Thank you for your interest in our online presence. Ralph Management GmbH (hereinafter "Ralph," "we," or "us") takes the protection of personal data very seriously.

This privacy policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online presence and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the "online presence"). Regarding the terms used, such as "processing" or "controller," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

The definitions will help you better understand our privacy policy.

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers virtually any type of data handling.

"Pseudonymization" describes the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

"Profiling" is any form of automated processing of personal data to evaluate certain personal aspects, in particular concerning a natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

The "controller" is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

The "processor" is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

You can reach us at +49 030 235 915 07 or info@Ralph-HV.de

Ralph Management GmbH

Spichernstr. 1, 10777 Berlin, Germany

Email address: info@Ralph-HV.de

Telephone number: +49 030 235 915 07

Managing Director: Julius Gunnemann

Link to imprint: www.Ralph-HV.de/impressum

Contact Data Protection Officer: info@Ralph-HV.de

For data protection concerns, please contact us and provide sufficient information to identify yourself (e.g., name, email address).

Visitors and users of the online service (hereinafter we refer to the data subjects collectively as "users").

Note for children and young people

Unfortunately, persons under the age of 18 are not permitted to use our service.

When you visit Ralph-HV.de , you remain anonymous.

You can visit our website and obtain information without having to provide any personal information. During your visit to our website, you remain anonymous, and the connection data transmitted by your internet browser each time you access a page, such as the date, length of stay, or the name of your internet service provider, are used by us without any personal reference.

When you register with Ralph-HV.de , we allow ourselves to store certain data, such as contact details and bank details.

You provide personal information voluntarily, for example, when you use the services offered on our website, make a booking/order, register for our services on Ralph-HV.de , subscribe to a newsletter, and especially when you provide the user's access data for their bank accounts on Ralph-HV.de .

This personal information may include:

User data. Name, address, and other user data are stored by us as part of the contract fulfillment. First name, last name, address, telephone number, date of birth, email address, account details (bank name, IBAN, BIC). This data is collected, processed, stored, and used by Ralph-HV.de as part of the contract fulfillment.

Bank account access data. Your online banking access data is stored by finAPI GmbH. Account numbers and PINs for all linked bank accounts. This data is stored by finAPI GmbH (see below under "External Service Providers") in order to always keep the transaction history up to date in all services. For this purpose, access is saved for future connections when the bank account is connected. The user explicitly consents to this by connecting a personal account.

Payment history transaction data and identified savings. We collect, process, store, and use payment history transaction data as part of the contract fulfillment. Payee for direct debits (customer data, such as contract number, customer number, first name, last name), payee for credits (first name, last name, bank details), amounts, intended use, date of the respective transaction, frequency of payments, IBAN, SEPA creditor ID, purpose, standing orders, account balances, and information collected on the savings potential of completed switches (amount of savings in the first year of delivery, date of savings). This data is collected, processed, stored, and used by Ralph-HV.de as part of the contract fulfillment.

Special categories of personal data. Sometimes we need to collect special categories of personal data under the highest security standards. However, we never share this with third parties. In the context of processing and providing transaction history, Ralph-HV.de may also need to process special categories of personal data. Special categories of personal data include data that may include information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, and sex life. Such information may appear in the intended use, for example, in connection with transfers to/from political parties, unions, doctors, or certain associations. Ralph-HV.de uses this information exclusively to carry out the services associated with a bank account. All data is processed under the highest security standards and is never shared with third parties. The user must explicitly consent to the processing of special types of personal data so that Ralph-HV.de may process it for the purpose of the services. Since it is technically not possible to exclude transfers and similar transactions that relate to special types of personal data when extracting the transaction history, consent is required to use the Ralph-HV.de service. You can find more information about consent below in the "Consent" section.

Usage data. We would like to know when and how you use our services, which is why we store your usage behavior. As part of the use of our services, we process and store usage data, which is intended to provide information about how and when users use the service. This primarily includes log data, which shows when the user logged into the service or performed activities such as changing their contract. In addition, Ralph-HV.de stores data when contracts are concluded that is intended to provide information about the product type, the product partner, the terms of the contract, and the change status.

