Data protection declaration

ACAD International Research AG
Norastrasse 7
CH-8004 Zürich

represented by the CEO, Dr Thomas Nemet.

est. 2004

Privacy is of utmost importance to us. To ensure you know when and how we collect and use personal data, please review the information below. This also includes details about your rights.

All personal data and information regarding your projects are treated with absolute confidentiality. The details you provide in the contact form are transmitted via an encrypted connection and are therefore securely protected.

All data will be deleted when no longer needed. We assure you that we will never contact you unsolicited.

Zurich, as of 27.02.2024

Cookies
We use cookies to improve our service. The data transmitted for this purpose is anonymous and does not allow any conclusions to be drawn about your identity.
On every page, at the bottom, you have the option to adjust your cookie settings.

Additionally, we use server-side tracking with Stape.io. This means that tracking data is not sent directly from your browser to third parties such as Google, Meta (Facebook), or TikTok but is first processed on our own servers before being forwarded. This allows for better control over the transmitted data and ensures a privacy-compliant analysis of our advertising campaigns.

Non-Binding Nature
If you do not accept our offer within the specified binding period, your data will be completely deleted after 6 months.

Data Deletion
We guarantee the deletion of all project-related data 31 days after the completion of your project. This is carried out as part of our deletion routine and happens automatically. Please make sure to save partial deliveries and literature references accordingly.

SSL/TLS and HTTPS
We use an encrypted communication protocol to securely transmit your data and protect it from eavesdropping.

Two-Server Solution
During processing, order-relevant data is stored in a fragmented and encrypted form on two servers. This ensures that third parties cannot access the data through unauthorized intrusion.

Anonymity
Our authors do not have access to your personal data. You communicate using your first name or a pseudonym of your choice.

Youth Protection
Our services are intended exclusively for individuals who have reached the age of 18.

1. Controller

The entity responsible for data processing under data protection regulations is:

ACAD International Research AG
Norastrasse 7
CH-8004 Zurich
+41 43 5085 017
acad@acad-write.com

Represented by the CEO, Mr. Thomas Nemet.

2. Definitions

Our privacy policy is based on the relevant provisions of the European General Data Protection Regulation (GDPR). To make it understandable for everyone, we would like to explain the key terms in advance (not exhaustive):

  • Personal data refers to any information relating to an identified or identifiable natural person (“data subject”). A natural person is considered identifiable if they can be identified directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (Article 4(1) GDPR).

  • Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction (Article 4(2) GDPR). The term “processing” is used synonymously with “handling.”

  • Restriction of processing refers to the marking of stored personal data with the aim of limiting its future processing (Article 4(3) GDPR).

  • Profiling refers to any form of automated processing of personal data that consists of using this data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person (Article 4(4) GDPR).

  • Pseudonymization refers to the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without additional information, provided that this additional information is stored separately and is subject to technical and organizational measures ensuring that the personal data is not attributed to an identified or identifiable natural person (Article 4(5) GDPR).

  • Controller refers to the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for their nomination may be provided for by Union or Member State law (Article 4(7) GDPR).

  • Processor refers to a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller (Article 4(8) GDPR).

  • Recipient refers to a natural or legal person, public authority, agency, or another body to whom personal data is disclosed, whether a third party or not. However, authorities that may receive personal data in the framework of a particular inquiry under Union or Member State law shall not be considered recipients; the processing of such data by those authorities shall be in compliance with the applicable data protection rules in accordance with the purposes of the processing (Article 4(9) GDPR).

  • Third party refers to a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process personal data (Article 4(10) GDPR).

  • Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them (Article 4(11) GDPR).

  • Personal data breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed (Article 4(12) GDPR).

3. Collection and Processing of Personal Data

a) General Collection and Processing of Personal Data

We process personal data for the purpose of concluding and managing contractual relationships with customers, potential clients of our services, suppliers, service providers, contractors, applicants, and other third parties. Additionally, we process personal data collected during visits to and use of our website www.acad-write.org (“Homepage”), as well as data provided through registration functions available on our website (such as inquiry, application, press, and contact forms). Where legally permitted, we may also collect personal data from publicly accessible sources (e.g., commercial registers, telephone directories, or similar public records and media) or from the internet in general.

