Privacy Policy

INTRODUCTION AND OVERVIEW

We have written this privacy statement (version 09/16/2022-121968800) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller – and the processors (e.g. providers) engaged by us – process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral. In short, we inform you comprehensively about data we process about you.

Privacy statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is one or two pieces of information that you did not yet know.
If you still have questions, we would like to ask you to contact the responsible party named below or in the imprint, to follow the links provided and to look at further information on third-party sites. Our contact details can of course also be found in the imprint.

SCOPE OF APPLICATION

This data protection declaration applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (order processors). By personal data, we mean information as defined in Art. 4 No. 1 DSGVO, such as a person’s name, e-mail address and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online stores) that we operate
• social media presences and email communications
• mobile apps for smartphones and other devices

In short, the data protection declaration applies to all areas in which personal data is processed in the company via the aforementioned channels in a structured manner. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

LEGAL BASIS

In the following Privacy Policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which allow us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, which you can of course read online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

• Consent (Article 6(1)(a) DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
• Contract (Article 6(1) lit. b DSGVO): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
• Legal obligation (Article 6(1)(c) DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
• Legitimate interests (Article 6(1)(f) DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website in a secure and economically efficient manner. This processing is therefore a legitimate interest.

Other conditions, such as the performance of recordings in the public interest and the exercise of official authority, as well as the protection of vital interests, do not generally arise for us. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.

In addition to the EU Regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
• In Germany, the Federal Data Protection Act, or BDSG for short, applies.
  If other regional or national laws apply, we will inform you about them in the following sections.

CONTACT DATA RESPONSIBLE PERSON

If you have any questions regarding data protection or the processing of personal data, please find below the contact details of the responsible person or office:
Mag. Dr. Christina Maria Nicolodi
NICOLODI Regulatory Affairs + Consulting Services e.U.
Leopold Figl-Strasse 7c, 2361 Laxenburg, Austria

E-Mail: office@nicolodi-consulting.com

Imprint: https://www.nicolodi-consulting.com/de/imprint-de/

CONTACT DATA OF THE DATA PROTECTION OFFICER

Below you will find the contact details of the data protection officer:

Mag. Dr. Christina Maria Nicolodi
NICOLODI Regulatory Affairs + Consulting Services e.U.
Leopold Figl-Strasse 7c, 2361 Laxenburg, Austria

E-mail: office@nicolodi-consulting.com

Storage Period

The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products applies as a general criterion with us. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are required by law to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights in accordance with the General Data Protection Regulation

Pursuant to Articles 13, 14 DSGVO, we inform you about the following rights you are entitled to in order to ensure fair and transparent processing of data:

• According to Article 15 DSGVO, you have the right to information about whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:
  – For what purpose we are processing;
  – the categories, i.e. the types of data that are processed;
  – who receives this data and if the data is transferred to third countries, how security can be guaranteed;
  – how long the data will be stored;
  – the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  – that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  – The origin of the data if we have not collected it from you;
  – Whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
• You have a right to rectification of data according to Article 16 GDPR, which means that we must correct data if you find errors.
• You have the right to erasure (“right to be forgotten”) according to Article 17 GDPR, which specifically means that you may request the deletion of your data.
• According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
• According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a standard format upon request.
• According to Article 21 DSGVO, you have the right to object, which entails a change in processing after enforcement.
  – If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
  – If data is used to conduct direct advertising, you may object to this type of data processing at any time. We may then no longer use your data for direct marketing.
  – If data is used to carry out profiling, you may object to this type of data processing at any time. We may no longer use your data for profiling thereafter.
• According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).
• You have the right to lodge a complaint under Article 77 of the GDPR. This means that you can complain to the data protection authority at any time if you believe that the data processing of personal data violates the GDPR.

In short, you have rights – do not hesitate to contact the responsible party listed above with us!

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austria Data protection authority

Director: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Telephone number: +43 1 52 152-0
E-mail address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data transfer to third countries

We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if this is required by law or contractually necessary and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason that we have data processed in third countries. Processing personal data in third countries such as the U.S., where many software vendors provide services and have their server locations, may mean that personal data is processed and stored in unexpected ways.

We explicitly point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously, where applicable. Furthermore, US government authorities may be able to access individual data. In addition, it may happen that collected data is linked to data from other services of the same provider, if you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered.

We will inform you in more detail about data transfer to third countries, if applicable, at the appropriate places in this privacy policy.

Security of data processing operations

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In this way, we make it as difficult as possible, within the scope of our possibilities, for third parties to infer personal information from our data.

Article 25 of the GDPR refers to “data protection through technical design and data protection-friendly default settings” and thus means that both software (e.g., forms) and hardware (e.g., access to the server room) are always designed with security in mind and that appropriate measures are taken. If necessary, we will go into more detail on specific measures below.

TLS encryption with https

TLS, encryption and https sound very technical and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) to transfer data over the internet in a tap-proof way.
This means that the complete transmission of all data from your browser to our web server is secured – no one can “listen in”.

In this way, we have introduced an additional layer of security and comply with data protection by design of technology (Article 25(1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognize the use of this protection of data transmission by the small lock symbol at the top left of the browser, to the left of the Internet address (e.g., beispielseite.de) and the use of the scheme https (instead of http) as part of our Internet address.
If you want to know more about encryption, we recommend the Google search for “Hypertext Transfer Protocol Secure wiki” to get good links to further information.

Communications

Communications Overview 👥 Affected parties: Anyone who communicates with us by phone, email, or online form. 📓 Processed data: e.g. phone number, name, e-mail address, form data entered. You can find more details on this in the respective contact type used. 🤝 Purpose: Handling of communication with customers, business partners, etc. 📅 Storage duration: Duration of the business case and legal requirements. ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. b DSGVO (contract), Art. 6 para. 1 lit. f DSGVO (legitimate interests)

When you contact us and communicate by phone, e-mail or online form, personal data may be processed.

The data is processed for the handling and processing of your question and the related business transaction. The data is stored for the same period of time or as long as required by law.

Persons affected

All those who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.

Telephone

When you call us, the call data is stored pseudonymously on the respective terminal device and with the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by e-mail and stored for the purpose of responding to your inquiry. The data is deleted as soon as the business case has been closed and legal requirements permit.

E-mail

If you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone,…) and data is stored on the e-mail server. The data will be deleted as soon as the business case has been closed and legal requirements allow it.

Online forms

When you communicate with us using online forms, data is stored on our web server and may be forwarded to an e-mail address of ours. The data will be deleted as soon as the business case has been closed and legal requirements allow it.

Legal bases

The processing of the data is based on the following legal bases:

• Art. 6 para. 1 lit. a DSGVO (consent): You give us your consent to store and further use your data for purposes related to the business case;
• Art. 6 para. 1 lit. b DSGVO (contract): There is a need for the performance of a contract with you or a processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
• Art. 6 para. 1 lit. f DSGVO (Legitimate Interests): We want to conduct customer inquiries and business communications in a professional manner. For this purpose, certain technical facilities such as e-mail programs, exchange servers and mobile network operators are necessary in order to be able to operate the communication efficiently.

