Privacy policy

Introduction and Overview

We have written this privacy statement (version 09.02.2022-111942635) in order to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller – and the processors (e.g. providers) commissioned by us – process, will process in the future and what lawful options you have.
In short: We inform you comprehensively about the data we process about you.

Data protection statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. As far as it is conducive to transparency, technical terms are explained in a reader-friendly way and links to further information are provided. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or two pieces of information you did not know. If you still have questions, we would like to ask you to contact the responsible office mentioned below or in the imprint, to follow the links provided and to look at further information on third party sites. Our contact details can of course also be found in the imprint.

Scope

This data protection declaration applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (order processors). By personal data, we mean information within the meaning of Art. 4 No. 1 DSGVO, such as a person's name, e-mail address and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• social media sites and email communications
• mobile apps for smartphones and other devices

In short, the data protection declaration applies to all areas in which personal data is processed in the company via the aforementioned channels in a structured manner. If we enter into legal relationships with you outside of these channels, we will inform you separately where applicable.

Legal basis

In the following privacy statement, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, which you can of course access online on https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679, the access point to EU law.

We will only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
2. Contract (Article 6(1) lit. b DSGVO): In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a sales contract with you, we need personal information in advance.
3. Legal obligation (Article 6(1)(c) DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6(1)(f) DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website in a secure and economically efficient manner. This processing is therefore a legitimate interest.

Other conditions, such as the performance of recordings in the public interest and the exercise of official authority as well as the protection of vital interests, do not usually arise for us. If such a legal basis should be relevant, it will be indicated at the appropriate place.

In addition to the EU Regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.

In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Storage period

It is a general criterion that we only store personal data for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights according to the General Data Protection Regulation

According to Article 13 of the GDPR, you have the following rights to ensure that data is processed fairly and transparently:

According to Article 15 DSGVO, you have the right to information about whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:

• the purpose for which we are processing it;
• the categories, i.e. types, of data being processed;
• who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
• how long the data will be stored;
• the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
• That you can complain to a supervisory authority (links to these authorities can be found below);
• whether profiling is carried out, i.e. whether data is automatically analysed to arrive at a personal profile of you.

According to Article 16 of the GDPR, you have the right to rectification of your data, which means that we must correct any errors if you find them.

According to Article 17 of the GDPR, you have the right to erasure (the "right to be forgotten"), which specifically means that you can request the deletion of your data.

According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.

According to Article 19 of the GDPR, you have the right to data portability, which means that we must provide you with your data in a commonly used format upon request.

According to Article 21 of the GDPR, you have the right to object, which, when enforced, brings about a change in the processing.

If the processing of your data is based on Article 6 (1) (e) (public interest, exercise of public authority) or Article 6 (1) (f) (legitimate interest), you may object to the processing. We will then examine as quickly as possible whether we can comply with this objection legally.

If data is used for direct advertising, you can object to this type of data processing at any time. We may not use your data for direct marketing purposes thereafter.

If data is used to conduct profiling, you can object to this type of data processing at any time. We are not allowed to use your data for profiling afterwards.

According to Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling) under certain circumstances.

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can file a complaint with the supervisory authority. For Austria, this is the Datenschutzbehörde, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI). The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Director: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Phone number: +43 1 52 152-0
Email address: [email protected]
Website: https://www.dsb.gv.at/

Data processing security

We have implemented both technical and organizational measures to protect personal data. Where possible, we encrypt or pseudonymize personal data. In doing so, we make it as difficult as possible for third parties to draw personal information from our data within the scope of our capabilities.

Article 25 GDPR speaks of "data protection by design and by default" and means that security should always be considered in both software (e.g. forms) and hardware (e.g. access to the server room) and appropriate measures should be taken. Below, we will address specific measures if necessary.

TLS encryption with https

TLS, encryption, and https sound very technical, and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transmit data securely over the internet.
This means that the entire transmission of all data from your browser to our web server is secured - no one can "listen in".

With this, we have introduced an additional layer of security and comply with data protection by design and default Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small padlock symbol in the upper left of the browser, left of the web address (e.g. example.com), and the use of the https schema (instead of http) as part of our web address.
If you want to learn more about encryption, we recommend searching Google for "Hypertext Transfer Protocol Secure wiki" to find good links to further information.

Communication

If you contact us and communicate with us by phone, email, or online form, personal data may be processed.

The data is processed for the handling and processing of your inquiry and the associated business transaction. The data is stored for as long as necessary and as long as required by law.

Data Subjects

All those who seek contact with us via the communication channels we provide are affected by the aforementioned processes.

Phone

If you call us, call data is pseudonymized and stored on the respective device and at the telecommunications provider used. In addition, data such as name and telephone number can be sent by email and stored for answering the request. The data is deleted as soon as the business case is closed and legal requirements allow it.

Email

If you communicate with us by email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data may be stored on the email server. The data is deleted as soon as the business case is closed and legal requirements allow it.

Online Forms

If you communicate with us via an online form, data will be stored on our web server and may be forwarded to one of our email addresses. The data will be deleted as soon as the business transaction has been completed and legal requirements allow it.

Legal Basis

The processing of the data is based on the following legal basis:

Art. 6 para. 1 lit. a GDPR (Consent): You give us your consent to store your data and use it for business-related purposes;

Art. 6 para. 1 lit. b GDPR (Contract): There is a need to fulfill a contract with you or a data processor, such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;

Art. 6 para. 1 lit. f GDPR (Legitimate interests): We want to conduct customer inquiries and business communication in a professional manner. For this purpose, certain technical facilities such as email programs, exchange servers, and mobile network operators are necessary to efficiently manage communication.

