PRIVACY POLICY

Thank you for visiting our website and for your interest in our offers. The protection of your personal data is important to us, so we would like to inform you in detail about the handling of your personal data. Personal data is all data that can be related to you personally, e.g. your name, address, e-mail addresses, user behavior.

I. General Information

1. Name and address of the responsible

The controller within the meaning of the General Data Protection Regulation (“GDPR”) and other national data protection laws of the Member States and other data protection provisions is:

GPortal Inc.
3416 Hillcrest Dr
Waco, TX 76708
+49 69 380 766 670
support@g-portal.com
www.g-portal.com

2. General information on data processing

We process personal data of our users only to the extent that this is necessary for providing a functional website as well as our content and services.

a. Personal data

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behavior. Information for which we cannot (or can only with a disproportionate effort) establish a link to your person, e.g. by anonymizing the information, is not personal data.

b. Processing of personal data

Processing means any operation or set of operations which is performed upon personal data, whether by automatic procedures, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

c. Legal basis for the processing of personal data

The collection and use of personal data of our users is only carried out with the consent of the user. As we obtain the consent of the affected person for processing operations of personal data, the legal basis is Art. 6 (1) lit. a GDPR.

An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

When processing personal data that is necessary for the fulfillment of a contract in which the affected person is a party, Art. 6 (1) lit. b GDPR is the legal basis. This also applies to processing operations that are necessary for the fulfillment of pre-contractual measures.

If processing of personal data is necessary for fulfillment a legal obligation to which we are subject, the legal basis is Art. 6 (1) c GDPR. If the processing is necessary to protect a legitimate interest of the jointly responsible party or a third party and the interests, fundamental rights and freedoms of the affected person do not override the aforementioned interest, Art. 6 (1) f GDPR is the legal basis.

II. Data processing

Personal data is collected via this website if you provide it to us of your own accord, e.g. by filling out forms or sending e-mails. We use this data for the purposes stated in each case or resulting from the request, for example, the provision of your e-mail address to contact you. Data is only transmitted to third parties if this is expressly permitted by law or if you have consented to the transmission during an active business relationship.

1. Collection of personal data when visiting our website

a. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected in this process:

  • - Information about the browser type and the used version
  • - The operating system of the user
  • - The user’s internet service provider
  • - The IP-address of the user
  • - Date and time of access
  • - Websites from which the user’s system accesses our website
  • - Websites that are accessed by the user’s system via our website
  • - Access status/HTTP status code
  • - Amount of data transferred in each case.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

b. Purpose and legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) lit. f GDPR.

The temporary saving of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain saved for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes will not be conducted in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR. The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website.

c. Duration of the storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after 30 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or modified a certain way, so that an assignment of the client is no longer possible.

2. Contact

a. Description and scope of data processing

Our contact details can be found on our website. You can send us a message via the e-mail address provided. In this case, we will process your first and last name and e-mail address and the user's personal data transmitted with the e-mail. Furthermore, you can send us an individual message via the message field. It is your decision whether you provide us with this data. Without this information, however, we will not or not to the full extent be able to fulfill your contact request.

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

b. Purpose and legal basis for data processing

The legal basis for the processing of data transmitted while sending an e-mail is Art. 6 (1) lit. f GDPR. In the case of contact by e-mail, the necessary legitimate interest in processing the data lies in the processing of your request.

If the e-mail contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 (1) lit. b GDPR.

c. Duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified. Further storage may take place in individual cases if this is required by law.

3. Newsletter

a. Description and scope of data processing

On our website there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us (in particular your e-mail address). It is your free decision whether you provide us with this data. Without this information, however, we may not be able to send our newsletter to you. In addition, the following data is collected when you register for the newsletter:

  • - IP address of the accessing computer
  • - Date and time of the registration

For the processing of the data, your consent is obtained during the registration process and we refer to this privacy policy. For the newsletter dispatch, we use the so-called double opt-in procedure, i.e. we will only send you the newsletter if you first confirm your registration via a confirmation e-mail sent to you for this purpose by means of a link contained therein. In this way, we want to ensure that only you, as the owner of the e-mail address provided, can register for the newsletter. Your confirmation must be made promptly after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database.

The data will be used exclusively for sending the newsletter.

b. Purpose and legal basis for data processing

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 (1) lit. a GDPR if the user has given his consent.

The collection of the user's e-mail address serves the purpose to deliver the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

The subscription to the newsletter can be cancelled by the affected user at any time and without giving reasons. For this purpose, a corresponding link can be found in each newsletter. This also revokes the consent to the storage of the personal data collected during the registration process with effect for the future.

c. Duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's e-mail address will be stored as long as the subscription to the newsletter is active. After unsubscribing from the newsletter mailing, your data will be deleted. Further storage may take place in individual cases if this is required by law.

