Privacy Policy
1 Introduction and overview
We have written this privacy statement (version 13.04.2023-112473677) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller – and the processors (e.g. providers) commissioned by us – process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short, we inform you comprehensively about data we process about you.
Privacy statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is one or two pieces of information that you did not yet know.
If you still have questions, we would like to ask you to contact the responsible party named below or in the imprint, to follow the available links and to look at further information on third-party sites. Our contact details can of course also be found in the imprint.
1.1 Scope of application
This data protection declaration applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (order processors). By personal data, we mean information within the meaning of Art. 4 No. 1 DSGVO, such as a person’s name, e-mail address and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes:
– all online presences (websites, online stores) that we operate
– social media presences and email communications
– mobile apps for smartphones and other devices
In short, the data protection declaration applies to all areas in which personal data is processed in the company via the aforementioned channels in a structured manner. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.
1.2 Legal basis
In the following privacy statement, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, which you can of course read online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679
We only process your data if at least one of the following conditions applies:
– Consent (Article 6(1)(a) DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
– Contract (Article 6(1) lit. b DSGVO): In order to fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
– Legal obligation (Article 6(1)(c) DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
– Legitimate interests (Article 6(1)(f) DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website in a secure and economically efficient manner. This processing is therefore a legitimate interest.
– Other conditions, such as the exercise of recording in the public interest and exercise of official authority, as well as the protection of vital interests, do not generally occur with us
In addition to the EU Regulation, national laws also apply:
– In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
– In Germany, the Federal Data Protection Act, or BDSG for short, applies.
– If other regional or national laws apply, we will inform you about them in the following sections.
1.3 Contact details of the responsible person
If you have any questions regarding data protection or the processing of personal data, please find below the contact details of the responsible person or body:
Moweex GmbH
Schörgenhubstraße 14
4030 Linz
Authorized to represent: Christian Derwein
E-Mail: hello@moweex.com
Phone: +436603406494
Imprint: https://moweex.com/imprint/
1.4 Storage period
The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products applies as a general criterion at our company. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are required by law to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.
We will inform you about the specific duration of the respective data processing below, provided we have further information on this.
1.5 Rights according to the General Data Protection Regulation
Pursuant to Articles 13, 14 DSGVO, we inform you about the following rights you have in order to ensure fair and transparent processing of data:
According to Article 15 DSGVO, you have the right to information about whether we process data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:
– For what purpose we are processing;
– the categories, i.e. the types of data that are processed;
– who receives this data and if the data is transferred to third countries, how security can be guaranteed;
– how long the data will be stored;
– the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
– that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
– The origin of the data if we have not collected it from you;
– Whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
– You have a right to rectification of data according to Article 16 GDPR, which means that we must correct data if you find errors.
– You have the right to erasure (“right to be forgotten”) according to Article 17 GDPR, which specifically means that you may request the deletion of your data.
– According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
– According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a standard format upon request.
– According to Article 21 DSGVO, you have the right to object, which entails a change in processing after enforcement.
– If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
– If data is used to conduct direct advertising, you may object to this type of data processing at any time. We may then no longer use your data for direct marketing.
– If data is used to carry out profiling, you may object to this type of data processing at any time. We may no longer use your data for profiling thereafter.
– According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).
– You have the right to lodge a complaint under Article 77 of the GDPR. This means that you can complain to the data protection authority at any time if you believe that the data processing of personal data violates the GDPR.
In short, you have rights – do not hesitate to contact the controller listed above with us!
If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.data-protection-authority.gv.at/ In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
1.6 Austria Data Protection Authority
Head: Andrea Jelinek, M.D.
Address: Barichgasse 40-42, 1030 Vienna
Telephone number: +43 1 52 152-0
E-mail address: dsb@dsb.gv.at
Website: https://www.data-protection-authority.gv.at/
1.7 Data transfer to third countries
We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if this is required by law or contractually necessary, and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason that we have data processed in third countries. Processing personal data in third countries such as the U.S., where many software vendors provide services and have their server locations, may mean that personal data is processed and stored in unexpected ways.
We explicitly point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously, where applicable. Furthermore, US government authorities may be able to access individual data. In addition, it may happen that collected data is linked with data from other services of the same provider, if you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered.
We will inform you in more detail about data transfer to third countries, if applicable, at the appropriate places in this privacy policy.
1.8 Security of data processing
To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In this way, we make it as difficult as possible, within the scope of our possibilities, for third parties to infer personal information from our data.
Article 25 of the GDPR refers to “data protection by technical design and by data protection-friendly default settings” and thus means that both software (e.g., forms) and hardware (e.g., access to the server room) are always designed with security in mind and that appropriate measures are taken. In the following, we will go into more detail about specific measures, if necessary.
1.9 TLS encryption with https
TLS, encryption and https sound very technical and they are. We use HTTPS (Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) to transfer data over the Internet in a tap-proof manner.
This means that the complete transmission of all data from your browser to our web server is secured – no one can “listen in”.
In this way, we have introduced an additional layer of security and comply with data protection by design of technology (Article 25(1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognize the use of this protection of data transmission by the small lock symbol at the top left of the browser, to the left of the Internet address (e.g., beispielseite.de) and the use of the scheme https (instead of http) as part of our Internet address.
If you want to know more about encryption, we recommend the Google search for “Hypertext Transfer Protocol Secure wiki” to get good links to further information.
1.10 Personal data
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term:
“personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Explanation: personal data are therefore all those data that can identify you as a person. This is usually data such as:
– Name
– Address
– E-mail address
– Postal address
– Telephone number
– Date of birth
– Identification numbers such as social security number, tax identification number, identity card number or matriculation number
– Bank data such as account number, credit information, account balances, and more.
According to the European Court of Justice (ECJ), your IP address also counts as personal data. IT experts can use your IP address to determine at least the approximate location of your device and, subsequently, you as the connection owner. Therefore, the storage of an IP address also requires a legal basis within the meaning of the GDPR. There are also still so-called “special categories” of personal data that also require special protection. These include:
– racial and ethnic origin
– political opinions
– religious or ideological convictions
– trade union membership
– genetic data, such as data taken from blood or saliva samples
– biometric data (which is information about mental, physical, or behavioral characteristics that can identify an individual).
– health data
– data on sexual orientation or sexual life
– profiling
– Definition under Article 4 of the GDPR.
For the purposes of this Regulation, the term:
“profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location;
Explanation: Profiling involves gathering various pieces of information about an individual in order to learn more about that individual. In the web sector, profiling is often used for advertising purposes or also for credit checks. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a special user profile that can be used to target advertising to a specific group. Translated with
1.11 Person responsible
Definition according to Article 4 of the GDPR.
For the purposes of this Regulation, the term:
“controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law;
Explanation: in our case, we are responsible for the processing of your personal data and consequently the “controller”. If we transfer collected data to other service providers for processing, they are “processors”. For this purpose, a “processing order contract (AVV)” must be signed.
1.12 Processing
Definition according to Article 4 of the GDPR.
For the purposes of this Regulation, the term:
“processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Note: When we refer to processing in our Privacy Policy, we mean any type of data processing. This includes, as mentioned above in the original GDPR statement, not only the collection but also the storage and processing of data.
All texts are protected by copyright.
1.13 Communication
Data subjects: anyone who communicates with us by phone, email or online form.
Processed data: e.g. telephone number, name, e-mail address, form data entered. More details can be found in the respective contact type used.
Purpose: processing of communication with customers, business partners, etc.
Storage period: duration of the business case and legal requirements Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. b DSGVO (contract), Art. 6 para. 1 lit. f DSGVO (legitimate interests).
If you contact us and communicate by phone, e-mail or online form, personal data may be processed.
The data is processed for the handling and processing of your question and the related business transaction. The data is stored for as long as it is required by law. Translated with
1.13.1 Persons affected
All those who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.
1.13.2 Telephone
When you call us, the call data is stored pseudonymously on the respective terminal device and with the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by e-mail and stored for the purpose of responding to your inquiry. The data is deleted as soon as the business case is closed and legal requirements permit.
1.13.3 E-mail
If you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone,…) and data is stored on the e-mail server. The data is deleted as soon as the business case has been terminated and legal requirements permit.
1.13.4 Online forms
If you communicate with us using online forms, data is stored on our web server and, if necessary, forwarded to an e-mail address of ours. The data will be deleted as soon as the business case has been terminated and legal requirements permit.
1.13.5 Legal basis
The processing of data is based on the following legal bases:
– Art. 6 para. 1 lit. a DSGVO (consent): You give us your consent to store and further use your data for purposes related to the business case;
– Art. 6 para. 1 lit. b DSGVO (contract): There is a need for the performance of a contract with you or a processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
– Art. 6 para. 1 lit. f DSGVO (Legitimate Interests): We want to conduct customer inquiries and business communications in a professional manner. For this purpose, certain technical facilities such as e-mail programs, exchange servers and mobile operators are necessary in order to be able to operate the communication efficiently.
1.13.6 Order processing agreement (AVV)
In this section, we would like to explain what a contract processing agreement is and why it is needed. Because the word “order processing contract” is quite a mouthful, we will also use just the acronym AVV more often here in the text. Like most companies, we do not work alone, but also use the services of other companies or individuals ourselves. Through the involvement of various companies or service providers, it may be that we pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called order processing agreement (AVV). The most important thing for you to know is that the processing of your personal data is carried out exclusively according to our instructions and must be regulated by the GCU.
1.13.6.1 Who are processors?
As a company and website owner, we are responsible for all data we process from you. In addition to data controllers, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal person, authority, institution or other body that processes personal data on our behalf is considered a processor. Consequently, processors can be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft, for example.
