Privacy Policy

Privacy Policy

This site is operated from Germany. The legally binding version of this privacy policy is the German version available at laier8.de/datenschutz. The English version below mirrors the German version in content; in the event of any discrepancy, the German version prevails.

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

Date: 11 May 2026

Table of contents

Controller

Jean-Michel Matysiak
Bahnhofstraße 17
97645 Ostheim v. d. Rhön
Germany

Email address: [email protected]

Imprint: https://laier8.de/en/imprint

Overview of processing operations

The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of processed data

  • Inventory data.
  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication and procedural data.
  • Log data.

Categories of data subjects

  • Users.
  • Third parties.

Purposes of processing

  • Communication.
  • Security measures.
  • Reach measurement.
  • Tracking.
  • Target group formation.
  • Feedback.
  • Marketing.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.
  • Public relations.

Relevant legal bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations of your or our country of residence or domicile may apply. If, in addition, more specific legal bases are relevant in individual cases, we will inform you of these in this privacy policy.

  • Consent (Article 6(1)(a) GDPR): The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Legitimate interests (Article 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection provisions in Germany: In addition to the data protection provisions of the GDPR, national data protection provisions apply in Germany. This includes in particular the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

Security measures

We take appropriate technical and organisational measures in accordance with the statutory requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access affecting it, input, disclosure, ensuring availability and separation.

Securing online connections via TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology. This technology encrypts the information transmitted between the website and the user's browser, thereby protecting the data from unauthorised access.

Transmission of personal data

In the course of our processing of personal data, it may happen that data is transmitted to other entities, companies, legally independent organisational units or persons, or disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks, or providers of services and content embedded in a website. In such cases, we comply with the statutory requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

International data transfers

Data processing in third countries: Insofar as we transfer data to a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or such transfer occurs in the context of the use of third-party services, this is always done in accordance with the statutory requirements.

For data transfers to the USA, we rely primarily on the Data Privacy Framework (DPF), which was recognised as a secure legal framework by an adequacy decision of the European Commission on 10 July 2023. In addition, we have concluded Standard Contractual Clauses with the respective providers that comply with the European Commission's requirements and establish contractual obligations to protect your data.

For the individual service providers, we inform you whether they are certified under the DPF and whether Standard Contractual Clauses are in place. Further information on the DPF and a list of certified companies can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/.

General information on data storage and erasure

We erase personal data that we process in accordance with the statutory provisions as soon as the underlying consent is withdrawn or there are no further legal grounds for processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist where statutory obligations or special interests require longer retention or archiving of the data.

Retention and erasure of data: The following general periods apply for retention and archiving under German law:

  • 10 years — Retention period for books and records, annual financial statements, inventories, management reports (Section 147(1) no. 1 in conjunction with (3) AO; Section 257(1) no. 1 in conjunction with (4) HGB).
  • 8 years — Accounting records, such as invoices and cost receipts (Section 147(1) nos. 4 and 4a in conjunction with (3) sentence 1 AO).
  • 6 years — Other business documents: received commercial or business letters and other documents, insofar as they are relevant for taxation.
  • 3 years — Data required to address potential warranty and damage claims or similar contractual claims and rights (Sections 195, 199 BGB).

Start of the period at the end of the year: If a period does not expressly begin on a specific date and is at least one year long, it starts automatically at the end of the calendar year in which the triggering event occurred.

Rights of data subjects

Rights of data subjects under the GDPR: As a data subject under the GDPR, you have various rights, which arise in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
  • Right to withdraw consent: You have the right to withdraw any consent given at any time.
  • Right of access: You have the right to request confirmation as to whether the data in question is being processed, and to receive information about this data as well as further information and a copy of the data in accordance with the statutory requirements.
  • Right to rectification: You have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: In accordance with the statutory requirements, you have the right to request that data concerning you be erased without delay, or alternatively to request a restriction of the processing of the data.
  • Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the statutory requirements, or to request its transmission to another controller.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence.

Competent supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Web: https://www.lda.bayern.de

Provision of the online offering and web hosting

We process the data of users in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary in order to transmit the content and functions of our online services to the user's browser or device.

  • Types of data processed: Usage data (e.g. page views and time spent, click paths, intensity and frequency of use, types of devices and operating systems used); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers); log data (e.g. log files relating to access times).
  • Data subjects: Users (e.g. website visitors).
  • Purposes of processing: Provision of our online offering and user-friendliness; information technology infrastructure; security measures.
  • Retention and erasure: Erasure in accordance with the information in the section "General information on data storage and erasure".
  • Legal bases: Legitimate interests (Article 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