It is generally possible to visit our website without providing personal data. However, the data listed below is collected when accessing our website.

If and to the extent that certain services on our website are used, it may be necessary to collect and process the personal data you provide in this context, as described below.

We always process data in compliance with applicable data protection regulations, particularly the GDPR.

b) General Data

With each visit to our homepage by a data subject or an automated system, general data and information are collected and stored in the server’s log file. These may include, among others:

  • Browser type and version
  • Operating system used
  • Website from which you visit us (referrer URL)
  • Website you are visiting
  • Date and time of your access
  • Your Internet Protocol address (IP address)
  • Other data and information that serve to prevent dangers in case of attacks on our IT system

Based on this general data and information, we cannot draw any conclusions about the data subject. The general data and information are stored separately from any personal data that may have been provided and do not allow conclusions to be drawn about a specific person. They are evaluated for statistical purposes to optimize our internet presence and offers, to display our content correctly, to ensure the permanent functioning of our IT systems and our technology, or to be able to provide law enforcement authorities with the information necessary for prosecution in the event of a system attack. Through the aforementioned type of evaluation, we want to ensure that we obtain statistical information and can also increase data protection and data security in order to ultimately achieve a high level of protection for the personal data we process.

c) Cookies

Our homepage uses cookies. These do not damage your computer and do not contain viruses. Cookies are small files that are placed on your access device (computer, smartphone, tablet, etc.) or stored by your browser when you visit our homepage. They serve to increase the user-friendliness, effectiveness, and security of our homepage. In addition, cookies can be used to collect statistical data on website usage and analyze it to improve our offerings. Cookies can be so-called “session cookies,” which are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them (so-called “permanent cookies”). These permanent cookies allow your browser to be recognized on your next visit.

You can adjust your browser settings so that you are informed about the setting of cookies and allow cookies only in individual cases. You can exclude the acceptance of cookies for certain cases or generally, prevent the storage of cookies, or activate the automatic deletion of cookies when closing the browser. However, the functionality of our homepage may be limited afterward.

You have the option to adjust your cookie settings at the bottom of each subpage of our homepage.

d) Registration Functions – Inquiry, Application, and Press Forms

On our homepage, there is the possibility to make a project inquiry and register or apply as an author (ghostwriter) by providing personal data. The respective personal data transmitted to us can be seen in the self-explanatory input mask. The data entered during this registration is processed exclusively for the use of our services or in the application process. With your registration, your IP address and the date as well as the time of your registration are also stored. This serves as protection in case a third party misuses your data and registers on the homepage with this data without your knowledge. There is no transfer to third parties unless there is a legal obligation to do so or the transfer serves the purpose of criminal prosecution. A comparison of the data collected in this way with data that may be collected by other components of the homepage is also not carried out.

Data subjects who have registered with us have the option to change or have completely deleted the personal data provided during registration at any time.

We automatically delete all data of the inquiring data subject if the offer we prepared is not accepted within the six-month binding period. Data that reaches us in the application process is stored in accordance with statutory requirements.

Upon request, we provide information to any data subject at any time about whether and, if so, which personal data we have stored about them. We also correct or delete personal data at the request of the data subject, unless legal retention obligations prevent this. In this case, the personal data will be blocked. We are available to you as the data subject in this context as a contact person. Corresponding information requests can be submitted in writing or by email to the contact address mentioned at the beginning (Section 1), accompanied by a copy of an official ID.

e) Contact Options

We provide information on our homepage (email, contact form) that enables quick electronic contact and direct communication with us. If contact is made in this way, the information you provide will be stored for the purpose of processing the contact. A comparison of the data collected in this way with data that may be collected by other components of the homepage is also not carried out. We, as the controller responsible for processing, may forward the data to processors (e.g., for contract and payment processing, etc.). However, the processor(s) also process the personal data exclusively for internal use attributable to us.

f) Duration of Storage, Deletion and Blocking/Deletion Routine

The processing of personal data only takes place for the period necessary to achieve the storage purpose or as long as this is provided for by relevant legal provisions. After the purpose of storage ceases to apply or after expiry of a legal storage period, we delete or block the personal data in accordance with the legal requirements.