By creating an account with Ralph-HV.de , you agree to this Privacy Policy.

The collection, processing, use, and storage of data only occurs if Ralph-HV.de is legally authorized to do so or if the user has expressly consented to this beforehand. By checking the box at the beginning of the "Add Account" service and consenting to the processing of sensitive account data in accordance with the Privacy Policy, the user consents to the collection, use, and processing of sensitive account data by Ralph-HV.de . This sensitive data may include transfers to/from doctors, unions, or political parties contained in account transactions. These are so-called special categories of personal data according to Art. 9 (1) GDPR.

Consent to this Privacy Policy can be revoked at any time, and the deletion of stored data can be requested at any time.

Ralph-HV.de does not specifically process special categories of personal data, i.e., it does not conduct analyses based on these characteristics. However, it cannot be ruled out that such data is contained in account transactions. Therefore, Ralph-HV.de obtains the above-mentioned consent in accordance with Art. 9 (2) (a) GDPR. The content of the declarations of consent, which can be revoked at any time and are recorded by Ralph-HV.de , can be accessed by the user at www.ralph-hv.de/privacy-policy . Furthermore, the user has the option of revoking their consent to this privacy policy at any time. Regarding the deletion of data already generated, the section "Deletion of Data" applies.

We need your data so that we can offer you our services in the best possible way. This data is protected according to the highest possible standards.

Without providing the information described in the "Types of Data Processed" section, various services may only be available to a limited extent. For this reason, Ralph-HV.de guarantees users of this service the highest possible data protection standards. The collection, processing, storage, and use of the generated data is carried out exclusively for the purposes stated here.

We may need to share your data with third parties to provide our services. However, these third parties are obligated to protect your data.

We use this data to fulfill your booking in accordance with the contract or to provide you with the requested service. This may require us to share your personal data with companies that we use or mediate to provide the service or to process the contract. These include, for example, service providers. These companies only receive the necessary data from us and are obligated to protect your personal data. We need your email address so that we can confirm receipt of your order and communicate with you (e.g., to send an order confirmation or a newsletter you have ordered). Even for services that do not directly serve the provision of services requested by users, such as hosting or the implementation of marketing measures, we may use external service providers who may be based outside the European Union. In such cases, information will be passed on to these companies or individuals to enable them to further process your order. The relevant companies can be found in the following sections, particularly "Newsletter" and "External Service Providers." We carefully select the relevant service providers, establish legally compliant contracts, and regularly review them. The service providers may only use the data for the purposes specified by Ralph-HV.de .

We use your email address to send you information related to our services and, upon request, to send you our newsletter.

If you have registered for our newsletter using your email address, we will continue to use your email address for our own advertising purposes beyond the contract execution until you unsubscribe from the newsletter. In addition, the email address will be used exclusively to send emails related to services such as summaries, reminders, news updates, and the like to the user. The user can opt out of receiving any emails at any time by sending an informal objection to info@ralph-hv.de.

Your user account allows for quick and convenient use of our services.

When you register on our website, your data will be saved to create a user account to enable faster and more convenient use of your account in the future and to enable you to use additional services on the website.

We use your data only appropriately and confidentially and only share it with third parties within the scope of the services you request.

We adhere to the principle of data use for specific purposes and collect, process, and store your personal data only for the purposes you request. Your personal data will not be shared with third parties without your express consent unless this is necessary to provide the service or to execute the contract. Transmission to authorized government institutions and authorities will also only occur within the scope of statutory disclosure obligations or if we are required to do so by a court order.

You can revoke your consent to data storage at any time.

If we use data for a purpose that requires your consent under statutory provisions, we will always ask for your express consent. You can revoke your previously given consent at any time and/or object to future uses of your data.

If we do evaluate your data at any time, it will be anonymized.

Within the scope of statutory provisions, we may evaluate user profiles under a pseudonym for the purposes of advertising, market research, and improving our services, but only if you have not exercised your legal right to object to this use of your data.

The legal basis for our data processing is primarily the GDPR, which applies throughout the EU from May 25, 2018.