The other personal data collected during the registration process is usually deleted after a period of seven days.

d. Shipping service provider Sendinblue

The newsletter is sent using the "Sendinblue" tool (hereinafter referred to as the "shipping service provider") of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, which processes your data on our behalf and ensures the proper dispatch of the e-mails. Your data will not be passed on to third parties in connection with the dispatch of the newsletter. You can view the data protection provisions of the dispatch service provider here: https://www.sendinblue.com/gdpr/.

The e-mail addresses of our newsletter recipients, as well as their other data described in these notes, are stored on the servers of the shipping service provider. The shipping service provider uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, the dispatch service provider may use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and the presentation of the newsletters or for economic purposes to determine from which countries the recipients come. However, the shipping service provider does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

Statistical collection and analyses - The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include the information on whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

With the cancellation of the newsletter and the withdrawal of your consent as described above, your consent to its dispatch by the shipping service provider and the statistical analyses also expires. A separate revocation of the shipping by the shipping service provider or the statistical analysis is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter.

4. Registration and login

a. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. With the processed data, we create an individualized user account for you, with which you can use certain content and services. For example, you can conveniently log in with your self-selected username and password for future visits to the website and orders of our products.

The data is entered in an input mask and transmitted to us and stored. The data will not be passed on to third parties. The following data is collected during the registration process: Your e-mail address as well as the user name.

In addition, the following data is collected during the registration process:

  • - IP address of the accessing computer
  • - Date and time of the registration

b. Purpose and legal basis for data processing

According to Art. 6 (1) lit. b GDPR, the processing of the personal data presented serves the implementation of (pre-) contractual measures.

User registration is required for the provision of certain content and services on our website. In particular, the usage of our paid services is only possible after registration.

As a user, you have the option to cancel the registration at any time. You can have the data stored about you changed at any time. To do so, please send us an e-mail to support@g-portal.com.

c. Duration of the storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected during the registration process when the registration on our website is cancelled or modified.

5. Application for job positions

By submitting an application on our recruiting page or by e-mail to us, the applicant expresses his or her desire to take a position with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application.

In particular, the following data is collected: Name (first and last name), e-mail address, telephone number, LinkedIn profile (optional), and how you became aware of us.

You also have the option of uploading supporting documents such as a cover letter, your resume and references. These may contain further personal data such as date of birth, address, etc.

If specified by the applicant, we also process special categories of personal data, such as information about disabilities, ethnic origin or biometric data (handwritten signature).

The processing of the aforementioned personal data is necessary as a pre-contractual measure for the implementation and handling of the application process as well as the assessment of the extent to which there is a suitability for the position in question and is therefore carried out on the basis of Art. 6. (1) lit. b, Art. 88 GDPR in conjunction with § 26 (1) sent. 1 Federal Data Protection Act („FDPA“/(Bundesdatenschutzgesetz).

If special categories of personal data are provided voluntarily by the applicant, the processing is based on Art. 9 (2) lit. a GDPR, Art. 88 GDPR in conjunction with § 26 (2) FDPA. By providing this special category of personal data, the applicant consents to the processing.

The application process is carried out for Ociris GmbH as well as for GPortal Inc. within the scope of an order processing (according to Art. 28 GDPR) by Contabo Holding GmbH (Aschauer Straße 32a, 81549 Munich).

The data transmitted as part of your application is transferred via TLS encryption and stored in a database. This database is operated by Personio Operations GmbH & Co. KG (Rundfunkplatz 4, 80335 Munich), which offers a personnel administration and applicant management software. (https://www.personio.de/impressum/). Personio is our order processor in this context according to Art. 28 GDPR. The basis for the processing in this context is a contract for ordered processing between us as the controller and Personio.

The HR department and the deciders for the vacant position in each case will have access to the personal data contained in the application.

Personal data is stored exclusively for the purpose of filling the vacant position for which you have applied. We store the personal data for six months after the decision to fill the vacant position has been communicated to the applicant. Subsequently, the personal data will be deleted or anonymized. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of applications from women or men, number of applications per period, etc.).

The applicant has the right to withdraw his or her consent to the processing of the special categories of personal data voluntarily provided in accordance with Section 10.2.6.

6. Talent pool

For possible consideration for future job openings, we process the personal data provided by the applicant either for an application (see section 4.6 above) or as a speculative application (regarding the description of categories of data, see section 4.6 above) for the purpose of deciding whether to consider an applicant for other vacancies.

The processing is based on the explicit consent of the applicant (Art. 6 (1) lit. a, Art. 9 (2) lit. a GDPR).

We store the data for six months or until consent is withdrawn, whichever is sooner. The application and the data contained therein will be deleted, returned to the applicant or destroyed unless the applicant has given his or her consent again (e.g. due to our request) or the data is not further processed for the purpose of employment.

You have the right to withdraw your consent at any time and without giving reasons with effect for the future by sending us an email to the email address datenschutz@g-portal.com.

7. Sanctions list screening

As part of legal requirements, we cross-check your provided customer data during registration with sanctions lists.

