2. General Information on Data Processing

The protection of your personal data is of particular concern to us. We see it as our responsibility to create secure environments for you and to reduce the processing or sharing of your personal data to the absolute minimum in every case. To this end, we establish well-thought-out systems that ensure you have a simple experience with full (data) security, regardless of the level at which you interact with us. Personal data refers to all information relating to an identified or identifiable natural person. We process your personal data exclusively in accordance with the statutory data protection regulations, in particular the General Data Protection Regulation (GDPR).

This privacy policy informs you about which personal data we collect, process, and use when you use our services, the extent to which we do so, the purpose, and the legal basis for processing.

3. Data Processing

When you visit our website, various information is transmitted by your browser to our server and temporarily logged (hereinafter referred to as 'log data'). This log data includes, among other things, your IP address, the date and time of access, the page accessed, the referrer URL, the browser used, the operating system of your device, and other data transmitted by your browser and your request. Our legitimate interest lies in ensuring the stable and secure operation of our website in accordance with Article 6(1)(f) GDPR. We do not use your data to draw conclusions about your person and protect it from unauthorized access. We reserve the right to review the log data retrospectively if there are concrete indications of illegal use. Log data that may contain personal data is stored for 7 days, but no longer than 14 days. In the event of a security-related incident, we reserve the right to store the data until the matter is resolved.

Your telephone number, email address, and other personal data (over which we have no control) are processed by us when you contact us. We process the content of your message that you voluntarily provide when contacting us. The processing of the data is carried out in accordance with Art. 6(1)(f) GDPR. This enables smooth communication. Depending on your intention, we may also process the data in accordance with Art. 6(1)(b) GDPR. We store personal data resulting from contact for up to 3 months, but no longer than 6 months.

Registration is required to use the affiliate program. Depending on the type of user, the following data is processed: name, first name, email address, telephone, address, bank details or PayPal address (for private individuals), advertising channel; additionally, company name, registered office, VAT ID. For billing purposes, we store commission data, check digits, payment data, and payout details. Participation is not possible without providing the required data. Your data is processed for the establishment, implementation, safeguarding, and, if applicable, termination of the contractual relationship in accordance with Art. 6(1)(b) GDPR. We store this data for at least 1 year after the end of the contract, but no longer than 10 years.

4. Use of Technically Necessary Cookies

We use technically necessary cookies that are required for the functionality, stability, and security of our website. These include:

the cookie 'hanko' (authentication, 12 hours),

the cookie 'token' (session, until the end of the session),

the cookie 'sidebar_state' (navigation, seven days),

the cookie 'language' (language setting, one year),

the cookie 'captchaToken' (security measure, 60 seconds),

and the cookie 'bunny_shield' (security measure, 1 hour).

All cookies are processed in accordance with Art. 6(1)(f) or (a) GDPR.

No analysis of user behavior or profiling takes place.

5. Recipients, Transfer to Third Countries

Your data will only be transmitted to recipients if this is technically necessary or required for contract processing.

We operate, manage, and maintain our servers and applications ourselves, without any third parties, and strive to maintain this to avoid directly or indirectly sharing your data.

Static content is delivered via Bunny.net (BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia). Data processing takes place exclusively within the EEA. BunnyWay may receive data about your browser as described in Section 3.

For user account authentication, we use Hanko Auth, Hanko GmbH, Ringstr. 19, 24114 Kiel, Germany. Their servers are operated exclusively in the EU. Hanko may receive data about your browser as described in Section 3, your email address, and your login behavior.

For payouts via PayPal, your data (including name, email address, and account-related information) is forwarded to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal may transfer data to third countries, including the USA. The legal basis is Art. 6(1)(b) GDPR. Information on PayPal's data protection level/standard contractual clauses can be found at: [https://www.paypal.com/de/legalhub/paypal/privacy-full](https://www.paypal.com/de/legalhub/paypal/privacy-full).

For the display and validation of our self-operated CAPTCHA, WebAssembly files are loaded from cdn.jsdelivr.net, whereby your browser transmits technical data as described in Section 3. This data is used exclusively for the secure functioning of our CAPTCHA; cdn.jsdelivr.net processes it independently according to its own privacy policy, over which we have no influence.

No further transmission to other third parties or third countries takes place.

If you contact us via one of our specified channels, third-party operators of the communication services may record that you are in contact with us. We have no influence over this and recommend contacting us by email for inquiries.

No further transmission to other third parties or third countries takes place. We select our service providers with regard to your data protection to the best of our knowledge and belief and adhere to minimal principles. Please also check the privacy notices or statements of the respective service providers beforehand, as these may change in general.

We only transmit personal data to authorities if we are legally obliged to do so.

6. Storage Period and Criteria for Determination

We store your personal data for as long as is necessary for the respective purposes or as required by law. The storage period is determined by statutory retention obligations (e.g., commercial and tax law: up to 10 years according to § 257 HGB, § 147 AO), contractual obligations, or, if not applicable, until the respective purpose is fulfilled or you revoke your consent. After the expiry of the periods or the purpose ceases to apply, we delete your data in accordance with legal requirements.

7. Your Data Protection Rights

You have the right to information about the processed data (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR), and the right to object to processing (Art. 21 GDPR). You can revoke any consent you have given us at any time with effect for the future.

You also have the right to lodge a complaint with the competent data protection supervisory authority.

Please contact us using the contact details provided in this privacy policy to exercise your rights.

8. Automated Decision-Making and Profiling

Automated decision-making, including profiling in accordance with Art. 22 GDPR, does not take place in the context of using our website and our affiliate program.

9. Existence of a Legal or Contractual Obligation to Provide Data

To the extent that the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, we will inform you accordingly at the relevant point. Without providing this data, participation in the affiliate program is not possible.

10. Data Security

We implement appropriate technical and organizational measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access. Our security measures are continuously adapted to the state of the art.

11. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy as necessary to reflect legal or technical changes. The current version is always available on our website.