  • Provision of the online offering on our own / dedicated server hardware: For the provision of our online offering, we use server hardware operated by us, as well as the associated storage space, computing capacity and software. Legal bases: Legitimate interests (Article 6(1)(f) GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files may include the address and name of the websites and files accessed, the date and time of access, the volume of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used for security purposes, e.g. to avoid server overload (in particular in the event of abusive attacks, so-called DDoS attacks). Legal bases: Legitimate interests (Article 6(1)(f) GDPR). Erasure of data: Log file information is stored for a maximum period of 30 days and then deleted or anonymised.
  • Cloudflare as a content delivery network and reverse proxy: We use the content delivery network (CDN), the DNS resolution and the Cloudflare Tunnel of Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Cloudflare provides globally distributed servers that accelerate, secure and protect the delivery of our online offering against attacks (e.g. DDoS). When our online offering is accessed, requests are first routed via Cloudflare's servers, with personal data of users (e.g. IP addresses, browser and device information, time of access) being processed. For bot detection, Cloudflare sets the technically necessary cookie __cf_bm with a lifetime of 30 minutes. Service provider: Cloudflare, Inc., USA; Legal bases: Legitimate interests (Article 6(1)(f) GDPR); Privacy policy: https://www.cloudflare.com/privacypolicy/; Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses.

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). The data of readers is processed for the purposes of the publication medium only insofar as this is necessary for its presentation and communication between authors and readers, or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium within the framework of this privacy policy.

  • Types of data processed: Content data (e.g. text or pictorial messages and contributions); usage data (e.g. page views and time spent, click paths); meta, communication and procedural data (e.g. IP addresses, time information).
  • Data subjects: Users (e.g. website visitors).
  • Purposes of processing: Provision of our online offering and user-friendliness.
  • Retention and erasure: Erasure in accordance with the information in the section "General information on data storage and erasure".
  • Legal bases: Legitimate interests (Article 6(1)(f) GDPR).

Presences in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us.

We point out that user data may be processed outside the European Union in the process. This may result in risks for users, because the enforcement of user rights, for example, could be made more difficult.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on the usage behaviour and resulting interests of users. The latter may in turn be used to place advertisements within and outside the networks that presumably correspond to the interests of users. For this reason, cookies are generally stored on users' computers, in which the usage behaviour and interests of users are stored.

For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the privacy policies and information of the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the latter have access to user data and can take appropriate action and provide information directly. If you nevertheless need help, you can contact us.

  • Types of data processed: Contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. text or pictorial messages and contributions); usage data (e.g. page views and time spent, click paths, intensity and frequency of use).
  • Data subjects: Users (e.g. website visitors).
  • Purposes of processing: Communication; feedback; public relations.
  • Retention and erasure: Erasure in accordance with the information in the section "General information on data storage and erasure".
  • Legal bases: Legitimate interests (Article 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

  • YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Article 6(1)(f) GDPR); Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Possibility of objection (opt-out): https://myadcenter.google.com/personalizationoff.
  • Skool: Online community and learning platform; Service provider: Skool.com, Inc., USA; Legal bases: Legitimate interests (Article 6(1)(f) GDPR); Website: https://www.skool.com; Privacy policy: https://www.skool.com/privacy; Basis for third-country transfers: Standard Contractual Clauses pursuant to Article 46(2)(c) GDPR.
  • GitHub: Code hosting and developer platform; Service provider: GitHub, Inc., 88 Colin P Kelly Jr Street, San Francisco, CA 94107, USA, parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA; Legal bases: Legitimate interests (Article 6(1)(f) GDPR); Website: https://github.com; Privacy policy: https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement; Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses.

Plug-ins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This may, for example, involve graphics, videos or maps (hereinafter uniformly referred to as "content").

The integration always presupposes that the third-party providers of this content process the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content or functions. We endeavour to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes.

Notes on legal bases: Insofar as we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is the permission granted. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services).

  • Types of data processed: Usage data (e.g. page views and time spent, click paths, intensity and frequency of use, types of devices and operating systems used); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers).
  • Data subjects: Users (e.g. website visitors).
  • Purposes of processing: Provision of our online offering and user-friendliness; reach measurement; tracking; target group formation; marketing.
  • Retention and erasure: Erasure in accordance with the information in the section "General information on data storage and erasure". Storage of cookies for up to 2 years.
  • Legal bases: Consent (Article 6(1)(a) GDPR); legitimate interests (Article 6(1)(f) GDPR).

Further information on processing operations, procedures and services:

  • YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Article 6(1)(a) GDPR); Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF).

Changes and updates

We ask you to inform yourself regularly about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require any cooperation on your part (e.g. consent) or other individual notification.

Insofar as we provide addresses and contact information of companies and organisations in this privacy policy, please note that the addresses may change over time, and we ask you to check the information before making contact.

Definitions of terms

This section provides you with an overview of the terms used in this privacy policy. Insofar as the terms are defined by law, their legal definitions apply. The following explanations, on the other hand, are intended primarily to aid understanding.

  • Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to that person.
  • Controller: "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data, whether it is collection, evaluation, storage, transmission or erasure.