ORDER PROCESSING AGREEMENT (AVV)

In this section, we would like to explain what a contract processing agreement is and why it is needed. Because the word “order processing contract” is quite a mouthful, we will also use just the acronym AVV more often here in the text. Like most companies, we do not work alone, but also use the services of other companies or individuals ourselves. Through the involvement of various companies or service providers, it may be that we pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called order processing agreement (AVV). The most important thing for you to know is that the processing of your personal data is carried out exclusively according to our instructions and must be regulated by the GCU.

WHO ARE CONTRACT PROCESSORS?

As a company and website owner, we are responsible for all the data we process from you. In addition to data controllers, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal person, authority, institution or other body that processes personal data on our behalf is considered a processor. Consequently, processors can be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft, for example.

For a better understanding of the terminology, here is an overview of the three roles in the GDPR:

Data subject (you as a customer or interested party) → controller (we as a company and client) → processor (service provider such as web hoster or cloud provider).

CONTENT OF A COMMISSIONED PROCESSING AGREEMENT

As mentioned above, we have concluded an AVV with our partners who act as processors. This states, first and foremost, that the processor will process the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, although in this context the electronic conclusion of the contract is also considered “in writing”. Only on the basis of the contract will the processing of personal data take place. The contract must contain the following:

• Commitment to us as the controller
• Obligations and rights of the data controller
• Categories of data subjects
• Nature of the personal data
• Nature and purpose of the data processing
• Subject and duration of data processing
• Place of performance of the data processing

Furthermore, the contract contains all obligations of the processor. The most important obligations are:

• to ensure data security measures
• to take possible technical and organizational measures to protect the rights of the data subject
• to keep a data processing directory
• cooperate with the data protection supervisory authority upon its request
• carry out a risk analysis in relation to the personal data received.
• Sub-processors may only be engaged with the written consent of the data controller.

You can see what such an AVV looks like in concrete terms, for example, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html. A sample contract is presented here.

Cookies

Cookies Overview 👥 Affected parties: visitors to the website. 🤝 Purpose: depending on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie. 📓 Data processed: Depending on the cookie used in each case. More details can be found below or from the manufacturer of the software that sets the cookie. 📅 Storage duration: Depending on the respective cookie, can vary from hours to years. ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit.f DSGVO (Legitimate Interests).

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you browse the Internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing can’t be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, effectively the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the “user-related” information back to our site. Thanks to cookies, our site knows who you are and offers you the setting you are used to. In some browsers each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser, such as Chrome, and the web server. Here, the web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other “pests”. Cookies also cannot access information on your PC.

For example, cookie data may look like this

Name: _ga
Value: GA1.2.1326744211.152121968800-9
Purpose: to distinguish website visitors
Expiration date: after 2 years

A browser should be able to support these minimum sizes

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

Which types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

We can distinguish 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing on other pages, and only later goes to the checkout. These cookies do not delete the shopping cart even if the user closes his browser window.

Purpose cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behavior of the website with different browsers.

Target-oriented cookies
These cookies provide a better user experience. For example, entered locations, font sizes or form data are stored.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very convenient, but also very annoying.

Usually, when you visit a website for the first time, you are asked which of these cookie types you want to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the cookie in question. You can find more details about this below or from the manufacturer of the software that sets the cookie.

Which data are processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize what data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.

Storage period of cookies

The storage period depends on the particular cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You can also influence the storage period yourself. You can manually delete all cookies at any time via your browser (see also “Right to object” below). Furthermore, cookies based on consent are deleted at the latest after revocation of your consent, whereby the legality of the storage remains unaffected until then.

Right of objection – how can I erase cookies?

How and whether you want to use cookies, you decide. Regardless of which service or website the cookies come from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to determine which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Clear, enable and manage cookies in Chrome

Safari: Manage cookies and website data in Safari

Firefox: Clear cookies and site data in Firefox

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete cookies in Microsoft Edge

If you do not want to have cookies in principle, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. It is best to search for the instructions in Google using the search term “delete cookies Chrome” or “disable cookies Chrome” in the case of a Chrome browser.

Legal basis

The so-called “Cookie Guidelines” have been in place since 2009. These state that the storage of cookies requires your consent (Article 6 (1) a DSGVO). Within the EU countries, however, there are still very different reactions to these directives. In Austria, however, this directive was implemented in Section 96 (3) of the Telecommunications Act (TKG). In Germany, the Cookie Directives were not implemented as national law. Instead, the implementation of this directive took place largely in § 15 para.3 of the Telemedia Act (TMG).

For absolutely necessary cookies, even in the absence of consent, there are legitimate interests (Article 6 para. 1 lit. f DSGVO), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and for this purpose certain cookies are often absolutely necessary.

Insofar as cookies that are not absolutely necessary are used, this is only done in the case of your consent. The legal basis in this respect is Art. 6 para. 1 lit. a DSGVO.

In the following sections, you will be informed in more detail about the use of cookies, insofar as the software used uses cookies.

Web hosting

Web hosting Overview 👥 Data subjects: visitors to the website 🤝 Purpose: professional hosting of the website and safeguarding of its operation 📓 Processed data: IP address, time of website visit, browser used and other data. More details can be found below or with the respective web hosting provider used. 📅 Storage period: depending on the respective provider, but usually 2 weeks. ⚖️ Legal basis: Art. 6 para. 1 lit.f DSGVO (Legitimate Interests).

What is web hosting?

When you visit websites nowadays, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By the way, by website we mean the entirety of all web pages on a domain, i.e. everything from the home page (homepage) to the very last subpage (like this one). By domain, we mean, for example, example.de or sampleexample.com.

When you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser to do so. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We say browser or web browser for short.

To display the website, the browser needs to connect to another computer where the website’s code is stored: the web server. Running a web server is a complicated and costly task, which is why this is usually done by professional providers, the providers. These offer web hosting and thus ensure reliable and error-free storage of website data. A whole lot of technical terms, but please stay tuned, it gets better!

When the browser on your computer (desktop, laptop, tablet or smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, on the other hand, the web server must also store data for a while to ensure proper operation.

A picture is worth a thousand words, so for illustration purposes, the following graphic shows the interaction between the browser, the Internet and the hosting provider.

For illustration:

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and securing its operation
2. To maintain operational and IT security
3. Anonymous evaluation of access behavior to improve our offer and, if necessary, for law enforcement or prosecution of claims

Which data are processed?

Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as

• the complete internet address (URL) of the visited website
• browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/)
• the host name and IP address of the device being accessed (e.g. COMPUTERNAME and 194.23.43.121)
• date and time
• in files, the so-called web server log files

How long is the data stored?

As a rule, the above data is stored for two weeks and then automatically deleted. We do not share this data, but we cannot exclude the possibility that this data may be viewed by authorities in the event of unlawful behavior.

In short, your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not share your data without consent!

Legal basis

The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f DSGVO (protection of legitimate interests), because the use of professional hosting with a provider is necessary to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary.

Between us and the hosting provider there is usually a contract on commissioned processing pursuant to Art. 28 f. DSGVO, which ensures compliance with data protection and guarantees data security.

ALL-INKL Privacy Policy

We use ALL-INKL for our website, among others a web hosting provider. The service provider is the German company ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. You can learn more about the data processed by using ALL-INKL in the privacy policy at https://all-inkl.com/datenschutzinformationen/ .

ORDER PROCESSING AGREEMENT (AVV) ALL-INKL

We have entered into an Order Processing Agreement (AVV) with ALL-INKL in accordance with Article 28 of the General Data Protection Regulation (GDPR). What an AVV exactly is and especially what must be included in an AVV, you can read in our general section “Order Processing Agreement (AVV)”.

