Introduction and Overview
We have written this data protection declaration (version 07.05.2021-211145149) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the person responsible - and that of Processors commissioned by us (e.g. provider) - process, will process in the future and what legitimate options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data that we process about you. Data protection declarations usually sound very technical and use legal terminology. However, this data protection declaration is intended to describe the most important things to you as simply and transparently as possible. As far as transparency is beneficial, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. We are thus informing in clear and simple language that we only process personal data in the context of our business activities if there is a corresponding legal basis. This is certainly not possible if you make as brief, unclear and legal-technical statements as possible, as they are often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and maybe there is one or the other piece of information that you were not familiar with. If you still have questions, we would like to ask you to contact the responsible body named below or in the legal notice, to follow the existing links and to look at further information on third-party sites. You can of course also find our contact details in the imprint.
Scope of Application
This data protection declaration applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (contract processors). By personal data, we mean information such as the name, email address and postal address of a person. The processing of personal data ensures that we can offer and invoice our services and products, be it online or offline. The scope of this data protection declaration includes:
All online presences (websites, online shops) that we operate
Social media appearances and email communication
Mobile apps for smartphones and other devices
In the following data protection declaration, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation that enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course access this EU General Data Protection Regulation online at EUR-Lex, the gateway to the EU -Recht, read at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies: Consent (Article 6 Paragraph 1 lit. a GDPR):
You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
Contract (Article 6 Paragraph 1 lit. a GDPR): We process your data in order to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a sales contract with you, we need personal information in advance.
Legal obligation (Article 6 Paragraph 1 lit. a GDPR): If we are subject to a legal obligation, we will process your data. For example, we are legally required to keep invoices for bookkeeping. These usually contain personal data.
Legitimate interests (Article 6 Paragraph 1 lit. a GDPR): In the case of legitimate interests that do not restrict your basic rights, we reserve the right to process personal data. For example, we have to process certain data in order to be able to operate our website securely and economically efficiently; this processing is therefore a legitimate interest.
Other conditions such as the taking of recordings in the public interest and the exercise of official authority as well as the protection of vital interests do not usually apply to us. If such a legal basis should be relevant, it will be shown at the appropriate point. In addition to the EU regulation, national laws also apply:
In Austria this is the federal law for the protection of natural persons when processing personal data (data protection law), DSG for short.
If other regional or national laws apply, we will inform you about them in the following sections.
Storage of Personal Data
Personal data that you transmit electronically to us on this website, such as name, e-mail address, address or other personal information in connection with the submission of a form or comments in the blog, together with the time and the IP address, will only be used by us for the purpose specified in each case, will be stored securely and will not be passed on to third parties.
We therefore use your personal data only for communication with those visitors who expressly wish to contact us and for the processing of the services and products offered on this website. We will not share your personal data without your consent, but we cannot exclude that this data may be accessed in the event of unlawful conduct.
If you send us personal data by e-mail – i. e. off this website – we cannot guarantee the secure transmission and protection of your data. We recommend that you never send confidential data unencrypted by e-mail.
On our website, we use Google Maps from Google Inc. For Europe, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Maps we can show you locations better and thus adapt our service to your needs. By using Google Maps, data is transmitted to Google and stored on Google servers. Here we want to go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can prevent it.
What is Google Maps?
Google Maps is an Internet map service provided by Google. With Google Maps, you can find the exact locations of cities, attractions, accommodations or businesses online via a PC, tablet or app. If companies are represented on Google My Business, other information about the company is displayed in addition to the location. In order to show how to get there, map sections of a location can be integrated into a website using HTML code. Google Maps shows the Earth’s surface as a road map or as an aerial or satellite image. Thanks to the Street View images and the high-quality satellite images very accurate representations are possible.
Why do we use Google Maps on our Website?
All our efforts on this page are aimed at providing you with a useful and meaningful time on our website. By integrating Google Maps, we can provide you with the most important information about various locations. You can see at a glance where we have our company headquarters. The directions will always show you the best or fastest way to get to us. You can access the route for routes by car, public transport, on foot or by bicycle. For us, the provision of Google Maps is part of our customer service.
What Data is stored by Google Maps?
In order for Google Maps to offer its full service, the company must record and store data about you. This includes, among other things, the search terms entered, your IP address and also the latitude and longitude coordinates. If you use the route planner function, the start address entered will also be saved. However, this data storage occurs on the Google Maps websites. We can only inform you, but we cannot influence you. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behaviour. Google uses this data primarily to optimise its own services and to provide you with individual, personalised advertising.
How long and where is the Data stored?
Google’s servers are located in data centers all over the world. However, most of the servers are located in America. For this reason, your data is increasingly stored in the USA. Here you can find out exactly where the Google data centers are located: https://www. google. com/about/datacenters/inside/locations/?hl=de
Google distributes the data on different data carriers. As a result, the data can be accessed more quickly and are better protected against possible manipulation attempts. Each data center also has special emergency programs. For example, if there are problems with the Google hardware or a natural disaster paralyses the servers, the data is still fairly securely protected.