In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR; the legal basis for processing to fulfill our services and implement contractual measures as well as to respond to inquiries is Art. 6 (1) (b) GDPR; the legal basis for processing to fulfill our legal obligations is Art. 6 (1) (c) GDPR; and the legal basis for processing to protect our legitimate interests is Art. 6 (1) (f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

If, as part of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit it to them, or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g., if the transmission of data to third parties, such as payment service providers, is necessary to fulfill the contract pursuant to Art. 6 (1) (b) GDPR), if you have consented, if a legal obligation requires this, or if it is based on our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a so-called "contract processing agreement," this is done on the basis of Art. 28 GDPR.

If, as part of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit it to them, or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g., if the transmission of data to third parties, such as payment service providers, is necessary to fulfill the contract pursuant to Art. 6 (1) (b) GDPR), if you have consented, if a legal obligation requires this, or if it is based on our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a so-called "contract processing agreement," this is done on the basis of Art. 28 GDPR.

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using the services of third parties or disclosing or transferring data to third parties, this will only take place if it is necessary for the fulfillment of our (pre)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests.

Subject to legal or contractual permissions, we will only process or have data processed in a third country if the special conditions of Art. 44 et seq. GDPR are met. This means that processing will take place, for example, on the basis of special guarantees, such as an officially recognized determination of a level of data protection corresponding to that of the EU (e.g. for the USA under the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

You have the right to confirmation, access, completion, correction, deletion, and transmission of your data, as well as the right to lodge a complaint.

You have the right to request confirmation as to whether the data in question is being processed and to request information about this data, as well as further information and a copy of the data, in accordance with Art. 15 GDPR.

You have the right, in accordance with Art. 16 GDPR, to request the completion of the data concerning you or the correction of inaccurate data concerning you.

You have the right, in accordance with Art. 17 GDPR, to request that the data in question be deleted immediately, or alternatively, to request that the processing of the data be restricted in accordance with Art. 18 GDPR.

You have the right to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request that it be transmitted to other responsible parties.

Furthermore, you have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

Right of withdrawal

You can withdraw your consent.

You have the right to revoke your consent in accordance with Art. 7 (3) GDPR with future effect.

Right of objection

You can object to future processing.

You can object to the future processing of your data at any time in accordance with Art. 21 GDPR. You can object, in particular, to processing for direct marketing purposes.

Cookies and the right of objection to direct marketing

We use cookies to improve our service.

"Cookies" are small files stored on users' computers. Various information can be stored within cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, also known as "session cookies" or "transient cookies," are cookies that are deleted after a user leaves an online service and closes their browser. Such a cookie can store, for example, the contents of a shopping cart in an online shop or a login status. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent." For example, the login status can be saved if users visit the site several days later. Likewise, such a cookie can store user interests for use in audience measurement or marketing purposes. "Third-party cookies" are cookies offered by providers other than the controller operating the online service (otherwise, if they are only their cookies, they are referred to as "first-party cookies").

We may use temporary and permanent cookies and provide information about this in our privacy policy.

You can restrict the storage of cookies on your computer and delete them.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Excluding cookies may lead to functional limitations of this online service.

A general objection to the use of cookies used for online marketing purposes can be declared for a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/ . Furthermore, cookies can be blocked by deactivating them in the browser settings. Please note that in this case, not all functions of this website may be available.

Deletion of data

We will delete all your data upon request. Simply write to us at info@Ralph-HV.de.

The data we process will be deleted or restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no statutory retention periods that prevent deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons. According to legal requirements in Germany, data is retained for 10 years in accordance with Sections 147 (1) of the German Fiscal Code (AO), 257 (1) Nos. 1 and 4, and 4 of the German Commercial Code (HGB) (books, records, management reports, accounting documents, commercial ledgers, documents relevant for taxation, etc.) and for 6 years in accordance with Section 257 (1) Nos. 2 and 3, and 4 of the German Commercial Code (HGB)).

We process contract and payment data to provide contractual services.