Our deletion routine provides that we delete all data immediately when it is no longer needed. The deletion routine deletes data not subject to retention obligations within 30 days after the end of the order. This deletion routine is only delayed by renewed contact from you in the message center. As soon as a new message has been received by us after completion of the order, the deletion routine starts again. Please independently secure files received from us or your author.

g) Data Subject Rights

Data subjects have the following rights in particular:

  • Confirmation
    Data subjects can request confirmation from us, as the controller responsible for processing, as to whether we process personal data. To exercise this right, the data subject may contact the contact address mentioned at the beginning (Section 1) at any time.
  • Information
    Any data subject may request information from us, as the controller responsible for processing, at any time and free of charge as to whether and, if so, what personal data we have stored about them. A copy of this must be provided to the person. In addition, the data subject may request information about (a) the purposes of processing and, if applicable, the legal basis for processing, (b) the categories of personal data processed, (c) the recipients or categories of recipients to whom personal data has been or will be disclosed, (d) the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration, (e) the existence of the right to rectification or deletion or the right to restrict processing by the controller or the right to object to such processing, (f) the existence of a right to lodge a complaint with a supervisory authority, and (g) the existence of automated decision-making, including profiling and meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject. If personal data is not collected directly from the data subject, information must be provided about all available information on the origin of the data. In addition, the data subject has the right to be informed about whether personal data has been transferred to a third country or to an international organization. If so, the data subject must be informed about the appropriate guarantees in connection with the transfer. To exercise this right, the data subject may contact the contact address mentioned at the beginning (Section 1) at any time.
  • Rectification
    Any data subject may request from us, as the controller responsible for processing, the immediate rectification of incorrect personal data concerning them at any time. In addition, the data subject is entitled to request the completion of incomplete personal data, taking into account the purposes of the processing. To exercise this right, the data subject may contact one of our employees at any time.
  • Deletion/Right to be Forgotten
    Any data subject may request from us, as the controller responsible for processing, that the personal data concerning them be deleted immediately if one of the following reasons applies:

    • The processing of personal data is no longer necessary for the original purpose for which it was collected or otherwise processed.
    • The consent to data processing has been revoked by the data subject and there is no legal basis for data processing.
    • The data subject has objected to the data processing in accordance with Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the data processing.
    • The data subject has objected to the data processing in accordance with Art. 21 Para. 2 GDPR.
    • The processing of personal data is unlawful.
    • Deletion is required for legal reasons.
    • The data collection took place in connection with offered services of the information society within the meaning of Art. 8 Para. 1 GDPR.
  • If one of the aforementioned reasons exists and the data subject requests the deletion of personal data stored with us, they can contact the person at the contact address mentioned at the beginning (Section 1) at any time, who will arrange for the deletion.
    If we, as the controller according to Art. 17 Para. 1 GDPR, are obliged to delete personal data, we will take appropriate (technical) measures with the technologies available to us and taking into account the costs for implementation to inform other controllers about the data subject’s request for deletion. Our employees will arrange everything necessary in individual cases.
  • Restricted Processing
    Any data subject may request from us, as the controller responsible for processing, that we restrict the processing of personal data if and to the extent that one of the following conditions applies:

