Data Protection

Status: February 1, 2024

Table of contents

• Responsible party
• Contact Data Protection Officer
• Overview of processing activities
• Applicable legal bases
• Transmission of personal data
• International data transfers
• Deletion of data
• Rights of the data subjects
• Use of cookies
• My Services
• Provision of the online service and web hosting
• Blogs and publication media
• Contact and inquiry management
• Newsletters and electronic notifications
• Advertising communication via email, mail, fax, or telephone
• Web analysis, monitoring, and optimization
• Change and update of the privacy policy
• Definitions of terms

Responsible party

Fabian Rücker
Weidengasse 32
50999 Cologne
Germany

E-Mail-Adresse: fabian.ruecker@KoaVie.de

Contact Data Protection Officer

webmaster@KoaVie.de

Overview of processing activities

The following overview summarizes the types of processed data and the purposes of their processing and refers to the affected individuals..

Types of processed data

• Inventory data.
• Payment data.
• Contact data.
• Content of the video.
• Contract data.
• Terms of Service.
• Meta, communication, and procedural data.

Special categories of data

• Health data.

Categories of affected persons

• Customer number.
• Interested parties.
• Communication partners.
• User profile.
• Business and contracting partners.

Purposes of processing

• Provision of contractual services and fulfillment of contractual obligations..
• Contact requests and communication.
• Security measures.
• Marketing.
• Reach measurement.
• Office and organizational procedures.
• Management and response to inquiries.
• Feedback.
• Profiles with user-related information.
• Provision of the online service and web hosting.
• Information technology infrastructure.

Applicable legal bases

Applicable legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence. If, in individual cases, more specific legal bases are relevant, we will inform you of these in the privacy policy..

• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR - The data subject has given consent to the processing of his or her personal data concerning him or her for one or more specific purposesseveral specific purposes.
• Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 lit. b) GDPR - Processing is necessary for the performance of a contract to which the party to which is the data subject, or for the performance of pre-contractual measures taken at the request of the person.
• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR - The processing is necessary for compliance with a legal obligation to which the controller is subject.
• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR - Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations in Germany apply. This particularly includes the Federal Data Protection Act (Bundesdatenschutzgesetz BDSG) for the protection against misuse of personal data in data processing. The BDSG contains specific provisions regarding the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and the transmission and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may also apply..

Note on the applicability of GDPR and Swiss DSG: This data protection notice serves both to provide information in accordance with the Swiss Federal Act on Data Protection (Swiss DPA) and according to the General Data Protection Regulation (GDPR).

Transmission of personal data

As part of our processing of personal data, it can happen that the data is transmitted to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. Recipients of this data may include service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we adhere to legal requirements and conclude appropriate contracts or agreements that protect your data with the recipients of your data..

Data transfer within the organization: We may transfer personal data to other entities within our organization or grant them access to this data. If this transfer occurs for administrative purposes, it is based on our legitimate business and economic interests, or occurs insofar as it is necessary for fulfilling our contractual obligations or if consent from the affected person or legal permission is present..

International data transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or the processing takes place in the context of using services from third parties or the disclosure or transfer of data to other persons, entities, or companies, this only occurs in accordance with legal requirements. If the level of data protection in the third country has been recognized through an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers occur only if the level of data protection is secured in another manner, particularly through standard contractual clauses (Art. 46 para. 2 letter c) GDPR), explicit consent, or in the case of contractual or legally required transfers (Art. 49 para. 1 GDPR). Additionally, we will inform you about the foundations of data transfers to third countries with the individual providers from the third country, whereby the adequacy decisions will take precedence as foundational grounds. Information regarding transfers to third countries and existing adequacy decisions can be obtained from the information offer of the EU Commission.: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

EU-US Trans-Atlantic Data Privacy Framework: Under the so-called Data Privacy Framework (DPF), the European Commission has also recognized the level of data protection for certain companies from the USA as safe in accordance with the adequacy decision of July 10, 2023. The list of certified companies as well as further information about the DPF can be found on the website of the U.S. Department of Commerce. https://www.dataprivacyframework.gov/ (in English) You can find it. We inform you in the privacy notices which service providers we use are certified under the Data Privacy Framework..