The processing is legally obligatory and therefore based on Art. 6 (1) lit. c GDPR.

For the sanctions list screening, we use the controlled service provider Refinitiv Germany GmbH as part of contracted processing within the meaning of Art. 28 GDPR. Further information on how Refinitiv uses your personal data to perform the sanctions list screening can be found in its privacy policy at https://www.refinitiv.com/en/policies/privacy-statement.

The personal data will be stored until the purpose for which they were collected is achieved or ceases to apply, after which they will be deleted.

8. Social login

a. Description and scope of data processing

For registration and login to the customer account, you also have the option to authenticate yourself with your existing profile via login plugins at one of the following social networks, Facebook or Google+ and register or log in. An additional registration on our website is thus not necessary.

For this purpose, you will find the corresponding icons of the individual providers of the social networks supported by our website on the registration page or login page. Before a connection to the provider is established, you must expressly agree to the process and data transfer described below.

Your click on the particular icon opens a new window (so-called app) where you have to log in with your login data for the social network. This links your profile and our service. After you have successfully logged in, the social network will tell you which data (name and e-mail address) will be transmitted to us for authentication as part of the registration or login process. If you have agreed to this data transmission, the fields required by us for registration will be filled with the transmitted data. The data required by us for registration or login are (i) your name and (ii) your e-mail address.

Only after your explicit consent to the use of the transmitted and required data, your data will be stored by us and used for the purposes stated above. A link beyond the authentication process between the customer account created with us and your account with the corresponding social network does not take place.

In order to be able to carry out the authentication process for registration and login, your IP address is transmitted to the particular provider of the social network.

In the course of use, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the providers. The USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. Due to the lack of an adequacy decision and without appropriate safeguards, there is a particular risk that your data may be processed by U.S. authorities for control and for monitoring purposes, possibly also without any legal remedy. Furthermore, we are in constant exchange with the providers to ensure the protection of your personal data with any additional measures that may be necessary.

We have no influence on the purpose and scope of the data collection and on the further processing of the data by the provider of the social network. For more information, please read the privacy policy of the provider:

a) Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; https://www.facebook.com/policy.php further information on data collection: https://www.facebook.com/help/186325668085084, https://www.facebook.com/about/privacy/your-info-on-other#applications as well as https://www.facebook.com/about/privacy/your-info#everyoneinfo

b) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; https://policies.google.com/privacy?hl=en

c) Twitch Interactive, Inc., 350 Bush Street, 2nd Floor, San Francisco, CA 94104; https://www.twitch.tv/p/en/legal/privacy-notice/.

d) Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland; https://privacy.microsoft.com/en-us/privacystatement

b. Purpose and legal basis for data processing

The legal basis for the processing of data transferred from social networks is Art. 6 (1) lit. a GDPR. The particular user must consent to the transfer of this data. You can object to the use of login data from the social networks at any time and without giving reasons with effect for the future and stop logging in via this service. In this case, you can only use the classic login via e-mail and password to use the app.

The processing of personal data is solely for the purpose of optimizing the login and is not necessarily being used.

c. Duration of the storage

The personal data collected in this process is deleted immediately after authentication and completion of the registration process.

9. Use of cookies and web analytics services

a. Description and scope of data processing

Our website uses so-called "cookies". Cookies are small text files that are transferred from a website server to your hard drive and stored. Through this, we automatically receive certain data such as IP address, language and browser used, operating system, etc.. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic series of characters that allows the browser to be uniquely identified when the website is revisited.

Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, however, enable us to perform various analyses. With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly from your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.

Various types of cookies are used on our website, the type and function of which are explained individually for each cookie in our cookie banner.

Technically necessary cookies

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a website change.

The following data is stored and transmitted in the cookies:

  • - webinterface_session, webinterface_session_eu, webinterface_session_us: Stores a session-ID to associate multiple independent requests with a user session. Also set for visitors who are not logged in, may link to personal data for a logged in visitor. Only valid as long as the browser session is active (close browser -> cookie gone).
  • - webinterface_locale: Saves the visitor's language preference even after the actual session has expired.
  • - webinterface_timezone: Saves the visitor's time zone even after the session expires.
  • - webinterface_region: Stores the visitor's currently used region for the current session.
  • - gp_at: Saves the authorization token for logged-in users even after the session expires.
  • - closedNotifications: Stores which notifications the visitor has clicked away.
  • - region_notification: Saves whether the visitor clicked away the "You are in EU/US ..." overlay.
  • - split_test_version: Preparations for A/B testing together, content is "production
  • - wcf21_cookieHash: Forum.

Technically not necessary cookies

We also use cookies on our website that enable an analysis of the user's surfing behavior. In this way, the following data can be transmitted:

  • - Search terms entered
  • - Frequency of page views
  • - Use of website functions.

The user data collected in this way is pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user.

