English Deutsch
Spotlight Manager

Privacy Policy

Our website is run according to the following principles.
We comply with the legal provisions on data protection and strive to always take into account the principles of data avoidance and minimization.

1. Name and Address of the Person Responsible and the Data Protection Officer

a) The person responsible

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is:

Redlof Medien GmbH & Co.KG, Technologiepark 11, 91522 Ansbach, E-Mail: privacy@redlof-medien.de

b) The data protection officer
The data protection officer of the person responsible can be reached as follows:

SiDIT GmbH, www.sidit.de, E-Mail: info@sidit.de

2. Explanations of Terms

We have designed our data protection declaration according to the principles of clarity and transparency. However, should there be any ambiguity regarding the use of different terms, the corresponding definitions can be viewed here.

3. Legal Basis for Processing Data

a) Processing of personal data according to the GDPR

We process your personal data such as Your surname and first name, e-mail address and IP address, etc., only if there is a legal basis for this. According to the General Data Protection Regulation, the following regulations, in particular, come into consideration here:

  • Art. 6 Para. 1 ll. 1 letter a GDPR: The data subject has given their consent to the processing of their personal data for one or more specific purposes.
  • Art. 6 Para. 1 ll. 1 letter b GDPR: The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject’s request.
  • Art. 6 Para. 1 ll. 1 letter c GDPR: The processing is necessary to fulfill a legal obligation to which the person responsible is subject
  • Art. 6 Para. 1 ll. 1 letter d GDPR: Processing is necessary to protect the vital interests of the data subject or another natural person
  • Art. 6 Para. 1 ll. 1 letter e GDPR: the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible
  • Art. 6 Para. 1 ll. 1 letter f GDPR: the processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular if the data subject is a child

However, at the relevant points in this data protection declaration, we will always point out the legal basis for processing your personal data.

b) Consent of the legal guardians according to Art. 8 Para.1 ll.2 alt.2 GDPR

A legal guardian must agree to all data processing on this website, for which the consent of a minor who has not yet reached the age of 16 is required.

Information on the individual data processing operations, their purposes, and the data categories affected, for which the consent of the person concerned is required, can be found in the data protection declaration.

You can revoke your consent at any time by sending the declaration of revocation in text form to the contact details of the person responsible. The processing until the revocation remains lawful.

c. Processing of information according to § 25 Para.1 TDDDG

We also process information in accordance with Art. § 25 Para.1 TDDDG by storing information on your terminal equipment or accessing information already stored on your terminal equipment. This may include both personal information and non-personal data, e.g., cookies, browser fingerprints, advertising IDs, MAC addresses, and IMEI numbers. A terminal equipment is any device directly or indirectly connected to the interface of a public telecommunications network for sending, processing, or receiving messages,, § 2 Para.2. Nr.6 TDDDG.

We generally process this information on the basis of your consent, § 25 Para.1 TDDDG.

If an exception under § 25 Para.2 Nr. 1 and Nr.2 TDDDG applies, we do not require your consent. One such exception is where we are accessing or storing the information solely to transmit a message over a public telecommunications network or where it is strictly necessary to provide a Telemedia service that you have requested. You can revoke your consent at any time.

We inform you that the revocation of consent does not affect the lawfulness of the process based on the consent up to the point of revocation.

4. Disclosure of Personal Data

The transfer of personal data is also processed within the meaning of the previous paragraph 3. However, at this point, we would like to inform you again separately about the transfer to third parties. The protection of your personal data is essential to us. For this reason, we are cautious when passing on your data to third parties.

It will, therefore, only be passed on to third parties if there is a legal basis for processing. For example, we pass on personal data to persons or companies working for us as processors per Art. 28 GDPR. Processor is anyone who processes personal data on our behalf – i.e. in particular in an instruction and control relationship with us

Under the requirements of the GDPR, we conclude a contract with each of our processors to oblige them to comply with data protection regulations and thus to provide your data with comprehensive protection.

5. Duration of Storage and Deletion

We will delete your personal data if they are no longer necessary for the purposes for which they were collected or otherwise processed; the processing is not required to exercise the right to freedom of expression and information, to fulfill legal obligation reasons of public interest or to assert, exercise or defend legal claims.

6. SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the website operator, this website uses an SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.

7. Use of AI systems (artificial intelligence)

In order to optimize our processes and improve your personalized visitor experience on our website, your personal data may be processed using artificial intelligence (AI) technologies. AI is used in particular to:
  • perform data analyses,
  • make forecasts,
  • close security gaps,
  • and make routine processes more efficient.

The AI used works in accordance with the principles of the GDPR. Any decisions that have legal or similar implications for you are not made by AI alone, but are supplemented by human intervention.

8. Cookies

We use cookies on our website. Cookies are small data packages your browser automatically creates and are stored on your end device when you visit our website. These cookies are used to store information related to the end device used.

A distinction between “strictly necessary” and “non-necessary” cookies is made when using cookies. Strictly necessary cookies are given if required to provide an information society service you have expressly requested.

a) Technically necessary cookies

To make our website more user-friendly, we use technically necessary cookies. These may be session cookies (e.g., language and font selection, shopping cart, etc.), consent cookies, cookies to ensure server stability and security, or similar. The legal basis for the cookies is Art. 6 (1) (f) GDPR, our legitimate interest in the error-free operation of the website, and our interest in providing you with optimized services.

b) Non-necessary cookies

Non-necessary cookies are for statistical, analysis, marketing, and retargeting purposes.

We set these cookies based on your consent under Art. 6 Para. 1 ll. 1 letter a) GDPR for you.

You can revoke your consent to the use of cookies at any time. We inform you that the revocation of consent does not affect the lawfulness of the process based on the consent up to the point of revocation.

To do this, you can either edit your cookie settings on our website, deactivate the cookies in your browser settings (which can also limit the functionality of the online offer), or set an opt-out for the corresponding service in individual cases.

We will point out the legal basis on which this data is processed for the respective services within the data protection declaration.

Change cookie settings

9. Cookie banner / consent management

To obtain consent for the cookies we use, we use the cookie banner provided by the service provider KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin. This sets a so-called consent cookie to query and process the respective consent status. This consent cookie is technically necessary and is therefore used based on our legitimate interest in accordance with Art. 6 Para.1 ll.1 letter. f GDPR, § 25 Para. 1 TDDDG.

10. Collection and storage of personal data and their type and purpose of use

a) External hosting

Our website is hosted by IONOS SE, Eigendorfer Str. 57, 56410 Montabaur. For this reason, all personal data recorded on our website is stored on the servers of our host unless an external service from a third party is involved. This can be your IP address, e-mail address, communication data, or similar. You can find out which specific personal data is involved in the following with the individual functions and services we have explained. If we use an external service from a third party, this will be clarified in the description of the respective service or tool.
The host only processes your data on our instructions and insofar as this is necessary to fulfill the services on the website. The host does not process the data for its own purposes. We have an order processing contract with them.

b) When visiting the website

When you visit our website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website accessed from (referer URL)
  • Browser used and, if applicable, the operating system of your computer and the name of your access provider

The data mentioned are processed by us for the following purposes:

  • evaluation of security and stability of the system
  • error analysis
  • for other administrative purposes

Data that allow conclusions to be drawn about your person, such as the IP address, will be deleted after seven days at the latest. If we store the data beyond this period, it will be pseudonymized so that it can no longer be assigned to you.
The legal basis for data processing is Art. 6 Para. 1 ll. 1 letter f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

c) Contact form

We provide you with a form on our website so that you can contact us anytime. To use the contact form, it is necessary to provide a name for a personal salutation and a valid e-mail address to contact you so that we know who sent the request and can also process it.

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provided there and your IP address, are in accordance with the Art. 6 Para. 1 ll. 1 letter b and f GDPR to carry out pre-contractual measures that are carried out at your request or to exercise our legitimate interest, namely to carry out our business activities.

The inquiries and the associated data will be deleted no later than three months after receipt, provided they are not required for a different contractual relationship.

d) Chat

We use a Zendesk chat on our website. This is a live chat software from Zendesk Inc. (989 Market Street, San Francisco, CA 94103, United States).

