Introduction and Overview
Data protection statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. As far as it is conducive to transparency, technical terms are explained in a reader-friendly way and links to further information are provided. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or two pieces of information you did not know. If you still have questions, we would like to ask you to contact the responsible office mentioned below or in the imprint, to follow the links provided and to look at further information on third party sites. Our contact details can of course also be found in the imprint.
- all online presences (websites, online shops) that we operate
- social media sites and email communications
- mobile apps for smartphones and other devices
In short, the data protection declaration applies to all areas in which personal data is processed in the company via the aforementioned channels in a structured manner. If we enter into legal relationships with you outside of these channels, we will inform you separately where applicable.
We will only process your data if at least one of the following conditions applies:
(Article 6(1)(a) DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
(Article 6(1) lit. b DSGVO): In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a sales contract with you, we need personal information in advance.
- Legal obligation
(Article 6(1)(c) DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
- Legitimate interests
(Article 6(1)(f) DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website in a secure and economically efficient manner. This processing is therefore a legitimate interest.
Other conditions, such as the performance of recordings in the public interest and the exercise of official authority as well as the protection of vital interests, do not usually arise for us. If such a legal basis should be relevant, it will be indicated at the appropriate place.
In addition to the EU Regulation, national laws also apply:
If other regional or national laws apply, we will inform you about them in the following sections.
It is a general criterion that we only store personal data for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.
We will inform you about the specific duration of the respective data processing below, provided we have further information on this.
Rights according to the General Data Protection Regulation
According to Article 13 of the GDPR, you have the following rights to ensure that data is processed fairly and transparently:
According to Article 15 DSGVO, you have the right to information about whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:
- the purpose for which we are processing it;
- the categories, i.e. types, of data being processed;
- who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
- how long the data will be stored;
- the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
- That you can complain to a supervisory authority (links to these authorities can be found below);
- whether profiling is carried out, i.e. whether data is automatically analysed to arrive at a personal profile of you.
According to Article 16 of the GDPR, you have the right to rectification of your data, which means that we must correct any errors if you find them.
According to Article 17 of the GDPR, you have the right to erasure (the "right to be forgotten"), which specifically means that you can request the deletion of your data.
According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
According to Article 19 of the GDPR, you have the right to data portability, which means that we must provide you with your data in a commonly used format upon request.
According to Article 21 of the GDPR, you have the right to object, which, when enforced, brings about a change in the processing.
If the processing of your data is based on Article 6 (1) (e) (public interest, exercise of public authority) or Article 6 (1) (f) (legitimate interest), you may object to the processing. We will then examine as quickly as possible whether we can comply with this objection legally.
If data is used for direct advertising, you can object to this type of data processing at any time. We may not use your data for direct marketing purposes thereafter.
If data is used to conduct profiling, you can object to this type of data processing at any time. We are not allowed to use your data for profiling afterwards.
According to Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling) under certain circumstances.
Austrian Data Protection Authority
Data processing security
We have implemented both technical and organizational measures to protect personal data. Where possible, we encrypt or pseudonymize personal data. In doing so, we make it as difficult as possible for third parties to draw personal information from our data within the scope of our capabilities.
Article 25 GDPR speaks of "data protection by design and by default" and means that security should always be considered in both software (e.g. forms) and hardware (e.g. access to the server room) and appropriate measures should be taken. Below, we will address specific measures if necessary.
TLS encryption with https
If you contact us and communicate with us by phone, email, or online form, personal data may be processed.
The data is processed for the handling and processing of your inquiry and the associated business transaction. The data is stored for as long as necessary and as long as required by law.
All those who seek contact with us via the communication channels we provide are affected by the aforementioned processes.
If you call us, call data is pseudonymized and stored on the respective device and at the telecommunications provider used. In addition, data such as name and telephone number can be sent by email and stored for answering the request. The data is deleted as soon as the business case is closed and legal requirements allow it.
If you communicate with us by email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data may be stored on the email server. The data is deleted as soon as the business case is closed and legal requirements allow it.
If you communicate with us via an online form, data will be stored on our web server and may be forwarded to one of our email addresses. The data will be deleted as soon as the business transaction has been completed and legal requirements allow it.