For a better understanding of the terminology, here is an overview of the three roles in the GDPR:
– Data subject (you as a customer or interested party) → Controller (we as a company and client) → Processor (service provider such as web hoster or cloud provider). Translated with
1.13.6.2 Content of an order processing agreement
As mentioned above, we have concluded an AVV with our partners who act as processors. This states first and foremost that the processor will process the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, although in this context the electronic conclusion of the contract is also considered “in writing”. Only on the basis of the contract will the processing of personal data take place. The contract must contain the following:
– Commitment to us as the controller
– Obligations and rights of the data controller
– Categories of data subjects
– Nature of the personal data
– Nature and purpose of the data processing
– Subject and duration of data processing
– Place of performance of the data processing
Furthermore, the contract contains all obligations of the processor. The most important obligations are:
– to ensure data security measures
– to take possible technical and organizational measures to protect the rights of the data subject
– to keep a data processing directory
– cooperate with the data protection supervisory authority upon its request
– carry out a risk analysis in relation to the personal data received.
– Sub-processors may only be engaged with the written consent of the data controller.
– You can see what such an AVV looks like in concrete terms, for example, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html. A sample contract is presented here. If you want a English version please see the following http://data.consilium.europa.eu/doc/document/ST-5419-2016-REV-1/en/pdf
1.14 Applications
What is application data? You can apply to us for a job in our company by e-mail, online form or via a recruiting tool. All data that we receive and process from you as part of an application counts as application data. In doing so, you always disclose personal data such as name, date of birth, address and telephone number. Why do we process application data? We process your data so that we can operate a proper selection process in relation to the advertised position. In addition, we also like to keep your application documents in our application archive. This is because it often happens that, for a variety of reasons, a collaboration does not work out for the advertised position, but we are impressed by you and your application and can very well imagine a future collaboration. Provided you give us your consent, we will archive your documents so that we can easily contact you for future assignments in our company. We guarantee that we will handle your data with particular care and only ever process your data within the legal framework. Even within our company, your data will only be forwarded to persons who are directly involved with your application. In short: Your data is in safe hands with us!
What data is processed? If you apply to us by e-mail, for example, we will of course receive personal data, as mentioned above. Even the e-mail address already counts as personal data. However, in the course of an application process, only those data are processed that are relevant for our decision as to whether or not we want to welcome you to our team.
1.14.1 What data is processed?
Exactly what data is processed depends primarily on the job posting. In most cases, however, it is a matter of name, date of birth, contact details and proof of qualifications. If you submit the application via an online form, the data is passed on to us in encrypted form. If you send us the application by e-mail, this encryption does not take place. Therefore, we cannot assume any responsibility for the way the data is transmitted. However, once the data is on our servers, we are responsible for the lawful handling of your data. During an application process, in addition to the above-mentioned data, information about your health or ethnic origin may be requested so that we and you can exercise the rights related to labor law, social security and social protection, and at the same time comply with the corresponding obligations. These data are special category data. Here is a list of possible data we receive from you and process:
– Name
– Contact address
– E-mail address
– Your phone number
– Date of birth
– Information provided in cover letter and resume
– Qualification certificates (e.g.) Credentials Special category data (e.g. ethnic origin, health data, religious beliefs)……
– Usage data (websites visited, access data, etc.)
– Metadata
1.14.2 How long is the data stored?
If we accept you as a team member in our company, your data will be further processed for the purpose of the employment relationship and kept with us at least until the employment relationship ends. All application documents are then placed in your employee file. If we do not offer you the job, if you reject our offer or if you withdraw your application, we may keep your data for up to 6 months after the end of the application process due to legitimate interest (Art. 6 para. 1 lit. f DSGVO). After that, both your electronic data and all data from physical application documents will be completely deleted or destroyed. We retain your data, for example, so that we can still answer any follow-up questions or so that we can provide evidence of the application in the event of a legal dispute. If a legal dispute arises and we may still need the data after the 6 months have expired, we will only delete the data when there is no longer any reason to retain it. If there are legal retention obligations to fulfill, we must generally store the data for longer than 6 months. Furthermore, we may also store your data for longer if you have given us special consent to do so. We do this, for example, if we can well imagine working with you in the future. Then it is helpful to have your data archived in order to be able to contact you without any problems. In this case, the data will be added to our applicant pool. Of course, you can revoke your consent to the longer storage of your data at any time. If there is no revocation and you do not give a new consent, your data will be deleted after 2 years at the latest.
Legal basis Legal bases for the processing of your data are Art. 6 para 1 lit. a DSGVO (consent), Art. 6 para 1 lit. b DSGVO (contract or pre-contractual measures), Art. 6 para 1 lit. f DSGVO (legitimate interests) and Art. 9 para 2 lit. a. DSGVO (processing of special categories). If we include you in our applicant tool, this happens on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). We would like to point out that your consent to our application pool is voluntary, has no influence on the application process and you have the option to revoke your consent at any time. The lawfulness of the processing until the time of the revocation remains unaffected. In the case of the protection of vital interests, the data processing is carried out in accordance with Art. 9 para. 2 lit. c. DSGVO. For the purposes of health care, occupational medicine, medical diagnostics, health or social care or treatment, or for the management of health or social care systems and services, the processing of personal data is carried out in accordance with Art. 9 (2) lit. h. DSGVO. If you voluntarily provide special category data, the processing is based on Art. 9 (2) lit. a. DSGVO
1.15 Customer data
What is customer data? In order to be able to offer our service or contractual services, we also process data of our customers and business partners. This data always includes personal data. Customer data is all information that is processed on the basis of a contractual or pre-contractual cooperation in order to be able to provide the services offered. Customer data is therefore all collected information that we collect and process about our customers. Why do we process customer data? There are many reasons why we collect and process customer data. The most important one is that we simply need various data to provide our services. Sometimes your e-mail address is enough, but if you purchase a product or service, for example, we also need data such as name, address, bank data or contract data. We also use the data for marketing and sales optimization, so that we can improve our overall service to our customers. Another important point is our customer service, which is always very important to us. We want you to be able to come to us at any time with questions about our offers, and for this we need at least your e-mail address.
1.15.1 What data is processed?
Which data exactly are stored, can be given here only on the basis categories. This always depends on the services you receive from us. In some cases, you simply provide us with your e-mail address so that we can contact you, for example, or so that we can answer your questions. In other cases, you purchase a product or service from us and for this we need significantly more information, such as your contact details, payment details and contract details. Here is a list of possible data we receive from you and process:
– Name
– Contact address
– E-mail address
– Your phone number
– Date of birth
– Payment data (invoices, bank data, payment history etc.)
– Contract data ( duration, content)
– Usage data (websites visited, access data ect.)
– Metadata (IP address, device information)
1.15.2 How long is the data stored?
As soon as we no longer need the customer data to fulfill our contractual obligations and our purposes, and the data is also no longer required for possible warranty and liability obligations, we delete the corresponding customer data. This is the case, for example, when a business contract ends. After that, the statute of limitations is usually 3 years, although longer periods are possible in individual cases. Of course, we also comply with the statutory retention obligations. Your customer data will certainly not be passed on to third parties unless you have explicitly given your consent to do so. Legal basis Legal bases for the processing of your data are Art. 6 para 1 lit. a DSGVO (consent), Art. 6 para 1 lit. b DSGVO (contract or pre-contractual measures), Art. 6 para 1 lit. f DSGVO (legitimate interests) and in special cases (e.g. medical services) Art. 9 para 2 lit. a. DSGVO (processing of special categories). In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 para. 2 lit. c. DSGVO. For the purposes of health care, occupational medicine, medical diagnosis, health or social care or treatment, or for the management of health or social care systems and services, the processing of personal data is carried out in accordance with Art. 9 (2) lit. h. DSGVO. If you voluntarily provide special category data, the processing is based on Art. 9 (2) lit. a. DSGVO
2 Cookies
Data subjects: visitors to the website
Purpose: depending on the cookie in question. More details can be found below or from the manufacturer of the software that sets the cookie.
Data processed: Depending on the cookie used in each case. More details can be found below or at the manufacturer of the software that sets the cookie.
Storage period: depending on the cookie, can vary from hours to years.
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit.f DSGVO (legitimate interests).
2.1 What are cookies?
Our website uses HTTP cookies to store user-specific data.
In the following, we explain what cookies are and why they are used so that you can better understand the following privacy policy.
Whenever you browse the Internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing can’t be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, effectively the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the “user-related” information back to our site. Thanks to cookies, our site knows who you are and offers you the setting you are used to. In some browsers each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.
Web servers and the web browser, such as Chrome, interact with each other. During this interaction, the web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other “pests”. Cookies also cannot access information on your PC.
For example, cookie data may look like this
Name: _ga
Wert: GA1.2.1326744211.152112473677-9
Purpose: to distinguish website visitors
Expiration date: after 2 years
A browser should be able to support these minimum sizes
– At least 4096 bytes per cookie
– At least 50 cookies per domain
– At least 3000 cookies in total
2.2 What types of cookies are there?
The question of which cookies we use in particular depends on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.
We can distinguish 4 types of cookies:
Essential cookies.
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing on other pages, and only later goes to the checkout. These cookies do not delete the shopping cart even if the user closes his browser window.
Purpose cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behavior of the website with different browsers.
Target-oriented cookies
These cookies provide a better user experience. For example, entered locations, font sizes or form data are stored.
Advertising cookies
These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very convenient, but also very annoying.
Usually, when you visit a website for the first time, you are asked which of these cookie types you want to allow. And of course, this decision is also stored in a cookie.
If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
2.3 Purpose of processing via cookies
The purpose ultimately depends on the cookie in question. More details can be found below or from the manufacturer of the software that sets the cookie.
2.3.1 What data is processed?
Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize what data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.
2.3.2 Storage duration of cookies
The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.
You can also influence the storage period yourself. You can manually delete all cookies at any time via your browser (see also “Right to object” below). Furthermore, cookies that are based on consent will be deleted at the latest after revocation of your consent, whereby the legality of the storage remains unaffected until then.