When visiting our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of personal data used in this context is obtained. In this context, a reference to this privacy policy is also made.

b. Legal basis for data processing

The use of technically necessary cookies or similar technologies that are absolutely necessary for the provision or use of the app is based on the legal basis of § 25 (2) No. 2 of the Telecommunications and Telemedia Data Protection Act (Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien/”TTDSG”). The further processing of personal data in this context is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. If you block cookies that are absolutely necessary, we may not be able to display our website in full.

For non-technically necessary cookies or so-called third-party cookies, we require your consents. If you have given us your consents for the use of a non-technically necessary cookie on the basis of a notice ("cookie banner") issued by us on the website, the legality for the associated storage of information on your terminal device and its subsequent reading is governed by § 25 (1) sent. 1 TTDSG. You can revoke this consent for the future at any time by deactivating cookies in your browser settings or in our Cookie Consent Manager in the "COOKIE SETTINGS". The subsequent processing of your personal data is based on your expressly given consent in accordance with Art. 6 (1) lit. a GDPR. You can also revoke this consent for the future at any time by deactivating cookies in your browser settings or in our Cookie Consent Manager.

c. Duration of the storage

As soon as the data transmitted to us via the cookies is no longer required to achieve the purposes described above, this information is deleted, in particular when the cookies are deactivated. Further storage may take place in individual cases if this is required by law.

The management of cookie settings is possible for you via the setting options listed below or by configuring your browser settings.

Most browsers are preset to accept cookies by default. However, you can configure your respective browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if cookies are deactivated by your browser settings on our website. You can also use your browser settings to delete cookies already stored in your browser or to display the storage period. Furthermore, it is possible to set your browser to notify you before cookies are stored. Since the various browsers may differ in their respective functionalities, we ask you to use the respective help menu of your browser for the configuration options.

If you want a comprehensive overview of all third-party accesses to your Internet browser, we recommend installing specially developed plug-ins for this purpose.

d. Supplier CookieFirst

The cookie banner or cookie content manager is provided to us by CookieFirst (Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018DH, Amsterdam, Netherlands), which processes your data on our behalf and ensures the proper use of cookies. Your data will not be passed on to third parties in this context. The privacy policy of CookieFirst can be found at https://cookiefirst.com/legal/cookie-declaration/.

You can find more information about the cookies used in detail in our cookie content manager. Furthermore, you can manage your consents there.

9.1 Google Analytics

a. Description and scope of data processing

On this website, we use the Google Analytics web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies to enable an analysis of your use of the website.

If you allow the use, the following data will be processed:

  • - Date and time of access,
  • - the pages you have accessed, your click path,
  • - achievement of website goals,
  • - user behavior, e.g. clicks, dwell time, bounce rates,
  • - approximate geographic location (region),
  • - anonymized IP address,
  • - technical information about your browser and the devices you use, e.g. language,
  • - devices used by you, e.g. language setting, screen resolution,
  • - Internet service provider and
  • - Referrer URL.

The information generated by these cookies is usually transferred to a Google server in the USA and stored there. When using Google Analytics, it cannot be guaranteed that the cookies set by Google Analytics will not collect other personal data in addition to the IP address. Please note that Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

Google will use the information generated by cookies on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. According to Google's own information, the IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

You can generally prevent cookies from being stored by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

It is not excluded that the cookies set by Google Analytics may collect other personal data in addition to the IP-address. To prevent information about your use of the website from being collected by Google Analytics and transmitted to Google Analytics, you can download and install a plugin for your browser at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. This plugin prevents information about your use of the website from being transmitted to Google Analytics. Any other analysis is not prevented by this plugin.

We would like to point out that you cannot use the browser plugin described above when using the browser of a mobile device (smartphone or tablet) to visit our website. By clicking on this link, a so-called opt-out cookie is set in your browser. This prevents information about your visit to the website from being transmitted to Google Analytics. Please note that the opt-out cookie is only valid for this browser and only for this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted. To continue to prevent collection by Google Analytics, you must click the link again. The use of the opt-out cookie is also possible as an alternative to the above plugin when using the browser on your computer.

To ensure the best possible protection of your personal data, Google Analytics has been extended on this website by the code "anonymizeIp". This code causes the last 8 bits of the IP-addresses to be deleted and your IP address is thus recorded anonymously (so-called IP-masking). Your IP-address will be shortened by Google before transmission within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thus anonymized. Only in exceptional cases will the full IP-address be transmitted to a Google server in the USA and shortened there.

In the context of the use of Google Analytics, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with Google. The USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. Due to the lack of an adequacy decision and without appropriate safeguards, there is a particular risk that your data may be processed by U.S. authorities for control and for monitoring purposes, possibly also without any legal remedy. Furthermore, we are in constant exchange with Google to ensure the protection of your personal data with any additional measures that may be necessary.

b. Legal basis for data processing

The legal basis for the use of this service for the associated storage of information on your terminal device and its subsequent reading is your expressly granted consent pursuant to Section 25 (1) sent.1 TTDSG. You can revoke this consent for the future at any time by deactivating the cookies in your browser settings or in our cookie content manager. The following processing of your personal data is based on your expressly given consent according to Art. 6 (1) lit. a GDPR. You can revoke this consent at any time by deactivating the cookies in your browser settings or in our Cookie Consent Manager for the future.

