Privacy Policy

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as 'data') we process, for what purposes, and to what extent. The privacy policy applies to all our processing of personal data, both in the provision of our services and specifically on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as 'Online Service').

The terms used are not gender-specific.

Date: April 17, 2024

Table of Contents

Responsible

Dominik Schwan

Email Address: contact@wp-enhancer.com

Overview of Processing

The following overview summarizes the types of data processed, the purposes of processing, and refers to the persons affected.

Types of Data Processed

• Inventory Data.
• Contact Data.
• Content Data.
• Usage Data.
• Meta, Communication, and Process Data.

Categories of Persons Affected

• Communication Partners.
• Users.

Purposes of Processing

• Provision of Contractual Services and Fulfillment of Contractual Obligations.
• Security Measures.
• Direct Marketing.
• Reach Measurement.
• Tracking.
• Conversion Measurement.
• Feedback.
• Marketing.
• Profiles with User-Related Information.
• Provision of Our Online Services and User-Friendliness.
• Information Technology Infrastructure.

Relevant Legal Bases

Relevant legal bases according to the GDPR: Below, you will find an overview of the legal bases of the GDPR, on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence may apply. Should more specific legal bases be relevant in individual cases, we will inform you of these in the privacy policy.

• Consent (Art. 6 para. 1 s. 1 lit. a GDPR) - The data subject has given their consent to the processing of their personal data for one or more specific purposes.
• Legitimate interests (Art. 6 para. 1 s. 1 lit. f GDPR) - the processing is necessary to protect the legitimate interests of the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject that require protection of personal data do not outweigh these.

National data protection regulations in Germany: In addition to the GDPR data protection regulations, national regulations on data protection in Germany apply. This includes, in particular, the Act to Protect Against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated decision-making in individual cases including profiling. Additionally, state data protection laws of the individual federal states may apply.

Notice on the applicability of the GDPR and Swiss DPA: These data protection notes serve both to provide information under the Swiss Federal Act on Data Protection (Swiss DPA) as well as the General Data Protection Regulation (GDPR). For this reason, we ask you to note that due to the broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DPA such as 'processing' of 'personal data', 'predominant interest', and 'particularly sensitive personal data', the terms used in the GDPR 'processing' of 'personal data', 'legitimate interest', and 'special categories of data' are used. However, the legal meaning of the terms is still determined according to the Swiss DPA within the scope of its application.

Security Measures

In accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

• Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) of GDPR; this also applies to profiling based on these provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
• Right to Withdraw Consent: You have the right to withdraw consent at any time.
• Right to Access: You have the right to request confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the following information, along with a copy of the data as stipulated by law.
• Right to Rectification: You have the right under legal provisions to have incomplete personal data completed or incorrect personal data concerning you corrected.
• Right to Erasure and Restriction of Processing: You have the right, according to legal provisions, to demand that personal data concerning you be erased without delay, or alternatively, to demand restriction of processing of the data in accordance with the law.
• Right to Data Portability: You have the right, according to legal provisions, to receive personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to request the transfer of this data to another controller.
• Right to Lodge a Complaint with a Supervisory Authority: You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, your place of work or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy, if you believe that the processing of personal data concerning you infringes the GDPR.

Provision of Online Services and Web Hosting

We process users' data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the contents and functions of our online services to the user's browser or device.

Types of Data Processed:

• Usage Data (e.g., pages visited, time spent, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions).
• Meta, Communication, and Procedure Data (e.g., IP addresses, time stamps, identification numbers, involved parties).

Affected Persons:

• Users (e.g., website visitors, users of online services).

Purposes of Processing:

• Provision of our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)).
• Security measures.

Legal Bases:

• Legitimate Interests (Art. 6(1) sentence 1 lit. f GDPR).

Additional Information on Processing Operations, Procedures, and Services:

Collection of Access Data and Log Files: Access to our online services is recorded in the form of 'server log files'. Server log files may include the address and name of the accessed web pages and files, date and time of access, data volumes transferred, report of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to prevent server overload (especially in the case of malicious attacks, known as DDoS attacks), and to ensure the servers' load and stability; Legal basis: Legitimate Interests (Art. 6(1) sentence 1 lit. f GDPR). Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data necessary for further retention for evidential purposes are excluded from deletion until the respective incident is fully resolved.