    • The data subject disputes the accuracy of the personal data for the period during which it is possible for us, as the controller responsible for processing, to verify its accuracy.
    • The data processing is unlawful, and the data subject requests restricted processing of personal data instead of deletion.
    • We, as the controller responsible for processing, no longer need the personal data of the data subject; the data subject, on the other hand, needs the personal data to assert, exercise, and/or defend their legal claims.
    • The data subject has objected to the data processing in accordance with Art. 21 Para. 1 GDPR, and it is still unclear whether any overriding legitimate grounds exist for us, as the controller responsible for processing, for the data processing.
  • If one of the aforementioned conditions exists and the data subject wishes to restrict the processing of personal data, they can contact the person at the contact address mentioned at the beginning at any time, who will then arrange everything necessary (Section 1).
  • Right to Data Portability
    Any data subject may request from us, as the controller responsible for processing, that we transfer the relevant personal data in a structured, common/familiar, and machine-readable format. The data subject can also request that the personal data concerning them be transmitted to another controller without hindrance from us, provided that the data processing is based on consent within the meaning of Art. 6 Para. 1 lit. a GDPR, Art. 9 Para. 2 lit. a GDPR, or on a contract according to Art. 6 Para. 1 lit. b GDPR and is carried out with the help of an automated procedure, unless the data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as the controller. In exercising the right to data portability, the data subject has the right to have their personal data transmitted directly from one controller to another controller, provided that this transfer is technically feasible and does not impair the rights and freedoms of other persons. To exercise this right, the data subject may contact one of our employees at any time.
  • Right to Object
    Any data subject may object to us, as the controller responsible for processing, at any time to the processing of personal data concerning them, provided that the data processing is carried out in accordance with Art. 6 Para. 1 lit. e or f GDPR. This applies equally to profiling based on this regulation. We will no longer process the personal data after an objection has been made, unless there are compelling, protective grounds for data processing that outweigh the interests, rights, and freedoms of the data subject. The same applies to cases in which the data processing serves to assert, exercise, or defend claims. To exercise this right, the data subject may contact the contact address mentioned at the beginning at any time. You can object to the processing of your data through server-side tracking with Stape.io at any time by adjusting your cookie settings. Please note that the opt-out may still allow anonymous data to be processed that does not allow conclusions to be drawn about your person.
  • Automated Individual Decisions/Profiling
    Any data subject may request from us, as the controller responsible for processing, that we do not make decisions that have legal effects on the data subject or similarly significantly affect them solely on the basis of automated processing, including profiling, provided that the decision (a) is not necessary for entering into or the performance of a contract between the data subject and us, or (b) is permitted by applicable legal provisions and these legal provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, or (c) is made with the explicit consent of the data subject. If the decision is necessary for entering into or the performance of a contract between the data subject and us, as the controller responsible for processing, or if the data subject has given explicit consent, we will implement appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject. This includes at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision. To exercise this right, the data subject may contact the contact address mentioned at the beginning at any time (Section 1).
  • Withdrawal of Consent
    Any data subject may withdraw consent to the processing of personal data at any time. To exercise this right, the data subject may contact the contact address mentioned at the beginning at any time (Section 1). The withdrawal of your consent to the use of online tracking and social media services can also be carried out via the relevant websites, if applicable.

4. Data Protection Regarding the Use of Facebook Components

We use components from the provider Facebook. In your browser, this may appear as facebook.net or facebook.com. Facebook is a service of Meta Platforms, Inc., 1601 Willow Rd, Menlo Park, CA, USA. This Facebook component is configured to be deactivated by default. If you activate cookies by clicking, Facebook Inc. may register that you have visited our website and use this information for its own purposes. The data processing then takes place under the responsibility of Facebook Inc. in accordance with its privacy policy.

When activated, the Facebook component ensures that, each time our website equipped with such a component is accessed, the browser downloads a corresponding display of the Facebook component.

If you wish to prevent Facebook from transmitting and storing personal data and your browsing behavior, you must log out of Facebook before visiting our website. For more information, please refer to Facebook’s privacy policy, which provides details on data collection and usage by Facebook, your rights in this regard, and settings to protect your privacy: facebook.com/about/privacy.

Additionally, there are external tools available on the market that allow you to block Facebook social plug-ins with add-ons for all common browsers.

An overview of Facebook plug-ins can be found at developers.facebook.com/docs/plugins.