You may refuse the use of cookies by selecting the appropriate settings on your browser, or by using the cookie content manager in the "COOKIE SETTINGS", however please note that if you do this you may not be able to use the full functionality of this website.

c. Duration of the storage

The cookies set have a maximum validity of 26 months. The personal data collected with the help of the cookie is deleted when it is no longer needed for the active campaign and there is no other legal obligation to retain it.

We continue to use Google Analytics to evaluate data from Double Click cookies and also AdWords for statistical purposes. If you do not want this, you can deactivate it via the Ads Preferences Manager (https://adssettings.google.com/anonymous?hl=en).

You can find more information about this at: http://tools.google.com/dlpage/gaoptout or at https://policies.google.com/ (general information about Google Analytics and data protection).

9.2 Meta Pixel

a. Description and scope of data processing

Furthermore, we use the so-called "meta pixel" of the social network Facebook, a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta") on our website.

This allows interest-based advertisements ("Facebook ads") to be displayed to users of our website when they visit the social network Facebook or other websites that also use the method. Through the Meta pixel, your browser automatically establishes a direct connection with Meta's server. We have no influence on the scope and further use of the data collected by Meta through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of the Meta pixel, Meta receives the information that you have clicked on an advertisement from us or have called up the corresponding web page of our website. If you are registered with a Meta service, Meta can assign the visit to your account. You can view and change the privacy settings of your Facebook profile at any time. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will learn and store your IP-address and other identifying features.

With the use of the meta pixel, we pursue the purpose of displaying Facebook ads placed by us only to those Facebook users who have also shown an interest in our Internet offering. With the help of the meta pixel, we want to ensure that our Facebook-ads correspond to the potential interest of the users and do not have a harassing effect. Furthermore, with the help of the meta pixel, we can track the effectiveness of Facebook-ads for statistical purposes by seeing whether users were redirected to our website after clicking on a Facebook-ad.

In the course of using the service, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the provider. The USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU-standards. Due to the lack of an adequacy decision and without appropriate safeguards, there is a particular risk that your data may be processed by U.S. authorities for control and for monitoring purposes, possibly also without any legal remedy. In addition, where possible, we are in exchange with the provider to ensure the protection of your personal data with any additional measures that may be necessary.

b. Legal basis for data processing

The legal basis for the use of the meta pixel for the associated storage of information on your device as well as its subsequent readout is your expressly granted consent pursuant to § 25 (1) sent. 1 TTDSG. You can revoke this consent for the future at any time by deactivating the cookies in your browser settings or in our cookie content manager. The following processing of your personal data is based on your expressly given consent according to Art. 6 (1) lit. a GDPR. You can revoke this consent at any time by deactivating the cookies in your browser settings or in our Cookie Consent Manager for the future.

c. Duration of the storage

The cookies set have a validity of 3 months and one week. The personal data collected with the help of the conversion cookie is deleted when it is no longer needed for the active campaign and there is no other legal obligation to retain it.

Information of the third-party provider: http://www.facebook.com/policy.php;

further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo.

9.3 TikTok Pixel

a. Description and scope of data processing

In addition, we use the so-called "Tik Tok Pixel" of the social network TikTok, a service of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok") on our website. This allows interest-based advertisements to be displayed to users of our website when they use the social network TikTok or other websites that also use the method. Through the TikTok pixel, your browser automatically establishes a direct connection with the server of TikTok. We have no influence on the scope and further use of the data collected by TikTok through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of the TikTok pixel, TikTok receives the information that you have clicked on an ad from us or have accessed the corresponding web page of our website. If you are registered with a TikTok service, TikTok can assign the visit to your account. You can view and change the privacy settings of your TikTok-profile at any time. Even if you are not registered with TikTok or have not logged in, it is possible that the provider will learn and store your IP-address and other identifying features.

The purpose of using the TikTok pixel is to display our advertising campaigns ("TikTok-ads") only to those TikTok users who have shown an interest in our website. With the help of the TikTok pixel, we thus want to ensure that our TikTok ads correspond to the potential interest of the users and do not have a harassing effect. Furthermore, with the help of the TikTok pixel, we can track the effectiveness of TikTok ads for statistical purposes by seeing whether users were redirected to our website after clicking on a TikTok ad.

