- Usage Data (e.g. websites visited, interest in content, access times).
- Meta / Communication Data (e.g. device information, IP addresses).
Visitors and users of the web application (hereinafter we refer to the affected persons as "users").
- Providing the web application, its features, and content
- Security Measures
- Reach Measurement / Marketing
"Personal Data" means any information relating to an identified or identifiable natural person (hereinafter the "data subject"). A natural person is considered as identifiable, that can be identified directly or indirectly, in particular by association with an identifier such as a name, with an identification number, with location data, with an online identifier (e.g. cookie) or to one or more special features, that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
"Processing" means any process performed with or without the aid of automated procedures or any such process associated with personal data. The term goes far and includes virtually every handling of data.
"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information being provided, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data should not be assigned to an identified or identifiable natural person.
"Profiling" means any kind of automated processing of personal data which consists in using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects related to job performance, economic situation, health, to analyze or predict personal preferences, interests, reliability, behavior, location or change of location of that natural person.
"Responsible Person" means the natural or legal person, public authority, body or body that decides, alone or in concert with others, on the purposes and means of processing personal data.
"Processor" means a natural or legal person, public authority, agency or other bodies that processes personal data on behalf of the controller.
In accordance with Article 32 GDPR, we shall take into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons and organizational measures to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. We have also set up procedures to ensure the enjoyment of data subject rights, data deletion, and data vulnerability. Furthermore, we consider the protection of personal data already in the development, or selection of hardware, software, and procedures, according to the principle of data protection through technology design and privacy-friendly default settings (Article 25 GDPR).
If in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant them access to the data, this will only be done on the basis of a legal permit (e.g. if a transmission of the data to third parties, as required by payment service providers, in accordance with Article 6 (1) lit. b GDPR), you have consented to a legal obligation or based on our legitimate interests (e.g. the use of agents, web hosters, etc.).
If we commission third parties to process data on the basis of a so-called "contract processing contract", this is done on the basis of Article 28 GDPR.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third-party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of Article 44 et seq. GDPR. That means the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (e.g. for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Article 15 GDPR.
In accordance with Article 16 GDPR, you have the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you.
In accordance with Article 17 GDPR, you have the right to demand that the data in question be deleted without delay, or, alternatively, to require a restriction of the processing of data in accordance with Article 18 GDPR.
You have the right to demand that the data relating to you provided to us be obtained in accordance with Article 20 GDPR and to be transmitted to other persons responsible.
You also have the right under Article 77 GDPR to file a complaint with the competent supervisory authority.
You have the right to revoke granted consent in accordance with Article 7 (3) GDPR with future effect.
"Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit to a website. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves a website and closes their browser. In such a cookie, e.g. the contents of a shopping cart in an online shop or a login status are saved. The term "permanent" or "persistent" refers to cookies that remain stored even after the browser has been closed. Thus, e.g. the login status will be saved if users visit it after several days. Likewise, in such a cookie the interests of the users can be stored, which are used for range measurement or marketing purposes. A "third-party cookie" refers to cookies that are offered by providers other than the person who runs the website (otherwise, if it is only their cookies, this is called "first-party cookies").
If users do not want cookies stored on their computer, they will be asked to disable the option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this web application.
According to legal regulations in Germany, the storage takes place in particular for 10 years according to §§ 147 (1) AO, 257 (1) No. 1 and 4, (4) HGB (books, records, management reports, accounting documents, trading books, documents relevant to taxation, etc.) and 6 years in accordance with § 257 (1) No. 2 and 3, (4) HGB (commercial letters).
According to legal requirements in Austria, the storage takes place in particular for 7 years according to § 132 (1) BAO (accounting documents, receipts / invoices, accounts, business documents, statement of income and expenses, etc.), for 22 years in connection with land and for 10 years for documents related to electronically supplied services, telecommunications, broadcasting and television services provided to non-EU companies in EU Member States for which the Mini-One-Stop-Shop (MOSS) is used.
The hosting services we use are designed to provide the following services: infrastructure and platform services, computing capacity, storage, and database services, e-mailing, security and technical maintenance services we use to operate this web application.
In doing so, we or our hosting service provider processes inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in an efficient and secure provision of this website in accordance with Article 6 (1) lit. f GDPR in conjunction with Article 28 GDPR (conclusion of contract processing contract).
We, or our hosting provider, collects data on the basis of our legitimate interests within the meaning of Article 6 (1) lit. f GDPR on every access to the server on which this service is located (so-called server log files). That access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
We use a so-called "Content Delivery Network" (CDN) offered by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare is certified under the Privacy Shield Agreement, providing a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active ).
A CDN is a service used to deliver content from our web application, especially large media files, such as graphics or scripts using regionally distributed and Internet-connected servers. The processing of the data of the users takes place solely for the aforementioned purposes and the maintenance of the security and functionality of the CDN.
Use is made on the basis of our legitimate interests, meaning interest in a secure and efficient provision, analysis and optimization of our web application in accordance with Article 6 (1) lit. f GDPR.
Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (including, for example, Google Analytics and other Google marketing services in our web application). The tag manager itself (which implements the tags) does not process users' personal data. With regard to the processing of users' personal data, reference is made to the following information about Google services.
Use-Policy: https://www.google.com/intl/de/tagmanager/use-policy.html .
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our web application within the meaning of Article 6 (1) lit f GDPR), we use content or services offered by third-party providers to provide their content and services, such as include videos or fonts (collectively referred to as "content").
This always presupposes that the third-party providers of this content perceive the IP address of the users since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our website.