This contract is required by law because ALL-INKL processes personal data on our behalf. It clarifies that ALL-INKL may only process data they receive from us according to our instructions and must comply with the GDPR.

WEBSITE MODULAR SYSTEMS INTRODUCTION

Website Building Block Systems Privacy Policy Summary Data subjects: visitors to the website Purpose: Optimization of our service performance Processed data: Data such as technical usage information like browser activity, clickstream activity, session heatmaps, as well as contact information, IP address or your geographical location. More details can be found below in this privacy policy and in the privacy policy of the providers. Storage period: depends on the provider Legal basis: Art. 6 para. 1 lit. f DSGVO (Legitimate Interests), Art. 6 para. 1 lit. a DSGVO (Consent)

WHAT ARE WEBSITE MODULAR SYSTEMS?

We use a website building block system for our website. Building block systems are special forms of a content management system (CMS). With a building block system, website owners can create a website very easily and without programming knowledge. In many cases, web hosts also offer building block systems. By using a modular system, personal data of you may also be collected, stored and processed. In this data protection text, we provide you with general information about data processing by modular systems. For more detailed information, please refer to the provider’s privacy policy.

WHY DO WE USE WEBSITE BUILDING BLOCK SYSTEMS FOR OUR WEBSITE?

The biggest advantage of a modular system is its ease of use. We want to provide you with a clear, simple and concise website that we can easily operate and maintain ourselves – without external support. Meanwhile, a modular system offers many helpful functions that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and to offer you an informative and pleasant time on our website.

WHAT DATA IS STORED BY A MODULAR SYSTEM?

Exactly what data is stored depends, of course, on the website building block system used. Each provider processes and collects different data from the website visitor. But as a rule, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider and the date of your website visit are collected. Furthermore, tracking data (e.g. browser activity, clickstream activity, session heatmaps, etc.) may also be processed. In addition, personal data may also be collected and stored. This is mostly contact data such as e-mail address, telephone number (if you have provided it), IP address and geographical location data. You can find out exactly what data is stored in the provider’s privacy policy.

HOW LONG AND WHERE IS THE DATA STORED?

We will inform you about the duration of data processing below in connection with the website building kit system used, provided we have further information on this. You can find detailed information about this in the provider’s privacy policy. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It may be that the provider stores data from you according to its own specifications, over which we have no control.

RIGHT OF OBJECTION

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the person responsible for the website construction system used at any time. Contact details can be found either in our privacy policy or on the website of the relevant provider.

You can delete, deactivate or manage cookies that providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that all functions may then no longer work as usual.

LEGAL BASIS

We have a legitimate interest in using a website construction kit to optimize our online service and present it efficiently and in a user-friendly manner for you. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the construction kit insofar as you have given your consent.

Insofar as the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This applies in particular to tracking activities. The legal basis in this respect is Art. 6 para. 1 lit. a DSGVO.

With this privacy policy, we have brought you closer to the most important general information around data processing. If you wish to obtain more detailed information in this regard, you will find further information – if available – in the following section or in the provider’s privacy policy.

WordPress.com Privacy Policy

We use WordPress.com, a website building system, for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

WordPress also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be accompanied by various risks to the legality and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, thus especially in the USA) or a data transfer there, WordPress uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, WordPress undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Data Processing Agreements, which correspond to the standard contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

You can learn more about the data processed through the use of WordPress.com in the Privacy Policy at https://automattic.com/de/privacy/.

ORDER PROCESSING AGREEMENT (AVV) WORDPRESS.COM

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into an Order Processing Agreement (AVV) with WordPress.com. What exactly an AVV is and, more importantly, what must be included in an AVV, you can read in our general section “Order Processing Agreement (AVV)”.

This contract is required by law because WordPress.com processes personal data on our behalf. It clarifies that WordPress.com may only process data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the order processing agreement (AVV) at https://wordpress.com/support/data-processing-agreements/.

Web Analytics

Web Analytics Privacy Policy Overview 👥 Data subjects: Visitors to the website. 🤝 Purpose: Evaluation of visitor information to optimize the web offer. 📓 Data processed: Access statistics containing data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found at the respective web analytics tool used. 📅 Storage period: depending on the web analytics tool used. ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).

What is Web Analytics?

We use software on our website to evaluate the behavior of website visitors, known as web analytics for short. This involves collecting data that is stored, managed and processed by the respective analytic tool provider (also known as a tracking tool). The data is used to create analyses of user behavior on our website and made available to us as the website operator. In addition, most tools offer various testing options. For example, we can test which offers or content are best received by our visitors. To do this, we show you two different offers for a limited period of time. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as for other analytics procedures, user profiles can also be created and the data stored in cookies.

Why do we run Web Analytics?

With our website we have a clear goal in mind: we want to deliver the best web offer on the market for our industry. To achieve this goal, we want to offer the best and most interesting offer on the one hand, and on the other hand make sure that you feel completely comfortable on our website. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our web offer for you and us accordingly. For example, we can see how old our visitors are on average, where they come from, when our website is most visited or which content or products are particularly popular. All this information helps us to optimize the website and thus best adapt it to your needs, interests and wishes.

Which data are processed?

Exactly what data is stored depends, of course, on the analysis tools used. But as a rule, for example, which content you view on our website, which buttons or links you click on, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website or which computer system you use is stored. If you agreed that location data may also be collected, these may also be processed by the web analytics tool provider.

In addition, your IP address will also be stored. According to the General Data Protection Regulation (DSGVO), IP addresses are personal data. However, your IP address is usually stored pseudonymized (i.e. in an unrecognizable and shortened form). For the purpose of testing, web analysis and web optimization, no direct data, such as your name, age, address or email address are stored as a matter of principle. All this data, if collected, is stored pseudonymously. This means that you cannot be identified as a person.

The following example shows schematically how Google Analytics works as an example of client-based web tracking with Java Script code.

How long the respective data is stored always depends on the provider. Some cookies store data only for a few minutes or until you leave the website again, other cookies can store data for several years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If it is required by law, as for example in the case of accounting, this storage period may also be exceeded.

Right to object

You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by web analytics tools.

In addition to consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus to improve our offer technically and economically. With the help of web analytics, we detect website errors, can identify attacks and improve economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the tools insofar as you have given your consent.

Since web analytics tools use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy statements of the respective tools.

Information on specific web analytics tools, if available, can be found in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Overview 👥 Data subjects: Visitors to the website. 🤝 Purpose: Evaluation of visitor information to optimize the web offer. 📓 Data processed: Access statistics, which include data such as locations of accesses, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found below in this privacy policy. 📅 Storage period: depending on the properties used. ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).

What is Google Analytics?

We use on our website the analysis tracking tool Google Analytics (GA) of the American company Google Inc. For the European area the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, when you click on a link, this action is stored in a cookie and sent to Google Analytics. Using the reports we receive from Google Analytics, we can better tailor our website and service to your preferences. In the following, we will go into more detail about the tracking tool and, in particular, inform you about what data is stored and how you can prevent this.

Google Analytics is a tracking tool used to analyze traffic to our website. In order for Google Analytics to work, a tracking code is built into the code of our website. When you visit our website, this code records various actions you take on our website. Once you leave our website, this data is sent to Google Analytics servers and stored there.