The following data is collected and processed as part of the live chat:

  • Chat history
  • Name provided
  • IP address
  • Country of origin
  • Pages visited
  • Duration of page visit
  • Other personal information, depending on the information provided (e.g., email address, telephone number)

The chat is used for real-time communication.

Processing is based on Art. 6 (1) (f) GDPR in accordance with our legitimate interest in direct and customer-friendly communication.

You can find more information about Zendesk here: https://www.zendesk.de/company/privacy-and-data-protection/#data-processing-agreement

We have concluded a data processing agreement with Zendesk. In addition, there are Binding Corporate Rules and data encryption. https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/

If you have any questions, you can also contact Zendesk directly: privacy@zendesk.com.

e) Voice Agent

We use a digital voice agent on our website, which is operated by Eleven Labs Inc., 169 Madison Ave #2484, New York, NY 10016.

When using the voice agent, audio data (voice recordings) and, if applicable, transcripts or other text content are collected, processed, and transmitted to ElevenLabs.

The purpose is to process voice input and generate synthetic voice output (e.g., text-to-speech or voice cloning).

Name, email address, IP address, device data, feedback, and newsletter registration may be processed if user accounts are used or support/communication is provided.

Otherwise, technical and usage data (e.g., log data, device types, IP) is collected during use via cookies or similar technologies, where technically necessary.

The data is processed solely on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time.

We have signed the SCC with Eleven Labs.

f) Use of Google Maps

Our website uses the Google Maps API. By using Google Maps, information about your use of this website (including your IP address) can be sent to a Google server (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) in the USA and stored there.

Google may transfer the information obtained through Maps to third parties if this is required by law or if third parties process this data on behalf of Google. Under no circumstances will your IP address be associated with other data held by Google. Nevertheless, we have to point out that it would be technically possible for Google to identify individual users based on the data received.

We have no control over whether Google processes your data and personality profiles for other purposes. If you want to avoid this at all costs, you can deactivate the Google Maps service and thus prevent data transfer to Google. All you have to do is deactivate JavaScript in your browser. In this case, no data will be transmitted, but you will no longer be able to use the map display on our website.
The Google privacy policy can be found here.

By integrating Google Maps, Google Fonts are also dynamically loaded without the website operator or visitor actively determining this. These web fonts are integrated via a server call, usually a Google server in the USA. This may result in the following information being transmitted to the server and stored by Google:

  • Name and version of the browser used
  • Website from which the request was triggered (referrer URL)
  • Operating system of your computer
  • Screen resolution of your computer
  • IP address of the requesting computer
  • Language settings of the browser or operating system used by the user

For more information, please refer to Google’s privacy policy, which you can access here:
www.google.com/policies/privacy/

The use of Google Maps represents a service for you so that you can recognize our location precisely and, if necessary, plan your visit with us better. Google Maps is used on the basis of your consent in accordance with Art. 6 Para. 1 ll. 1 letter a GDPR.

g) Use of Google reCAPTCHA

We use the reCAPTCHA service from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website for our contact form to be able to distinguish between input by a human and automated, abusive, machine processing. We are interested in protecting our website from abusive automated spying and SPAM.

When querying through the reCAPTCHA service, both your IP address and any other data required by Google for the reCAPTCHA service will be forwarded to Google and processed there.

You must accept the Google Terms of Service when using reCAPTCHA. There is a separate field for this. We have activated IP anonymization on this website so that your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.

On our behalf, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCaptcha will not be merged with other Google data. The deviating data protection regulations of the company Google apply to this data.

We have concluded a contract with Google for order processing.

Further information on Google’s privacy policy can be found at:
https://www.google.com/intl/de/policies/privacy/.

