Introduction and Overview
We have written this privacy statement (version 16.08.2022-312088005) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as data controller – and the processors (e.g. providers) commissioned by us – process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short, we inform you comprehensively about data we process about you.
Privacy statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is one or two pieces of information that you did not yet know.
If you still have questions, we would like to ask you to contact the responsible party named below or in the imprint, to follow the links provided and to look at further information on third-party sites. Our contact details can of course also be found in the imprint.
Scope of application
all online presences (websites, online stores) that we operate
social media presences and email communications
mobile apps for smartphones and other devices
In short, the data protection declaration applies to all areas in which personal data is processed in the company via the aforementioned channels in a structured manner. If we enter into legal relationships with you outside of these channels, we will inform you separately as appropriate.
In the following privacy statement, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, which you can of course read online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies:
Consent (Article 6(1)(a) DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
Contract (Article 6(1) lit. b DSGVO): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
Legal obligation (Article 6(1)(c) DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
Legitimate interests (Article 6(1)(f) DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website in a secure and economically efficient manner. This processing is therefore a legitimate interest.
Other conditions, such as the performance of recordings in the public interest and the exercise of official authority, as well as the protection of vital interests, do not generally arise for us. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.
In addition to the EU Regulation, national laws also apply:
In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
In Germany, the Federal Data Protection Act, or BDSG for short, applies.
If other regional or national laws apply, we will inform you about them in the following sections.
Contact details of the responsible person
If you have any questions regarding data protection or the processing of personal data, please find below the contact details of the responsible person or body:
The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products applies as a general criterion with us. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are required by law to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.
We will inform you about the specific duration of the respective data processing below, provided we have further information on this.
Rights according to the General Data Protection Regulation
Pursuant to Articles 13, 14 DSGVO, we inform you about the following rights you have in order to ensure fair and transparent processing of data:
- According to Article 15 DSGVO, you have the right to information about whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:
- For what purpose we are processing;
- the categories, i.e. the types of data that are processed;
- who receives this data and if the data is transferred to third countries, how security can be guaranteed;
- how long the data will be stored;
- the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
- that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
- The origin of the data if we have not collected it from you;
- Whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
- You have a right to rectification of data according to Article 16 GDPR, which means that we must correct data if you find errors.
- You have the right to erasure (“right to be forgotten”) according to Article 17 GDPR, which specifically means that you may request the deletion of your data.
- According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
- According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a standard format upon request.
- According to Article 21 DSGVO, you have the right to object, which entails a change in processing after enforcement.
- If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
- If data is used to conduct direct advertising, you may object to this type of data processing at any time. We may then no longer use your data for direct marketing.
- If data is used to conduct profiling, you may object to this type of data processing at any time. We may no longer use your data for profiling thereafter.
- According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).
- You have the right to lodge a complaint under Article 77 of the GDPR. This means that you can complain to the data protection authority at any time if you believe that the data processing of personal data violates the GDPR.
In short, you have rights – do not hesitate to contact the responsible party listed above with us!
If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
Social Media Introduction
👥 Data subjects: Visitors to the website
🤝 Purpose: Presentation and optimization of our service performance, contact with visitors, interested parties, etc., advertising
📓 Processed data: Data such as phone numbers, email addresses, contact details, user behavior data, information about your device and your IP address.
You can find more details on this with the respective social media tool used.
📅 Storage period: depending on the social media platforms used.
⚖️Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests).
What is social media?
In addition to our website, we are also active on various social media platforms. This may involve processing user data so that we can target users who are interested in us via the social networks. In addition, elements of a social media platform may also be embedded directly in our website. This is the case, for example, when you click on a so-called social button on our website and are redirected directly to our social media presence. So-called social media or social media are websites and apps through which registered members can produce content, share content openly or in specific groups, and network with other members.
Why do we use social media?
For years, social media platforms have been the place where people communicate and connect online. Our social media presences allow us to promote our products and services to prospective customers. The social media elements embedded on our website help you to be able to switch to our social media content quickly and without complications.