Deletion of data

The data we process will be deleted in accordance with legal requirements as soon as their processing consents are revoked or other permissions expire (e.g., if the purpose of processing such data has ceased or they are no longer needed for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. That is, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for asserting, exercising, or defending legal claims or for protecting the rights of another natural or legal person. Our privacy notices may also contain further information regarding the retention and deletion of data that is priority for the respective processing..

Rights of the data subjects

Rights of the affected persons under the GDPR: You have various rights under the GDPR as an affected person, which are based particularly on Articles 15 to 21 of the GDPR.:

• Right of objection: You have the right to object, on grounds relating to your particular situation , to object at any time to the processing of your personal data that is processed on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions; this also applies to profiling based on these If the personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising ; this also applies to profiling to the extent that it is related to such direct advertising.
• Right of withdrawal in case of consents: You have the right to withdraw your consent at any time.
• Right of access: You have the right to request confirmation as to whether personal data concerning you is being processed, and to obtain information about these data as well as further information and a copy of the data in accordance with legal provisions..
• Right to rectification: In accordance with the legal requirements, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you inaccurate data concerning you.
• Deletion and restriction of processing: You have the right, in accordance with legal provisions, to demand that your personal data be erased immediately, or alternatively, to request a restriction of the processing of the data in accordance with legal provisions..
• Right to data portability: You have the right to receive data concerning you that you have provided to us , in accordance with the legal requirements, in a structured, commonly used and machine-readable format or to have it transmitted to another controller.
• Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual place of residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data relating to you personal data concerning you infringes the provisions of the GDPR.

Use of cookies

Cookies are small text files or other storage markers that store information on devices and read information from the devices. For example, to save the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or the functions used in an online offer. Cookies can also be used for various purposes, such as for the functionality, security, and convenience of online offers, as well as for creating analyses of visitor flows..

Notes on consent: We use cookies in accordance with the legal regulations. Therefore, we obtain prior consent from users, unless this is not legally required. Consent is particularly not necessary if the storage and retrieval of information, including cookies, is absolutely necessary to provide users with a telemedia service explicitly requested by them (meaning our online offering). The absolutely necessary cookies typically include cookies with functions that serve to display and operate the online service, load balancing, security, storing users' preferences and options, or purposes related to providing the primary and secondary functions of the requested online service. The revocable consent is clearly communicated to users and includes information on the respective use of cookies..

Notes on data protection legal bases: The basis for the processing of personal data of users using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the expressed consent. Otherwise, the data processed using cookies will be processed based on our legitimate interests (e.g., in the economic operation of our online offer and improving its usability) or if this occurs in the context of fulfilling our contractual obligations, where the use of cookies is necessary to fulfill our contractual obligations. We will clarify the purposes for which cookies are processed by us in the course of this privacy policy or as part of our consent and processing processes..

Storage duration: With regard to the storage duration, the following types of cookies are distinguished.:

• Temporary cookies (also known as session cookies).:Temporary cookies are deleted at the latest after a user has left an online offer and has closed their device (e.g., browser or mobile application)..
• Permanent cookies: Permanent cookies remain stored even after the device is closed. This allows for example the login status to be saved or preferred content to be displayed directly when the user revisits a website. Similarly, the data collected via cookies can be used for measuring reach. Unless we explicitly inform users about the type and duration of cookie storage (e.g., during consent acquisition), users should assume that cookies are permanent and that storage can last up to two years..

General information on withdrawal and objection (so-called opt-out): Users can revoke their consents at any time and object to the processing in accordance with legal provisions. To do this, users can restrict the use of cookies in their browser settings (which may also limit the functionality of our online offerings). An objection to the use of cookies for online marketing purposes can also be made through the websites. https://optout.aboutads.info" and https://www.youronlinechoices.com"/ to be explained.

• Legal basis: Rightful interests (Art. 6 Abs. 1 S. 1 lit. f) GDPR) Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR.

Further information on processing processes, procedures, and services.:

• Processing of cookie data based on consent.: We implement a consent management procedure: a process for obtaining, documenting, managing, and withdrawing consents, particularly for the use of cookies and similar technologies for storing, reading, and processing information on users' devices and their processing, within which users' consents for the use of cookies, or for the processing and providers mentioned in the consent management procedure, can be obtained, managed, and revoked by users. In this context, the consent declaration is stored to avoid having to ask for it again and to be able to demonstrate consent in accordance with legal obligations. The storage can be done server-side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) to be able to attribute consent to a user or their device. Subject to individual data about the providers of cookie management services, the following notes apply: The duration of consent storage can last up to two years. A pseudonymous user identifier is formed and stored with the time of consent, information on the scope of consent (e.g., which categories of cookies and/or service providers) as well as the browser, system, and used device.; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR.

