2. General Information on Data Processing

The protection of your personal data is a particular concern for us. Personal data refers to all information relating to an identified or identifiable natural person. We process your personal data exclusively in accordance with the legal data protection regulations, particularly the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

This privacy policy informs you about which personal data we collect, process, and use in the context of using our affiliate portal, including the partner program and the dashboard, to what extent, for what purpose, and on what legal basis.

3. Data Processing When Visiting the Website

When you access our website, various information is automatically transmitted to our server by your browser and temporarily logged. This log data includes, among other things, your IP address, the date and time of access, the page accessed, referrer URL, the browser used, the operating system of your device, and other data transmitted by your browser and your request.

The processing of this data is technically necessary to ensure the functionality and IT security of the website (Legal basis: Article 6(1)(f) GDPR – legitimate interest). Our legitimate interest lies in ensuring a stable and secure operation of our websites. Log data will be automatically deleted no later than seven days after collection, unless longer storage is required for evidential purposes.

With each captcha request before login or registration, technical browser data such as your IP address, browser and operating system information, as well as a timestamp are transmitted. This data is used solely for the delivery and functional testing of the captcha and will not be further processed or profiled by us. Our legitimate interest also lies in ensuring a stable and secure operation of our websites.

4. Use of Technically Necessary Cookies

We only use technically necessary cookies that are required for the functionality, stability, and security of our website. These include: the 'hanko' cookie (authentication, 12 hours), the 'token' cookie (session, until the end of the session), the 'sidebar_state' cookie (navigation, seven days), the 'language' cookie (language setting, one year), and the 'captchaToken' cookie (security measure, 60 seconds).

These cookies serve solely the mentioned purposes. No analysis or user profiling takes place. The legal basis is § 25(2)(2) TTDSG in conjunction with Article 6(1)(f) GDPR (legitimate interest in providing a functional offer).

A separate consent or cookie banner is not required for these cookies.

5. Registration and Use of the Affiliate Program

Registration is required to use the affiliate dashboard. Depending on the type of user, the following data is processed: name, first name, email address, phone number, address, bank account or PayPal address (for individuals), advertising channel; additionally, company name, location, VAT ID (for companies). Provision of this data is mandatory: without providing the required data, participation is not possible.

Your data will be processed for the establishment, execution, and possibly termination of the contractual relationship (Legal basis: Article 6(1)(b) GDPR).

For billing purposes, we store commission data, check digits, payment data, and payout details. In case of contact inquiries, we store the information you provide for processing and follow-up questions.

6. Recipients, Transfer to Third Countries

Your data will only be transmitted to recipients as far as this is technically necessary or required for contract processing.

Our servers are exclusively operated in Germany by Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen, Germany. We operate, manage, and maintain our server architecture ourselves.

Static content is delivered via Bunny.net (BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia). Data processing takes place exclusively in the EEA. BunnyWay may receive data about your browser as mentioned in point 3.

For user account authentication, we use Hanko Auth, Hanko GmbH, Ringstraße 19, 24114 Kiel, Germany. Their servers are exclusively operated in the EU. Hanko may receive data about your browser as mentioned in point 3, your email address, and your login behavior.

For payouts via PayPal, your data (including name, email address, account-related information) will be forwarded to PayPal (Europe) S.à r.l. et Cie S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal may transfer data to third countries, including the USA. The legal basis is Article 6(1)(b) GDPR. Information about PayPal's data protection level/standard contractual clauses can be found at https://www.paypal.com/de/legalhub/paypal/privacy-full.

For the display and validation of our self-operated captcha, WebAssembly files are loaded from cdn.jsdelivr.net, during which your browser transmits technical data as mentioned in point 3. This data is used solely for the secure functioning of our captcha; cdn.jsdelivr.net processes it independently according to its own privacy policy, which we cannot influence.

No further transmission to other third parties or to other third countries takes place.

7. Storage Duration and Criteria for Determination

We store your personal data as long as it is necessary for the respective purposes or legally required. The storage duration results from legal retention obligations (e.g., commercial and tax law: up to 10 years according to § 257 HGB, § 147 AO), contractual obligations, or, if not applicable, until the respective purpose is fulfilled or your consent is revoked. After the expiration of the periods or the cessation of the purpose, we will delete or block your data in accordance with legal requirements. Support and contact inquiries will be deleted after final processing, unless other retention obligations oppose this.

8. Your Data Protection Rights

You have the right to access the processed data (Article 15 GDPR), the right to rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), data portability (Article 20 GDPR), and objection to processing (Article 21 GDPR). Any consents granted can be revoked at any time with effect for the future.

You also have the right to lodge a complaint with the competent data protection supervisory authority.

To assert your rights, please contact the contact details provided in the imprint.

9. Automated Decision-Making and Profiling

Automated decision-making, including profiling according to Article 22 GDPR, does not take place in the context of using our website and our affiliate program.

10. Existence of a Legal or Contractual Obligation to Provide Data

Where the provision of personal data is required by law or contractually or necessary for the conclusion of a contract, we will inform you at the appropriate point. Without providing this data, participation in the affiliate program is not possible.

11. Data Security

We implement appropriate technical and organizational measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access. Our security measures are continuously adapted to the state of the art.

12. Changes to This Privacy Policy

We reserve the right to adjust this privacy policy as necessary to legal or technical changes. The current version can be found at any time on our website.

13. Contact Details of the Supervisory Authority

Competent supervisory authority: Saxon Data Protection and Transparency Officer, Maternistraße 17, 01067 Dresden.