By integrating reCAPTCHA, Google Fonts are also dynamically loaded without the website operator or visitor actively controlling this. These web fonts are integrated via a server call, usually a Google server in the US. This may result in the following being transmitted to the server and stored by Google:

  • Name and version of the browser used
  • Website from which the request was triggered (referrer URL)
  • Operating system of your computer
  • Screen resolution of your computer
  • IP address of the requesting computer
  • Language settings of the browser or operating system used by the user

For more information, please refer to Google’s privacy policy, which you can access here:
www.google.com/policies/privacy/

The use of Google reCAPTCHA is based on your consent in accordance with Art. 6 Para. 1 ll. 1 letter a GDPR. You may revoke your consent at any time.

h) jQuery

We use the JavaScript library jQuery from the OpenJS Foundation (The OpenJS Foundation, 548 Market St. PMB 57274, San Francisco, CA 94104, USA) on our website. This library represents a collection of JavaScript programs and routines that offer versatile solutions to problems. The JavaScript routines are provided via a connection to servers in the USA and downloaded from there. Accordingly, it cannot be ruled out that the IP address of our website visitors will be processed by jQuery.

The use of jQuery is based on our legitimate interest pursuant to Art. 6 Para. 1 ll. 1 letter f GDPR, namely to ensure the functionality of the website and to be able to restore it as quickly and easily as possible in the event of a problem.

We have concluded a contract with jQuery for order processing and the SCC.

Further information on data protection at jQuery can be found at:
https://images.prismic.io/openjsf/ba00b254-685f-4e54-b1ca-17984b0f3e55_OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf

11. Analysis and tracking tools

We use the analysis and tracking tools listed below on our website. These ensure the continuous optimization of our website and design it in line with requirements.

We use these tools on the basis of the consent you have given in accordance with Art. 6 Para. 1 ll. 1 letter a GDPR. You can withdraw your consent at any time by changing the cookie settings. The processing until the revocation remains lawful.

The respective data processing purposes and categories can be found in the corresponding tools. We want to point out that we do not influence whether and to what extent the service providers carry out further data processing.

a) Matomo (formerly “Piwik”)

We use the analysis service Matomo (InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand), which uses cookies. These are stored on your computer and enable us to analyze the use of our website.

The cookies contain usage information and transmit this to our server, where it is stored for usage analysis purposes and helps us to optimize our website. Your IP address is also included in the usage information, but this is shortened so that it is anonymized and you, as a user, remain anonymous.

We have concluded a contract for order processing with Matomo. Further information on data protection at Matomo can be found at:
https://matomo.org/privacy-policy/

We do not share the information generated by the cookie with third parties.

12. Image, audio, and video integration

a) YouTube

We embed videos from YouTube, which is operated by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), into our website using iFrame and/or a plug-in. We have activated YouTube’s extended data protection mode when embedding the videos.

When you play a YouTube video during your visit, a connection to YouTube’s servers is established and the YouTube server is informed which of our pages you have visited. This allows YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your member account before visiting our website. In addition, YouTube sets various cookies when the service is started in order to improve its services and prevent misuse, according to its own statements.

Further information on the handling of user data and the cookies set can be found in YouTube’s privacy policy at:
https://www.google.de/intl/de/policies/privacy

By integrating YouTube, Google Fonts are also dynamically loaded without the website operator or visitor actively controlling this. These web fonts are integrated via a server call, usually a Google server in the USA. This may result in the following being transmitted to the server and stored by Google:

  • Name and version of the browser used
  • Website from which the request was triggered (referrer URL)
  • Operating system of your computer
  • Screen resolution of your computer
  • IP address of the requesting computer
  • Language settings of the browser or operating system used by the user

For more information, please refer to Google’s privacy policy, which you can access here:
www.google.com/policies/privacy/

The legal basis is your consent pursuant to Art. 6 Para. 1 ll. 1 letter a GDPR. You can revoke your consent at any time by changing the cookie settings on our website.

b) Integration of Instagram videos

Videos from the social network Instagram are integrated into our website. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02 X525, Ireland. When you visit a page that contains an Instagram video, a connection is established to Meta servers. In particular, the following information is transmitted:

  • IP ​​address, date/time, URL accessed (referrer),
  • device/browser information, operating system, screen resolution,
  • and, if applicable, your Instagram login status.

Meta uses cookies, pixels, and similar tracking technologies to combine usage, interaction, and device data and—if you are logged in to Instagram—assign it to your profile.

Purposes of processing

  • Display and convenient playback of our Instagram videos
  • Reach measurement and optimization of our online offering
  • Marketing and advertising purposes of Meta (e.g., personalized ads)
  • Research and development, including for Meta’s AI systems

Embedding only takes place after you have given your consent, Art. 6 (1) (a) GDPR.

Meta processes the data on its own responsibility. For aggregated statistical functions, joint responsibility within the meaning of Art. 26 GDPR may exist. Meta provides a controller addendum for this purpose: https://www.facebook.com/legal/terms/page_controller_addendum

Details on data protection at Instagram can be found in the Meta Privacy Policy at https://www.facebook.com/privacy/policy/

You can revoke your consent at any time with future effect via our cookie banner.

13. Rights of the data subject

You have the following rights:

a) Information

Under Art. 15 GDPR, you have the right to request information about your data processed by us. This right to information includes information about

  • the processing purposes
  • the categories of personal data
  • the recipients or categories of recipients to whom your data has been or will be disclosed
  • the planned storage period or at least the criteria for determining the storage period
  • the existence of a right to rectification, erasure, restriction of processing or objection
  • the existence of a right of appeal to a supervisory authority
  • the origin of your personal data, if they were not collected from us
  • the existence of automated decision-making, including profiling and, where appropriate, meaningful information on its details

b) Rectification

According to Art. 16 GDPR, you have the right to immediately correct any incorrect or incomplete personal data stored by us.

c) Deletion

According to Art. 17 GDPR, you have the right to request the immediate deletion of your data from us, provided that further processing is not necessary for one of the following reasons:

  • the personal data are still necessary for the purposes for which they were collected or otherwise processed
  • to exercise the right to freedom of expression and information
  • to fulfill a legal obligation that requires processing under European Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been delegated to the controller
  • for reasons of public interest in public health under Art. 9 Para. 2 letter h and i, as well as Art. 9 Para. 3 GDPR
  • for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes acc. Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing
  • to assert, exercise or defend legal claims

d) Restriction of processing

In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data for one of the following reasons:

  • You contest the accuracy of your personal data.
  • The processing is unlawful, and you oppose the erasure of personal data.
  • We no longer need the personal data for processing, but you need them to assert, exercise, or defend legal claims.
  • You object to the processing under Art. 21 Para. 1 GDPR.

e) Notification

If you have requested the correction or deletion of your data or a restriction of processing under Art. 16, Art. 17, or Art. 18 GDPR, we will inform all recipients to whom your data have been disclosed unless this proves to be impossible or involves a disproportionate effort. You can request that we inform you of these recipients.

f) Transmission

You have the right to receive the personal data you provided to us in a structured, standard, and machine-readable format. You also have the right to request this data transfer to a third party, provided that the processing was carried out using automated procedures and is based on consent under Art. 6 Para. 1 ll. 1 letter a or Art. 9 Para. 2 letter a or on a contract according to Art. 6 Para. 1 ll. 1 letter b DSGVO is based.

g) Revocation

You have under Art. 7 Para. 3 GDPR, you can revoke your consent to us at any time. The revocation of the consent does not affect the legality of the process based on the consent up to the point of cancellation. In the future, we may no longer continue the data processing based on your revoked consent.

h) Complaints

According to Art. 77 GDPR, you have the right to complain to a supervisory authority if you believe that processing your personal data violates the GDPR.

i) Contradiction

If your data is based on legitimate interests under Art. 6 Para. 1 ll. 1 letter f GDPR are processed, you have the right to object to the processing of your data in accordance with Art. 21 GDPR, provided that there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying the situation. If you wish to exercise your right of withdrawal or objection, simply send an email to privacy@redlof-medien.de

j) Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for entering into, or the performance of, a contract between you and us
  2. is permitted based on legal regulations of the European Union or the member states to which we are subject, and these legal regulations contain appropriate measures to protect your rights and freedoms as well as your legitimate interests
  3. takes place with your expressed consent

However, these decisions must not be based on special categories of personal data according to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 letter a or g GDPR applies, and appropriate measures have been taken to protect your rights, freedoms, and legitimate interests.

Concerning the cases referred to in 1) and 3), we take appropriate measures to protect your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view, and to contest the decision heard.

14. Changes to the Privacy Policy

Should we change the data protection declaration, this will be indicated on the website.

Status 01.08.2025