My Services

We process data of our contractual and business partners, e.g. customers and interested parties (summarized as "contract partners") within the framework of contractual and comparable legal relationships, as well as related measures and in the course of communication with the contract partners (or pre-contractually), e.g., to respond to inquiries..

We process this data in order to fulfill our contractual obligations fulfill. This includes in particular the obligations to provide the agreed services, any updating obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to safeguard our rights and for the purpose of the administrative tasks associated with administrative tasks associated with these obligations and the company organization. Furthermore, we process the data on on the basis of our legitimate interests in the proper and business management and in security measures for the protection of our contractual partners and our business operations from misuse, compromise of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transportation and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of the applicable law , we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations is necessary. Contractual partners will be informed about other forms of processing, e.g. for marketing purposes, the contractual partners will be informed within the scope of this data protection declaration.

We will inform the contracting parties of which data is required for the aforementioned purposes before or during data collection, e.g., in online forms, by special markings (e.g., colors) or symbols (e.g., asterisks), or personally..

We will delete the data after the statutory warranty periods and comparable obligations have expired, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be kept for legal reasons of archiving. The statutory retention period is ten years for tax-relevant documents as well as for commercial books, inventories, opening balances, annual financial statements, the necessary work instructions for understanding these documents, and other organizational documents and accounting vouchers; six years for received commercial and business letters and reproductions of sent commercial and business letters. The period begins after the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance, the annual financial statement or the management report was prepared, the trade or business letter was received or sent, or the accounting proof was created; also, when the recording was made or the other documents were created..

Insofar as we use third-party providers or platforms to deliver our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply between the users and the providers..

• Processed data types: Master data (e.g., names, addresses); contact data (e.g., email, phone numbers); content data (e.g., inputs in online forms); usage data (e.g., visited web pages, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status..
• Special categories of personal data: Health data.
• Affected persons: Business and contracting partners.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; contact inquiries and communication; office and organizational procedures. Management and response to inquiries.
• Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing processes, procedures, and services.:

• Customer account: Customers can create an account within our online offering (e.g. customer or user account, in short "customer account"). If the registration of a customer account is required, customers will be informed of this in the same way as well as the information required for registration. The customer accounts are not public and cannot be indexed by search engines indexed by search engines. As part of the registration process and subsequent logins and use of the customer account, we store the IP addresses of the customers together with the access times in order to prove registration and to prevent any misuse of the customer account. If the customer account has been terminated, the customer account data will be deleted after the termination date, unless they are stored for purposes other than the provision in the customer account or must be retained for legal reasons must be retained (e.g. internal storage of customer data, order processes or invoices). It is the customer's responsibility to to back up their data upon termination of the customer account; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR.
• Services: We process the data of our clients as well as interested parties and other clients or contracting partners (collectively referred to as "clients") in order to provide our services to them. We do not provide therapeutic services ourselves, but only the mediation. The processed data, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual and client relationship..
  
  In the course of our activities, we may also process special categories of data, particularly information regarding the health of the clients, possibly related to their sexual life or sexual orientation, as well as data revealing racial and ethnic origin, political opinions, religious or philosophical beliefs, or union membership. For this purpose, we obtain, if necessary, explicit consent from the clients and otherwise process the special categories of data if this serves the health of the clients, the data is public, or other legal permissions are present..
  
  If it is necessary for the fulfillment of our contract, to protect vital interests, or legally required, or if client consent is given, we disclose or transmit client data to third parties or contractors, such as authorities, medical institutions, laboratories, billing offices, as well as in the field of IT, office, or equivalent services while adhering to professional regulations.; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR.

Provision of the online service and web hosting

We process user data to provide our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device..

• Processed data types: Usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Affected persons: Users (e.g., website visitors, online service users).
• Purposes of processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.). Security measures..
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR.