Google processes the data and we receive reports about your user behavior. These reports may include, but are not limited to, the following:

• Audience reports: through audience reports, we get to know our users better and know more precisely who is interested in our service.
• Ad reports: Ad reports help us analyze and improve our online advertising.
• Acquisition reports: Acquisition reports give us helpful information on how to attract more people to our service.
• Behavior reports: This is where we learn how you interact with our website. We can track the path you take on our site and which links you click.
• Conversion reports: Conversion is when you take a desired action based on a marketing message. For example, you go from being just a website visitor to a buyer or newsletter subscriber. These reports help us learn more about how our marketing efforts are working for you. This is how we aim to increase our conversion rate.
• Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are reading this text.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data shows us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it can be found more easily by interested people on Google. On the other hand, the data helps us to better understand you as a visitor. Thus, we know very well what we need to improve on our website in order to provide you with the best possible service. The data also helps us to carry out our advertising and marketing measures in a more individual and cost-effective way. After all, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

Google Analytics uses a tracking code to create a random, unique ID associated with your browser cookie. This is how Google Analytics recognizes you as a new user. The next time you visit our site, you will be recognized as a “returning” user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles.

In order to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is standard. Alternatively, you can also create the Universal Analytics property. Depending on the property used, data is stored for different lengths of time.

Labels such as cookies and app instance IDs are used to measure your interactions on our website. Interactions are all types of actions you take on our website. If you also use other Google systems (such as a Google account), data generated through Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may occur if required by law.

The following cookies are used by Google Analytics:

Name: _ga
Value: 2.1326744211.152121968800-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it is used to distinguish website visitors.
Expiration date: after 2 years

Name: _gid
Value: 2.1687193234.152121968800-1
Purpose: The cookie is also used to distinguish the website visitors.
Expiration date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: used to lower the request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_ <property-id>.
Expiration date: after 1 minute

Name: AMP_TOKEN
Value: not specified
Purpose: The cookie has a token that can be used to retrieve a user ID from the AMP client ID service. Other possible values indicate a logout, a request, or an error.
Expiration date: after 30 seconds up to one year.

Name: __utma
Value: 1564498958.1564498958.1564498958.1
Purpose: This cookie is used to track your behavior on the website and measure performance. The cookie is updated every time information is sent to Google Analytics.
Expiration date: after 2 years

Name: __utmt
Value: 1
Purpose: The cookie is used like _gat_gtag_UA_<property-id> to throttle the request rate.
Expiration date: after 10 minutes

Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated every time new data or info is sent to Google Analytics.
Expiration date: after 30 minutes

Name: __utmc
Value: 167421564
Purpose: This cookie is used to set new sessions for returning visitors. This is a session cookie and is only stored until you close the browser again.
Expiration date: After you close the browser.

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: The cookie is used to identify the source of traffic to our website. That is, the cookie stores from where you came to our website. This may have been another page or an advertisement.
Expiration date: after 6 months

Name: __utmv
Value: not specified
Purpose: The cookie is used to store custom user data. It is updated whenever information is sent to Google Analytics.
Expiration date: after 2 years

Note: This list cannot claim to be complete, as Google also changes the choice of their cookies again and again.

Here we show you an overview of the most important data collected by Google Analytics:

Heatmaps: Google creates so-called heatmaps. Heatmaps allow you to see exactly those areas that you click on. This gives us information about where you are “on the move” on our site.

Session duration: Google defines session duration as the time you spend on our site without leaving. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate: A bounce is when you view only one page on our site and then leave our site.

Account creation: when you create an account or make an order on our website, Google Analytics collects this data.

IP address: The IP address is only shown in a shortened form so that no clear assignment is possible.

Location: The IP address can be used to determine the country and your approximate location. This process is also referred to as IP location determination.

Technical information: Technical information includes, but is not limited to, your browser type, internet service provider, or screen resolution.

Source of origin: Google Analytics or we are of course also interested in which website or which advertisement you came to our site from.

Other data include contact details, any ratings, playing media (e.g. if you play a video via our site), sharing content via social media or adding it to your favorites. The enumeration does not claim to be complete and only serves as a general orientation of the data storage by Google Analytics.

How long and where is the data stored?

Google has their servers spread all over the world. Most servers are located in America and consequently your data is mostly stored on American servers. You can read exactly where Google’s data centers are located here: https://www.google.com/about/datacenters/locations/?hl=de.

Your data is distributed on different physical disks. This has the advantage that the data can be accessed more quickly and is better protected against manipulation. In each Google data center, there are corresponding emergency programs for your data. If, for example, the hardware at Google fails or natural disasters paralyze servers, the risk of a service interruption at Google still remains low.

The retention period of the data depends on the properties used. When using the newer Google Analytics 4 properties, the retention period of your user data is fixed at 14 months. For other so-called event data, we have the option to choose a retention period of 2 months or 14 months.

For Universal Analytics properties, Google Analytics defaults to a retention period of 26 months for your user data. Then your user data is deleted. However, we have the option to choose the retention period of user data ourselves. We have five variants available for this purpose:

• Deletion after 14 months
• Deletion after 26 months
• Deletion after 38 months
• Deletion after 50 months
• No automatic deletion

In addition, there is also an option for data to be deleted only when you no longer visit our website within the time period we have selected. In this case, the retention period will be reset each time you visit our website again within the specified period.

Once the specified period has expired, the data is deleted once a month. This retention period applies to your data associated with cookies, user recognition and advertising IDs (e.g. DoubleClick domain cookies). Reporting results are based on aggregated data and are stored separately from user data. Aggregated data is a merging of individual data into a larger unit.

How can I delete my data or prevent data retention?

Under European Union data protection law, you have the right to obtain information about your data, update it, delete it, or restrict it. Using the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js), you can prevent Google Analytics from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only disables the collection of data by Google Analytics.

If you generally want to deactivate, delete or manage cookies, you will find the corresponding links to the respective instructions for the most popular browsers under the section “Cookies”.

Legal basis

The use of Google Analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur during the collection by web analytics tools.

In addition to consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus to improve our offer technically and economically. With the help of Google Analytics, we detect website errors, can identify attacks and improve the economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use Google Analytics if you have given your consent.

Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing.

As a basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

We hope we have been able to provide you with the most important information regarding Google Analytics data processing. If you want to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

ORDER PROCESSING AGREEMENT (AVV) GOOGLE ANALYTICS

We have concluded an order processing agreement (AVV) with Google in accordance with Article 28 of the General Data Protection Regulation (GDPR). What exactly an AVV is and, in particular, what must be included in an AVV, you can read in our general section “Order processing agreement (AVV)”.

This contract is required by law because Google processes personal data on our behalf. It clarifies that Google may only process data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the order data processing conditions at https://business.safety.google/intl/de/adsprocessorterms/.

Google Analytics Reports on demographic characteristics and interests

We have turned on the advertising reports features in Google Analytics. The demographic and interest reports contain information on age, gender and interests. This allows us – without being able to assign this data to individual persons – to get a better picture of our users. You can learn more about advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can stop the use of the activities and information of your Google account under “Settings for advertising” at https://adssettings.google.com/authenticated via checkbox.

GOOGLE ANALYTICS GOOGLE SIGNALS PRIVACY STATEMENT

We have enabled Google signals in Google Analytics. This updates existing Google Analytics features (advertising reports, remarketing, cross-device reports, and interest and demographic reports) to obtain aggregated and anonymized data from you, provided you have allowed personalized ads in your Google account.

