Privacy Policy

Status: March, 2024

Table of contents

Processing overview
Relevant legal bases
Security measures
Transmission of personal data
Data processing in third countries
Data deletion
Cookies use
Provision of the online offer and web hosting
Blogs and publication media
Contact and request management
Newsletter and electronic notifications
Web analysis, monitoring and optimization
Online marketingAffiliate programs and affiliate links
Presence in social networks (social media)
Plugins and embedded functions and content
Modification and update of the privacy policy
Rights of the data subjects


Processing overview
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed
Inventory data.
Location data.
Contact details.
Content data.
Contract data.
Usage data.
Meta, communication and procedural data.

Categories of persons concerned
Communication partner.

Processing purposes
Provision of contractual services and customer service.
Contact requests and communication.
Safety measures.
Direct marketing.
Reach measurement.
Affiliate tracking.
Managing and responding to inquiries.
Profiles with user-related information.
Provision of our online offer and user-friendliness.
Information Technology Infrastructure.

Relevant legal bases
The following is an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If, in addition, more specific legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.

Consent (Art. 6 (1) p. 1 lit. a) DSGVO) - The data subject has given his/her consent to the processing of personal data concerning him/her for a specific purpose or purposes.
Legitimate interests (Art. 6 (1) p. 1 lit. f) DSGVO) - Processing is necessary to protect the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

Security measures

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, safeguarding of availability and its separation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data compromise. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Transmission of personal data

In the course of our processing of personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

You may contact the representative data protection officer in accordance with Art. 37 Para. 7 DS-GVO to the Bavarian State Office for Data Protection Supervision.

Besnik Kodrolli (Data Protection Officer)
Adress: EverLeaf GmbH, Sederanger 5, 80538 München
Phone: 089215296700