This privacy policy informs You about the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within the scope of our services as well as within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). Regarding the terminology used, such as "processing" or "controller," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Update Marketing

J&C Solution GmbH

Romanshornerstr. 105i

9322 Egnach

Phone: +41 (0)76 446 61 32

Email: info@update-marketing.com

Responsible party: Christian Strohmeier

Inventory data (e.g., personal master data, names, or addresses).

Contact data (e.g., email, phone numbers).

Content data (e.g., text inputs, photographs, videos).

Usage data (e.g., visited websites, interest in content, access times).

Meta/communication data (e.g., device information, IP addresses).

Categories of Data Subjects

Visitors and users of the online offering (hereinafter we collectively refer to data subjects as "users").

Purpose of Processing

Provision of the online offering, its functions, and content.

Responding to contact inquiries and communication with users.

Security measures.

Reach measurement/marketing.

"Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

"Processing" refers to any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data.

"Pseudonymization" refers to the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.

"Profiling" refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

The "Controller" is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.

An "Processor" is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

In accordance with Article 13 GDPR, we inform You of the legal bases of our data processing activities. For users within the scope of the General Data Protection Regulation (GDPR), i.e., the EU and EEA, the following applies if the legal basis is not specified in this privacy policy:

The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR.

The legal basis for processing to fulfill our services and carry out contractual measures as well as responding to inquiries is Art. 6(1)(b) GDPR.

The legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR.

If vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.

The legal basis for the necessary processing to perform a task in the public interest or in the exercise of official authority vested in the controller is Art. 6(1)(e) GDPR.

The legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR.

The processing of data for purposes other than those for which they were collected is determined according to Art. 6(4) GDPR.

The processing of special categories of data (as per Art. 9(1) GDPR) is determined according to Art. 9(2) GDPR.

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of technology, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

If, in the course of our processing, we disclose, transmit, or otherwise grant access to data to other persons and companies (processors, joint controllers, or third parties), this is done only on the basis of legal permission (e.g., if data transmission to third parties, such as payment service providers, is necessary for contract fulfillment), user consent, a legal obligation, or our legitimate interests.

If we process data in a third country (i.e., outside the EU, EEA, or Switzerland) or this occurs in the context of using third-party services or disclosing/transmitting data to other persons or companies, this is only done if it is necessary for the fulfillment of our (pre-)contractual obligations, based on Your consent, due to a legal obligation, or based on our legitimate interests.

You have the right to request confirmation as to whether data concerning You are being processed and to obtain information about these data, as well as further information and a copy of the data in accordance with legal requirements.

You have the right to request the completion or correction of incorrect data concerning You.

You have the right to demand that relevant data be deleted immediately or alternatively, in accordance with legal requirements, to request a restriction of the processing of the data.

You have the right to request that the data concerning You, which You have provided to us, be received and transmitted to other controllers.

You also have the right to lodge a complaint with the competent supervisory authority.

You have the right to withdraw granted consent with effect for the future.

You can object to the future processing of Your data at any time in accordance with legal requirements. The objection can particularly be made against processing for direct marketing purposes.

Cookies are small files that are stored on users' devices. Various information can be stored within cookies. We may use temporary and permanent cookies and will inform You accordingly within this privacy policy.

We use external payment service providers through whose platforms users and we can carry out payment transactions (e.g., with links to their privacy policies: PayPal, Klarna, Skrill, Giropay, Visa, Mastercard, American Express).

As part of fulfilling contracts, we use these payment service providers based on Art. 6 (1) lit. b GDPR. Additionally, we use external payment service providers based on our legitimate interests according to Art. 6 (1) lit. f GDPR to provide our users with an effective and secure payment option.

The data processed by the payment service providers includes inventory data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as contract-related, amount-related, and recipient-related details. This information is required to carry out transactions. The entered data is processed and stored exclusively by the payment service providers. We do not receive any account or credit card information but only confirmations or rejections of the payments. Under certain circumstances, the payment service providers may transmit the data to credit agencies to verify identity and creditworthiness. Please refer to the terms and privacy policies of the respective payment service providers for more details.

For payment transactions, the terms and privacy policies of the respective payment service providers apply, which can be accessed on their respective websites or transaction applications. We also refer to these for further information and to exercise withdrawal, information, and other data subject rights.

We process data in the context of administrative tasks, organizing our business operations, financial accounting, and fulfilling legal obligations such as archiving. In doing so, we process the same data that we process as part of providing our contractual services. The legal bases for this are Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR.

This processing affects customers, prospects, business partners, and website visitors. The purpose and our interest in the processing lie in administration, financial accounting, office organization, and data archiving—tasks necessary for maintaining our business operations, fulfilling our duties, and delivering our services.

Data deletion concerning contractual services and related communication follows the retention periods stated in those processing activities. We disclose or transmit data to tax authorities, consultants (e.g., tax advisors or auditors), and other payment service providers as necessary.