The data that is stored and processed through your use of a social media channel is primarily for the purpose of being able to perform web analyses. The aim of these analyses is to be able to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, appropriate conclusions can be drawn about your interests with the help of the evaluated data and so-called user profiles can be created. This also enables the platforms to present you with tailored advertisements. In most cases, cookies are set in your browser for this purpose, which store data about your usage behavior.
We generally assume that we remain responsible under data protection law, even if we use services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 DSGVO. Insofar as this is the case, we point this out separately and work on the basis of an agreement in this regard. The essence of the agreement is then reproduced below for the platform concerned.
Please note that when using the social media platforms or our built-in elements, data from you may also be processed outside the European Union, as many social media channels, for example Facebook or Twitter, are American companies. As a result, you may no longer be able to claim or enforce your rights with regard to your personal data as easily.
What data is processed?
Exactly what data is stored and processed depends on the provider of the social media platform. But usually it is data such as phone numbers, email addresses, data you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Especially if you yourself have a profile at the visited social media channel and are logged in, data can be linked to your profile.
All data collected via a social media platform is also stored on the servers of the providers. Thus, only the providers also have access to the data and can give you the appropriate information or make changes.
Duration of data processing
We will inform you about the duration of data processing below, provided we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. However, customer data that is matched with our own user data is already deleted within two days. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of accounting, this storage period may be exceeded.
Right of objection
You can find information about specific social media platforms – if available – in the following sections.
Content Search Provider Introduction
👥 Data subjects: visitors to the website
🤝 Purpose: Improve user experience.
📓 Data processed: Which data is processed depends largely on the services used. Mostly it is IP address, search interests and/or technical data. You can find more details about this in the respective tools used.
📅 Storage duration: depends on the tools used.
Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).
Content Search Provider Introduction
What is a content search provider?
By now we have published quite a lot of content on our website. And of course we don’t want it to be forgotten just because it can’t be found. That’s why we use a content search provider on our website. You’re probably familiar with major search engines like Google. Content search providers are basically also search engines, but unlike Google, they don’t search the entire web for content, but only the website you are on. Using a text field, you can enter terms that match the content you are looking for, and the search program will find the articles you are looking for. If you use the integrated search function, personal data about you may also be processed.
Why do we use a content search provider?
If you look around our website, you will quickly notice how much useful content we have already published over the years. There are real treasures among them and we want you to find them quickly without having to click around. With a content search feature right on our website, you can quickly and easily find the content you’re looking for using keywords that match the topic you’re looking for. This feature is really handy and we also see it as our task to make your life on our website as pleasant and helpful as possible. That is why we decided to include a content search program in our website.
What data is processed?
When you use the search function on our website, the integrated content search provider (such as Algolia Places or Giphy) may automatically receive and store data from you. This is technical data about your browser as well as data such as your IP address, device ID and the search terms you entered. Please note that IP addresses are personal data. The privacy statements of the providers state that this information is collected and stored in order to increase security and improve their own services. The automatically collected usage data, which does not include personal data and is processed in anonymized form, can also be used for analysis purposes. Some providers also pass on this anonymized data to third parties. In order to find out more about this, we recommend that you read the specific data protection declarations of the individual providers carefully. In order for the services to function properly, cookies are also usually set in your browser. You can learn more about cookies in our general section “Cookies”. You can find out whether and which cookies the individual search tools use – if available – below or in the corresponding privacy statements of the integrated tools.
How long and where is the data stored?
Right to object
Always be aware: if you do not want, no personal data of yours may be processed. Always have the right to access your personal data and object to its use. You can also revoke your consent at any time via the cookie consent tool or via other opt-out options. You can also easily manage, delete or deactivate used cookies yourself via your browser. If you delete cookies, it could be that some functions of the tool no longer work. So please do not be surprised about that. How you manage cookies in your browser also depends on the browser you use. In the section “Cookies” you will also find links to the instructions of the most important browsers.