What makes this special is that it is cross-device tracking. That means your data can be analyzed across devices. By enabling Google signals, data is collected and linked to the Google account. Google can thus recognize, for example, if you view a product on our website via a smartphone and only buy the product later via a laptop. Thanks to the activation of Google signals, we can launch cross-device remarketing campaigns that would otherwise not be possible in this form. Remarketing means that we can also show you our offer on other websites.

In Google Analytics, Google signals also collect other visitor data such as location, search history, YouTube history and data about your actions on our website. This gives us better advertising reports from Google and more useful information about your interests and demographics. This includes your age, what language you speak, where you live, or what gender you are. Furthermore, social criteria such as your profession, your marital status or your income are also added. All these characteristics help Google Analytics to define groups of people or target groups.

The reports also help us to better assess your behavior, your wishes and interests. This allows us to optimize and adapt our services and products for you. By default, this data expires after 26 months. Please note that this data collection only occurs if you have allowed personalized advertising in your Google account. This is always aggregated and anonymous data and never individual person data. In your Google account, you can manage this data or also delete it.

GOOGLE ANALYTICS IN CONSENT MODE

Depending on your consent, personal data of you will be processed by Google Analytics in the so-called consent mode (or “Consent Mode”). You can choose whether or not to consent to Google Analytics cookies. By doing so, you also choose which data Google Analytics may process from you. This collected data is mainly used to perform measurements about user behavior on the website, to play out targeted advertising and to provide us with web analytics reports. As a rule, you consent to data processing by Google via a cookie consent tool. If you do not consent to data processing, only aggregated data will be collected and processed. This means that data cannot be assigned to individual users and thus no user profile of you is created. You can also only consent to statistical measurement. No personal data is processed and consequently not used for advertising or advertising success.

GOOGLE ANALYTICS IP ANONYMIZATION

We have implemented Google Analytics IP address anonymization on this website. This feature was developed by Google to allow this website to comply with applicable data protection regulations and recommendations of local data protection authorities when they prohibit the storage of the full IP address. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place.

More information on IP anonymization can be found at https://support.google.com/analytics/answer/2763052?hl=de.

Social Media

Social Media Privacy Policy Overview 👥 Data subjects: Visitors to the website. 🤝 Purpose: Presentation and optimization of our service, contact with visitors, interested parties, etc., advertising. 📓 Processed data: Data such as telephone numbers, email addresses, contact details, user behavior data, information about your device and your IP address. You can find more details on this with the respective social media tool used. 📅 Storage period: depending on the social media platforms used. ⚖️ Legal bases: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).

What is Social Media?

In addition to our website, we are also active on various social media platforms. In this context, user data may be processed so that we can target users who are interested in us via the social networks. In addition, elements of a social media platform may also be embedded directly in our website. This is the case, for example, when you click on a so-called social button on our website and are redirected directly to our social media presence. So-called social media or social media are websites and apps through which registered members can produce content, share content openly or in specific groups, and network with other members.

Why do we use Social Media?

For years, social media platforms have been the place where people communicate and get in touch online. Our social media presences enable us to bring our products and services closer to prospective customers. The social media elements embedded on our website help you to be able to switch to our social media content quickly and without complications.

The data that is stored and processed through your use of a social media channel is primarily for the purpose of being able to perform web analyses. The aim of these analyses is to be able to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, appropriate conclusions can be drawn about your interests with the help of the evaluated data and so-called user profiles can be created. This also enables the platforms to present you with tailored advertisements. In most cases, cookies are set in your browser for this purpose, which store data about your usage behavior.

We generally assume that we remain responsible under data protection law, even if we use services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 DSGVO. Insofar as this is the case, we point this out separately and work on the basis of an agreement in this regard. The essence of the agreement is then reproduced below for the platform concerned.

Please note that when using the social media platforms or our built-in elements, data from you may also be processed outside the European Union, as many social media channels, for example Facebook or Twitter, are American companies. As a result, you may no longer be able to claim or enforce your rights with regard to your personal data as easily.

Which data are processed?

Exactly what data is stored and processed depends on the provider of the social media platform. But usually it is data such as phone numbers, email addresses, data you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. Especially if you yourself have a profile at the visited social media channel and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the servers of the providers. Thus, only the providers also have access to the data and can give you the appropriate information or make changes.

If you want to know exactly what data is stored and processed by the social media providers and how you can object to the data processing, you should carefully read the respective privacy policy of the company. We also recommend that you contact the provider directly if you have any questions about data storage and data processing or if you want to assert the corresponding rights.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. However, customer data that is matched with our own user data is already deleted within two days. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of accounting, this storage period may be exceeded.

Right to object

You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy statements of the respective tools.

Legal basis

If you have consented that data from you can be processed and stored by integrated social media elements, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, if consent is given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 (1) (f) DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools insofar as you have given your consent. Most social media platforms also set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.

You can find information about specific social media platforms – if available – in the following sections.

LinkedIn Privacy Policy

LinkedIn Privacy Policy Overview 👥 Data subjects: Visitors to the website 🤝 Purpose: Optimization of our service performance 📓 Processed data: Data such as user behavior data, information about your device and your IP address. More details can be found below in the privacy policy. 📅 Storage period: the data is generally deleted within 30 days. ⚖️ Legal bases: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).

What is LinkedIn?

We use social plug-ins of the social media network LinkedIn, of the company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA on our website. The social plug-ins may be feeds, content sharing or links to our LinkedIn page. The social plug-ins are clearly marked with the familiar LinkedIn logo and allow, for example, interesting content to be shared directly via our website. For the European Economic Area and Switzerland, LinkedIn Ireland Unlimited Company Wilton Place in Dublin is responsible for data processing.

By embedding such plug-ins, data can be sent to LinkedIn, stored and processed there. In this privacy policy, we want to inform you about what data is involved, how the network uses this data and how you can manage or prevent data storage.

LinkedIn is the largest social network for business contacts. Unlike Facebook, for example, the company focuses exclusively on building business contacts. Companies can present services and products on the platform and establish business relationships. Many people also use LinkedIn to look for jobs or to find suitable employees for their own company. In Germany alone, the network has over 11 million members. In Austria, there are around 1.3 million.

Why do we use LinkedIn on our website?

We know how busy you are. You can’t follow all the social media channels individually. Even if it would be worth it, as in our case. Because time and again we post interesting news or reports that are worth spreading. That’s why we’ve made it possible on our website to share interesting content directly on LinkedIn or to link directly to our LinkedIn page. We consider built-in social plug-ins as an extended service on our website. The data that LinkedIn collects also helps us to show possible advertising measures only to people who are interested in our offer.

What data are stored by LinkedIn?

Only through the mere integration of the social plug-ins LinkedIn does not store any personal data. LinkedIn calls this data generated by plug-ins passive impressions. But when you click on a social plug-in, for example to share our content, the platform stores personal data as so-called “active impressions”. And this is regardless of whether you have a LinkedIn account or not. If you are logged in, the collected data is assigned to your account.