2.3.3 Right of objection – how can I delete cookies?
You decide how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.
If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find it in your browser settings:
– Chrome: Delete, enable and manage cookies in Chrome.
– Safari: Manage cookies and website data with Safari.
– Firefox: Delete cookies to remove data that websites have placed on your computer
– Internet Explorer: delete and manage cookies
– Microsoft Edge: delete and manage cookies
If you generally don’t want cookies, you can set your browser to notify you whenever a cookie is about to be set. This way, you can decide for each individual cookie whether or not to allow it. The procedure varies depending on the browser. It is best to search for the instructions in Google using the search term “delete cookies Chrome” or “disable cookies Chrome” in the case of a Chrome browser.
2.4 Legal basis
Since 2009, there are the so-called “Cookie Guidelines”. These state that the storage of cookies requires your consent (Article 6 (1) lit. a DSGVO). Within the EU countries, however, there are still very different reactions to these directives. In Austria, however, this directive was implemented in Section 96 (3) of the Telecommunications Act (TKG). In Germany, the Cookie Directives were not implemented as national law. Instead, the implementation of this directive took place largely in § 15 para.3 of the Telemedia Act (TMG).
For absolutely necessary cookies, even in the absence of consent, there are legitimate interests (Article 6 para. 1 lit. f DSGVO), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and for this purpose certain cookies are often absolutely necessary.
Insofar as cookies that are not absolutely necessary are used, this is only done in the case of your consent. The legal basis in this respect is Art. 6 para. 1 lit. a DSGVO.
In the following sections, you will be informed in more detail about the use of cookies, insofar as the software used uses cookies.
2.5 Cookie Consent Management Platform
Data subjects: Website visitors
Purpose: To obtain and manage consent for certain cookies and thus the use of certain tools.
Data Processed: Data used to manage the cookie settings set, such as IP address, time of consent, type of consent, individual consents. More details can be found at the respective tool used.
Storage period: Depends on the tool used, you have to be prepared for periods of several years.
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit.f DSGVO (legitimate interests).
2.5.1 What is a Cookie Consent Management Platform?
We use a Consent Management Platform (CMP) software on our website, which makes it easier for us and you to correctly and securely handle scripts and cookies used. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides cookie consent for you as required by data protection laws, and helps us and you keep track of all cookies. With most cookie consent management tools, all existing cookies are identified and categorized. You as a website visitor then decide for yourself whether and which scripts and cookies you allow or disallow. The following graphic illustrates the relationship between browser, web server and CMP.
2.5.2 Why do we use a cookie management tool?
Our goal is to provide you with the best possible transparency in the area of data protection. In addition, we are also legally obligated to do so. We want to educate you as much as possible about all tools and all cookies that can store and process data from you. It is also your right to decide for yourself which cookies you accept and which you do not. In order to give you this right, we first need to know exactly which cookies ended up on our website in the first place. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with DSGVO-compliant information about them. You can then accept or reject cookies via the consent system.
2.5.3 What data is processed?
Within our cookie management tool, you can manage each cookie yourself and have complete control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to query you each time you visit our website again and so that we can also prove your consent if required by law. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage period of your cookie consent varies. In most cases, this data (such as pseudonymous user ID, time of consent, details of cookie categories or tools, browser, device information) is stored for up to two years.
2.5.4 Duration of data processing
We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is strictly necessary to provide our services and products. Data that is stored in cookies is stored for different lengths of time. Some cookies are already deleted after you leave the website, others may be stored in your browser for several years. The exact duration of data processing depends on the tool used; in most cases, you should be prepared for a storage period of several years. In the respective data protection statements of the individual providers, you will usually receive precise information about the duration of data processing.
2.5.5 Right of objection
You also have the right and the option to revoke your consent to the use of cookies at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser.Information on specific cookie management tools, if available, can be found in the following sections.
2.5.6 Legal basis
If you consent to cookies, personal data about you will be processed and stored via these cookies. If we are allowed to use cookies through your consent (Article 6 (1) (a) DSGVO), this consent is also the legal basis for the use of cookies or the processing of your data. In order to be able to manage the consent to cookies and to enable you to give your consent, cookie consent management platform software is used. The use of this software enables us to operate the website in an efficient manner in compliance with the law, which constitutes a legitimate interest (Article 6 (1) (f) DSGVO).
2.5.7 Complianz Cookie-Banner
We use the consent tool “complianz” to manage the cookies and similar technologies (tracking pixels, web beacons, etc.) used on our website and the corresponding consents. Details on the functioning of “complianz” can be found at https://complianz-io.translate.goog/legal/privacy-statement-us/?_x_tr_sl=en&_x_tr_tl=de&_x_tr_hl=de&_x_tr_pto=sc.
The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the corresponding consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide personal data. If you do not provide personal data, we will not be able to manage your consents.
3 Website Building Block Systems
Data subjects: Visitors to the website
Purpose: Optimization of our service performance
Data Processed: Data such as technical usage information such as browser activity, clickstream activity, session heatmaps, as well as contact details, IP address or your geographical location. More details can be found below in this privacy policy and in the privacy policy of the providers.
Storage period: depends on the provider
Legal basis: Art. 6 para. 1 lit. f DSGVO (Legitimate Interests), Art. 6 para. 1 lit. a DSGVO (Consent).
3.1 What are website building systems?
We use a website construction kit system for our website. Modular systems are special forms of a content management system (CMS). With a modular system, website operators can create a website very easily and without programming knowledge. In many cases, web hosts also offer building block systems. By using a modular system, personal data of you may also be collected, stored and processed. In this data protection text, we provide you with general information about data processing by modular systems. You can find more detailed information in the provider’s data protection declarations.
3.2 Why do we use website construction kit systems for our website?
The biggest advantage of a modular system is its ease of use. We want to provide you with a clear, simple and concise website that we can easily operate and maintain ourselves – without external support. A modular system now offers many helpful functions that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and to offer you an informative and pleasant time on our website.
3.3 What data is stored by a modular system?
Exactly what data is stored depends, of course, on the website construction kit system used. Each provider processes and collects different data of the website visitor. However, as a rule, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider and the date of your website visit are collected. Furthermore, tracking data (e.g. browser activity, clickstream activity, session heatmaps, etc.) may also be processed. In addition, personal data may also be collected and stored. This is mostly contact data such as e-mail address, telephone number (if you have provided it), IP address and geographical location data. You can find out exactly what data is stored in the provider’s privacy policy.
3.4 How long and where is the data stored?
We will inform you about the duration of data processing below in connection with the website construction kit system used, provided we have further information on this. You can find detailed information about this in the provider’s privacy policy. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It may be that the provider stores data from you according to its own specifications, over which we have no control.
3.5 Right of objection
You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact persons responsible for the website construction system used at any time. Contact details can be found either in our privacy policy or on the website of the relevant provider.
You can delete, deactivate or manage cookies that providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that all functions may then no longer work as usual.
3.6 Legal basis
We have a legitimate interest in using a website construction kit to optimize our online service and present it efficiently and in a user-friendly manner for you. The corresponding legal basis for this is Art. 6 (1) lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the construction kit insofar as you have given your consent.
Insofar as the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This applies in particular to tracking activities. The legal basis in this respect is Art. 6 para. 1 lit. a DSGVO.
With this privacy policy, we have brought you closer to the most important general information around data processing. If you would like more detailed information in this regard, you will find further information – if available – in the following section or in the provider’s privacy policy.
3.7 WordPress.com
We use WordPress.com, a website building system, for our website. The service provider is the American company Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA.
WordPress also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be accompanied by various risks to the legality and security of data processing.
As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, thus especially in the USA) or a data transfer there, WordPress uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, WordPress undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
The Data Processing Agreements, which correspond to the standard contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements/.
You can learn more about the data processed through the use of WordPress.com in the Privacy Policy at https://automattic.com/privacy/
4 Web Analytics
Data subjects: Visitors to the website
Purpose: To evaluate visitor information in order to optimize the web offer.
Data Processed: Access statistics, which include data such as access locations, device data, access duration and time, navigation behavior, click behavior and IP addresses. More details can be found at the respective web analytics tool used.
Storage period: depending on the web analytics tool used.
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests).
4.1 What is Web Analytics?
We use software on our website to evaluate the behavior of website visitors, known as web analytics or web analysis for short. This involves collecting data that the respective analytic tool provider (also called tracking tool) stores, manages and processes. The data is used to create analyses of user behavior on our website and made available to us as the website operator. In addition, most tools offer various testing options. For example, we can test which offers or content are best received by our visitors. To do this, we show you two different offers for a limited period of time. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as well as for other analytics procedures, user profiles can also be created and the data stored in cookies.
4.2 Why do we use web analytics?
We have a clear goal with our website: we want to deliver the best web offer on the market for our industry. To achieve this goal, we want to offer the best and most interesting offer on the one hand, and on the other hand, we want to make sure that you feel completely comfortable on our website. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our web offer for you and us accordingly. For example, we can see how old our visitors are on average, where they come from, when our website is most visited or which content or products are particularly popular. All this information helps us to optimize the website and thus best adapt it to your needs, interests and wishes.
4.3 What data is processed?
Exactly what data is stored depends, of course, on the analysis tools used. But as a rule, for example, which content you view on our website, which buttons or links you click on, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website or which computer system you use is stored. If you agreed that location data may also be collected, these may also be processed by the web analytics tool provider.
In addition, your IP address will also be stored. According to the General Data Protection Regulation (DSGVO), IP addresses are personal data. However, your IP address is usually stored pseudonymized (i.e. in an unrecognizable and shortened form). For the purpose of testing, web analysis and web optimization, no direct data, such as your name, age, address or email address are stored as a matter of principle. All this data, if collected, is stored pseudonymously. This means that you cannot be identified as a person.