Cookies

What are cookies?

Our website uses HTTP cookies to store user-specific data.
In the following, we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Every time you surf the internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is certain: cookies are really useful helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other application areas. HTTP cookies are small files that are stored by our website on your computer. These cookie files are automatically placed in the cookie folder, the "brain" of your browser. A cookie consists of a name and a value. In defining a cookie, one or more attributes must also be specified.

Cookies save certain user data of yours, such as language or personal page settings. When you call up our site again, your browser sends the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The lifespan of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans or other "malware". Cookies cannot access information on your PC.

Here is an example of what cookie data might look like:

Name: _ga
Value: GA1.2.1326744211.152111942635-9
Purpose: Distinguishing website visitors
Expiration date: after 2 years

These are the minimum sizes that a browser should be able to support:

At least 4096 bytes per cookie

At least 50 cookies per domain

At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use specifically depends on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed if a user puts a product in the shopping cart, then surfs on other pages and later goes to the checkout. These cookies prevent the shopping cart from being deleted even if the user closes his browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies also measure the loading time and the behavior of the website with different browsers.

Targeted cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes or form data are stored.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver advertising tailored to the individual user. This can be very practical, but also very annoying.

Usually, when you visit a website for the first time, you will be asked which of these types of cookies you want to allow. And of course, this decision is also stored in a cookie.

If you would like to learn more about cookies and do not shy away from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. You can find more details on this below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small helpers for many different tasks. It is unfortunately not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data within the scope of the following privacy policy.

Storage duration of cookies

The storage duration depends on the respective cookie and is further specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have an influence on the storage duration. You can manually delete all cookies at any time via your browser (see "Right to object" below). Furthermore, cookies that are based on consent are deleted at the latest after revocation of your consent, with the legality of the storage remaining unaffected until then.

Right to object - how can I delete cookies?

Whether and how you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies, but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Clear, enable and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove the information that websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you do not want to have any cookies in principle, you can set up your browser to always inform you when a cookie is to be set. This way, you can decide for each individual cookie whether you allow it or not. The procedure varies depending on the browser. It's best to search for the instructions in Google using the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.

Legal basis

Since 2009, there have been so-called "cookie directives." It is stipulated that the storage of cookies requires your consent (Article 6 (1) (a) GDPR). Within the EU countries, however, there are still very different reactions to these directives. In Austria, however, this directive was implemented in § 96 (3) of the Telecommunications Act (TKG). In Germany, the cookie directives were not implemented as national law. Instead, the implementation of this directive was largely carried out in § 15 (3) of the Telemedia Act (TMG).

For strictly necessary cookies, even where no consent has been obtained, there are legitimate interests (Article 6 (1) (f) GDPR), which are mostly of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often essential for this.

To the extent that non-essential cookies are used, this only happens with your consent. The legal basis is Art. 6 (1) (a) GDPR in this respect.

In the following sections, you will be provided with more detailed information about the use of cookies, where software used employs cookies.

Web hosting introduction

What is web hosting?

When you visit websites these days, certain information - including personal data - is automatically created and stored, as is the case on this website. This data should be processed as sparingly and only with justification as possible. By website, we mean the entirety of all web pages on a domain, i.e. everything from the homepage to the very last subpage (such as this one). By domain, we mean, for example, example.com or sampleexample.com.

When you want to view a website on a screen, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.

This web browser has to connect to another computer where the code of the website is stored: the web server. Running a web server is a complicated and time-consuming task, which is why it is usually done by professional providers, the hosts. They offer web hosting and ensure reliable and error-free storage of website data.

When your browser connects to our website on your computer (desktop, laptop, smartphone) and during the transfer of data to and from the web server, it may involve processing personal data. On the one hand, your computer stores data, and on the other hand, the web server also needs to store data for a certain period of time to ensure proper operation.

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and ensuring its operation

2. Maintaining operational and IT security

3. Anonymous evaluation of access behavior to improve our offerings and, if necessary, for law enforcement or prosecution of claims

What data is processed?

Even while you are visiting our website right now, our web server, which is the computer where this website is stored, usually automatically stores data such as:

the complete internet address (URL) of the accessed webpage

the browser and browser version (e.g. Chrome 87)

the operating system used (e.g. Windows 10)

the address (URL) of the previously visited page (referrer URL) (e.g. https://www.example-source-site.com/where-i-came-from.html/)

the hostname and IP address of the device used to access the website (e.g. COMPUTERNAME and 194.23.43.121)

date and time

in files, the so-called web server log files

How long is data stored?

Generally, the above-mentioned data is stored for two weeks and then automatically deleted. We do not disclose this data, but we cannot exclude the possibility that this data may be viewed by authorities in the event of unlawful behavior.

Notice

We use a third party to provide monetization technologies for our site. You can review their privacy and cookie policy here.

Legal basis

The lawfulness of the processing of personal data in the context of web hosting is based on Art. 6 para. 1 lit. f GDPR (preservation of legitimate interests), as the use of professional hosting with a provider is necessary to present the company safely and user-friendly on the Internet and to be able to follow up on attacks and claims if necessary.

There is usually a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

All content is protected by copyright.