Additionally, based on our business interests, we store information about suppliers, event organizers, and other business partners, e.g., for later contact. This predominantly company-related data is generally stored permanently.

To operate our business efficiently and identify market trends, partner and user preferences, we analyze data from business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, and metadata based on Art. 6 (1) lit. f GDPR. Affected individuals include contractual partners, prospects, customers, visitors, and users of our online offerings.

The analyses are conducted for business evaluations, marketing, and market research. We may consider the profiles of registered users, including details about their utilized services. These analyses help us improve user-friendliness, optimize our offerings, and increase business efficiency. The analyses serve only us and are not disclosed externally unless they are anonymous evaluations with aggregated values.

If analyses or profiles are personally identifiable, they will be deleted or anonymized upon user termination, or otherwise two years after contract conclusion. General business analyses and market trend assessments are conducted in an anonymized form whenever possible.

Within our online offering, we use industry-standard tracking measures based on our legitimate interests (i.e., interest in analyzing, optimizing, and operating our online offering economically) per Art. 6 (1) lit. f GDPR, as far as these are necessary for the operation of the affiliate system. Below, we explain the technical aspects to users.

Services offered by our partners may be promoted and linked on other websites (so-called affiliate links or after-buy systems, where third-party links or services are offered after contract conclusion). The respective website operators receive a commission if users follow affiliate links and subsequently use the offers.

In summary, our online offering requires us to track whether users interested in affiliate links and the available offers proceed to use them via the affiliate links or our platform. Affiliate links and our offerings are supplemented with values, which may be stored in cookies or as part of the link itself. These values include, in particular, the referrer website, timestamp, an online identifier of the website operator, an online identifier of the respective offer, an online identifier of the user, and tracking-specific values such as advertisement ID, partner ID, and categorizations.

The online identifiers we use for users are pseudonymous, meaning they do not contain personal data like names or email addresses. They only help us determine whether the same user who clicked an affiliate link or showed interest in an offer has actually used it, e.g., by entering into a contract with the provider. However, the online identifier is considered personal data insofar as it is associated with other user data by the partner company and us. This is necessary for the partner company to notify us if a user has completed a transaction, allowing us to pay out commissions.

Based on our legitimate interests (i.e., interest in economically operating our online offering per Art. 6 (1) lit. f GDPR), we participate in the affiliate program of Digistore24 GmbH, St.-Godehard-Straße 32, 31139 Hildesheim, Germany. This program provides a platform through which advertising fees can be earned by placing ads and links to Digistore24 (so-called affiliate system). Digistore24 uses cookies to track the origin of transactions. This allows Digistore24 to determine that users have clicked on a partner link on our website and subsequently completed a transaction via Digistore24.

For more information on Digistore24’s data usage and opt-out options, please refer to their privacy policy: Digistore24 Privacy Policy.

We process applicant data solely for the purpose of handling the application process in accordance with legal requirements. The processing of applicant data is carried out to fulfill our (pre-)contractual obligations as part of the application process per Art. 6 (1) lit. b GDPR and Art. 6 (1) lit. f GDPR, where data processing may become necessary for us in legal proceedings (in Germany, additionally § 26 BDSG applies).

The application process requires applicants to provide us with their personal data. The necessary application data is marked if an online form is provided; otherwise, it is derived from job descriptions. Typically, this includes personal details, postal and contact addresses, and application documents such as cover letters, resumes, and certificates. Applicants may voluntarily provide additional information.

By submitting an application, applicants consent to the processing of their data for the application process under the terms stated in this privacy policy.

If applicants voluntarily provide special categories of personal data per Art. 9 (1) GDPR (e.g., health data, such as disability status or ethnic origin), processing is additionally carried out per Art. 9 (2) lit. b GDPR. If special categories of personal data are requested as part of the application process, their processing follows Art. 9 (2) lit. a GDPR (e.g., health data required for job performance).

Contacting Us

When you contact us (e.g., via contact form, email, phone, or social media), the user’s details are processed to handle the inquiry and its execution in accordance with Art. 6(1)(b) (for contractual/pre-contractual relationships) and Art. 6(1)(f) (for other inquiries) of the GDPR. User details may be stored in a Customer Relationship Management (CRM) system or similar inquiry management system.

We delete inquiries when they are no longer necessary. We review necessity every two years; statutory archiving obligations also apply.

Newsletter

The following information explains the content of our newsletter, the registration, dispatch, and statistical analysis processes, as well as your rights to object. By subscribing to our newsletter, you agree to receive it and to the described processes.

Newsletter Content: We send newsletters, emails, and other electronic notifications containing promotional information ("newsletters") only with recipient consent or legal permission. If the newsletter’s content is specifically described during registration, it is relevant for user consent. Otherwise, our newsletters contain information about our services and company.