4.4 How long the data is stored
How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website again, other cookies can store data for several years.
4.4.1 Duration of data processing
We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is strictly necessary to provide our services and products. If it is required by law, as in the case of accounting, for example, this storage period may also be exceeded.
4.5 Right to object
You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser.
4.6 Legal basis
The use of web analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 Para. 1 lit. a DSGVO (Consent), this consent constitutes the legal basis for the processing of personal data, as may occur during the collection by web analytics tools.
In addition to consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus to improve our offer technically and economically. With the help of web analytics, we detect website errors, can identify attacks and improve economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the tools insofar as you have given your consent.
Since web analytics tools use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy statements of the respective tools.
Information on specific web analytics tools, if available, can be found in the following sections.
5 Google Analytics Privacy Policy
Data subjects: Visitors to the website
Purpose: Evaluation of visitor information to optimize the web offer.
Data processed: Access statistics, which include data such as locations of accesses, device data, access duration and time, navigation behavior, click behavior and IP addresses. More details can be found below in this Privacy Policy.
Storage period: depending on the properties used
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests).
5.1 What is Google Analytics?
On our website, we use the analysis tracking tool Google Analytics (GA) of the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, when you click on a link, this action is stored in a cookie and sent to Google Analytics. Using the reports we receive from Google Analytics, we can better tailor our website and service to your preferences. In the following, we will go into more detail about the tracking tool and, in particular, inform you about what data is stored and how you can prevent this.
Google Analytics is a tracking tool used to analyze traffic to our website. In order for Google Analytics to work, a tracking code is built into the code of our website. When you visit our website, this code records various actions you take on our website. Once you leave our website, this data is sent to Google Analytics servers and stored there.
Google processes the data and we receive reports about your user behavior. These reports may include, but are not limited to, the following:
– Audience reports: through audience reports, we get to know our users better and know more precisely who is interested in our service.
– Ad reports: Ad reports help us analyze and improve our online advertising.
– Acquisition reports: Acquisition reports give us helpful information on how to attract more people to our service.
– Behavior reports: This is where we learn how you interact with our website. We can track the path you take on our site and which links you click.
– Conversion reports: Conversion is when you take a desired action based on a marketing message. For example, you go from being a mere website visitor to a buyer or newsletter subscriber. These reports help us learn more about how our marketing efforts are working for you. This is how we aim to increase our conversion rate.
– Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are currently reading this text.
5.2 Why do we use Google Analytics on our website?
Our goal with this website is clear: we want to provide you with the best possible service. The statistics and data from Google Analytics help us to achieve this goal.
The statistically evaluated data shows us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it can be found more easily by interested people on Google. On the other hand, the data helps us to better understand you as a visitor. We thus know exactly what we need to improve on our website in order to provide you with the best possible service. The data also helps us to carry out our advertising and marketing measures in a more individual and cost-effective way. After all, it only makes sense to show our products and services to people who are interested in them.
5.3 What data is stored by Google Analytics?
Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This is how Google Analytics recognizes you as a new user. The next time you visit our site, you will be recognized as a “returning” user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles.
In order to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is standard. Alternatively, you can also create the Universal Analytics property. Depending on the property used, data is stored for different lengths of time.
Labels such as cookies and app instance IDs are used to measure your interactions on our website. Interactions are all types of actions you take on our website. If you also use other Google systems (such as a Google account), data generated through Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may occur if required by law.
The following cookies are used by Google Analytics:
Name: _ga
Wert: 2.1326744211.152112473677-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it is used to distinguish website visitors.
Expiration date: after 2 years
Name: _gid
Wert: 2.1687193234.152112473677-1
Purpose: the cookie is also used to distinguish website visitors
Expiration date: after 24 hours
Name: _gat_gtag_UA_<property-id>
Value: 1
Intended use: used to lower the request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_ <property-id>.
Expiration date: after 1 minute
Name: AMP_TOKEN
Value: not specified
Purpose: The cookie has a token that can be used to retrieve a user ID from the AMP client ID service. Other possible values indicate a logout, a request, or an error.
Expiration date: after 30 seconds up to one year.
Name: __utma
Wert: 1564498958.1564498958.1564498958.1
Purpose: This cookie is used to track your behavior on the website and measure performance. The cookie is updated every time information is sent to Google Analytics.
Expiration date: after 2 years
Name: __utmt
Value: 1
Purpose: The cookie is used like _gat_gtag_UA_<property-id> to throttle the request rate.
Expiration date: after 10 minutes
Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated every time new data or info is sent to Google Analytics.
Expiration date: after 30 minutes
Name: __utmc
Value: 167421564
Purpose: This cookie is used to set new sessions for returning visitors. This is a session cookie and is only stored until you close the browser again.
Expiration date: After you close the browser.
Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: The cookie is used to identify the source of traffic to our website. That is, the cookie stores from where you came to our website. This may have been another page or an advertisement.
Expiration date: after 6 months
Name: __utmv
Value: not specified
Purpose: The cookie is used to store custom user data. It is updated whenever information is sent to Google Analytics.
Expiration date: after 2 years
Note: This enumeration cannot claim to be complete, as Google also changes the choice of their cookies every now and then.
Here we show you an overview of the most important data collected with Google Analytics:
– Heatmaps: Google creates so-called heatmaps. Heatmaps allow you to see exactly those areas that you click on. This gives us information about where you are “on the move” on our site.
– Session duration: Google defines session duration as the time you spend on our site without leaving. If you have been inactive for 20 minutes, the session ends automatically.
– Bounce rate: A bounce is when you view only one page on our site and then leave our site.
– Account creation: when you create an account or make an order on our website, Google Analytics collects this data.
– IP address: The IP address is only shown in a shortened form so that no clear assignment is possible.
– Location: The IP address can be used to determine the country and your approximate location. This process is also referred to as IP location determination.
– Technical information: Technical information includes, but is not limited to, your browser type, internet service provider, or screen resolution.
– Source of origin: Google Analytics or we are of course also interested in which website or which advertisement you came to our site from.
Other data include contact details, any ratings, playing media (e.g. if you play a video via our site), sharing content via social media or adding it to your favorites. The enumeration does not claim to be complete and only serves as a general orientation of the data storage by Google Analytics.
5.4 How long and where is the data stored?
Google has their servers spread all over the world. Most servers are located in America and consequently your data is mostly stored on American servers. You can find out exactly where Google’s data centers are located here: https://www.google.com/about/datacenters/locations/
Your data is distributed on different physical disks. This has the advantage that the data can be accessed more quickly and is better protected against manipulation. In each Google data center, there are corresponding emergency programs for your data. If, for example, the hardware at Google fails or natural disasters paralyze servers, the risk of a service interruption at Google still remains low.
The retention period of the data depends on the properties used. When using the newer Google Analytics 4 properties, the retention period of your user data is fixed at 14 months. For other so-called event data, we have the option to choose a retention period of 2 months or 14 months.
For Universal Analytics properties, Google Analytics defaults to a retention period of 26 months for your user data. Then your user data is deleted. However, we have the option to choose the retention period of user data ourselves. We have five variants available for this purpose:
Deletion after 14 months
Deletion after 26 months
Deletion after 38 months
Deletion after 50 months
No automatic deletion
In addition, there is also an option for data to be deleted only when you no longer visit our website within the time period we have selected. In this case, the retention period will be reset each time you visit our website again within the specified period.
Once the specified period has expired, the data is deleted once a month. This retention period applies to your data associated with cookies, user recognition and advertising IDs (e.g. DoubleClick domain cookies). Reporting results are based on aggregated data and are stored separately from user data. Aggregated data is a merging of individual data into a larger unit.
5.5 How can I delete my data or prevent data storage?
According to European Union data protection law, you have the right to obtain information about your data, update it, delete it or restrict it. Using the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js), you can prevent Google Analytics from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=en. Please note that this add-on only disables the collection of data by Google Analytics.
If you generally want to deactivate, delete or manage cookies, you will find the relevant links to the respective instructions for the most popular browsers under the section “Cookies”.
5.6 Legal basis
The use of Google Analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 (1) lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as may occur during the collection by web analytics tools.
In addition to consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus to improve our offer technically and economically. With the help of Google Analytics, we detect website errors, can identify attacks and improve the economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use Google Analytics if you have given your consent.
Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing.
As a basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Analytics Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/ We hope we have been able to provide you with the most important information regarding Google Analytics data processing. If you want to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/us/
https://support.google.com/analytics/answer/6004245?hl=en&sjid=339048665034939288-EU
5.7 Google Analytics order processing agreement (AVV)
We have concluded an order processing agreement (OPA) with Google in accordance with Article 28 of the General Data Protection Regulation (GDPR). What exactly is a GCU and especially what must be included in a GCU, you can read in our general section “Order processing agreement (GCU)”.
This contract is required by law because Google processes personal data on our behalf. It clarifies that Google may only process data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the order data processing conditions at https://business.safety.google/intl/en/adsprocessorterms/
5.7.1 Google Analytics reports on demographic characteristics and interests.
We have enabled advertising reporting features in Google Analytics. The reports on demographic characteristics and interests contain information on age, gender and interests. This allows us – without being able to assign this data to individual persons – to get a better picture of our users. You can learn more about advertising features at https://support.google.com/analytics/answer/3450482?hl=en&utm_id=ad&sjid=339048665034939288-EU
You can stop the use of the activities and information of your Google account under “Settings for advertising” at https://adssettings.google.com/authenticated via checkbox.
5.7.2 Google Analytics in Consent Mode
Depending on your consent, personal data about you will be processed by Google Analytics in the so-called consent mode (or “Consent Mode”). You can choose whether you agree to Google Analytics cookies or not. By doing so, you also choose which data Google Analytics may process from you. This collected data is mainly used to perform measurements about user behavior on the website, to play out targeted advertising and to provide us with web analytics reports. As a rule, you consent to data processing by Google via a cookie consent tool. If you do not consent to data processing, only aggregated data will be collected and processed. This means that data cannot be assigned to individual users and thus no user profile of you is created. You can also only consent to statistical measurement. No personal data is processed and consequently not used for advertising or advertising success.
