Preamble:With the following privacy policy, we would like to explain to you what types of your personal data (hereinafter also referred to as “data” for short) we process for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”) .The terms used are not gender-specific.Status: May 5, 2025
responsible person:Florian Mayr
4663 Laakirchen,
Panoramaweg 4,
Austria
Authorized representatives: Fabian Hain
Overview of processing:The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons concerned. Types of processed database data.Contact data.Content data.Usage data.Meta, communication and procedural data.Event data (Facebook) .Log data.Categories of affected personal communication partners.Users.Purposes of processingCommunication.Security measures.tracking.Target group education.Organizational and administrative procedure.Feedback.Marketing.Profiles with user-related Information.Provision of our online offering and user-friendliness.Information technology infrastructure.Public relations.
Relevant legal bases under the GDPR:
The following is an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or place of residence. Should more specific legal bases also apply in individual cases, we will inform you of these in the privacy policy.
Consent (Article 6 (1) (a) GDPR) - The data subject has given consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
Contract performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures taken at the request of the data subject.
Legitimate interests (Art. 6 (1) (f) GDPR) - processing is necessary to protect the legitimate interests of the controller or of a third party, provided that the interests, fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail.
National data protection regulations in Austria: In addition to the data protection regulations of the GDPR, there are national data protection regulations in Austria. This includes in particular the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act — DSG). In particular, the Data Protection Act contains special rules on the right to information, the right to rectification or deletion, the processing of special categories of personal data, processing for other purposes and transmission, and automated decision-making in individual cases.
Safety measures:In accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, availability and separation of data relating to it. We have also set up procedures that ensure the exercise of data subject rights, the deletion of data and responses to the data being compromised. In addition, we take the protection of personal data into account when developing or selecting hardware, software and processes in accordance with the principle of data protection, through technology design and through privacy-friendly default settings.
Securing online connections using TLS/SSL encryption technology (HTTPS): In order to protect user data transmitted via our online services from unauthorised access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information that is transferred between the website or app and the user's browser (or between two servers), which protects the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator for users that their data is transmitted securely and encrypted.
General information on data storage and deletion:We delete personal data that we process in accordance with legal provisions as soon as the underlying consent is withdrawn or there is no further legal basis for processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. There are exceptions to this regulation when legal obligations or special interests require the data to be stored or archived for a longer period of time. In particular, data that must be stored for commercial or tax reasons or whose storage is necessary to prosecute or protect the rights of other natural or legal persons must be archived accordingly. Our privacy policy contains additional information on the storage and deletion of data that applies specifically to specific processing processes. If there is more information about the storage period or deletion periods of a date, the longest period is always decisive. If a period does not expressly start on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the event triggering the deadline occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the deadline is the effective date of the termination or other termination of the legal relationship. We process data that is no longer stored for the originally intended purpose, but due to legal requirements or other reasons, exclusively for the reasons that justify their storage.
Further information on processing processes, procedures and services
Retention and deletion of data:
The following general deadlines apply in accordance with Austrian law for storage and archiving: 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting documents and invoices as well as all necessary work instructions and other organizational documents (Federal Tax Code (BAO §132), Commercial Code (UGB §§190-212)). 6 years - Other business documents: Received commercial or business letters, copies of commercial or business letters and others documents, provided they are relevant for tax purposes. These include, for example, hourly pay slips, operating statement sheets, calculation documents, price tags and payroll documents, provided that they are not already accounting documents and cash strips (Federal Tax Code (BAO §132), Corporate Code (UGB §§190-212)). 3 years - data required to consider potential warranty and compensation claims or similar contractual claims and rights and related inquiries to edit based on previous business experience and usual Industry practices are stored for the duration of the regular statutory limitation period of three years (Sections 1478, 1480 ABGB).
Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:
Right of objection: For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.
Right of withdrawal in case of consent: You have the right to withdraw your consent at any time.
Right to information: You have the right to request confirmation as to whether the relevant data is being processed and for information about this data as well as further information and a copy of the data in accordance with legal requirements.
Right to rectification: In accordance with legal requirements, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
Right to delete and restrict processing: In accordance with legal requirements, you have the right to request that data concerning you be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with legal requirements.
Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with legal requirements or to request that it be transmitted to another person responsible.
Complaint to supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you violates the requirements of the GDPR. Provision of the online service and web hosting. We process user data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transfer the content and functions of our online services to the user's browser or device.