In relation to the use of the service, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the provider. The USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU-standards. Due to the lack of an adequacy decision and without appropriate safeguards, there is a particular risk that your data may be processed by U.S. authorities for control and for monitoring purposes, possibly also without any legal remedy. In addition, where possible, we are in exchange with the provider to ensure the protection of your personal data with any additional measures that may be necessary.

b. Legal basis for data processing

The legal basis for the use of the TikTok pixel for the associated storage of information on your terminal device and its subsequent readout is your expressly granted consent pursuant to § 25 (1) sent. 1 TTDSG. You can revoke this consent for the future at any time by deactivating the cookies in your browser settings or in our cookie content manager. The following processing of your personal data is based on your expressly given consent according to Art. 6 (1) lit. a GDPR. You can revoke this consent at any time by deactivating the cookies in your browser settings or in our Cookie Consent Manager for the future.

c. Duration of the storage

The cookies set have a validity of 13 months. The personal data collected with the help of the conversion cookie is deleted when it is no longer needed for the active campaign and there is no other legal obligation to retain it.

Information of the third party: https://www.tiktok.com/legal/page/us/privacy-policy/en

9.4 Reddit Ads

a. Description and scope of data processing

In addition, we use the "Reddit Ads" service of the social network Reddit, a service of Reddit, Inc., 548 Market St. #94104, San Francisco, California 94104, USA ("Reddit") on our website.

Through the Reddit service, your browser automatically establishes a direct connection with the Reddit server. We have no influence on the scope and further use of the data collected by Reddit through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of the Reddit service, Reddit receives the information that you have clicked on an ad from us or called up the corresponding web page of our website. If you are registered with a Reddit service, Reddit can assign the visit to your account. You can see and change the privacy settings of your Reddit profile at any time. Even if you are not registered with Reddit or have not logged in, it is possible that the provider will learn and store your IP address and other identifying features.

The purpose of using the Reddit service is to display our advertising campaigns ("Reddit Ads") only to those Reddit users who have shown an interest in our website. With the help of the tool, we want to ensure that our Reddit Ads correspond to the potential interest of the users and do not have a harassing effect. Furthermore, the tool allows us to track the effectiveness of Reddit Ads for statistical purposes by seeing whether users were redirected to our website after clicking on a Reddit ad.

In relation to the use of the service, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the provider. The USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU-standards. Due to the lack of an adequacy decision and without appropriate safeguards, there is a particular risk that your data may be processed by U.S. authorities for control and for monitoring purposes, possibly also without any legal remedy. In addition, where possible, we are in exchange with the provider to ensure the protection of your personal data with any additional measures that may be necessary.

b. Legal basis for data processing

The legal basis for the use of Reddit Ads for the associated storage of information on your terminal device and its subsequent readout is your expressly granted consent pursuant to § 25 (1) sent. 1 TTDSG. You can revoke this consent for the future at any time by deactivating the cookies in your browser settings or in our cookie content manager. The following processing of your personal data is based on your expressly given consent according to Art. 6 (1) lit. a GDPR. You can revoke this consent at any time by deactivating the cookies in your browser settings or in our Cookie Consent Manager for the future.

c. Duration of the storage

The cookies set have a validity of 2 years. The personal data collected with the help of the conversion cookie is deleted when it is no longer needed for the active campaign and there is no other legal obligation to retain it.

Information of the third party: https://www.reddit.com/policies/privacy-policy

9.5 Twitter Pixel

a. Description and scope of data processing

We use the "Twitter pixel" on our website, a service of X Corp (legal successor of Twitter Inc.), 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter referred to as: "Twitter").

With the help of the Twitter pixel, we can in particular track users' actions after they have seen or clicked on a Twitter ad. This procedure is used to evaluate the effectiveness of Twitter ads for statistical and market research purposes and can help to optimize future advertising measures. Statistical, pseudonymous data is transmitted to Twitter in order to provide us with corresponding statistics on this basis and to be able to show you interest-specific offers. This data is stored in a cookie.

The collected data is anonymous for us, so that we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Twitter, so that a connection to the respective user profile is possible and Twitter can use the data for its own advertising purposes, in accordance with the Twitter privacy policy. We have no influence on the scope and further use of data collected by Twitter through the use of Twitter Pixel.

In relation to the use of the service, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the provider. The USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU-standards. Due to the lack of an adequacy decision and without appropriate safeguards, there is a particular risk that your data may be processed by U.S. authorities for control and for monitoring purposes, possibly also without any legal remedy. In addition, where possible, we are in exchange with the provider to ensure the protection of your personal data with any additional measures that may be necessary.

b. Legal basis for data processing

The legal basis for the use of the Twitter Pixel for the associated storage of information on your terminal device and its subsequent readout is your expressly granted consent pursuant to § 25 (1) sent. 1 TTDSG. You can revoke this consent for the future at any time by deactivating the cookies in your browser settings or in our cookie content manager. The following processing of your personal data is based on your expressly given consent according to Art. 6 (1) lit. a GDPR. You can revoke this consent at any time by deactivating the cookies in your browser settings or in our Cookie Consent Manager for the future.

c. Duration of the storage

The cookies set have a validity of 30 days. The personal data collected with the help of the conversion cookie will be deleted when it is no longer needed for the active campaign and there is no other legal obligation to retain it. You can also make settings regarding which types of advertisements are displayed to you within Twitter on the following Twitter website: https://twitter.com/personalization. You can change your Twitter privacy settings and consents in your account settings at: https://twitter.com/account/settings.