5.7.3 Google Analytics IP anonymization
We have implemented Google Analytics IP address anonymization on this website. This function was developed by Google to enable this website to comply with applicable data protection regulations and recommendations of local data protection authorities if they prohibit storage of the full IP address. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place.
More information on IP anonymization can be found at https://support.google.com/analytics/answer/2763052?hl=en&sjid=339048665034939288-EU
6 Google Ads
When visiting this website, personal data is processed. Categories of data processed: Data on the use of the website and logging of clicks on individual elements. Purpose of processing:Investigation of usage behavior, analysis of the effect of online marketing measures and selection of online advertising on other platforms, which are automatically selected by means of real-time bidding based on usage behavior. The legal basis for the processing:Your consent according to Art. 6 (1) a DSGVO. A transfer of data takes place: to the independent data controller Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://cloud.google.com/). The legal basis for the transfer of data to Google Ireland Limited is your consent according to Art. 6 (1) a DSGVO. This may also mean a transfer of personal data to a country outside the European Union. The transfer of data is based on your consent pursuant to Art. 6 (1) (a) in conjunction with Art. 49 (1) (a) DSGVO. You were already informed before giving your consent that the USA does not have a level of data protection that corresponds to the standards of the EU. In particular, US intelligence services can access your data without you being informed and without you being able to take legal action against this. Duration of processing: is variable and ends when the purpose of processing ceases.
6.1 Legal basis
In principle, the integration of Google Ads can only be carried out on the basis of consent, as other legal bases are not suitable.
6.2 Data transmission
There is a transmission of data to the independent responsible Google Ireland Limited.
7 Tag Manager
7.1 What is the Google Tag Manager?
For our website, we use the Google Tag Manager of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. This Tag Manager is one of many helpful marketing products from Google. Through Google Tag Manager, we can centrally incorporate and manage code sections from various tracking tools that we use on our website. In this privacy statement, we want to explain in more detail what Google Tag Manager does, why we use it, and in what form data is processed. Google Tag Manager is an organizational tool that allows us to incorporate and manage website tags centrally and via a user interface. Tags are small sections of code that, for example, record (track) your activities on our website. For this purpose, JavaScript code sections are inserted into the source code of our page. The tags often come from Google-internal products such as Google Ads or Google Analytics, but tags from other companies can also be included and managed via the Manager. Such tags perform different tasks. They can collect browser data, feed marketing tools with data, embed buttons, set cookies and also track users across multiple websites.
7.2 Why do we use Google Tag Manager for our website?
As the saying goes: organization is half the battle! And of course, this also applies to the maintenance of our website. In order to make our website as good as possible for you and all the people who are interested in our products and services, we need various tracking tools such as Google Analytics. The collected data from these tools show us what you are most interested in, where we can improve our services and which people we should still show our offers to. And for this tracking to work, we need to embed appropriate JavaScript codes into our website. In principle, we could include each code section of each tracking tool separately in our source code. However, this requires a relatively large amount of time and it’s easy to lose track of what’s going on. That’s why we use the Google Tag Manager. We can easily incorporate the necessary scripts and manage them from one place. Moreover, Google Tag Manager offers an easy-to-use interface and you don’t need any programming skills. This is how we manage to keep order in our tag jungle.
7.3 What data is stored by Google Tag Manager?
The Tag Manager itself is a domain that does not set any cookies and does not store any data. It acts as a mere “manager” of the implemented tags. The data is collected by the individual tags of the various web analysis tools. The data is virtually passed through to the individual tracking tools in the Google Tag Manager and is not stored. However, the situation is quite different with the embedded tags of the various web analytics tools, such as Google Analytics. Depending on the analysis tool, various data about your web behavior is usually collected, stored and processed with the help of cookies. For this, please read our privacy texts on the individual analysis and tracking tools that we use on our website. In the account settings of the Tag Manager, we have allowed Google to receive anonymized data from us. However, this is only about the use and usage of our Tag Manager and not your data stored via the code sections. We allow Google and others to receive selected data in anonymized form. We thus consent to the anonymous sharing of our website data. Which summarized and anonymous data is forwarded exactly, we could not find out – despite long research. In any case, Google deletes all information that could identify our website. Google combines the data with hundreds of other anonymous website data and creates user trends as part of benchmarking measures. Benchmarking compares our own results with those of our competitors. Processes can be optimized on the basis of the information collected.
7.4 How long and where is the data stored?
When Google stores data, this data is stored on Google’s own servers. The servers are distributed all over the world. Most of them are located in America. You can find out exactly where Google servers are located at https://www.google.com/about/datacenters/locations/. How long the individual tracking tools store data from you can be found in our individual privacy texts for the individual tools. How can I delete my data or prevent data storage? The Google Tag Manager itself does not set cookies, but manages tags from various tracking websites. In our privacy texts for the individual tracking tools, you will find detailed information on how to delete or manage your data. Please note that when using this tool, data from you may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Therefore, data may not simply be transferred to, stored in, and processed in insecure third countries unless there are appropriate safeguards (such as standard EU contractual clauses) between us and the non-European service provider.
7.5 Legal basis
The use of Google Tag Manager requires your consent, which we have obtained with our cookie popup. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as may occur during the collection by web analytics tools. In addition to consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus to improve our offer technically and economically. With the help of Google Tag Manager, we can improve our economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the Google Tag Manager if you have given your consent. Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing. As a basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses, among others, here You can find the decision and the corresponding standard contractual clauses, among others, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/ If you want to learn more about Google Tag Manager, we recommend the FAQs at https://support.google.com/tagmanager/?hl=en&sjid=339048665034939288-EU#topic=3441530
8 Google Site Kit
Data subjects: Visitors to the website
Purpose: Evaluation of visitor information to optimize the web offer.
Data processed: Access statistics, which include data such as locations of accesses, device data, access duration and time, navigation behavior, click behavior and IP addresses. More details can be found below and in the Google Analytics privacy policy.
Storage period: depending on the properties used
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests).
8.1 What is Google Site Kit?
We have integrated the WordPress plugin Google Site Kit of the American company Google Inc. into our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Site Kit, we can quickly and easily view statistics that come from various Google products such as Google Analytics directly in our WordPress dashboard. The tool or the tools included in Google Site Kit also collect, among other things, personal data from you. In this privacy policy, we explain why we use Google Site Kit, how long and where data is stored and which other privacy texts are relevant for you in this context.
Google Site Kit is a plugin for the WordPress content management system. With this plugin, we can view important statistics for website analysis directly in our dashboard. These are statistics that are collected by other Google products. First and foremost, from Google Analytics. Besides Google Analytics, Google Search Console, Page Speed Insight, Google AdSense, Google Optimize and Google Tag Manager services can also be linked to Google Site Kit.
8.2 Why do we use Google Site Kit on our website?
As a service provider, it is our job to provide you with the best possible experience on our website. You should feel comfortable on our website and find exactly what you are looking for quickly and easily. Statistical evaluations help us to get to know you better and to adapt our offer to your wishes and interests. We use various Google tools for these evaluations. Site Kit makes our work much easier in this regard, because we can view and analyze the statistics of Google products right in the dashboard. So we don’t have to log in separately for each tool. Site Kit thus always provides a good overview of the most important analysis data.
8.3 What data is stored by Google Site Kit?
If you have actively agreed to tracking tools in the cookie notice (also called script or banner), Google products such as Google Analytics will set cookies and send data from you, for example about your user behavior, to Google, where it will be stored and processed. This also includes personal data such as your IP address.
For more detailed information on the individual services, we have separate text sections in this privacy policy. For example, take a look at our privacy policy on Google Analytics. Here we go into great detail about the data collected. You will learn how long Google Analytics stores, manages and processes data, which cookies may be used and how you can prevent data storage. Likewise, we also have our own privacy statements with comprehensive information for other Google services, such as Google Tag Manager or Google AdSense.
In the following, we show you exemplary Google Analytics cookies that can be set in your browser, provided that you have agreed in principle to data processing by Google. Please note that these cookies are only a selection:
Name: _ga
Wert:2.1326744211.152112473677-2
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it is used to distinguish website visitors.
Expiration date: after 2 years
Name: _gid
Wert:2.1687193234.152112473677-7
Purpose: This cookie is also used to distinguish website visitors.
Expiration date: after 24 hours
Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: This cookie is used to lower the request rate.
Expiration date: after 1 minute
8.4 How long and where is the data stored?
Google stores collected data on its own Google servers, which are distributed worldwide. Most servers are located in the United States and therefore it is easily possible that your data is also stored there. You can see exactly where the company provides servers at https://www.google.com/about/datacenters/locations/
Data collected by Google Analytics is kept for a standard 26 months. After that, your user data is deleted. The retention period applies to all data linked to cookies, user recognition and advertising IDs.
8.5 How can I delete my data or prevent data storage?
You always have the right to receive information about your data, to have your data deleted, corrected or restricted. In addition, you can also deactivate, delete or manage cookies in your browser at any time.
If you generally want to deactivate, delete or manage cookies, you will find the corresponding links to the respective instructions of the most popular browsers under the section “Cookies”.
8.6 Legal basis
The use of Google Site Kit requires your consent, which we have obtained with our cookie popup. According to Art. 6 Para. 1 lit. a DSGVO (Consent), this consent constitutes the legal basis for the processing of personal data, as may occur during the collection by web analytics tools.
In addition to consent, there is a legitimate interest on our part in analyzing the behavior of website visitors and thus improving our offer technically and economically. With the help of Google Site Kit, we detect website errors, can identify attacks and improve the economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use Google Site Kit if you have given your consent.
Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing.
As a basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Site Kit Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/
To learn more about Google’s data processing, we recommend that you read Google’s comprehensive privacy policy at https://policies.google.com/privacy?hl=en.
9 Email marketing
Data subjects: newsletter subscribers
Purpose: Direct marketing by email, notification of system relevant events.
Data processed: Data entered during registration but at least the e-mail address. More details can be found with the respective e-mail marketing tool used.
Storage period: Duration of the existence of the subscription.
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests).
9.1 What is email marketing?
In order to always keep you up to date, we also use the option of e-mail marketing. In doing so, if you have agreed to receive our emails or newsletters, data from you will also be processed and stored. E-mail marketing is a sub-area of online marketing. It involves sending news or general information about a company, products or services by e-mail to a specific group of people who are interested in them.
If you want to participate in our e-mail marketing (usually via newsletter), you usually just need to register with your e-mail address. To do this, you fill out an online form and submit it. However, it may also happen that we ask you for your title and name, for example, so that we can write to you personally.
In principle, the registration for newsletters works with the help of the so-called “double opt-in procedure”. After you have registered for our newsletter on our website, you will receive an e-mail to confirm your newsletter registration. This ensures that the e-mail address belongs to you and that no one has registered with a third-party e-mail address. We or a notification tool we use logs each individual subscription. This is necessary so that we can also prove the legally correct registration process. As a rule, the time of registration, the time of the registration confirmation and your IP address are stored. In addition, it is also logged when you make changes to your stored data.
9.2 Why do we use e-mail marketing?
We naturally want to stay in touch with you and always present you with the most important news about our company. For this purpose, we use, among other things, e-mail marketing – often just called “newsletter” – as an essential part of our online marketing. Provided you agree to this or it is legally permitted, we will send you newsletters, system e-mails or other notifications by e-mail. When we use the term “newsletter” in the following text, we mainly mean regularly sent e-mails. Of course, we do not want to bother you in any way with our newsletters. That’s why we really always try to provide only relevant and interesting content. For example, you will learn more about our company, our services or products. Since we are always improving our offers, our newsletter will also tell you when there is news or when we are offering special, lucrative promotions. If we use a service provider that offers a professional mailing tool for our e-mail marketing, we do so in order to be able to offer you fast and secure newsletters. The purpose of our email marketing is basically to inform you about new offers and also to get closer to our business goals.
9.3 What data is processed?
If you become a subscriber to our newsletter via our website, you confirm membership of an e-mail list by e-mail. In addition to IP address and e-mail address, your salutation, name, address and telephone number may also be stored. However, only if you agree to this data storage. The data marked as such are necessary for you to participate in the service offered. Providing this information is voluntary, but failure to provide it will result in you not being able to use the service. In addition, information about your device or your preferred content on our website may be stored. You can find out more about the storage of data when you visit a website in the section “Automatic data storage”. We record your declaration of consent so that we can always prove that this complies with our laws.
9.4 Duration of data processing
If you unsubscribe your email address from our email/newsletter distribution list, we may store your address for up to three years based on our legitimate interests so that we can still prove your consent at that time. We may only process this data if we need to defend ourselves against any claims.
However, if you confirm that you have given us your consent to subscribe to the newsletter, you can submit an individual deletion request at any time. If you permanently object to the consent, we reserve the right to store your e-mail address in a blacklist. As long as you have voluntarily subscribed to our newsletter, we will of course also keep your e-mail address.
9.5 Right of objection
You have the possibility to cancel your newsletter subscription at any time. To do this, you only need to revoke your consent to the newsletter subscription. This usually takes only a few seconds or one or two clicks. Most of the time, you will find a link to cancel your newsletter subscription right at the end of each email. If you really can’t find the link in the newsletter, please contact us by mail and we will cancel your newsletter subscription immediately.
9.6 Legal basis
The sending of our newsletter is based on your consent (Article 6 (1) a DSGVO). This means that we may only send you a newsletter if you have actively registered for it beforehand. If applicable, we may also send you advertising messages, provided that you have become our customer and have not objected to the use of your email address for direct advertising.
Information on specific email marketing services and how they process personal data – if available – can be found in the following sections.
9.7 Mailchimp
We use Mailchimp from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (Mailchimp) to send our newsletter. This allows us to contact subscribers directly. In addition, we analyze your usage behavior in order to optimize our offer.
For this purpose, we share the following personal data with Mailchimp:
– [Email address
– [First name]
– [Last name]
– [Phone number]
– [Our email broadcasts include a link that allows you to update your personal data].
Mailchimp is a recipient of your personal data and acts as a processor for us as far as the sending of our newsletter is concerned. The processing of the data provided under this section is not required by law or contract. Without your consent and the transmission of your personal data, we cannot send out a newsletter to you.
In addition, Mailchimp collects the following personal data using cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection. In addition, usage data is collected such as date and time, when you opened the email / campaign and browser activity (e.g. which emails / web pages were opened). Mailchimp needs this data to ensure the security and reliability of the systems, compliance with the terms of use and the prevention of abuse. This corresponds to the legitimate interest of Mailchimp (according to Art. 6 para. 1 lit. f DSGVO) and serves the execution of the contract (according to Art. 6 para. 1 lit. b DSGVO). Furthermore, Mailchimp evaluates performance data, such as the delivery statistics of emails and other communication data. This information is used to create usage and performance statistics of the services.
Mailchimp additionally collects information about you from other sources. In an unspecified period and scope, personal data is collected via social media and other third-party data providers. We have no control over this process.
For more information on objection and removal options vis-à-vis Mailchimp, please visit: https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts.
The legal basis for these processing operations is your consent pursuant to Art. 6 (1) lit. a DSGVO. You can revoke your consent to the processing of your personal data at any time. A corresponding link can be found in all mailings. In addition, the revocation can be made via the specified contact options. By declaring the revocation, the lawfulness of the processing carried out so far is not affected.
Your data will be processed as long as a corresponding consent is available. Apart from this, they will be deleted after the termination of the contract between us and Mailchimp, unless legal requirements make further storage necessary.
Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities where Mailchimp processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://mailchimp.com/legal/data-processing-addendum/
9.7.1 Legal basis
The integration of Mailchimp can generally only be carried out on the basis of consent, as other legal bases are not suitable.
10 Chatbots
Data subject: Visitors to the website
Purpose: Contact requests and general communication between us and you.
Data Processed: Data such as name, address, email address, phone number, general content data, IP address if applicable. More details can be found in the respective tools used.
Storage period: depending on the chatbots & chat functions used.
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests), Art. 6 para. 1 p. 1 lit. b. DSGVO (contractual or pre-contractual obligations).
10.1 What are chatbots?
You can also communicate with us via chatbots or similar chat functions. A chat offers the possibility to write or speak with each other with only a very small time delay. A chatbot is software that attempts to answer your question and, if necessary, informs you of news. By using these means of communication, personal data of you may also be processed and stored.
10.2 Why do we use chatbots?
Communication options with you are important to us. After all, we want to talk to you and answer all possible questions about our service in the best possible way. Well-functioning communication is an important part of our service. Chatbots have the great advantage that we can answer frequently asked questions automatically with the help of this software. This saves us time and you still receive detailed and helpful answers. If the chatbot is unable to help, you also have the option of contacting us personally at any time, of course.
Please note that when using our built-in elements, data from you may also be processed outside the European Union, as many providers are American companies. As a result, you may no longer be able to claim or enforce your rights with regard to your personal data as easily.
10.3 What data is processed?
It may happen that you also use the chat services at other websites/platforms. In this case, your user ID will also be stored on the servers of this website. We may also be informed about which user has used the chat at what time. The contents are also stored. Exactly which data is stored depends on the service in question. As a rule, however, it is contact data such as e-mail address or telephone number, IP address and various usage data.
If you have consented to the chat function being used, this consent is also stored or logged, along with any registration. We do this so that we can also prove the registration or consent if this is required by law.
The provider of a chat platform can also find out when you chat and also receives technical information about the device you are using. Exactly what information is stored and processed also depends on your PC settings. In many cases, for example, data about your approximate location can be collected. This is done on the one hand to optimize the chat services and on the other hand to ensure more security. Furthermore, the information can also be used to set personalized advertising and marketing measures.
If you have agreed that a chatbot can send you a message, you can of course deactivate this activation at any time. The chatbot also serves as a help here and shows you how to unsubscribe from this function. All your data in this regard will subsequently be deleted from the recipient directory.
We use the above-mentioned data, for example, to be able to address you personally via the chat, to be able to answer your questions and inquiries or to send you possible content. In addition, we can also use it to fundamentally improve our chat services.
10.4 How long is data stored?
How long the data is processed and stored depends primarily on the tools we use. You can learn more about the data processing of the individual tools below. The privacy statements of the providers usually state exactly what data is stored and processed and for how long. In principle, personal data is only processed for as long as is necessary to provide our services. If data is stored in cookies, the storage period varies greatly. The data can be deleted immediately after leaving a website, but it can also remain stored for several years. Therefore, you should look at each individual cookie in detail if you want to know more about the data storage. In most cases, you will also find informative information about the individual cookies in the privacy statements of the individual providers.
10.5 Right of objection
You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser.
Since chat services may use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy statements of the respective tools.
10.6 Legal basis
We ask for your permission via a pop-up window to process data from you as part of the chat services. If you consent, this consent also serves as the legal basis (Art. 6 para. 1 lit. a DSGVO) for data processing. In addition, we process your inquiries and manage your data in the context of contractual or pre-contractual relationships in order to fulfill our pre-contractual and contractual obligations or to respond to inquiries. The basis for this is Art. 6 para. 1 p. 1 lit. b. DSGVO. In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools insofar as you have given your consent.
10.7 Hubspot Chatbot
We also use the chatbot function HubSpot. The service provider is the American company HubSpot, Inc, 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA.