Hetzner: Services in the area of providing IT infrastructure and related services (e.g., storage space and/or computing capacities); Service Provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Legal Basis: Legitimate Interests (Art. 6(1) sentence 1 lit. f GDPR); Website: https://www.hetzner.com; Privacy Policy: https://www.hetzner.com/de/rechtliches/datenschutz; Data Processing Agreement: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.

Use of Cookies

Cookies are small text files or other storage records that store and retrieve information on end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the content accessed or functions used in an online service. Cookies can also be used for various purposes, such as for the functionality, security, and comfort of online offers, as well as for creating analyses of visitor flows.

Notes on Consent:

We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not required by law. Permission is particularly unnecessary when storing and reading information, including cookies, is absolutely necessary to provide users with a telemedia service they explicitly request (i.e., our online service). The revocable consent is clearly communicated to them and includes information on the specific use of cookies.

Notes on Legal Bases for Data Protection:

The legal basis on which we process personal data of users via cookies depends on whether we ask for their consent. If users agree, the legal basis for processing their data is their declared consent. Otherwise, data processed via cookies is based on our legitimate interests (e.g., in the economic operation of our online services and improving their usability), or, if this occurs as part of fulfilling our contractual obligations, when the use of cookies is necessary to meet our contractual obligations. We will provide details on the purposes for which cookies are used either in the course of this privacy policy or during our consent and processing procedures.

Storage Duration:

Regarding storage duration, the following types of cookies are distinguished:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their device (e.g., browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the device has been closed. For example, the login status can be saved, and preferred content can be displayed directly when the user revisits a website. Similarly, user data collected via cookies can be used for measuring reach. Unless we provide users with explicit details about the type and duration of cookies (e.g., when obtaining consent), they should assume that these are permanent and the storage duration can be up to two years.

General Notes on Revocation and Objection (Opt-out):

Users can revoke their consents at any time and also object to the processing according to legal requirements, including through their browser's privacy settings.

Legal Bases:

• Legitimate Interests (Art. 6(1) clause 1 lit. f GDPR).
• Consent (Art. 6(1) clause 1 lit. a GDPR).

Further Notes on Processing Operations, Procedures, and Services:

Processing of cookie data based on consent: We use a consent management solution, where users' consent for the use of cookies or for the procedures and providers mentioned within the consent management solution is obtained. This process serves the collection, logging, management, and revocation of consents, particularly with respect to the use of cookies and similar technologies for storing, reading, and processing information on users' devices. In this process, users' consents for using cookies and the related processing of information, including the specific processes and providers mentioned in the consent management procedure, are collected. Users also have the opportunity to manage and revoke their consents. Consent declarations are stored to avoid re-querying and to provide proof of consent according to legal requirements. The storage is performed server-side and/or in a cookie (known as an opt-in cookie) or by similar technologies, to associate the consent with a specific user or their device. If no specific details about the providers of consent management services are available, the following general notes apply: The duration of consent storage is up to two years. A pseudonymous user identifier is created and stored along with the time of consent, the extent of the consent (e.g., relevant categories of cookies and/or service providers), and information about the browser, the system, and the device used; Legal basis: Consent (Art. 6(1) para. 1 lit. a GDPR).

Blogs and Publishing Media

We use blogs or similar means of online communication and publication (hereinafter referred to as 'publishing media'). The data of readers are processed only to the extent necessary for the presentation of the publishing media and the communication between authors and readers, or for security reasons. Furthermore, we refer to the information on the processing of visitors to our publishing media as part of these data protection notices.

Types of Data Processed:

• Inventory data (e.g., full name, residential address, contact information, customer number, etc.);
• Contact data (e.g., postal and email addresses or telephone numbers);
• Content data (e.g., textual or visual messages and contributions and the related information, such as details about authorship or the time of creation);
• Usage data (e.g., page views and duration of stay, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features).
• Meta, communication and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons).

