reCAPTCHA version, you don't even have to set a checkmark anymore. How this works exactly and especially which data is used for this, you will learn in the course of this privacy policy.

reCAPTCHA is a free captcha service from Google that protects websites from spam software and abuse by non-human visitors. The most common use of this service is when you fill out forms on the Internet. A captcha service is a kind of automatic Turing test, designed to ensure that an action on the Internet is performed by a human and not by a bot. In the classic Turing test (named after computer scientist Alan Turing), a human determines the distinction between a bot and a human. In captchas, the computer or a software program also does this. Classic captchas work with small tasks that are easy for humans to solve, but present significant difficulties for machines. With reCAPTCHA, you no longer have to actively solve puzzles. The tool uses modern risk techniques to distinguish humans from bots. Here, you only need to check the "I am not a robot" text box, or with Invisible reCAPTCHA, even that is no longer necessary. With reCAPTCHA, a JavaScript element is included in the source code and then the tool runs in the background and analyzes your user behavior. From these user actions, the software calculates a so-called captcha score. Google uses this score to calculate even before the captcha is entered how likely you are to be a human. reCAPTCHA or captchas in general are always used when bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).

Why do we use reCAPTCHA on our website?

We only want to welcome flesh and blood people on our site. Bots or spam software of any kind can safely stay at home. That's why we pull out all the stops to protect ourselves and offer the best possible user experience for you. For this reason we use Google reCAPTCHA from Google. This way we can be pretty sure that we remain a "bot-free" website. By using reCAPTCHA, data is sent to Google to determine whether you are actually human. reCAPTCHA therefore serves the security of our website and, by extension, your security. For example, without reCAPTCHA, it could happen that a bot registers as many e-mail addresses as possible during registration in order to "spam" forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.

What data is stored by reCAPTCHA?

reCAPTCHA collects personal data from users to determine whether the actions on our website really come from people. Thus, the IP address and other data required by Google for the reCAPTCHA service may be sent to Google. IP addresses are almost always shortened beforehand within the member states of the EU or other contracting states to the Agreement on the European Economic Area before the data ends up on a server in the USA. The IP address is not combined with other data from Google unless you are logged in with your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube. Gmail, etc.) are already placed on your browser. Then, reCAPTCHA places an additional cookie on your browser and captures a snapshot of your browser window.

The following list of collected browser and user data does not claim to be complete. Rather, they are examples of data that, to our knowledge, are processed by Google.

Referrer URL (the address of the page from which the visitor comes)

IP address (e.g. 256.123.123.1)

Info about the operating system (the software that allows your computer to run. Known operating systems are Windows, Mac OS X or Linux).

Cookies (small text files that store data in your browser)

Mouse and keyboard behavior (every action you perform with the mouse or keyboard is saved)

Date and language settings (which language or date you have preset on your PC will be saved)

All JavaScript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all kinds of data under one name).

Screen resolution (shows how many pixels the image display consists of)

It is undisputed that Google uses and analyzes this data even before you click the "I am not a robot" checkbox. With the Invisible reCAPTCHA version, even the ticking is omitted and the entire recognition process runs in the background. How much and which data Google stores exactly, Google does not tell you in detail.

The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo. All of these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:

Name: IDE

Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-312007122-8

Purpose: This cookie is set by the DoubleClick company (also owned by Google) to register and report a user's actions on the website when dealing with advertisements. In this way, advertising effectiveness can be measured and appropriate optimization measures can be taken. IDE is stored in browsers under the domain doubleclick.net.

Expiration date: after one year

Name: 1P_JAR

Value: 2019-5-14-12

Purpose: This cookie collects statistics about website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. Furthermore, the cookie can be used to prevent a user from seeing the same ad more than once.

Expiration date: after one month

Name: ANID

Wert: U7j1v3dZa3120071220xgZFmiqWppRWKOr

Purpose: We could not find out much information about this cookie. In Google's privacy policy, the cookie is mentioned in connection with "advertising cookies" such as "DSID", "FLC", "AID", "TAID". ANID is stored under domain google.com.

Expiration date: after 9 months

Name: CONSENT

Value: YES+AT.com+20150628-20-0

Purpose: The cookie stores the status of a user's consent to use various Google services. CONSENT is also used for security purposes to verify users, prevent credential fraud, and protect user data from unauthorized attacks.

Expiration date: after 19 years

Name: NID

Wert: 0WmuWqy312007122zILzqV_nmt3sDXwPeM5Q

Purpose: NID is used by Google to customize ads to your Google searches. With the help of the cookie, Google "remembers" your most entered search queries or your previous interaction with ads. This way, you always get tailored ads. The cookie contains a unique ID to collect personal settings of the user for advertising purposes.

Expiration date: after 6 months

Name: DV

Wert: gEAABBCjJMXcI0dSAAAANbqc312007122-4

Purpose: Once you have checked the "I am not a robot" box, this cookie is set. The cookie is used by Google Analytics for personalized advertising. DV collects information in anonymous form and is further used to make user distinctions.

Expiration date: after 10 minutes

Note: This list cannot claim to be exhaustive, as Google's experience shows that it changes its choice of cookies time and again.

How long and where is the data stored?

By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored, Google does not make clear, even after repeated inquiries. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on Google's European or American servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged. The deviating data protection provisions of the Google company apply to this.

How can I delete my data or prevent data storage?

If you do not want any data about you and your behavior to be transmitted to Google, you must log out of Google completely and delete all Google cookies before you visit our website or use the reCAPTCHA software. Basically, as soon as you visit our site, the data is automatically transmitted to Google. To delete this data again, you must contact Google support at https://support.google.com/?hl=de&tid=312007122.

Thus, by using our website, you consent to the automatic collection, processing and use of data by Google LLC and its agents.

Please note that when using this tool, data from you may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data to insecure third countries may therefore not simply be transferred, stored and processed there unless there are suitable safeguards (such as EU standard contractual clauses) between us and the non-European service provider.

Legal basis

If you have consented to Google reCAPTCHA being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by Google reCAPTCHA.

We also have a legitimate interest in using Google reCAPTCHA to optimize our online service and make it more secure. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use Google reCAPTCHA if you have given your consent.

Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO) as the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which correspond to the standard contractual clauses, can be found at https://business.safety.google/adsprocessorterms/.

You can learn a bit more about reCAPTCHA on Google's web developer page at https://developers.google.com/recaptcha/. Google does go into more detail here about the technical development of reCAPTCHA, but you will search in vain for precise information about data storage and privacy-related topics there as well. A good overview of the basic use of data at Google can be found in the in-house privacy policy at https://www.google.com/intl/de/policies/privacy/.

This page uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must connect to Google's servers. This enables Google to know that this website has been accessed via your IP address. The use of Google WebFonts is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the uniform presentation of the typeface on his website. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

If your browser does not support web fonts, a default font is used by your computer.

For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and see Google's privacy policy: https://policies.google.com/privacy?hl=de.