HubSpot also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing. As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, HubSpot uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, HubSpot undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de The data processing agreement, which corresponds to the standard contractual clauses, can be found at https://legal.hubspot.com/dpa. You can learn more about the data processed by using HubSpot in the Privacy Policy at https://legal.hubspot.com/privacy-policy
11 Blogs and publication media
Data subjects: Visitors to the website
Purpose: Presentation and optimization of our service and communication between website visitors, security measures and administration.
Data Processed: Data such as contact details, IP address and published content.
More details can be found in the tools used.
Storage period: depending on the tools used
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests), Art. 6 para. 1 p. 1 lit. b. DSGVO (Contract)
11.1 What are blogs and publication media?
We use blogs or other communication media on our website, with which we can communicate with you on the one hand and you can also communicate with us on the other hand. In the process, data from you may also be stored and processed by us. This may be necessary so that we can present content appropriately, communication works and security is increased. In our data protection text, we generally go into what data can be processed from you. Exact details on data processing always also depend on the tools and functions used. You can find precise information about data processing in the data protection notices of the individual providers.
11.2 Why do we use blogs and publication media?
Our biggest concern with our website is to provide you with interesting and exciting content and at the same time your opinions and content are important to us. That is why we want to create a good interactive exchange between us and you. With various blogs and publication options we can achieve exactly that. For example, you can write comments on our content, comment on other comments or, in some cases, write posts yourself.
11.3 What data is processed?
Exactly what data is processed always depends on the communication functions we use. Very often, IP address, user name and the published content are stored. This is done primarily to ensure security protection, to prevent spam and to be able to take action against illegal content. Cookies can also be used for data storage. These are small text files that are stored with information in your browser. You can find more details about the collected and stored data in our individual sections and in the privacy policy of the respective provider.
11.4 Duration of data processing
We will inform you about the duration of data processing below, provided we have further information on this. For example, contribution and comment functions store data until you revoke the data storage. In general, personal data is only stored as long as it is absolutely necessary for the provision of our services.
11.5 Right of objection
You also have the right and the possibility to revoke your consent to the use of cookies or third-party communication tools at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.
Since cookies may also be used with publication media, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy statements of the respective tools.
11.6 Legal basis
We use the communication tools mainly on the basis of our legitimate interests (Art. 6 (1) lit. f DSGVO) in fast and good communication with you or other customers, business partners and visitors. Insofar as the use serves the settlement of contractual relationships or their initiation, the legal basis is furthermore Art. 6 para. 1 p. 1 lit. b. DSGVO.
Certain processing, in particular the use of cookies and the use of comment or message functions require your consent. If and insofar as you have consented that data from you can be processed and stored by integrated publication media, this consent is considered the legal basis for data processing (Art. 6 para. 1 lit. a DSGVO). Most of the communication functions we use set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.
You can find information about special tools – if available – in the following sections.
12 Online marketing
Data subjects: Visitors to the website
Purpose: Evaluation of visitor information to optimize the web offer. Data processed: Access statistics, which include data such as locations of accesses, device data, access duration and time, navigation behavior, click behavior and IP addresses. Personal data such as name or e-mail address may also be processed. More details on this can be found with the respective online marketing tool used.
Storage period: depending on the online marketing tools used.
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit.f DSGVO (legitimate interests).
12.1 What is online marketing?
Online marketing refers to all measures that are carried out online in order to achieve marketing goals such as increasing brand awareness or closing a deal. Furthermore, our online marketing measures are aimed at drawing people’s attention to our website. In order to be able to show our offering to many interested people, we therefore engage in online marketing. This usually involves online advertising, content marketing or search engine optimization. To enable us to use online marketing efficiently and in a targeted manner, personal data is also stored and processed. On the one hand, the data helps us to show our content only to those people who are really interested in it and, on the other hand, we can measure the advertising success of our online marketing measures.
12.2 Why do we use online marketing tools?
We want to show our website to every person who is interested in what we have to offer. We are aware that this is not possible without consciously set measures. That is why we do online marketing. There are various tools that make it easier for us to work on our online marketing measures and, in addition, always provide suggestions for improvement via data. This allows us to target our campaigns more precisely to our target group. The purpose of these online marketing tools used is therefore ultimately to optimize our offer.
12.3 What data is processed?
In order for our online marketing to work and the success of the measures to be measured, user profiles are created and data is stored in cookies (these are small text files), for example. With the help of this data, we can not only place advertisements in the classic sense, but also directly on our website, display our content in the way you prefer. For this purpose, there are various third-party tools that offer these functions and accordingly also collect and store data from you. In the named cookies are stored, for example, which web pages you have visited on our website, how long you have viewed these pages, which links or buttons you click or from which website you have come to us. In addition, technical information may also be stored. For example, your IP address, which browser you use, from which device you visit our website or the time when you accessed our website and when you left it again. If you have consented that we may also determine your location, we may also store and process this.
Your IP address is stored in pseudonymized form (i.e. shortened). Unique data that directly identifies you as a person, such as your name, address or e-mail address, is also only stored in pseudonymized form as part of the advertising and online marketing processes. We can therefore not identify you as a person, but we have only the pseudonymized stored information in the user profiles.
Under certain circumstances, the cookies can also be deployed on other websites that work with the same advertising tools, analyzed and used for advertising purposes. The data may then also be stored on the servers of the advertising tools providers.
In exceptional cases, unique data (name, e-mail address, etc.) may also be stored in the user profiles. This storage occurs, for example, if you are a member of a social media channel that we use for our online marketing measures and the network links previously received data with the user profile.
With all the advertising tools we use that store data from you on their servers, we only ever receive aggregated information and never data that makes you recognizable as an individual. The data only shows how well set advertising measures worked. For example, we see which measures have persuaded you or other users to come to our website and purchase a service or product there. Based on the analyses, we can improve our advertising offer in the future and adapt it even more precisely to the needs and wishes of interested persons.
12.4 Duration of data processing
We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. Data that is stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, others may be stored in your browser for several years. In the respective data protection statements of the individual providers, you will usually receive detailed information about the individual cookies used by the provider.
12.5 Right of objection
You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser. The lawfulness of the processing until the revocation remains unaffected.
Since online marketing tools may generally use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy statements of the respective tools.
12.6 Legal basis
If you have consented to third-party providers being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as it may occur when collected by online marketing tools.
On our part, there is also a legitimate interest in measuring online marketing measures in anonymized form in order to optimize our offer and our measures with the help of the data obtained. The corresponding legal basis for this is Art. 6 Para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use the tools if you have given your consent.
Information on specific online marketing tools – if available – can be found in the following sections.
13 HubSpot
We use HubSpot, a digital marketing tool, on our website. The service provider is the American company HubSpot, Inc, 25 First St 2nd Floor Cambridge, MA, USA. The company also has a registered office in Ireland, among other places, with the address 1 Sir John Rogerson’s Quay, Dublin 2, Ireland.
HubSpot also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing.
As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, HubSpot uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, HubSpot undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Data Processing Agreement, which corresponds to the standard contractual clauses, can be found at https://legal.hubspot.com/dpa.
You can learn more about the data processed by using HubSpot in the Privacy Policy at https://legal.hubspot.com/privacy-policy
13.1 HubSpot order processing agreement (AVV).
We have concluded an order processing agreement (AVV) with HubSpot within the meaning of Article 28 of the General Data Protection Regulation (GDPR). What exactly an AVV is and, in particular, what must be included in an AVV, you can read in our general section “Order processing agreement (AVV)”.
This contract is required by law because HubSpot processes personal data on our behalf. It clarifies that HubSpot may only process data they receive from us according to our instructions and must comply with the GDPR. You can find the link to the order processing agreement (AVV) at https://legal.hubspot.com/dpa.
14 LinkedIn Insight Tag
We use the conversion tracking tool LinkedIn Insight-Tag on our website. The service provider is the American company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. The company LinkedIn Ireland Unlimited (Wilton Place, Dublin 2, Ireland) is responsible for the data protection-relevant aspects in the European Economic Area (EEA), the EU and Switzerland.
LinkedIn also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the lawfulness and security of data processing.
As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, LinkedIn uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, LinkedIn undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
More information about the standard contractual clauses at LinkedIn can be found at https://de.linkedin.com/legal/l/dpa or https://www.linkedin.com/legal/l/eu-sccs.
To learn more about LinkedIn Insight Tag, visit https://www.linkedin.com/help/linkedin/answer/a427660?lang=en You can also find out more about the data processed through the use of LinkedIn Insight-Tag in the privacy policy at https://de.linkedin.com/legal/privacy-policy.
15 Cloud services
Data subjects: We as website operator and you as website visitor.
Purpose: Security and data storage
Data Processed: Data such as your IP address, name or technical data such as browser version.
More details can be found below and in the individual data protection texts or in the data protection declarations of the providers.
Storage period: in most cases, the data is stored until it is no longer needed to fulfill the service.
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests).
15.1 What are cloud services?
Cloud services provide us as website operators with storage space and computing power via the Internet. Data can be transferred to an external system, processed and stored via the Internet. The corresponding cloud provider takes over the management of this data. Depending on the requirements, an individual person or even a company can choose the storage space size or computing power. Cloud storage is accessed via an API or via storage protocols. API stands for Application Programming Interface and means a programming interface that connects software components with hardware components.
15.2 Why do we use cloud services?
We use cloud services for several reasons. A cloud service provides us with the ability to store our data securely. It also allows us to access the data from different locations and devices, giving us more flexibility and making our work processes easier. A cloud storage also saves us money because we don’t have to build and manage our own infrastructure for data storage and data security. By storing our data centrally in the cloud, we can also expand our fields of application and manage our information much better.