Some data is stored by Google for a specified period of time. For other data, Google only offers the option of deleting it manually. Furthermore, the company also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months.
How can I delete my Data or Prevent Data Storage?
With the automatic deletion of location and activity data, which was introduced in 2019, information on location determination and web/app activity is stored for either 3 or 18 months and then deleted, depending on your decision. You can also manually delete this data from the history at any time via the Google account. If you want to prevent your location from being captured completely, you need to pause the “Web and App Activity” section in your Google Account. Click “Data and Personalization” and then click on the “Activity settings” option. Here you can turn the activities on or off.
You can also deactivate, delete or manage individual cookies in your browser. Depending on which browser you use, it always works a little differently.
What are Cookies?
Whenever you browse the Internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
Cookies store certain user data about you, such as language or personal page settings. When you call up our site again, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e. g. Google Analytics). Each cookie has to be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other “pests. ” Cookies also cannot access information on your PC.
The so-called “Cookie Guidelines” have been in place since 2009. It is stated that the storage of cookies requires your consent. However, there are still very different responses to these directives within the EU countries. In Austria, however, this directive was transposed into Section 96 (3) of the Telecommunications Act (TKG). In Germany, the cookie guidelines have not been implemented as national law. Instead, this directive was largely implemented in § 15 (3) of the Telemedia Act (TMG).
If you want to know more about cookies and are not afraid of technical documentation, we recommend https://tools. ietf. org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism. ”
Automatic Data Storage
Nowadays, when you visit websites, certain information is automatically created and stored, including on this website. This collected data should be collected as sparingly as possible and only with justification. By website we mean the totality of all websites on your domain, i. e. everything from the homepage to the last subpage (like this one). By domain we mean example. de or musterbeispiel. com.
Even when you are visiting our website, our web server – that is, the computer on which this website is stored – usually stores data automatically for reasons of operational security, to create access statistics, etc.
the complete internet address (URL) of the accessed website (e. g. https://www. beispielwebsite. de/beispielunterseite. html/)
Browser and browser version (e. g. Chrome 87)
the operating system used (e. g. Windows 10)
the address (URL) of the previously visited page (referrer URL) (e. g. https://www. beispielquellsite. de/vondabinichgekommen. html/)
the host name and IP address of the device from which access is being made (e. g. COMPUTERNAME and 194. 23. 43. 121)
Date and time
in files, the so-called web server log files.
Usually these files are saved for two weeks and then deleted automatically. We do not share this data, but we cannot exclude the possibility that this data may be accessed by authorities in the event of unlawful conduct.
TLS Encryption with https
TLS, encryption and https sound very technical and they are. We use HTTPS (Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) to transmit data securely over the Internet.
This means that the complete transfer of all data from your browser to our web server is secured – no one can “hear.”
With this we have introduced an additional layer of security and comply with data protection by technical design Article 25 paragraph 1 GDPR) . By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognise the use of this security of data transmission by the small lock symbol at the top left of the browser to the left of the internet address (e. g. page. de) and the use of the https scheme (instead of http) as part of our internet address. If you want to know more about encryption, we recommend Google Search for “Hypertext Transfer Protocol Secure wiki” to get good links to further information.
Rights under the GDPR
In accordance with the provisions of the GDPR, you have the following rights:
Right to rectification (Article 16 GDPR)
Right to erasure (“right to be forgotten”) (Article 17 GDPR)
Right to restriction of processing (Article 18 GDPR)
Right to notification – Obligation to notify in connection with the rectification or erasure of personal data or the restriction of processing (Article 19 GDPR)
Right to data portability (Article 20 GDPR)
Right of objection (Article 21) GDPR)
Right not to be subject to a decision based solely on automated processing – including profiling – (Article 22 GDPR)
If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority whose website you can find at https://www. dsb. gv. at/ and for Germany, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
On our website, we use the analysis tracking tool Google Analytics (GA) of the American company Google Inc. For Europe, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics enable us to better adapt our website and service to your needs. In the following, we will go into more detail about the tracking tool and inform you in particular about what data is stored and how you can prevent it.
If you subscribe to our newsletter, you provide the above personal data and give us the right to contact you by e-mail. We use the data stored as part of the subscription to the newsletter exclusively for our newsletter and do not pass it on. If you unsubscribe from the newsletter – you will find the link to this in each newsletter at the bottom – then we will delete all data that was saved with the subscription to the newsletter.
We use Google Ads (formerly Google AdWords) as an online marketing measure to promote our products and services. In this way, we want to make more people aware of the high quality of our offers on the Internet. As part of our advertising measures by Google Ads, we use conversion tracking from Google Inc. on our website. In Europe, however, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. This free tracking tool allows us to tailor our advertising offer to your interests and needs. In the following article, we want to go into more detail about why we use conversion tracking, what data is stored and how to prevent this data storage.