5. Data Protection Regarding the Use of Google Components

Google Analytics and Google Analytics 4 (GA4)

Google Analytics 4 (GA4) is considered a necessary cookie by us and cannot be deactivated.

We use Google Analytics and Google Analytics 4, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics allows us to analyze your use of this website by using text files stored on your computer, known as “cookies.” The information generated is generally transferred to and stored on a Google-operated server in the USA. Google uses this information to analyze website usage on behalf of the website operator, compile reports on website activity, and provide other services related to website usage.

However, this website uses the IP masking method, ensuring that your IP address is anonymized by Google before being transferred to the USA. This happens within EU member states or other contracting states of the European Economic Area (EEA). In exceptional cases, IP address anonymization may occur only after transmission to the USA. Additionally, we have disabled the “Data Sharing” and “Signals” settings. While we assume that the data shared with Google does not constitute personal data, there is a possibility that Google may use this data for its own purposes, potentially drawing conclusions about your identity, creating personal profiles, and linking this data to your Google account. By agreeing to the use of Google Analytics, you explicitly consent to such processing, including the transfer of personal data to the USA and other countries.

You can prevent the storage of cookies by adjusting your browser settings accordingly. However, in this case, you may not be able to fully use all functions of this website. Additionally, you can prevent the collection and processing of data generated by cookies through Google by using a browser plug-in. Furthermore, you can opt out of the collection of data related to your use of the website and its processing by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout.

Google Tag Manager

This website uses Google Tag Manager, a service that manages various website tags. The Google Tag Manager does not set its own cookies but only uses so-called tags. The service does not collect any personal data. It merely triggers other tags, which may themselves collect data. However, the Google Tag Manager does not access this data independently.

Google AdSense

We work with advertising partners to target ads as accurately as possible, show you relevant advertisements on other websites, and evaluate the success of our ad campaigns. Our advertising partners may use cookies and other technologies to measure the effectiveness of their advertisements and personalize the ad content for you. Specifically, we use Google AdSense, a service provided by Google, to display advertisements on our website.

Google AdSense analyzes how you use the web service with the help of cookies. Additionally, Google AdSense employs web beacons, which allow for further data collection, such as analyzing visitor traffic on websites. Web beacons are invisible graphics.

The data generated through the mentioned cookies and web beacons (including your IP address), as well as information about the display of advertisements, is stored in the United States by being transmitted to a Google server. It is possible that Google may share the stored data with contractual partners. However, your IP address will not be linked to any other collected information.

AdSense cookies are stored based on our legitimate interests. As a website operator, there is a legitimate interest in analyzing user behavior to optimize advertising offers based on user preferences.

By agreeing to the use of Google AdSense, you explicitly consent to the described processing, including the transfer of personal data to the USA and other countries.

You can refuse the installation of cookies in your browser settings. However, this may limit the functionality of our website. By using this web service, you consent to data processing by Google in the manner and for the purposes described above.

Google Analytics Remarketing

We work with advertising partners to target ads as accurately as possible, show you relevant advertisements on other websites, and evaluate the success of our ad campaigns. Our advertising partners may use cookies and other technologies to measure the effectiveness of their advertisements and personalize the ad content for you. Specifically, our web service uses Google Analytics Remarketing, Google AdWords, and Google DoubleClick, all services provided by Google.

Google Analytics Remarketing helps link advertising target groups identified through this tool with the cross-device functions of Google AdWords and Google DoubleClick. This allows advertising messages to be personalized and tailored to your interests by analyzing your usage behavior and adjusting the ads displayed across all your devices accordingly.

If you have given your consent, your Google account will be linked to your browsing history across websites and apps. As a result, all devices on which you use your Google account will display the same personalized ads tailored to you.

To achieve this, Google Analytics collects Google-authenticated user IDs and temporarily links them with our Google Analytics data. This enables the definition of target audiences for which personalized ads can then be displayed across different devices.