If you have consented to the use of a content search provider, the legal basis of the corresponding data processing is this consent. According to Art. 6 (1) lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by a content search provider.
We also have a legitimate interest in using a content search provider to optimize our service on our website. The corresponding legal basis for this is Art. 6 (1) lit. f DSGVO (Legitimate Interests). However, we only ever use a content search provider if you have given your consent. We definitely want to have this stated again at this point.
You will find information on specific content search providers – if available – in the following sections.
👥 Data subjects: visitors to the website
🤝 Purpose: Optimization of our service performance.
📓 Data processed: Data such as IP address and entered search terms are stored by Google.
📅 Storage duration: the storage duration varies depending on the data stored.
⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).
What is Google custom search?
The Google Custom Search plug-in is a Google search bar directly on our website. The search takes place as on www.google.com, only the search results focus on our content and products or on a limited search circle.
Why do we use custom Google search on our website?
A website with a lot of interesting content often gets so big that it is possible to lose the overview. Over time, we have also accumulated a lot of valuable material and, as part of our service, we want you to find our content as quickly and easily as possible. Custom Google search makes finding interesting content a breeze. The built-in Google plug-in improves the overall quality of our website and makes searching easier for you.
What data is stored by Google Custom Search?
Google Custom Search only transfers data from you to Google when you actively use Google Search built into our website. This means that only when you enter a search term in the search bar and then confirm this term (e.g. click on “Enter”), in addition to the search term, your IP address is also sent to Google, stored and processed there. Based on the cookies set (such as 1P_JAR), it can be assumed that Google also receives data on website usage. If you search for content during your visit to our website using the built-in Google search function and are logged in with your Google account at the same time, Google can also assign the collected data to your Google account. As the website operator, we have no influence on what Google does with the collected data or how Google processes the data.
The following cookies are set in your browser when you use Google Custom Search and are not logged in with a Google account:
Purpose: This cookie collects website usage statistics and measures conversions. For example, a conversion occurs when a user becomes a buyer. The cookie is also used to display relevant advertisements to users.
Expiration date: after one month
Purpose: The cookie stores the status of a user’s consent to use various Google services. CONSENT is also used for security purposes to verify users and protect user data from unauthorized attacks.
Expiration date: after 18 years
Purpose: NID is used by Google to customize ads to your Google search. With the help of the cookie, Google “remembers” your entered search queries or your previous interaction with ads. So you always get tailored ads.
Expiration date: after 6 months
Note: This list cannot claim to be complete, as Google also changes the choice of its cookies again and again.
How long and where is the data stored?
Google servers are distributed all over the world. Since Google is an American company, most of the data is stored on American servers. You can see exactly where Google servers are located at https://www.google.com/about/datacenters/locations/?hl=de.
Your data is distributed on different physical disks. This means that the data can be accessed more quickly and is better protected against possible manipulation. Google also has appropriate emergency programs for your data. For example, if there are internal technical problems at Google and servers stop working as a result, the risk of service interruption and data loss still remains low.
Depending on the data in question, Google stores it for different lengths of time. Some data you can delete yourself, others are automatically deleted or anonymized by Google. However, there is also data that Google stores longer if this is necessary for legal or business reasons.
How can I delete my data or prevent data storage?
According to the data protection law of the European Union, you have the right to obtain information about your data, to update it, to delete it or to restrict it. There is some data that you can delete at any time. If you have a Google account, you can delete data about your web activity there or specify that it should be deleted after a certain time.
In your browser, you also have the option to disable cookies, delete them or manage them according to your wishes and preferences. Under the section “Cookies” you will find the corresponding links to the respective instructions of the most popular browsers.
If you have consented to the use of Google Custom Search, the legal basis of the corresponding data processing is this consent. According to Art. 6 (1) lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by Google Custom Search.
From our side, there is also a legitimate interest to use the Google Custom Search to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the Google Custom Search if you have given your consent.
Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing.
As a basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
All texts are protected by copyright.
Source: Created with the privacy generator from AdSimple