Types of data processed: Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved). Log data (e.g. log files relating to logins or the retrieval of data or access times.).
Affected persons: users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online offering and user friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). safety measures.
Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section.
Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).
Further information on processing processes, procedures and services
Provision of online services on rented storage space:
To provide our online service, we use storage space, computing capacity and software, which we rent or otherwise obtain from an appropriate server provider (also known as a “web host”);
Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).
Collection of access data and log files:
Access to our online offering is logged in the form of so-called “server log files”. The server log files may include the address and name of the retrieved websites and files, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used, on the one hand, for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand to ensure the workload of the servers and their stability;
Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).
Löschung von Daten: Logfile-Informationen werden für die Dauer von maximal 30 Tagen gespeichert und danach gelöscht oder anonymisiert. Daten, deren weitere Aufbewahrung zu Beweiszwecken erforderlich ist, sind bis zur endgültigen Klärung des jeweiligen Vorfalls von der Löschung ausgenommen.Einsatz von CookiesUnter dem Begriff „Cookies" werden Funktionen, die Informationen auf Endgeräten der Nutzer speichern und aus ihnen auslesen, verstanden. Cookies können ferner in Bezug auf unterschiedliche Anliegen Einsatz finden, etwa zu Zwecken der Funktionsfähigkeit, der Sicherheit und des Komforts von Onlineangeboten sowie der Erstellung von Analysen der Besucherströme. Wir verwenden Cookies gemäß den gesetzlichen Vorschriften. Dazu holen wir, wenn erforderlich, vorab die Zustimmung der Nutzer ein. Ist eine Zustimmung nicht notwendig, setzen wir auf unsere berechtigten Interessen. Dies gilt, wenn das Speichern und Auslesen von Informationen unerlässlich ist, um ausdrücklich angeforderte Inhalte und Funktionen bereitstellen zu können. Dazu zählen etwa die Speicherung von Einstellungen sowie die Sicherstellung der Funktionalität und Sicherheit unseres Onlineangebots. Die Einwilligung kann jederzeit widerrufen werden. Wir informieren klar über deren Umfang und welche Cookies genutzt werden.
Hinweise zu datenschutzrechtlichen Rechtsgrundlagen:
Ob wir personenbezogene Daten mithilfe von Cookies verarbeiten, hängt von einer Einwilligung ab. Liegt eine Einwilligung vor, dient sie als Rechtsgrundlage. Ohne Einwilligung stützen wir uns auf unsere berechtigten Interessen, die vorstehend in diesem Abschnitt und im Kontext der jeweiligen Dienste und Verfahren erläutert sind.
Speicherdauer:
Im Hinblick auf die Speicherdauer werden die folgenden Arten von Cookies unterschieden:
Temporäre Cookies (auch: Session- oder Sitzungscookies): Temporäre Cookies werden spätestens gelöscht, nachdem ein Nutzer ein Onlineangebot verlassen und sein Endgerät (z. B. Browser oder mobile Applikation) geschlossen hat.
Permanente Cookies: Permanente Cookies bleiben auch nach dem Schließen des Endgeräts gespeichert. So können beispielsweise der Log-in-Status gespeichert und bevorzugte Inhalte direkt angezeigt werden, wenn der Nutzer eine Website erneut besucht. Ebenso können die mithilfe von Cookies erhobenen Nutzerdaten zur Reichweitenmessung Verwendung finden. Sofern wir Nutzern keine expliziten Angaben zur Art und Speicherdauer von Cookies mitteilen (z. B. im Rahmen der Einholung der Einwilligung), sollten sie davon ausgehen, dass diese permanent sind und die Speicherdauer bis zu zwei Jahre betragen kann.
Allgemeine Hinweise zum Widerruf und Widerspruch (Opt-out):
Nutzer können die von ihnen abgegebenen Einwilligungen jederzeit widerrufen und zudem einen Widerspruch gegen die Verarbeitung entsprechend den gesetzlichen Vorgaben, auch mittels der Privatsphäre-Einstellungen ihres Browsers, erklären.
Verarbeitete Datenarten: Meta-, Kommunikations- und Verfahrensdaten (z. B. IP-Adressen, Zeitangaben, Identifikationsnummern, beteiligte Personen).
Betroffene Personen: Nutzer (z. B. Webseitenbesucher, Nutzer von Onlinediensten).
Rechtsgrundlagen: Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO). Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO).