Further information on processing processes, procedures, and services.:

• Collection of access data and log files: Access to our online offerings is logged in the form of so-called "server log files". The server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, transmitted data volumes, reports of successful retrieval, browser type along with version, the user's operating system, referrer URL (the previously visited page), and typically include IP addresses and the requesting provider. The server log files can be used for security purposes, for example, to prevent server overload (especially in the case of abusive attacks, called DDoS attacks), and also to ensure the load and stability of the servers.; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR. Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidence purposes is exempt from deletion until the respective incident is fully clarified..

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter "publishing medium"). The data of readers are processed for the purposes of the publishing medium only to the extent necessary for its presentation and the communication between authors and readers or for security reasons. Furthermore, we refer to the information on the processing of visitors to our publishing medium within the framework of this privacy notice..

• Processed data types: Master data (e.g., names, addresses); contact data (e.g., email, phone numbers); content data (e.g., inputs in online forms); usage data (e.g., visited web pages, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status.).
• Affected persons: Users (e.g., website visitors, online service users).
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; feedback (e.g., collecting feedback via online form); providing our online offering and user-friendliness; security measures. Managing and responding to inquiries..
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR.

Further information on processing processes, procedures, and services.:

• Comments and contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security, in case someone posts illegal content (insults, prohibited political propaganda, etc.) in comments and contributions. In this case, we could be held liable for the comment or contribution and are therefore interested in the identity of the author..
  
  Furthermore, we reserve the right to process user data for spam detection based on our legitimate interests..
  
  On the same legal basis, we reserve the right to store users' IP addresses for the duration of surveys and to use cookies to prevent multiple votes..
  
  The personal information provided in the context of comments and contributions, any contact and website information, as well as the content provided will be stored by us permanently until the users object.; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR.

Contact and inquiry management

When contacting us (e.g., by post, contact form, email, telephone, or via social media) and in the context of existing user and business relationships, the information of the inquiring persons will be processed as far as necessary to answer the inquiries and any requested measures..

• Processed data types: Contact data (e.g. email, phone numbers); content data (e.g. entries in online forms); usage data (e.g. visited websites, interest in content, access times); meta, communication, and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status).
• Affected persons: Communication partners.
• Purposes of processing: Contact inquiries and communication; managing and responding to inquiries; feedback (e.g. collecting feedback via online form). Provision of our online services and user-friendliness.
• Legal basis: Legitimate interests (Article 6 para. 1 sentence 1 letter f) GDPR). Contract fulfillment and pre-contractual inquiries (Article 6 para. 1 sentence 1 letter b) GDPR).

Further information on processing processes, procedures, and services.:

• Contact form: When users contact us via our contact form, email, or other communication channels, we process the data communicated to us in this context to address the stated concern; Legal basis: Contract fulfillment and pre-contractual inquiries (Article 6 para. 1 sentence 1 letter b) GDPR), legitimate interests (Article 6 para. 1 sentence 1 letter f) GDPR).

Newsletters and electronic notifications

We send newsletters, emails, and other electronic notifications (hereinafter referred to as "Newsletter") only with the consent of the recipients or on the basis of a legal permission. If the contents are specifically described as part of a newsletter registration, they are decisive for the users' consent. Otherwise, our newsletters contain information about our services and ourselves..

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal address in the newsletter, or other information if required for the purposes of the newsletter..

Opt-in procedure: The registration for our newsletter basically takes place through a so-called opt-in process. The newsletter subscriptions are logged to provide proof of the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation timestamps..

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to prove a previously given consent. The processing of this data is limited to the purpose of possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed. In the case of obligations to permanently consider objections, we reserve the right to store the email address solely for this purpose in a block list (so-called "Blocklist")..

The logging of the registration process is carried out on the basis of our legitimate interests for the purpose of proving its proper course. Insofar as we engage a service provider to send emails, this is done based on our legitimate interests in an efficient and secure mailing system..

Contents:

Information about us, our services, promotions, and offers..

• Processed data types: Inventory data (e.g., names, addresses); contact data (e.g., email, phone numbers); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); usage data (e.g., visited websites, interest in content, access times).
• Affected persons: Communication partners.
• Purposes of processing: Direct marketing (e.g., by email or postal mail).
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR.
• Right to object (Opt-out): You can unsubscribe from our newsletter at any time, i.e., withdraw your consents or object to further reception. A link to unsubscribe from the newsletter can be found either at the end of each newsletter or you can use one of the contact options provided above, preferably email, for this purpose..