In addition, we process:

– Contract data (e.g., subject matter of the contract, term, customer category)

– Payment data (e.g., bank details, payment history)

of our customers, prospective customers, and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research.

Administration, financial accounting, office organization, contact management

We process data as part of administrative tasks, as well as for organizing our operations, financial accounting, and complying with legal obligations, such as archiving. In doing so, we process the same data that we process as part of providing our contractual services. The processing bases are Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Customers, prospective customers, business partners, and website visitors are affected by the processing. The purpose and our interest in processing lies in administration, financial accounting, office organization, and data archiving, i.e., tasks that serve to maintain our business activities, perform our duties, and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information specified in these processing activities.

We disclose or transmit data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee-based agencies and payment service providers.

Furthermore, based on our business interests, we store information on suppliers, event organizers, and other business partners, e.g., for the purpose of later contact. We generally store this predominantly company-related data permanently.

Business analyses and market research

The analysis of the data available to us is essential for the profitability of our company.

In order to operate our business profitably and to identify market trends and the wishes of our contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc. We process inventory data, communication data, contractual data, payment data, usage data, and metadata based on Art. 6 (1) (f) GDPR. Data subjects include contractual partners, interested parties, customers, visitors, and users of our online offering.

The analyses are carried out for the purposes of business evaluations, marketing, and market research. We may consider the profiles of registered users with information, e.g., on the services they use. The analyses serve us to increase user-friendliness, optimize our offering, and improve business efficiency. The analyses serve us solely and are not disclosed externally, unless they are anonymous analyses with summarized values.

If these analyses or profiles are personal, they will be deleted or anonymized upon termination of the user's contract, otherwise after two years from the end of the contract. Furthermore, overall business analyses and general trend determinations are created anonymously wherever possible.

Participation in Affiliate Partner Programs

Within the framework of affiliate programs, we must be able to track whether users referred by affiliates actually take advantage of our offers. Within our online offering, we use industry-standard tracking measures based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering) in accordance with Art. 6 (1) (f) GDPR, insofar as these are necessary for the operation of the affiliate system. Below, we will inform users about the technical background.

The services offered by us and our contractual partners may also be advertised and linked on other websites (so-called affiliate links or after-buy systems, for example, when links or services from third parties are offered after a contract has been concluded). The operators of the respective websites receive a commission when users follow the affiliate links and subsequently take advantage of the offers.

In summary, our online offering requires us to be able to track whether users who are interested in affiliate links and/or the offers available through us subsequently engage with these offers as a result of the affiliate links or our online platform. For this purpose, the affiliate links and our offers are supplemented with certain values that can be part of the link or set otherwise, e.g., in a cookie. These values include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as advertising material ID, partner ID, and categorizations.

The online identifiers of users we use are pseudonymous values. This means that the online identifiers themselves do not contain any personal data such as names or email addresses. They only help us determine whether the same user who clicked on an affiliate link or expressed interest in an offer via our online offering has accepted the offer, i.e., for example, concluded a contract with the provider. However, the online identifier is personal insofar as the partner company and we have the online identifier together with other user data. Only in this way can the partner company inform us whether the user has accepted the offer and whether we can, for example, pay out the bonus.

The data collected in your vermietet.de user account always belongs to you. If you cancel your user account, your data will be completely deleted.

Users can create a user account. During registration, the required mandatory information will be communicated to users and processed based on Art. 6 (1) (b) GDPR for the purpose of providing the user account. The data processed includes, in particular, login information (email address and password). The data entered during registration will be used for the purposes of using the user account and its purpose.

Users can be informed by email about information relevant to their user account, such as technical changes. If users cancel their user account, their data relating to the user account will be deleted, subject to any statutory retention requirements. It is the responsibility of users to back up their data before the end of the contract upon termination. We are entitled to irretrievably delete all user data stored during the term of the contract.

When using our registration and login functions, as well as the use of the user account, we save the IP address and the time of the respective user action. This storage is based on our legitimate interests, as well as the user's interest in protecting against misuse and other unauthorized use. This data will generally not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 (1) (c) GDPR. IP addresses will be anonymized or deleted after 14 days at the latest.