If you are using a mobile device, you can enable the "No Ad Tracking" (iOS) or "Disable Personalized Advertising" (Android) setting on your device.

For more information about Twitter's privacy practices, please visit the following link: https://twitter.com/privacy.

9.6 Google Double Click

a. Description and scope of data processing

This website uses the online marketing tool DoubleClick from Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland (hereinafter: Google).

DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Via a cookie ID, Google records which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later calls up the advertiser's website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the relevant part of our website or clicked on the ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider identifies and stores your IP address.

You can prevent this in various ways, including by permanently disabling cookies in your Firefox, Internet Explorer or Google Chrome browsers (plug-ins available at the link https://support.google.com/My-Ad-Center-Help/answer/12155656?visit_id=638181773758731203-2350722196&rd=1&hl=en&sjid=12141801944060572131-EU). We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

In relation to the use of the service, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the provider. The USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU-standards. Due to the lack of an adequacy decision and without appropriate safeguards, there is a particular risk that your data may be processed by U.S. authorities for control and for monitoring purposes, possibly also without any legal remedy. In addition, where possible, we are in exchange with the provider to ensure the protection of your personal data with any additional measures that may be necessary.

b. Legal basis for data processing

The legal basis for the use of the Google Double Click pixel for the associated storage of information on your terminal device and its subsequent readout is your expressly granted consent pursuant to § 25 (1) sent. 1 TTDSG. You can revoke this consent for the future at any time by deactivating the cookies in your browser settings or in our cookie content manager. The following processing of your personal data is based on your expressly given consent according to Art. 6 (1) lit. a GDPR. You can revoke this consent at any time by deactivating the cookies in your browser settings or in our Cookie Consent Manager for the future.

c. Duration of the storage

The cookies set have a validity of 2 years. The personal data collected with the help of the conversion cookie is deleted when it is no longer needed for the active campaign and there is no other legal obligation to retain it.

For more information about DoubleClick by Google, please visit https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, as well as on data protection at Google in general: https://policies.google.com/privacy?hl=en&gl=de.

9.7 Google AdWords

a. Description and scope of data processing

We use the technology "Google AdWords" and specifically the conversion tracking. Google Conversion Tracking is an analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you click on an ad placed by Google, a cookie for conversion tracking is stored on your PC. The cookies are valid for 30 days and are not used for personal identification. If you visit certain pages of our website when the cookie has not yet expired, Google and we can recognize that you have clicked on a certain ad and have been redirected to this page. Google AdWords customers each receive a different cookie. Thus, there is no possibility to track cookies across the websites of AdWords customers.

The data collected with the help of the conversion cookie is used to create conversion statistics for AdWords customers who use conversion tracking. The customers thereby learn the number of users who clicked on their ad and were then redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify the users.

If you do not wish to participate in conversion tracking, you can prevent this by making the appropriate setting in your browser, e.g. by generally preventing the installation of cookies. You can also deactivate cookies for conversion tracking by setting your browser to only block cookies from the web address "googleadservices.com".

In relation to the use of the service Google AdWords, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the provider. The USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU-standards. Due to the lack of an adequacy decision and without appropriate safeguards, there is a particular risk that your data may be processed by U.S. authorities for control and for monitoring purposes, possibly also without any legal remedy. In addition, where possible, we are in exchange with the provider to ensure the protection of your personal data with any additional measures that may be necessary.

b. Legal basis for data processing

The legal basis for the use of Google AdWords for the associated storage of information on your terminal device and its subsequent readout is your expressly granted consent pursuant to § 25 (1) sent. 1 TTDSG. You can revoke this consent for the future at any time by deactivating the cookies in your browser settings or in our cookie content manager. The following processing of your personal data is based on your expressly given consent according to Art. 6 (1) lit. a GDPR. You can revoke this consent at any time by deactivating the cookies in your browser settings or in our Cookie Consent Manager for the future.

c. Duration of the storage

The cookies set have a validity of 2 years. The personal data collected with the help of the conversion cookie is deleted when it is no longer needed for the active campaign and there is no other legal obligation to retain it.

9.8 Cloudflare

For the purpose of detecting and defending against attacks on our website and technical infrastructure (e.g. hacking, denial of service attack), we process personal data including identification data, connection data or localization data (including IP addresses).

For this purpose, we use the Content Delivery Network (CDN) of Cloudflare Inc, 101 Townsend St San Francisco, CA 94107 on the basis of a commissioned processing agreement (Art. 28 GDPR). Personal data may be processed in server log files by Cloudflare.