So, as a website operator or as a company, we use cloud services primarily for our own purposes. For example, we use the services to manage our calendar, to store documents or other important information in the cloud. However, personal data about you may also be stored in the process. This is the case, for example, if you provide us with your contact details (such as name and email address) and we store our customer data with a cloud provider. Consequently, data that we process from you may also be stored and processed on external servers. If we offer certain forms or content from cloud services on our website, cookies may also be set for web analytics and advertising purposes. Furthermore, such cookies remember your settings (such as the language used) so that the next time you visit our website you will find your familiar web environment.
15.3 What data is processed by cloud services?
Much of the data we store in the cloud does not have a personal reference, but some data counts as personal data, as defined by the GDPR. This is often customer data such as name, address, IP address or telephone number or technical device information. Furthermore, videos, images and audio files can also be stored in the cloud. Exactly how the data is collected and stored depends on the service in question. We try to use only services that are very trustworthy and professional with the data. Basically, the services, such as Amazon Drive, have access to the stored files in order to offer their own service accordingly. For this, however, the services need permissions, such as the right to copy files because of security aspects. This data is processed and managed within the scope of the services and in compliance with the applicable laws. This also includes the DSGVO for US providers (via the standard contractual clauses). These cloud services also work in some cases with third-party providers who may process data under instruction and in accordance with the privacy policy and further security measures. We would like to emphasize again here that all known cloud services (such as Amazon Drive, Google Drive or Microsoft Onedrive) obtain the right to have access to stored content in order to be able to offer and optimize their own service accordingly.
15.4 Duration of data processing
We will inform you about the duration of data processing below, provided we have further information on this. In general, cloud services store data until you or we revoke the data storage or delete the data again. In general, personal data is only stored as long as it is absolutely necessary for the provision of the services. However, a final data deletion from the cloud may take several months. This is the case because the data is usually not only stored on one server, but is distributed on different servers.
15.5 Right of objection
You also have the right and the possibility to revoke your consent to data storage in a cloud at any time. If cookies are used, you also have a right of revocation here. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser. We also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy statements of the respective cloud providers.
15.6 Legal basis
We use cloud services mainly on the basis of our legitimate interests (Art. 6(1)(f) DSGVO) in a good security and storage system.
Certain processing, in particular the use of cookies as well as the use of storage functions require your consent. If you have consented that data from you can be processed and stored at cloud services, this consent is considered the legal basis of the data processing (Art. 6 (1) lit. a DSGVO). Most of the services we use set cookies in your browser to store data. That is why we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.
You can find information about special tools – if available – in the following sections.
15.7 Google Cloud
We use Google Cloud, an online storage service for files, photos and videos, for our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
Google also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks to the legality and security of data processing.
As a basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
Google holds a contract on commissioned processing in accordance with Art. 28 DSGVO, which acts as the basis under data protection law for our customer relationship with Google. This refers to the EU standard contractual clauses in terms of content. You can find the order processing conditions here: https://business.safety.google/intl/en/adsprocessorterms/
You can learn more about the data processed through the use of Google Cloud in the Privacy Policy at https://policies.google.com/privacy?hl=en
16 Web design
Data subjects: Visitors to the website
Purpose: To improve the user experience
Data Processed: What data is processed depends largely on the services used. Mostly it is about IP address, technical data, language settings, browser version, screen resolution and browser name. You can find more details about this in the respective web design tools used.
Storage period: depending on the tools used
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests).
16.1 What is web design?
We use various tools on our website that serve our web design. Web design is not, as often assumed, only about our website looking pretty, but also about functionality and performance. But of course, the appropriate appearance of a website is also one of the major goals of professional web design. Web design is a branch of media design and deals with the visual as well as the structural and functional design of a website. The goal is to use web design to improve your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all impressions and experiences that the website visitor experiences on a website. Usability is a sub-item of user experience. This refers to the user-friendliness of a website. The main emphasis here is on ensuring that content, subpages or products are clearly structured and that you can easily and quickly find what you are looking for. In order to provide you with the best possible experience on our website, we also use so-called third-party web design tools. In this privacy policy, the category “web design” therefore includes all services that improve the design of our website. These can be, for example, fonts, various plugins or other integrated web design functions.
16.2 Why do we use web design tools?
How you absorb information on a website depends very much on the structure, functionality and visual perception of the website. Therefore, a good and professional web design became more and more important for us as well. We are constantly working on improving our website and see this also as an extended service for you as a website visitor. Furthermore, a beautiful and functioning website also has economic advantages for us. After all, you will only visit us and make use of our offers if you feel completely comfortable.
16.3 What data is stored by web design tools?
When you visit our website, web design elements may be integrated into our pages that can also process data. Exactly what data is involved depends, of course, heavily on the tools used. Further below you can see exactly which tools we use for our website. We recommend that you also read the respective privacy policy of the tools used for more detailed information on data processing. In most cases, you will find out there which data is processed, whether cookies are used and how long the data is stored. Through fonts such as Google Fonts, for example, information such as language settings, IP address, browser version, browser screen resolution and browser name are also automatically transmitted to the Google servers.
16.4 Duration of data processing
How long data is processed is highly individual and depends on the web design elements used. For example, if cookies are used, the retention period can be as short as a minute or as long as a few years. Please do your research in this regard. For this purpose, we recommend on the one hand our general text section on cookies, as well as the privacy statements of the tools used. There you will usually find out exactly which cookies are used and what information is stored in them. Google font files, for example, are stored for one year. This is to improve the loading time of a website. In principle, data is only ever stored for as long as is necessary for the provision of the service. In the case of legal requirements, data may also be stored for longer.
16.5 Right of objection
You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. You can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser. However, under web design elements (mostly fonts), there is also data that cannot be deleted quite so easily. This is the case when data is automatically collected directly when a page is called up and transmitted to a third-party provider (such as Google). In this case, please contact the support of the relevant provider. In the case of Google, you can reach the support at https://support.google.com/?hl=en&sjid=11443614547429769947-EU
16.6 Legal basis
If you have consented to web design tools being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data as may occur when web design tools are used. From our side, there is also a legitimate interest to improve the web design on our website. After all, only then can we provide you with a beautiful and professional web offer. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests). Nevertheless, we only use web design tools insofar as you have given your consent. In any case, we would like to emphasize this again here.
You will find information on specific web design tools – if available – in the following sections.
17 Hosting
If you do not register or log in as a visitor, we collect the following data in so-called log files that your browser transmits:
IP address, date and time of the request, time zone difference to Greenwich Mean Time, content of the request, HTTP status code, amount of data transferred, website from which the request comes and information about the browser and operating system.
This is necessary to display our website and to ensure stability and security. This corresponds to our legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f DSGVO.
For the provision of our website, we use Mittwald CM Service GmbH & Co. KG as a hoster.
This is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f DSGVO, not to have to maintain a server on our premises ourselves. The server is located in Germany.
You can find more information on objection and removal options vis-à-vis Mittwald at: https://www.mittwald.de/datenschutz.
You have the right to object to the processing. Whether the objection is successful is to be determined within the framework of a balancing of interests.
The processing of the data provided under this section is not required by law or contract. The functionality of the website is not guaranteed without the processing.
17.1 Technical notes
In addition to the server log files, personal data may also be processed by the application used and its plugins. This includes, among other things, the logging of incorrect login attempts, or accesses to non-existent pages (404). This should be checked and supplemented accordingly.
In the event of storage, it should also be stated how long this will take place and whether and from when the collected data will be anonymized.
17.2 Legal information
In principle, an order processing contract must be concluded with the hoster. The Bavarian State Office for Data Protection Supervision has made an exception for the hosting of purely static websites. In the event that the website is used for self-expression, e.g. by associations or small businesses, no personal data flows to the operator and no tracking takes place, there is no commissioned processing. It goes on to say that “the fact that IP addresses, i.e. personal data, must inevitably be processed even when hosting static websites does not lead to the assumption of commissioned processing. That would not be appropriate. Rather, the (short-term) IP address storage is still attributable to the website hoster’s telecommunications access provision pursuant to the TKG and primarily serves the hoster’s security purposes.”
17.3 Other purposes of data processing
– Ensuring the stability and security of the website
– Evaluation of system security and stability
– Optimization of the website
– Checking whether unlawful use has taken place
17.4 Possibility of objection and removal
The frequently used reference that there is no possibility for the user to object does not correspond to the legal requirement. If the processing is based on the legitimate interest of the controller (Art. 6(1)(f) DSGVO), the right to object is not excluded per se. However, whether this is successful must be determined in the context of a balancing of interests. Even if in practice the legitimate interest of the website operator is likely to prevail, this does not mean that the right to object is excluded. Such wording should be corrected, as it may result in the data subject being prevented from exercising his or her right to object.
17.5 Recipients
According to Art. 13. para. 1 lit. e DSGVO, there is an obligation to specify “the recipients or categories of recipients of the personal data”. It is often argued that recipients must be named and addressed as a matter of priority and that categories may only be used as an alternative. Another view is that there is a right to choose between naming recipients and specifying categories. (Cf. Daum: Mandatory information on websites MMR 2020 643 (646) with further references). Accordingly, it would be sufficient to specify “hoster” as the category. However, only clarity, if any, speaks in favor of this view. However, it is more in line with the purpose of the provision to state the name and address, especially since this is already known in the context of hosting (cf. Lorenz: Datenschutzrechtliche Informationspflichten (VuR 2019, 213 (216)).
17.6 Storage period
To determine the storage period, the server and application settings should be checked, also to avoid inconsistencies between the stated purposes. For example, inconsistencies may arise if it is stated that data is deleted after each session, but at the same time it is intended to serve stability and security. A general statement that the data will be stored for as long as necessary for the stated purposes is not sufficient (cf. Simitis/Hornung/Spiecker gen. Döhmann, Datenschutzrecht, Art. 13 Rn 15). Sufficient, however, is according to Art. 13 para. 2 lit a. DSGVO, the specification of criteria for determining the storage period is sufficient.