When you contact us (e.g., via contact form, email, telephone, or social media), the user's information will be processed to process the contact request and its handling in accordance with Art. 6 (1) (b) GDPR. User information may be stored in a customer relationship management system ("CRM system") or similar request organizations.

We delete requests if they are no longer required. We review their necessity every two years; furthermore, statutory archiving obligations apply.

We regularly send a free newsletter via Ralph-HV.de to inform you about new features or activities related to your real estate.

With the following information, we inform you about the content of our newsletter, as well as the registration, dispatch, and statistical evaluation procedures, as well as your right to object. By subscribing to our newsletter, you agree to receive it and to the procedures described.

Newsletter content: We only send newsletters, emails, and other electronic notifications with promotional information (hereinafter "newsletter") with the recipient's consent or legal permission. If the content is specifically described when registering for the newsletter, it is decisive for the user's consent. Otherwise, our newsletters contain information about our services and us.

To prevent misuse and to be able to verify the registration process, we save your newsletter registration data.

Double opt-in and logging: Registration for our newsletter is carried out using a so-called double opt-in process. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one else can register using an email address you don't own. Newsletter registrations are logged to ensure that the registration process complies with legal requirements. This includes saving the time of registration and confirmation, as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

Registration data: To register for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for the purpose of personalizing the newsletter.

The newsletter is sent and the associated performance measurement is based on the recipient's consent in accordance with Art. 6 (1) (a) and Art. 7 GDPR in conjunction with Section 7 (2) No. 3 of the German Unfair Competition Act (UWG) or on the basis of legal permission in accordance with Section 7 (3) of the UWG.

The registration process is logged based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our interest is in using a user-friendly and secure newsletter system that serves our business interests and meets user expectations, and also allows us to verify consent.

You can unsubscribe from the newsletter service at any time. Cancellation/Revocation – You can unsubscribe from our newsletter at any time, i.e., revoke your consent. You will find a link to unsubscribe from the newsletter at the end of each newsletter. We can store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time.

Newsletter – ActiveCampaign including Mandrill

We send our newsletter via the ActiveCampaign service, which stores your newsletter, registration, and interaction data.

The newsletter is sent using the service provider "ActiveCampaign" (or Mandrill for sending system messages, such as the rental confirmation), a newsletter distribution platform of the US provider ActiveCampaign, 1 North Dearborn Street, 5th floor, Chicago, IL 60602, USA. You can view the privacy policy of the service provider here: https://www.activecampaign.com/legal/privacy-policy . The service provider is used on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR and a data processing agreement pursuant to Art. 28 (3) (1) GDPR.

The shipping service provider may use the recipients' data in pseudonymous form, i.e., without assigning it to a specific user, to optimize or improve its own services, e.g., for the technical optimization of the delivery and presentation of the newsletter or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to contact them directly or to pass the data on to third parties.

Newsletter – Performance Measurement

The newsletter performance measurement primarily serves to provide our customers with only the information they actually want to read.

The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if we use a shipping service provider, from their server. During this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected.

This information is used to technically improve the services based on technical data or target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. While this information can be assigned to individual newsletter recipients for technical reasons, it is neither our intention nor that of the delivery service provider to monitor individual users. Rather, the evaluations serve to identify our users' reading habits and adapt our content to them, or to send different content based on our users' interests.

External service providers commissioned by us adhere exclusively to European data protection standards.

We use the following external service providers to help optimize our service. If these service providers process data on behalf of Ralph-HV.de , they have entered into corresponding agreements that stipulate European data protection standards as binding and, in particular, prohibit the use of the data for other purposes.

finAPI

Our German partner finAPI provides transaction data as part of the account information service under the supervision of and exclusively on the instructions of Ralph-HV.de .

To provide transaction data as part of the account information service, we at Ralph-HV.de use the external service provider finAPI GmbH, Ainmillerstraße 11, 80801 Munich ("finAPI"), which processes the data under the supervision of and exclusively on the instructions of Ralph-HV.de . finAPI never uses the data directly, but only forwards it to Ralph-HV.de .