Double Opt-In and Logging: Subscription to our newsletter follows a double opt-in process. After registering, you will receive an email requesting confirmation. This confirmation ensures that no one can register using someone else's email. Newsletter registrations are logged to meet legal requirements, including storing registration and confirmation timestamps as well as the IP address. Changes to stored data at the email service provider are also recorded.

Registration Data: To subscribe, providing your email address is sufficient. Optionally, you may enter a name for personalized addressing.

Legal Basis: Newsletter dispatch and associated performance measurement occur based on recipient consent under Art. 6(1)(a), Art. 7 GDPR, in conjunction with § 7(2)(3) UWG, or if consent is not required, based on our legitimate interest in direct marketing under Art. 6(1)(f) GDPR in conjunction with § 7(3) UWG.

Logging the registration process is based on our legitimate interests (Art. 6(1)(f) GDPR) in using a user-friendly and secure newsletter system that serves our business interests, meets user expectations, and allows us to document consent.

Cancellation/Withdrawal: You can cancel newsletter reception at any time, i.e., withdraw your consent. A cancellation link is provided at the end of every newsletter. We may retain unsubscribed email addresses for up to three years based on our legitimate interests to verify prior consent. Processing these data is restricted to potential legal defenses. An individual deletion request is possible if prior consent is confirmed.

Newsletter Service Provider

Our newsletters are sent via [NAME, ADDRESS, COUNTRY]. The provider’s privacy policy can be found here: [LINK TO PRIVACY POLICY]. The provider is used based on our legitimate interests under Art. 6(1)(f) GDPR and a data processing agreement under Art. 28(3)(1) GDPR.

The provider may process recipient data in pseudonymized form to optimize its services, e.g., for technical improvement or statistical analysis. However, it does not use recipient data for its own purposes or share them with third parties.

Newsletter Performance Measurement

Newsletters contain a "web beacon" (a tiny file retrieved from our or our provider’s server when opened). Upon retrieval, technical data such as browser information, system data, IP address, and access time are collected.

These data help improve technical aspects and analyze reading behaviors based on access locations (via IP) or reading times. Statistics include whether newsletters are opened, when they are opened, and which links are clicked. Although this data can be assigned to individual recipients, it is neither our intention nor that of our provider to monitor specific users. Rather, these evaluations help us understand reading habits and tailor content accordingly.

Separate withdrawal from performance measurement is not possible; in this case, the entire newsletter subscription must be canceled.

Hosting and Email Services

We use hosting services to provide infrastructure, computing capacity, storage, databases, email services, security, and maintenance for our online services.

Our hosting provider processes customer, prospect, and visitor data based on our legitimate interest in an efficient and secure service provision (Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR, data processing agreement).

Access Data and Log Files

We or our hosting provider collect data on each server access (so-called log files) based on our legitimate interests (Art. 6(1)(f) GDPR). Access data include:

Name of accessed webpage

File

Date and time of access

Data volume transferred

Success message

Browser type/version

User’s operating system

Referrer URL (previous page visited)

IP address

Requesting provider

Log files are stored for up to seven days for security reasons (e.g., fraud investigation) and then deleted. Data required for evidence remain stored until the incident is fully resolved.

Google Analytics

Based on our legitimate interests (i.e., analysis, optimization, and economic operation of our online services, Art. 6(1)(f) GDPR), we use Google Analytics, a web analysis service by Google LLC (“Google”). Google uses cookies, and collected data is usually transmitted to Google servers in the U.S.

Google is certified under the Privacy Shield Agreement, ensuring compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google processes data on our behalf to analyze online service usage, compile reports, and provide further associated services. Pseudonymous user profiles may be created.

Google Analytics is used with IP anonymization, meaning IP addresses are shortened within EU/EEA member states before transmission to the U.S. Only in exceptional cases is the full IP transmitted and shortened there.

The user’s browser-transmitted IP is not merged with other Google data. Users can prevent cookie storage via browser settings. Additionally, data collection and processing by Google can be prevented by downloading and installing this browser plugin: http://tools.google.com/dlpage/gaoptout?hl=en.

Further details on Google's data usage, settings, and opt-out options are available in Google's privacy policy (https://policies.google.com/privacy) and ad settings (https://adssettings.google.com/authenticated).

Personal data are deleted or anonymized after 14 months.

Google AdSense with Personalized Ads

Based on our legitimate interests (i.e., analysis, optimization, and economic operation of our online services, Art. 6(1)(f) GDPR), we use Google AdSense services provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google is certified under the Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use AdSense to display ads and earn compensation for ad placements. Usage data (e.g., clicks on ads, IP address) is processed pseudonymously, with IPs truncated by the last two digits.

We use AdSense with personalized ads, where Google infers user interests based on visited websites or used apps, allowing advertisers to tailor campaigns accordingly. Google considers ads personalized if collected data reveal relevant information about users.