By agreeing to the use of Google Analytics Remarketing, you explicitly consent to the described processing, including the transfer of personal data to the USA and other countries. You can permanently opt out of cross-device remarketing/targeting by disabling personalized advertising in your Google account via the following link: https://www.google.com/settings/ads/onweb/.

The data collected in your Google account is only merged based on your consent, which you can revoke at any time. If the data is not linked to your Google account (for example, if you do not have an account or have opted out), data collection is based on our legitimate interests. The website provider has a legitimate interest in analyzing anonymized user behavior to optimize advertising offers.

Google provides further information and its privacy policy at: https://www.google.com/policies/technologies/ads/.

Google AdWords and Google Conversion Tracking

This website uses the online advertising program Google AdWords, provided by Google.

Google AdWords uses conversion tracking, which involves placing a cookie when you click on a Google ad. Cookies are text files stored locally on users’ devices by their browser. These cookies have a limited validity of 30 days and help identify users to determine whether a user has visited a website after clicking on a Google ad and being redirected accordingly.

Cookies are assigned individually so that each AdWords customer receives a different cookie. These cookies cannot be tracked across different websites. The data collected via conversion cookies is used to generate conversion tracking statistics for AdWords customers. No personal identification data is collected. However, customers can see the total number of users who clicked on an ad and were redirected to a website equipped with a conversion tracking tag.

By agreeing to the use of AdWords and Google Conversion Tracking, you explicitly consent to the aforementioned processing, including the transfer of personal data to the USA and other countries.

You can opt out of tracking by disabling conversion tracking cookies in your usage settings. This will prevent your data from being recorded in conversion tracking statistics.

Conversion cookies are stored based on our legitimate interests. The website provider has a legitimate interest in analyzing user behavior to optimize advertising offerings in a targeted and personalized manner.

Further information on Google AdWords and Google Conversion Tracking can be found in Google’s privacy policy: https://www.google.de/policies/privacy/.

It is possible to configure browser settings so that you are informed about cookies being set and can allow them only in individual cases, restrict their storage, or prevent them altogether. Additionally, cookies can be automatically deleted when closing the browser. Please note that disabling cookies may affect the functionality of this website.

Google reCAPTCHA

This website uses Google reCAPTCHA (“reCAPTCHA”) in its contact form, provided by Google.

This service is used to determine whether data entered on this website (e.g., in forms) is submitted by a human or an automated program. To achieve this, reCAPTCHA analyzes website visitors’ behavior by checking certain information (such as IP address, time spent on the website, or user mouse movements). This analysis takes place automatically in the background as soon as a user visits the website, and the data is transmitted to Google.

The analyses conducted by reCAPTCHA run in the background and are not visible to users of the website.

The processing of collected data is based on our legitimate interests. The website provider has a legitimate interest in protecting its web services by preventing spam and automated data scraping for abusive purposes.

Further information on reCAPTCHA and Google’s privacy policy can be found here:
https://www.google.com/intl/en/policies/privacy
https://www.google.com/recaptcha/intro/android.html

Server-Side Tracking with Stape.io

We use Stape.io as a server-side tracking solution to capture interactions on our website and forward them to third-party providers such as Google Ads, Meta (Facebook), and TikTok. This process involves collecting data such as IP addresses, visited pages, timestamps, and conversions, which are first processed on our servers before being transmitted to these providers.

This method allows us to have greater control over which data is shared. The processing is based either on your consent (Art. 6(1)(a) GDPR) or – if explicit consent is not required – on our legitimate interest (Art. 6(1)(f) GDPR) in effectively analyzing and optimizing our advertising campaigns.

You can opt out of processing by Stape.io at any time in our cookie settings.

6. Data Protection for the Use of ProvenExpert

We have integrated components of the review service ProvenExpert, operated by Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin, Germany, on our website. We highly value our customers’ opinions about our services and performance. We are interested in understanding what works well and what can be improved. Customer reviews ensure transparency and allow us to learn from feedback and optimize our services. Customers have the opportunity to share their opinions via the review service ProvenExpert. Reviews are published both on our website and on the ProvenExpert platform.