Your browser establishes a direct connection to LinkedIn’s servers when you interact with our plug-ins. In this way, the company logs various usage data. In addition to your IP address, this can be login data, device information or info about your internet or mobile provider, for example. If you access LinkedIn services via your smartphone, your location (after you have allowed this) can also be determined. LinkedIn may also share this data in “hashed” form with third-party advertisers. Hashing means turning a record into a string of characters. This can be used to encrypt the data in such a way that individuals can no longer be identified.

Most data about your user behavior is stored in cookies. These are small text files that are usually set in your browser. Furthermore, LinkedIn can also use web beacons, pixel tags, display tags and other device identifiers.

Various tests also show which cookies are set when a user interacts with a social plug-in. The data found cannot claim to be exhaustive and is provided as an example only. The following cookies were set without being logged in to LinkedIn:

Name: bcookie
Value: =2&34aab2aa-2ae1-4d2a-8baf-c2e2d7235c16121968800-
Purpose: The cookie is a so-called “browser ID cookie” and consequently stores your identification number (ID).
Expiration date: After 2 years

Name: lang
Value: v=2&lang=en-en
Purpose: This cookie stores your default or preferred language.
Expiration date: After end of session

Name: lidc
Value: 1818367:t=1571904767:s=AQF6KNnJ0G121968800…
Purpose: This cookie is used for routing. Routing records the ways you came to LinkedIn and how you navigate through the website there.
Expiration date: after 24 hours

Name: rtc
Value: kt0lrv3NF3x3t6xvDgGrZGDKkX
Purpose: No further information could be found about this cookie.
Expiration date: after 2 minutes

Name: JSESSIONID
Value: ajax:1219688002900777718326218137
Purpose: This is a session cookie that LinkedIn uses to maintain anonymous user sessions through the server.
Expiration date: after the end of the session

Name: bscookie
Value: “v=1&201910230812…
Purpose: This cookie is a security cookie. LinkedIn describes it as a secure browser ID cookie.
Expiration date: after 2 years

Name: fid
Value: AQHj7Ii23ZBcqAAAA…
Purpose: No further information could be found about this cookie.
Expiration date: after 7 days

Note: LinkedIn also works with third-party providers. That is why we also detected the two Google Analytics cookies _ga and _gat during our test.

How long and where are the data stored?

Generally, LinkedIn will retain your personal data for as long as it deems necessary to provide its services. However, LinkedIn deletes your personal data when you delete your account. In some exceptional cases, LinkedIn retains some data in aggregate and anonymized form even after you delete your account. Once you delete your account, other people will not be able to see your data within one day. LinkedIn generally deletes data within 30 days. However, LinkedIn retains data if it is necessary due to legal obligation. Data that can no longer be assigned to individuals remain stored even after the account is closed. The data is stored on various servers in America and presumably also in Europe.

How can I delete my data or prevent data retention?

You have the right to access and also delete your personal data at any time. In your LinkedIn account you can manage, change and delete your data. In addition, you can also request a copy of your personal data from LinkedIn.

To access account data in your LinkedIn profile:

In LinkedIn, click on your profile icon and select the “Settings and Privacy” section. Now click on “Privacy” and then in the “How LinkedIn uses your data” section click on “Change”. In just a short time, you will be able to download selected data about your web activity and account history.

You also have the option in your browser to prevent LinkedIn from processing your data. As mentioned above, LinkedIn stores most data via cookies that are set in your browser. You can manage, deactivate or delete these cookies. Depending on which browser you have, the management works slightly differently. Under the section “Cookies” you will find the corresponding links to the respective instructions of the most popular browsers.

You can also basically set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented that data from you can be processed and stored by integrated social media elements, this consent is considered the legal basis of the data processing (Art. 6 para. 1 lit. a DSGVO). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the integrated social media elements insofar as you have given your consent. Most social media platforms also set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.

LinkedIn also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, LinkedIn uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, LinkedIn undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More information on the standard contractual clauses at LinkedIn can be found at https://de.linkedin.com/legal/l/dpa or https://www.linkedin.com/legal/l/eu-sccs.

We have tried to bring you closer to the most important information about data processing by LinkedIn. You can learn even more about the data processing of the LinkedIn social media network at https://www.linkedin.com/legal/privacy-policy.

ORDER PROCESSING AGREEMENT (AVV) LINKEDIN

We have entered into an order processing agreement (AVV) with LinkedIn in accordance with Article 28 of the General Data Protection Regulation (GDPR). What exactly an AVV is and, in particular, what must be included in an AVV, you can read in our general section “Order processing agreement (AVV)”.

This contract is required by law because LinkedIn processes personal data on our behalf. It clarifies that LinkedIn may only process data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the order processing agreement (AVV) at https://de.linkedin.com/legal/l/dpa.

BLOGS AND PUBLICATION MEDIA INTRODUCTION

Blogs and publication media privacy policy summary
👥 Data subjects: website visitors.
🤝 Purpose: Presentation and optimization of our service performance as well as communication between website visitors, security measures, and administration
📓 Data processed: Data such as contact details, IP address and published content.
More details can be found in the tools used.
📅 Storage duration: depending on the tools used.
⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests), Art. 6 para. 1 p. 1 lit. b. DSGVO (Contract)

WHAT ARE BLOGS AND PUBLICATION MEDIA?

We use blogs or other communication media on our website, with which we can communicate with you on the one hand and you can communicate with us on the other hand. In the process, data from you may also be stored and processed by us. This may be necessary so that we can present content appropriately, communication works and security is increased. In our data protection text, we generally go into what data can be processed from you. Exact details on data processing always also depend on the tools and functions used. In the data protection notices of the individual providers, you will find precise information about data processing.

WHY DO WE USE BLOGS AND PUBLICATION MEDIA?

Our biggest concern with our website is to provide you with interesting and exciting content, and at the same time your opinions and content are important to us. That is why we want to create a good interactive exchange between us and you. With various blogs and publication options we can achieve exactly that. For example, you can post comments on our content, comment on other comments or, in some cases, write posts yourself.

WHAT DATA IS PROCESSED?

Exactly what data is processed always depends on the communication features we use. Very often, IP address, username and the published content are stored. This is done primarily to ensure security protection, to prevent spam and to be able to take action against illegal content. Cookies can also be used for data storage. These are small text files that are stored with information in your browser. You can find more details about the collected and stored data in our individual sections and in the privacy policy of the respective provider.

DURATION OF DATA PROCESSING

We will inform you about the duration of data processing below, provided we have further information on this. For example, contribution and comment functions store data until you revoke the data storage. In general, personal data is only stored as long as it is absolutely necessary for the provision of our services.

RIGHT OF OBJECTION

You also have the right and the possibility to revoke your consent to the use of cookies or third-party communication tools at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.

Since cookies may also be used with publication media, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy statements of the respective tools.

LEGAL BASIS

We use the means of communication mainly on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers, business partners and visitors. As far as the use serves the settlement of contractual relationships or their initiation, the legal basis is furthermore Art. 6 para. 1 p. 1 lit. b. DSGVO.

Certain processing, in particular the use of cookies and the use of comment or message functions require your consent. If and insofar as you have consented that data from you can be processed and stored by integrated publication media, this consent is considered the legal basis for data processing (Art. 6 para. 1 lit. a DSGVO). Most of the communication functions we use set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.

You can learn about specific tools – if any – in the following sections.

WORDPRESS EMOJIS PRIVACY POLICY

We also use so-called emojis and smilies on our blog. What emojis are exactly, we probably do not need to explain here in more detail. You know these laughing, angry or sad faces. They are graphic elements or files that we provide and are loaded from another server. Service provider for retrieving WordPress emojis and smilies is Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. This third party service provider stores your IP address in order to deliver the emoji files to your browser.