Further information on processing processes, procedures, and services.:

• Measurement of open and click rates: The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, is retrieved from their server is retrieved. As part of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of the retrieval.
  
  This information is used for the technical improvement of our newsletter based on the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes the determining whether the newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until they are deleted stored. The evaluations help us to recognize the reading habits of our users and to adapt our content to them or to different content according to the interests of our users send.
  
  Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR.

Advertising communication via email, mail, fax, or telephone

We process personal data for the purposes of promotional communication, which can occur through various channels, such as email, telephone, mail, or fax, in accordance with legal requirements..

Recipients have the right to revoke consents granted at any time or to object to promotional communication at any time..

After a revocation or objection, we retain the data necessary to prove the previous authorization for contact or submission for up to three years after the end of the year of the revocation or objection based on our legitimate interests. The processing of this data is limited to the purpose of possible defense against claims. Based on the legitimate interest of permanently observing the user's revocation or objection, we also store the necessary data to avoid renewed contact (e.g., depending on the communication channel, the email address, phone number, name)..

• Processed data types: Inventory data (e.g., names, addresses); contact data (e.g., email, phone numbers).
• Affected persons: Communication partners.
• Purposes of processing: Direct marketing (e.g., by email or postal mail).
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)..

Web analysis, monitoring, and optimization

Web analysis (also referred to as "reach measurement") is used to evaluate the visitor flows of our online offerings and can include behavior, interests, or demographic information about visitors, such as age or gender, in pseudonymous values. With the help of reach analysis, we can identify, for example, when our online offerings or their functions or content are used most frequently or invite reuse. We can also track which areas need optimization..

In addition to web analytics, we can also use testing methods to test and optimize different versions of our online offerings or their components..

Unless otherwise stated below, profiles may be created for these purposes, i.e., data consolidated for a usage process can be compiled, and information can be stored in a browser or on a device and read from it. The collected information particularly includes visited websites and the elements used there, as well as technical details such as the browser used, the computer system used, and details on usage times. If users have consented to the collection of their location data with respect to us or the providers of the services we use, location data may also be processed..

User IP addresses are also stored. However, we use an IP masking method (i.e., pseudonymization by truncating the IP address) to protect users. In general, no clear data of users (e.g., email addresses or names) is stored in the context of web analysis, A/B testing, and optimization, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures..

• Processed data types: Usage data (e.g., visited websites, interest in content, access times); meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status)..
• Affected persons: Users (e.g., website visitors, online service users).
• Purposes of processing: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creating user profiles). Provision of our online offerings and user-friendliness.
• Security measures: IP masking (pseudonymization of the IP address).
• Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR.

Further information on processing processes, procedures, and services.:

Change and update of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require an action on your part (e.g., consent) or any other individual notification..

If we provide addresses and contact information for companies and organizations in this privacy policy, please be aware that the addresses may change over time and we ask that you verify the information before contacting..

Definitions of terms

In this section, you will receive an overview of the terms used in this privacy policy. Where the terms are legally defined, their legal definitions apply. The following explanations are intended primarily to aid understanding..

• Personal data: Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the data subject); an identifiable natural person is considered to be one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person..
• Profiles with user-related information: The processing of "profiles with user-related information", or simply "profiles", encompasses any type of automated processing of personal data that involves using this personal data to analyze, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, different information regarding demographics, behavior, and interests, such as interaction with websites and their contents, etc. may be involved) (e.g. interests in certain content or products, click behavior on a website or location). Cookies and web beacons are often used for profiling purposes..
• Reach measurement: Reach measurement (also referred to as web analytics) serves to analyze the flow of visitors to an online offering and can include the behavior or interests of visitors regarding certain information, such as the content of websites. By means of reach analysis, operators of online offerings can identify, for example, when users visit their websites and what content they are interested in. This allows them to better tailor the contents of their websites to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors, thereby obtaining more accurate analyses of the usage of an online offering..
• Responsible party: The term "controller" refers to the natural or legal person, authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data..
• Data usage: Processing is any operation or set of operations performed with or without the aid of automated processes in relation to personal data. The term is broad and encompasses practically any handling of data, whether it is collecting, evaluating, storing, transmitting, or deleting..

This website uses Matomo to analyze page views. Here is the data protection policy of Matomo. On KoaVie, we do not track personal data or use cookies. Referrers and IP addresses are anonymized to ensure that individual users cannot be identified..