The processing of the data is based on the following legal basis:
Art. 6 para. 1 lit. a GDPR (Consent): You give us your consent to store your data and use it for business-related purposes;
Art. 6 para. 1 lit. b GDPR (Contract): There is a need to fulfill a contract with you or a data processor, such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
Art. 6 para. 1 lit. f GDPR (Legitimate interests): We want to conduct customer inquiries and business communication in a professional manner. For this purpose, certain technical facilities such as email programs, exchange servers, and mobile network operators are necessary to efficiently manage communication.
What are cookies?
Every time you surf the internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
Cookies save certain user data of yours, such as language or personal page settings. When you call up our site again, your browser sends the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The lifespan of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans or other "malware". Cookies cannot access information on your PC.
Here is an example of what cookie data might look like:
These are the minimum sizes that a browser should be able to support:
At least 4096 bytes per cookie
At least 50 cookies per domain
At least 3000 cookies in total
What types of cookies are there?
There are 4 types of cookies:
Usually, when you visit a website for the first time, you will be asked which of these types of cookies you want to allow. And of course, this decision is also stored in a cookie.
Purpose of processing via cookies
The purpose ultimately depends on the respective cookie. You can find more details on this below or from the manufacturer of the software that sets the cookie.
What data is processed?
Storage duration of cookies
The storage duration depends on the respective cookie and is further specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.
You also have an influence on the storage duration. You can manually delete all cookies at any time via your browser (see "Right to object" below). Furthermore, cookies that are based on consent are deleted at the latest after revocation of your consent, with the legality of the storage remaining unaffected until then.
Right to object - how can I delete cookies?
If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:
Chrome: Clear, enable and manage cookies in Chrome
Safari: Manage cookies and website data with Safari
Firefox: Delete cookies to remove the information that websites have stored on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies
If you do not want to have any cookies in principle, you can set up your browser to always inform you when a cookie is to be set. This way, you can decide for each individual cookie whether you allow it or not. The procedure varies depending on the browser. It's best to search for the instructions in Google using the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.
To the extent that non-essential cookies are used, this only happens with your consent. The legal basis is Art. 6 (1) (a) GDPR in this respect.
Web hosting introduction
Web hosting summary
What is web hosting?
When you visit websites these days, certain information - including personal data - is automatically created and stored, as is the case on this website. This data should be processed as sparingly and only with justification as possible. By website, we mean the entirety of all web pages on a domain, i.e. everything from the homepage to the very last subpage (such as this one). By domain, we mean, for example, example.com or sampleexample.com.
When you want to view a website on a screen, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.
This web browser has to connect to another computer where the code of the website is stored: the web server. Running a web server is a complicated and time-consuming task, which is why it is usually done by professional providers, the hosts. They offer web hosting and ensure reliable and error-free storage of website data.
When your browser connects to our website on your computer (desktop, laptop, smartphone) and during the transfer of data to and from the web server, it may involve processing personal data. On the one hand, your computer stores data, and on the other hand, the web server also needs to store data for a certain period of time to ensure proper operation.
Why do we process personal data?
The purposes of data processing are:
1. Professional hosting of the website and ensuring its operation
2. Maintaining operational and IT security
3. Anonymous evaluation of access behavior to improve our offerings and, if necessary, for law enforcement or prosecution of claims
What data is processed?
Even while you are visiting our website right now, our web server, which is the computer where this website is stored, usually automatically stores data such as:
the complete internet address (URL) of the accessed webpage
the browser and browser version (e.g. Chrome 87)
the operating system used (e.g. Windows 10)
the hostname and IP address of the device used to access the website (e.g. COMPUTERNAME and 22.214.171.124)
date and time
in files, the so-called web server log files
How long is data stored?
Generally, the above-mentioned data is stored for two weeks and then automatically deleted. We do not disclose this data, but we cannot exclude the possibility that this data may be viewed by authorities in the event of unlawful behavior.
The lawfulness of the processing of personal data in the context of web hosting is based on Art. 6 para. 1 lit. f GDPR (preservation of legitimate interests), as the use of professional hosting with a provider is necessary to present the company safely and user-friendly on the Internet and to be able to follow up on attacks and claims if necessary.
There is usually a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.
All content is protected by copyright.