Affected Persons:

• Users (e.g., website visitors, users of online services).

Purposes of Processing:

• Provision of contractual services and fulfillment of contractual obligations; Feedback (e.g., collecting feedback via online form).
• Provision of our online offerings and user-friendliness.

Legal Bases:

• Legitimate Interests (Art. 6(1) para. 1 lit. f GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as 'newsletters') exclusively with the consent of the recipients or on a legal basis. If the contents of the newsletter are specified during the registration process, these contents are crucial for the consent of the users. Normally, providing your email address is sufficient for signing up for our newsletter. However, to provide a personalized service, we may ask you to provide your name for a personal greeting in the newsletter or for further information if necessary for the purpose of the newsletter.

Deletion and Restriction of Processing:

We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to prove a previously given consent. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist.

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper execution. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.

Contents:

• Information about us, our services, promotions, and offers.

Types of Data Processed:

• Inventory data (e.g., full name, residential address, contact information, customer number, etc.);
• Contact data (e.g., postal and email addresses or telephone numbers);
• Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons).

Affected Persons:

• Communication partners.

Purposes of Processing:

• Direct marketing (e.g., via email or postal mail).

Legal Bases:

• Consent (Art. 6(1) para. 1 lit. a GDPR).

Option to Object (Opt-Out):

You can cancel the receipt of our newsletter at any time, i.e., revoke your consents, or object to further receipt. A link to cancel the newsletter can be found at the end of each newsletter, or you can use one of the contact options provided above, preferably email, for this purpose.

Web Analytics, Monitoring, and Optimization

Web analytics (also referred to as 'reach measurement') is used to evaluate the visitor flows of our online offering and can include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With reach analysis, for example, we can determine when our online offerings or its functions or content are most frequently used, or invite reuse. It also enables us to understand which areas need optimization.

In addition to web analytics, we can also use testing procedures to test and optimize different versions of our online offering or its components.

Unless stated otherwise below, profiles, which are data aggregated into a usage process, can be created for these purposes, and information can be stored in a browser or on a device and then read out. The collected information particularly includes visited websites and the elements used there, as well as technical information, such as the browser used, the computer system, and usage times. If users have consented to the collection of their location data by us or the providers of the services we use, the processing of location data is also possible.

Additionally, users' IP addresses are stored. However, we use an IP masking process (i.e., pseudonymization by truncating the IP address) to protect users. Generally, no clear data of users (such as email addresses or names) are stored in the context of web analytics, A/B testing, and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective processes.

Notes on Legal Bases:

If we ask users for their consent to the use of third parties, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this data protection declaration.

Types of Data Processed:

• Usage data (e.g., page views and duration of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions).
• Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons).

Affected Persons:

• Users (e.g., website visitors, users of online services).

Purposes of Processing:

• Reach measurement (e.g., access statistics, detection of returning visitors); profiles with user-related information (creating user profiles).
• Provision of our online offerings and user-friendliness.

Safety Measures

• IP Masking (Pseudonymization of the IP address)

Legal Basis

• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR)

Further Information on Processing Activities, Procedures and Services

Google Analytics: We use Google Analytics to measure and analyze the use of our online offer based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It is used to assign analysis information to an end device in order to identify which content users have accessed during one or several usage processes, which search terms they used, accessed them again, or interacted with our online offering. Likewise, the time of use and its duration are stored, as well as the sources of the users who refer to our online offer and technical aspects of their devices and browsers.