Access to and use of this data is permitted only with your express consent in accordance with Art. 6 (1) (a) GDPR in conjunction with Art. 9 (2) (a) GDPR (see the "Consent" section above).

Hosting

We host our online offerings with hosting providers with whom we have concluded a data processing agreement.

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services, which we use for the purpose of operating this online offering. We, or rather our hosting provider, process inventory data, contact data, content data, contract data, usage data, metadata, and communication data of customers, interested parties, and visitors to this website based on our legitimate interests in the efficient and secure provision of this website in accordance with Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

Collection of access data and log files

Log file information is stored for security reasons and deleted after a short period of time.

We, or rather our hosting provider, collect data about every access to the server on which this service is located (so-called server log files) based on our legitimate interests within the meaning of Art. 6 (1) (f) GDPR. Access data includes the name of the accessed website, the file, the date and time of access, the amount of data transferred, the notification of successful access, the browser type and version, the user's operating system, the referrer URL (the previously visited page), the IP address, and the requesting provider.

Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of 14 days and then deleted. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved.

Google Cloud

We store some of our data on Google Cloud.

Ralph-HV.de stores some of its data on Google Cloud. Google Cloud is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). All data is secured with 256-bit encryption and meets the same security standards as many other Google services. The accounts of Ralph-HV.de employees who have access to Google Cloud are regularly reviewed to ensure the highest level of security for your data.

This use is based on our legitimate interests, i.e., our interest in the secure and efficient provision, analysis, and optimization of our online offering in accordance with Art. 6 (1) (f) GDPR. Further information on Google Cloud's data protection policy can be found at https://cloud.google.com/security/ .

Google Content Delivery Network

To accelerate the loading of our websites and the downloading of files, we use the Google Content Delivery Network. We use a so-called "Content Delivery Network" (CDN) offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).

A CDN is a service that helps deliver content from our online offerings more quickly, especially large media files such as graphics or scripts, using regionally distributed servers connected via the internet. User data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN.

Use is based on our legitimate interests, i.e., the interest in the secure and efficient provision, analysis, and optimization of our online offerings in accordance with Art. 6 (1) (f) GDPR.

Further information can be found in Google's privacy policy: https://cloud.google.com/security/ .

Google Tag Manager

Google Tag Manager aggregates most tracking pixels and scripts so that users can load our websites faster.

Google Tag Manager is a solution that allows us to manage website tags via a single interface (and thus integrate Google Analytics and other Google marketing services into our online offering). The Tag Manager itself (which implements the tags) does not process any personal user data. Regarding the processing of user personal data, please refer to the following information on Google services.

Terms of Use: https://www.google.com/intl/de/tagmanager/use-policy.html .

Google Analytics

We use Google Analytics to continuously improve our website.

Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 (1) (f) GDPR), we use Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google uses cookies. The information generated by the cookie about users' use of the online offering is usually transferred to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).

Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on activities within this website, and to provide us with other services related to the use of this website and internet usage. Pseudonymous user profiles of users may be created from the processed data.

We only use Google Analytics with activated IP anonymization, which means that users' IP addresses are shortened.

We only use Google Analytics with activated IP anonymization. This means that the user's IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Users can prevent the transmission of data to Google and the processing of this data by Google using a browser plug-in.

The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the website, as well as from processing this data, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de .

Further information on Google's data usage, settings, and opt-out options can be found in Google's privacy policy ( https://policies.google.com/technologies/ads ) and in the settings for the display of advertisements by Google ( https://adssettings.google.com/authenticated ).

Users' personal data will be deleted or anonymized after 14 months.

Google Universal Analytics

We use Google Analytics in the form of "Universal Analytics." "Universal Analytics" refers to a Google Analytics process in which user analysis is based on a pseudonymous user ID, creating a pseudonymous user profile with information from the use of various devices (so-called "cross-device tracking").

Google AdWords and Conversion Measurement

We use Google AdWords for marketing purposes.

Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 (1) (f) GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").

Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).