After completing an order, we only transmit the order number and the customer’s email address to ProvenExpert. Instead of the customer’s name, we transmit the term “Customer,” which each user can change. The customer’s email address is not published by ProvenExpert. The affected individual can revoke their consent to the processing of personal data at any time by contacting ProvenExpert. The applicable ProvenExpert privacy policy can be accessed at https://www.provenexpert.com/en-us/privacy-policy/. If a customer does not agree to the transfer of data to ProvenExpert, they can contact us at the address mentioned in section 1 at any time.

7. Data Protection for the Use of YouTube

As the data controller, we use components of the YouTube service on our website. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc. and allows publishers to upload videos to the online platform free of charge. YouTube also enables other users to watch, rate, and comment on these videos for free. Since YouTube allows the publication of all types of videos, users can access full movies, TV shows, trailers, music videos, and self-produced content.

The YouTube component is configured to be deactivated by default. If you activate it by clicking, YouTube can register that you have visited our website and may use this information for its own purposes. In this case, data processing is the responsibility of YouTube, in accordance with its privacy policy.

When you activate the YouTube component, your browser is automatically prompted to load a YouTube component display from YouTube whenever you visit a page on our website that includes an embedded YouTube component. More information about YouTube can be found at youtube.com/yt/about/en.

Through this automated process, YouTube and Google are informed about which specific subpages of our website you visit. If you are logged into YouTube while visiting our website, YouTube can link your visit to your YouTube account. YouTube and Google collect this information and associate it with your YouTube profile. Both YouTube and Google are thus informed that you have visited our website, regardless of whether you click on a video or not.

If you want to prevent this data transmission to YouTube and Google, you must log out of your YouTube account before visiting our website. YouTube’s privacy policy, available at google.de/intl/en/policies/privacy, provides information about how YouTube and Google collect, process, and use personal data.

8. Data Protection for the Use of WordPress Plugins

Yoast SEO

We use the Yoast SEO plugin (basic version) on our website. This is a product of Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, Netherlands. The plugin handles the technical optimization of pages for search engines. More information can be found in the Yoast BV privacy policy, which is available at https://yoast.com/privacy-policy/. You can prevent the storage of the necessary cookies by adjusting your browser settings accordingly.

Polylang

To provide multilingual support on our website, we use the Polylang software. Polylang is a product of WP SYNTEX, 28 Rue Jean Sebastien Bach, 38090 Villefontaine, France. This tool allows us to define different languages for various regions. Polylang only sets cookies to recognize and store the user’s selected language. These cookies are stored for one year and then deleted. More information on data protection can be found at https://polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law/.

Wordfence Security

To secure our website, we use the Wordfence Security service provided by Defiant Inc., 800 5th Ave., Suite 4100, Seattle, WA 98104, USA. This service is used based on our legitimate interest in protecting our website. The software helps defend against attacks by cybercriminals. To determine whether a user is human or a bot, the plugin sets cookies. Additionally, IP addresses are stored on Wordfence servers to protect against brute-force and DDoS attacks. Further information on how Wordfence handles data can be found in Defiant’s privacy policy at https://www.wordfence.com/privacy-policy/.

9. Fonts

This website uses system-based fonts to ensure consistent typography. These fonts are already installed locally on your device. No connection is made to our servers or third-party servers.

Google Fonts

The tool “Google reCAPTCHA” mentioned in Section 5 and the component “ProvenExpert” mentioned in Section 6 may use fonts that require a server connection. By using this website, you consent to this connection, as these tools have been classified as necessary.

10. Purpose and Legal Basis for Data Processing

We process the collected personal data if and to the extent necessary for carrying out pre-contractual measures, concluding contracts, and fulfilling contractual obligations, including communication with you. Additionally, we process personal data for operating our website, analyzing and improving its functionalities, handling inquiries and applications, as well as for marketing purposes, market research, and improving our services. Furthermore, we process personal data for billing, debt collection, security purposes, general business management, operational or administrative purposes, asserting legal claims, conducting legal proceedings, and fulfilling legal obligations.