WordPress also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be accompanied by various risks to the legality and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, thus especially in the USA) or a data transfer there, WordPress uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, WordPress undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Data Processing Agreements, which correspond to the standard contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

You can learn more about the data processed by using Automattic in the Privacy Policy at https://automattic.com/privacy/.

COOKIE CONSENT MANAGEMENT PLATFORM INTRODUCTION

Cookie Consent Management Platform Summary
👥 Data subject: website visitors.
🤝 Purpose: To obtain and manage consent for certain cookies and thus the use of certain tools.
📓 Data processed: Data used to manage the cookie settings set, such as IP address, time of consent, type of consent, individual consents. More details can be found at the respective tool used.
📅 Storage period: Depends on the tool used, you have to be prepared for periods of several years.
⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit.f DSGVO (legitimate interests).

WHAT IS A COOKIE CONSENT MANAGEMENT PLATFORM?

We use a Consent Management Platform (CMP) software on our website to help us and you deal correctly and securely with scripts and cookies used. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides cookie consent for you as required by data protection laws, and helps us and you keep track of all cookies. With most cookie consent management tools, all existing cookies are identified and categorized. You as a website visitor then decide for yourself whether and which scripts and cookies you allow or disallow. The following graphic illustrates the relationship between browser, web server and CMP.

WHY DO WE USE A COOKIE MANAGEMENT TOOL?

Our goal is to provide you with the best possible transparency in the area of data protection. In addition, we are also legally obligated to do so. We want to educate you as much as possible about all tools and all cookies that can store and process data from you. It is also your right to decide for yourself which cookies you accept and which you do not. In order to give you this right, we first need to know exactly which cookies ended up on our website in the first place. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with DSGVO-compliant information about them. You can then accept or reject cookies via the consent system.

WHAT DATA IS PROCESSED?

Within our cookie management tool, you can manage each cookie yourself and have complete control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to query you each time you visit our website again and so that we can also prove your consent if required by law. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage period of your cookie consent varies. In most cases, this data (e.g. pseudonymous user ID, time of consent, details of cookie categories or tools, browser, device information) is stored for up to two years.

DURATION OF DATA PROCESSING

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is strictly necessary to provide our services and products. Data that is stored in cookies is stored for different lengths of time. Some cookies are already deleted after you leave the website, others may be stored in your browser for several years. The exact duration of data processing depends on the tool used; in most cases, you should be prepared for a storage period of several years. In the respective privacy statements of the individual providers, you will usually receive precise information about the duration of data processing.

RIGHT OF OBJECTION

You also have the right and the possibility to revoke your consent to the use of cookies at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser.

Information on specific cookie management tools, if available, can be found in the following sections.

LEGAL BASIS

If you consent to cookies, personal data about you will be processed and stored through these cookies. If we are allowed to use cookies through your consent (Article 6 (1) (a) DSGVO), this consent is also the legal basis for the use of cookies or the processing of your data. In order to be able to manage the consent to cookies and to enable you to give your consent, cookie consent management platform software is used. The use of this software enables us to operate the website in an efficient manner in compliance with the law, which constitutes a legitimate interest (Article 6 (1) (f) DSGVO).

COOKIEBOT PRIVACY POLICY

Cookiebot Privacy Policy Summary
👥 Data subject: website visitors
🤝 Purpose: To obtain consent for certain cookies and thus the use of certain tools.
📓 Data processed: Data used to manage the cookie settings set, such as IP address, time of consent, type of consent, individual consents. More details can be found at the respective tool used.
📅 Storage period: the data is deleted after one year.
⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit.f DSGVO (legitimate interests).

WHAT IS COOKIEBOT?

We use functions of the provider Cookiebot on our website. The company behind Cookiebot is Cybot A/S, Havnegade 39, 1058 Copenhagen, DK. Cookiebot offers us, among other things, the possibility to provide you with a comprehensive cookie notice (also called cookie banner or cookie notice). By using this feature, data from you may be sent to Cookiebot or Cybot, stored and processed. In this privacy policy, we inform you why we use Cookiebot, what data is transferred and how you can prevent this data transfer.

Cookiebot is a software product of the company Cybot. The software automatically creates a DSGVO-compliant cookie notice for our website visitors. In addition, the technology behind Cookiebot scans, monitors and evaluates all cookies and tracking measures on our website.

WHY DO WE USE COOKIEBOT ON OUR WEBSITE?

We take privacy very seriously. We want to show you exactly what is going on on our website and which of your data is stored. Cookiebot helps us get a good overview of all our cookies (first-party and third-party cookies). This allows us to inform you about the use of cookies on our website accurately and transparently. You always get an up-to-date and privacy-compliant cookie notice and decide for yourself which cookies you allow and which not.

WHAT DATA IS STORED BY COOKIEBOT?

If you allow cookies, the following data will be transmitted to Cybot, stored and processed.

• IP address (in anonymized form, the last 3 digits are set to 0)
• date and time of your consent
• our website URL
• technical browser data
• encrypted, anonymous key

the cookies you have allowed (as proof of consent)
The following cookies are set by Cookiebot if you have consented to the use of cookies:

Name: CookieConsent
Value: {stamp:’P7to4eNgIHvJvDerjKneBsmJQd9121968800-2
Purpose: This cookie stores your consent status,. This allows our website to read and follow the current status on future visits.
Expiration date: after one year

Name: CookieConsentBulkTicket
Value: kDSPWpA%2fjhljZKClPqsncfR8SveTnNWhys5NojaxdFYBPjZ2PaDnUw%3d%3121968800-6
Purpose: This cookie is set if you allow all cookies and thus have “collective consent” enabled. The cookie then stores its own random and unique ID.
Expiration date: after one year

Note: Please keep in mind that this is an exemplary list and we cannot claim completeness. Please see the Cookie Statement at https://www.cookiebot.com/de/cookie-declaration/ to see what other cookies may be used.

According to Cybot’s privacy policy, the company does not resell personal data. However, Cybot does share data with trusted third parties or subcontractors that help the company achieve its business goals. Data is also shared when legally required.

HOW LONG AND WHERE IS THE DATA STORED?

All data collected is transferred, stored and forwarded exclusively within the European Union. The data is stored in an Azure data center (cloud provider is Microsoft). You can learn more about all “Azure regions” at https://azure.microsoft.com/de-de/global-infrastructure/geographies/?tid=adsimpletextid. All user data will be deleted by Cookiebot after 12 months from registration (cookie consent) or immediately after cancellation of the Cookiebot service.

HOW CAN I DELETE MY DATA OR PREVENT DATA STORAGE?

You have the right to access and also delete your personal data at any time. You can prevent data collection and storage, for example, by rejecting the use of cookies via the cookie notice. Your browser offers another possibility to prevent the data processing or to manage it according to your wishes. Depending on the browser, cookie management works slightly differently. Under the section “Cookies” you will find the corresponding links to the respective instructions of the most popular browsers.

LEGAL BASIS

If you consent to cookies, personal data about you will be processed and stored via these cookies. If we are allowed to use cookies through your consent (Article 6 (1) (a) DSGVO), this consent is also the legal basis for the use of cookies or the processing of your data. In order to be able to manage the consent to cookies and to enable you to give your consent, the Cookiebot is used. The use of this software enables us to operate the website in an efficient manner in compliance with the law, which constitutes a legitimate interest (Article 6 (1) (f) DSGVO).