In this relation, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the provider. The USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU-standards. Due to the lack of an adequacy decision and without appropriate safeguards, there is a particular risk that your data may be processed by U.S. authorities for control and for monitoring purposes, possibly also without any legal remedy. In addition, where possible, we are in exchange with the provider to ensure the protection of your personal data with any additional measures that may be necessary.

For more information about Cloudflare’s privacy practices, please visit: https://www.cloudflare.com/privacypolicy/

This processing is necessary to protect our legitimate interest in taking protective measures against attacks (Art. 6 (1) lit. f GDPR).

III. Hyperlinks

Our website contains hyperlinks to websites of other providers. When you activate these hyperlinks, you will be redirected from our website directly to the website of the other provider. You will recognize this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your data on other websites. Please inform yourself about the handling of your personal data on other websites directly on the respective websites.

IV. External Supplier

We use suppliers to provide services and to process your data relating to our services. The service providers process the data exclusively within the scope of our instructions and have been obligated to comply with the applicable data protection regulations. All service processors have been carefully selected and are only given access to your data to the extent and for the period required to provide the services or to the extent that you have consented to the data processing and use.

In this relation, personal data may be transferred to countries outside the EU/EEA, in particular to the USA. In order to be able to guarantee adequate protection of your personal data in the event of the transfer of personal data to such so-called third countries, we have concluded so-called EU-US standard contractual clauses with the provider. The USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU-standards. Due to the lack of an adequacy decision and without appropriate safeguards, there is a particular risk that your data may be processed by U.S. authorities for control and for monitoring purposes, possibly also without any legal remedy. In addition, where possible, we are in exchange with the provider to ensure the protection of your personal data with any additional measures that may be necessary.

V. Duration of the storage

Your personal data will be deleted as soon as the respective purpose for processing has been achieved or has subsequently ceased to apply.

In order to fulfill contractual obligations, data collected from you may be stored for as long as the contract exists and, depending on the scope of the contract, for 6 or 10 years beyond that in order to comply with legal retention requirements and to resolve any inquiries or claims that may arise after the contract expires.

If, in our judgment, data is necessary to investigate or defend claims against us or to bring a criminal prosecution or claim against you, us or a third party, we may retain it for as long as such proceedings might be taken.

For customer service purposes, the data collected from you may be retained for 3 to 10 years after collection, unless you request deletion of such data and there are no contractual or legal retention obligations that conflict with such deletion request.

Relevant obligations to provide evidence and to retain records result, among other things, from the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung).

In this case, the respective legal regulations in conjunction with Art. 6 (1) lit. c GDPR serve as the legal basis for the processing.

If a contract is not concluded, we will delete your data after 3 years at the end of the statutory limitation period.

VI. Rights of the person affected

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights against us as the controller:

1. Right of information, Art. 15 GDPR

You have the right to request information from us at any time about the data we have stored about you, as well as about its origin, recipients or categories of recipients to whom this data is passed on and the purpose for which it is stored.

2. Right of rectification, Art. 16 GDPR

You can request the correction of incorrect or the completion of your data stored by us.

3. Right of deletion and blocking, Art. 17 and 18 GDPR

You have the right to block and delete the data we have stored about you. If legal storage obligations or other legally based reasons contradict the deletion, only the blocking of your data can be carried out instead of the deletion.

4. Right to data portability, Art. 20 GDPR

Your right to data portability (Art. 20 GDPR) further provides that, if the legal requirements are met, you may request that we transfer the personal data concerning you to you - or, if technically feasible, to another controller designated by you - in a structured, common and machine-readable format.

5. Right to object, Art. 21 GDPR

You have a right to object to processing (Art. 21 GDPR) for certain processing purposes, in particular advertising purposes. Insofar as we carry out processing of your data on the basis of a balance of interests (pursuant to Art. 6 (1) f GDPR), you have the right to object to this processing at any time for reasons arising from your particular situation. Such reasons exist in particular if these reasons give special weight to your interests and therefore outweigh our interests, for example, if these reasons are not known to us and therefore could not be taken into account in the context of the balancing of interests. You can object to the processing by sending us an email to the email address datenschutz@g-portal.com and we will inform you about the further possibilities to object to each specific processing purpose mentioned in section 3.

6. Right to withdraw your consent

You have the right to revoke the consent you have given us to process your personal data (Art. 7 (3) GDPR). You can revoke your consent at any time and without giving reasons, either related to all or only to individual processing activities based on your consent. The revocation is effective with immediate effect and for all future processing. The lawfulness of the processing of your personal data until the revocation remains unaffected. You can withdraw your consent by sending us an email to the email address datenschutz@g-portal.com and we will inform you about the further possibilities of withdrawing your consent against each specific processing purpose mentioned in section 3.

7. Right of complaint

You also have the right to contact the competent data protection supervisory authority with questions or complaints regarding our processing of your personal data.

8. Automated decision in individual cases including profiling

We do not use automated decision making or profiling (an automated analysis of your personal circumstances).

9. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

As of: April 2023