Data processing is only carried out if there is a legal basis for it or if the data subject has given their consent.

The legal basis for data processing is:

  • Article 6(1)(a) GDPR, if we obtain consent for a specific processing purpose.

  • Article 6(1)(b) GDPR, if data processing is required for the conclusion or fulfillment of a contract where the data subject is a party. This also applies to pre-contractual measures, such as inquiries about our products or services (e.g., ghostwriting).

  • Article 6(1)(c) GDPR, if we are subject to a legal obligation that requires the processing of personal data (e.g., tax obligations).

  • Article 6(1)(f) GDPR, if none of the above legal bases apply and the processing is necessary to protect our legitimate interests or those of a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override these interests. If data processing is based on Article 6(1)(f) GDPR, our legitimate interest lies in conducting and exercising our business activities in the best interests of our employees and shareholders.

11. Data Security

As the data controller, we have implemented appropriate technical and organizational measures to protect the personal data we process from unauthorized access by third parties, unlawful or improper processing, accidental disclosure, loss, and misuse. We have introduced a range of technical and organizational safeguards to ensure the security of data processed through our website.

However, we cannot completely rule out potential security vulnerabilities in internet-based data transmissions, meaning absolute protection cannot be guaranteed. Therefore, we give each data subject the option to provide their personal data via alternative means (e.g., telephone or postal mail).

12. Obligation to Provide Personal Data

We hereby inform you that in some cases, legal regulations require the provision of personal data (e.g., tax laws), or such an obligation may arise from contractual agreements. It may be necessary for concluding a contract that the data subject provides us with personal data, which we must then process during the course of the contract (e.g., contract execution). If personal data is not provided in these cases, we may be unable to enter into a contract with the data subject. Before providing personal data, the data subject should contact us so that we can clarify, on a case-by-case basis, whether providing the data is legally or contractually required, necessary for concluding a contract, whether there is an obligation to provide the data, and what the consequences of non-provision would be.

13. Automated Decision-Making/Profiling

We do not engage in automated decision-making or profiling.

14. Data Sharing and Transfer of Personal Data Abroad

Where legally permissible and deemed appropriate by us, we may disclose the personal data we collect to third parties (e.g., service providers, suppliers, and other contractual partners) in Switzerland and worldwide (e.g., Germany, France, other European countries, and the USA) for processing on our behalf and for our purposes. These third parties must contractually agree to process personal data solely on our behalf, for our purposes, and in compliance with this privacy policy and applicable data protection laws. Additionally, we may transfer personal data to our branch in Germany, which may use this data for the same purposes as outlined in this privacy policy.

Apart from cases where we are legally required to disclose data or subject to a court or regulatory order, personal data will only be shared with third parties with your consent.

If data is transferred to a country without adequate legal data protection, we ensure an appropriate level of protection by using sufficient contractual safeguards (notably based on the EU Standard Contractual Clauses (SCCs)) or Binding Corporate Rules. Alternatively, we may rely on legally permitted exceptions (such as consent, contract performance, overriding public interest, legal claims, publicly available data, or protection of vital interests). You may request information about appropriate safeguards at any time by submitting a copy of an official identification document. However, we reserve the right to redact or provide only excerpts of such guarantees for privacy or confidentiality reasons.

As part of server-side tracking with Stape.io, personal data (such as IP addresses, user interactions, and visited pages) is first processed on our own servers before being forwarded to advertising platforms such as Google Ads, Meta (Facebook), and TikTok. These providers may store and process data in countries outside the EU (e.g., the USA).

The data transfer is based on the EU Standard Contractual Clauses (SCCs) or, where applicable, the EU-U.S. Data Privacy Framework. Further details on the data protection policies of these providers can be found in their respective privacy policies.

15. Changes to this Privacy Policy

We may modify this privacy policy at any time without prior notice. The most recent version published on our website applies. If this privacy policy is part of a contractual agreement between you and us, we will inform you of any changes in an appropriate manner.