If you want to learn more about the privacy policy of “Cookiebot” or the company behind it, Cybot, we recommend that you read through the privacy policy at https://www.cookiebot.com/de/privacy-policy/.

WEBDESIGN INTRODUCTION

Web design privacy policy summary
👥 Data subjects: Visitors of the website.
🤝 Purpose: Improve user experience.
📓 Data Processed: Which data is processed depends heavily on the services used. Mostly it is about IP address, technical data, language settings, browser version, screen resolution and name of the browser. You can find more details about this in the respective web design tools used.
📅 Storage duration: depending on the tools used.
Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).

WHAT IS WEBDESIGN?

We use various tools on our website that serve our web design. Web design is not, as often assumed, just about making our website look pretty, but also about functionality and performance. But of course, the appropriate appearance of a website is also one of the major goals of professional web design. Web design is a branch of media design and deals with the visual as well as the structural and functional design of a website. The goal is to use web design to improve your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all impressions and experiences that the website visitor experiences on a website. Usability is a sub-item of user experience. This refers to the user-friendliness of a website. The main emphasis here is on ensuring that content, subpages or products are clearly structured and that you can easily and quickly find what you are looking for. In order to provide you with the best possible experience on our website, we also use so-called third-party web design tools. In this privacy policy, the category “web design” therefore includes all services that improve the design of our website. These can be, for example, fonts, various plugins or other integrated web design functions.

WHY DO WE USE WEB DESIGN TOOLS?

How you absorb information on a website depends very much on the structure, functionality and visual perception of the website. Therefore, a good and professional web design became more and more important for us as well. We are constantly working on improving our website and see this also as an extended service for you as a website visitor. Furthermore, a beautiful and functioning website also has economic advantages for us. After all, you will only visit us and make use of our offers if you feel completely comfortable.

WHAT DATA IS STORED BY WEBDESIGN TOOLS?

When you visit our website, web design elements may be embedded in our pages that can also process data. Exactly what data is involved depends, of course, to a large extent on the tools used. Further below you can see exactly which tools we use for our website. We recommend that you also read the respective privacy policy of the tools used for more detailed information on data processing. In most cases, you will find out there which data is processed, whether cookies are used and how long the data is stored. Through fonts such as Google Fonts, for example, information such as language settings, IP address, browser version, browser screen resolution and browser name are also automatically transmitted to Google servers.

DURATION OF DATA PROCESSING

How long data is processed is highly individual and depends on the web design elements used. For example, if cookies are used, the retention period can be as short as a minute or as long as a few years. Please make yourself clear in this regard. For this purpose, we recommend on the one hand our general text section on cookies, as well as the privacy statements of the tools used. There you will usually find out exactly which cookies are used and what information is stored in them. Google font files, for example, are stored for one year. This is to improve the loading time of a website. In principle, data is only ever stored for as long as is necessary for the provision of the service. In the case of legal requirements, data may also be stored for longer.

RIGHT OF OBJECTION

You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either through our cookie management tool or through other opt-out features. You can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser. However, under web design elements (mostly fonts), there is also data that cannot be deleted quite so easily. This is the case when data is automatically collected directly when a page is called up and transmitted to a third-party provider (such as Google). In this case, please contact the support of the respective provider. In the case of Google, you can reach the support at https://support.google.com/?hl=de.

LEGAL BASIS

If you have consented to web design tools being used, the legal basis of the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as may occur when web design tools are used. From our side, there is also a legitimate interest to improve the web design on our website. After all, only then can we provide you with a beautiful and professional web offer. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use web design tools insofar as you have given your consent. In any case, we would like to emphasize this again here.

You will find information on specific web design tools – if available – in the following sections.

GOOGLE FONTS PRIVACY POLICY

Google Fonts Privacy Policy Summary
👥 Data subject: visitors to the website
🤝 Purpose: Optimization of our service performance.
📓 Data Processed: Data such as IP address and CSS and font requests.
More details can be found below in this privacy policy.
📅 Storage period: Font files are stored by Google for one year.
⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).

WHAT ARE GOOGLE FONTS?

On our website, we use Google Fonts. These are the “Google Fonts” of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

For the use of Google Fonts you do not have to log in or provide a password. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account information, while using Google Fonts, will be transmitted to Google. Google records the usage of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We’ll take a detailed look at exactly what this data storage looks like.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to your users for free.

Many of these fonts are released under the SIL Open Font License, while others are released under the Apache license. Both are free software licenses.

WHY DO WE USE GOOGLE FONTS ON OUR WEBSITE?

Google Fonts allows us to use fonts on our own website and not have to upload them to our own server. Google Fonts is an important component in keeping the quality of our website high. All Google Fonts are automatically optimized for the web and this saves data volume and is a big advantage especially for mobile use. When you visit our site, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can sometimes visually distort texts or entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So, we use Google Fonts so that we can display our entire online service as beautifully and consistently as possible.

WHAT DATA IS STORED BY GOOGLE?

When you visit our website, the fonts are reloaded via a Google server. Through this external call, data is transmitted to the Google servers. In this way, Google also recognizes that you or your IP address is visiting our website. The Google Fonts API is designed to reduce the use, storage, and collection of end-user data to what is necessary for proper font delivery. API, by the way, stands for “Application Programming Interface” and is used, among other things, as a data transmitter in software.

Google Fonts stores CSS and font requests securely at Google and is thus protected. Through the collected usage figures, Google can determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites are using Google fonts. This data is published to the Google Fonts BigQuery database. Entrepreneurs and developers use Google’s BigQuery web service to be able to examine and move large amounts of data.

However, it is still important to remember that each Google Font request also automatically transmits information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google’s servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.

HOW LONG AND WHERE IS THE DATA STORED?

Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This allows us to use fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to easily and quickly change the design or font of a website, for example.

The font files are stored by Google for one year. Google thus pursues the goal of fundamentally improving the loading time of web pages. If millions of web pages refer to the same fonts, they are cached after the first visit and immediately reappear on all other web pages visited later. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.

HOW CAN I DELETE MY DATA OR PREVENT DATA STORAGE?

Those data that Google stores for a day or a year cannot be easily deleted. The data is automatically transmitted to Google when the page is accessed. To delete this data prematurely, you must contact Google Support at https://support.google.com/?hl=de&tid=121968800. Data storage you prevent in this case only if you do not visit our site.

Unlike other web fonts, Google allows us unlimited access to all fonts. So we can have unlimited access to a sea of fonts and get the most out of our website. You can find out more about Google Fonts and other issues at https://developers.google.com/fonts/faq?tid=121968800. Google does address privacy-related issues there, but it doesn’t really include detailed information about data storage. It is relatively difficult to get really precise information from Google about stored data.

LEGAL BASIS

If you have consented to Google Fonts being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as may occur when Google Fonts are used.

From our side, there is also a legitimate interest in using Google Font to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use Google Font if you have given your consent.

Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing.

As a basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which also correspond to the standard contractual clauses for Google Fonts, can be found at https://business.safety.google/adsprocessorterms/.

You can also read about which data is basically collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

All texts are protected by copyright.
Source: Created with the privacy generator from AdSimple