We use the online marketing process Google "AdWords" to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who are likely to be interested in the ads. This allows us to display ads for and within our online offerings more specifically, so that users only see ads that potentially match their interests. If, for example, a user is shown ads for products in which they have shown interest on other online offerings, this is referred to as "remarketing." For these purposes, when you visit our website and other websites on which the Google advertising network is active, Google executes a code directly and integrates so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") into the website. These tags store a unique cookie, i.e., a small file, on the user's device (similar technologies can also be used instead of cookies). This file records which websites the user visits, which content they are interested in, and which offers the user clicks on, as well as technical information about the browser and operating system, referring websites, visit times, and other information about the use of the online service.

We use conversion tracking to gain access to conversion statistics.

We also receive a unique "conversion cookie." The information collected through the cookie is used by Google to compile conversion statistics for us. However, we only receive the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that could personally identify users.

User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process, for example, the name or email address of users, but rather processes the relevant data cookie-related within pseudonymous user profiles. This means that, from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google's servers in the USA.

Further information on Google's data usage, settings, and opt-out options can be found in Google's privacy policy ( https://policies.google.com/technologies/ads?hl=de ) and in the settings for displaying ads by Google ( https://adssettings.google.com/authenticated ).

Jetpack (WordPress Stats)

Jetpack helps us statistically evaluate visitor access and thus improve our online offering.

Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 (1) (f) GDPR), we use the Jetpack plugin (here the subfunction "WordPress Stats"), which integrates a tool for statistically evaluating visitor access and is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. Jetpack uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site.

The information generated by the cookie about your use of this website is stored on a server in the USA. User profiles can be created from the processed data, which are used solely for analytical purposes and not for advertising purposes. Further information can be found in Automattic's privacy policy: https://automattic.com/privacy/ and information on Jetpack cookies: https://jetpack.com/support/cookies/ .

Facebook Pixel, Custom Audiences, and Facebook Conversion

We use Facebook's services for online advertising. This collects data on surfing behavior, but does not evaluate it personally or link it to other data about the respective user.

Based on our legitimate interests in the analysis, optimization, and economic operation of our online offering, and for these purposes, we use the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active ).

With the help of the Facebook Pixel, Facebook is able to determine visitors to our online offering as a target group for the display of advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we place only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g., interests in certain topics or products determined based on the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and are not annoying. The Facebook pixel also allows us to track the effectiveness of Facebook ads for statistical and market research purposes by determining whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

Facebook processes data in accordance with Facebook's data usage policy. Accordingly, general information on the display of Facebook ads can be found in Facebook's data usage policy: https://www.facebook.com/policy.php . Specific information and details about the Facebook pixel and how it works can be found in the Facebook help section: https://www.facebook.com/business/help/651294705016616 .

You can opt out of being tracked by the Facebook pixel.

You can opt out of being tracked by the Facebook pixel and using your data to display Facebook ads. To control which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions for settings for usage-based advertising: https://www.facebook.com/settings?tab=ads . The settings are platform-independent, meaning they apply to all devices, such as desktop computers and mobile devices.

You can also opt out of the use of cookies used for reach measurement and advertising purposes via the Network Advertising Initiative's opt-out page ( http://optout.networkadvertising.org/ ) and the US website ( http://www.aboutads.info/choices ) or the European website ( http://www.youronlinechoices.com/uk/your-ad-choices/ ).

Bing Ads

We use "Bing Ads" from Microsoft Corporation for marketing purposes. Microsoft complies with the requirements of the EU-U.S. Privacy Shield Framework.

We use the conversion and tracking tool "Bing Ads" from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, within our online offering based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 (1) (f) GDPR). Microsoft stores cookies on users' devices to enable an analysis of the use of our online offering by users, provided that users have accessed our online offering via a Microsoft Bing ad (so-called "conversion measurement"). In this way, Microsoft and we can recognize that someone has clicked on an ad, been redirected to our online offering, and reached a previously determined landing page (so-called "conversion page"). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No IP addresses are stored. No personal information about the identity of the users is disclosed.

Microsoft is certified under the Privacy Shield Framework and thus guarantees compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active ).

If users do not wish to participate in Bing Ads' tracking process, they can also prevent the necessary cookie from being set via their browser.