Pseudonymous profiles of users are created with information from the use of various devices, where cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographical location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is exclusively used for this derivation of geolocation data before being immediately deleted. They are not logged, are not accessible, and are not used for further purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded for processing to Analytics servers; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website: <a href='https://marketingplatform.google.com/intl/en/about/analytics/'>https://marketingplatform.google.com/intl/en/about/analytics/</a>; Security measures: IP Masking (Pseudonymization of the IP address); Privacy policy: <a href='https://policies.google.com/privacy'>https://policies.google.com/privacy</a>; Data processing agreement: <a href='https://business.safety.google/adsprocessorterms/'>https://business.safety.google/adsprocessorterms/</a>; Basis for third-country transfers: Data Privacy Framework (DPF); Objection option (Opt-Out): Opt-Out Plugin: <a href='https://tools.google.com/dlpage/gaoptout'>https://tools.google.com/dlpage/gaoptout</a>, Settings for the display of advertisements: <a href='https://myadcenter.google.com/personalizationoff'>https://myadcenter.google.com/personalizationoff</a>. More information: <a href='https://business.safety.google/adsservices/'>https://business.safety.google/adsservices/</a> (Types of processing as well as processed data).

Matomo: Matomo is a software used for web analytics and reach measurement. In the course of using Matomo, cookies are generated and stored on the user's device. The data collected through the use of Matomo is processed solely by us and not shared with third parties. The cookies are stored for a maximum period of 13 months: <a href='https://matomo.org/faq/general/faq_146/'>https://matomo.org/faq/general/faq_146/</a>; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Data deletion: The cookies have a storage duration of up to 13 months.

Online Marketing

We process personal data for the purpose of online marketing, which may particularly include the marketing of advertising spaces or the display of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called "cookie") or similar methods are used, by which the information relevant to the display of the aforementioned content is stored. This may include viewed content, visited websites, online networks used, as well as communication partners and technical information, such as the browser used, the computer system and information on usage times and functions used. If users have consented to the collection of their location data, these can also be processed.

Additionally, users' IP addresses are stored. However, we use available IP masking methods (i.e., pseudonymization by truncating the IP address) for user protection. Generally, clear data of users (such as email addresses or names) are not stored in the online marketing process, but pseudonyms are used. This means that neither we nor the providers of the online marketing processes know the actual identity of the users, but only the information stored in their profiles.

The statements in the profiles are usually stored in cookies or by similar methods. These cookies can later generally be read on other websites that use the same online marketing procedure, analyzed for the purpose of displaying content, supplemented with further data, and stored on the server of the online marketing procedure provider.

Exceptionally, it is possible to assign clear data to the profiles, primarily when users are for example members of a social network whose online marketing procedures we use, and the network connects the user profiles with the aforementioned information. Please note that users may make additional arrangements with the providers, such as by consenting during registration.

We generally only have access to aggregated information about the success of our advertisements. However, we can check which of our online marketing methods have led to a so-called conversion, i.e., for example, to a contract conclusion with us, through so-called conversion measurements. The conversion measurement is used solely for the success analysis of our marketing measures.

Unless otherwise stated, please assume that cookies used are stored for a period of two years.

Notes on Legal Bases

If we ask users for their consent to the use of third parties, the legal basis for data processing is permission. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

Types of Data Processed

• Usage Data (e.g., page views and duration of stay, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions)
• Meta, Communication, and Procedure Data (e.g., IP addresses, time information, identification numbers, involved persons)

Data Subjects

• Users (e.g., website visitors, users of online services)

Purposes of Processing

• Reach measurement (e.g., access statistics, detection of returning visitors); Tracking (e.g., interest-/behavior-based profiling, use of cookies); Marketing; Profiles with user-related information (creation of user profiles). Conversion measurement (measuring the effectiveness of marketing measures).

Security Measures

• IP Masking (Pseudonymization of the IP address)

Legal Bases

• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing methods, procedures, and services

Google Ads and Conversion Measurement: Online marketing procedures for the purpose of placing content and advertisements within the service provider's advertising network (e.g., in search results, videos, websites, etc.), so that they are displayed to users who are presumed to have an interest in the advertisements. In addition, we measure the conversion of the advertisements, i.e., whether users have taken them as an occasion to interact with the advertisements and to use the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6 para. 1 s. 1 lit. a) GDPR), Legitimate Interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for Third Country Transfers: Data Privacy Framework (DPF); Further Information: Types of processing and the data processed: https://business.safety.google/adsservices/. Data processing terms between controllers and standard contractual clauses for third country data transfers: https://business.safety.google/adscontrollerterms.

Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke