1. Controller

The controller responsible for data processing on this website is:
Marathon AG
Website: https://marathon-ag.com

2. General Information on Data Processing

We process users’ personal data only to the extent necessary to provide a functional website and our content and services.
Processing is carried out in accordance with the EU General Data Protection Regulation (GDPR).

3. Detailed Information on Data Processing

3.1 Comments

When you leave comments on the website, we process the data entered in the comment form as well as your IP address and browser user-agent string to help detect and prevent spam.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in preventing misuse and ensuring security).
A hash created from your email address may be transmitted to the Gravatar service to check whether you are using it.
Gravatar privacy policy: https://automattic.com/privacy/

Once your comment is approved, your profile image will be publicly visible in the context of your comment.

3.2 Media Uploads

If you upload images to the website, please avoid uploading images containing embedded location data (EXIF GPS). Visitors to the website may download and extract location data from such images.
Legal basis: Art. 6(1)(a) GDPR (consent through voluntary upload).

3.3 Cookies

We use cookies to ensure essential website functions.
Comment Cookies
If you leave a comment, we may store your name, email address, and website in cookies based on your consent.
Retention period: 1 year
Legal basis: Art. 6(1)(a) GDPR.

Login Cookies
• A temporary cookie is set when visiting the login page to determine whether your browser accepts cookies.
• When you log in, we set cookies to save your login information and display preferences.

Retention periods:

– Login: 2 days

– Display settings: 1 year

– “Remember Me”: 2 weeks

Cookies are deleted when you log out.
Legal basis: Art. 6(1)(f) GDPR (functional operation).

Article Editing Cookie
If you edit or publish an article, a cookie will be stored indicating the post ID of the edited article.
Retention period: 1 day
Contains no personal data.

3.4 Embedded Content From Third-Party Websites

Articles on this website may include embedded content (e.g., videos, images, articles).
Embedded content behaves exactly as if the visitor had accessed the third-party website directly.
These websites may:
• collect data about you
• use cookies
• implement additional third-party tracking
• monitor your interaction with embedded content (including when logged in to such services)
Legal basis:
Art. 6(1)(f) GDPR (legitimate interest),
or Art. 6(1)(a) GDPR where tracking requires your consent (via a consent management tool).

3.5 Password Reset Requests

If you request a password reset, your IP address will be included in the password reset email.
Legal basis: Art. 6(1)(f) GDPR (security measure).

4. Data Retention

• Comments: retained indefinitely to automatically identify and approve follow-up comments.
• Registered users: personal data stored in user profiles remains until the profile is deleted or updated.
Website administrators can view and edit this information.

5. Data Sharing and Recipients

• Comment data may be processed by automated spam detection services.
• Beyond this, data is not shared with third parties unless legally required.

6. Your Rights Under GDPR

You have the following rights:
• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent at any time (Art. 7(3) GDPR)
You may contact us at any time to exercise these rights.

7. Data Transfers to Third Countries

When external services (e.g., Gravatar or embedded content) are integrated, personal data may be transferred to countries outside the EU.
Such transfers are based on appropriate safeguards in accordance with Art. 46 GDPR (e.g., Standard Contractual Clauses).

Security Measures

We implement technical and organizational measures to protect your data from loss, misuse, and unauthorized access.