Weitere Hinweise zu Verarbeitungsprozessen, Verfahren und Diensten:
Verarbeitung von Cookie-Daten auf Grundlage einer Einwilligung:
Wir setzen eine Einwilligungs-Management-Lösung ein, bei der die Einwilligung der Nutzer zur Verwendung von Cookies oder zu den im Rahmen der Einwilligungs-Management-Lösung genannten Verfahren und Anbietern eingeholt wird. Dieses Verfahren dient der Einholung, Protokollierung, Verwaltung und dem Widerruf von Einwilligungen, insbesondere bezogen auf den Einsatz von Cookies und vergleichbaren Technologien, die zur Speicherung, zum Auslesen und zur Verarbeitung von Informationen auf den Endgeräten der Nutzer eingesetzt werden. Im Rahmen dieses Verfahrens werden die Einwilligungen der Nutzer für die Nutzung von Cookies und die damit verbundenen Verarbeitungen von Informationen, einschließlich der im Einwilligungs-Management-Verfahren genannten spezifischen Verarbeitungen und Anbieter, eingeholt. Die Nutzer haben zudem die Möglichkeit, ihre Einwilligungen zu verwalten und zu widerrufen. Die Einwilligungserklärungen werden gespeichert, um eine erneute Abfrage zu vermeiden und den Nachweis der Einwilligung gemäß der gesetzlichen Anforderungen führen zu können. Die Speicherung erfolgt serverseitig und/oder in einem Cookie (sogenanntes Opt-In-Cookie) oder mittels vergleichbarer Technologien, um die Einwilligung einem spezifischen Nutzer oder dessen Gerät zuordnen zu können. Sofern keine spezifischen Angaben zu den Anbietern von Einwilligungs-Management-Diensten vorliegen, gelten folgende allgemeine Hinweise: Die Dauer der Speicherung der Einwilligung beträgt bis zu zwei Jahre. Dabei wird ein pseudonymer Nutzer-Identifikator erstellt, der zusammen mit dem Zeitpunkt der Einwilligung, den Angaben zum Umfang der Einwilligung (z. B. betreffende Kategorien von Cookies und/oder Diensteanbieter) sowie Informationen über den Browser, das System und das verwendete Endgerät gespeichert wird;
Rechtsgrundlagen: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO).Kontakt- und AnfrageverwaltungBei der Kontaktaufnahme mit uns (z. B. per Post, Kontaktformular, E-Mail, Telefon oder via soziale Medien) sowie im Rahmen bestehender Nutzer- und Geschäftsbeziehungen werden die Angaben der anfragenden Personen verarbeitet, soweit dies zur Beantwortung der Kontaktanfragen und etwaiger angefragter Maßnahmen erforderlich ist.
Verarbeitete Datenarten: Bestandsdaten (z. B. der vollständige Name, Wohnadresse, Kontaktinformationen, Kundennummer, etc.); Kontaktdaten (z. B. Post- und E-Mail-Adressen oder Telefonnummern); Inhaltsdaten (z. B. textliche oder bildliche Nachrichten und Beiträge sowie die sie betreffenden Informationen, wie z. B. Angaben zur Autorenschaft oder Zeitpunkt der Erstellung); Nutzungsdaten (z. B. Seitenaufrufe und Verweildauer, Klickpfade, Nutzungsintensität und -frequenz, verwendete Gerätetypen und Betriebssysteme, Interaktionen mit Inhalten und Funktionen). Meta-, Kommunikations- und Verfahrensdaten (z. B. IP-Adressen, Zeitangaben, Identifikationsnummern, beteiligte Personen).
Betroffene Personen: Kommunikationspartner.
Zwecke der Verarbeitung: Kommunikation; Organisations- und Verwaltungsverfahren; Feedback (z. B. Sammeln von Feedback via Online-Formular). Bereitstellung unseres Onlineangebotes und Nutzerfreundlichkeit.
Aufbewahrung und Löschung: Löschung entsprechend Angaben im Abschnitt "Allgemeine Informationen zur Datenspeicherung und Löschung".
Rechtsgrundlagen: Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO). Vertragserfüllung und vorvertragliche Anfragen (Art. 6 Abs. 1 S. 1 lit. b) DSGVO).
Weitere Hinweise zu Verarbeitungsprozessen, Verfahren und Diensten:Kontaktformular:
Bei Kontaktaufnahme über unser Kontaktformular, per E-Mail oder anderen Kommunikationswegen, verarbeiten wir die uns übermittelten personenbezogenen Daten zur Beantwortung und Bearbeitung des jeweiligen Anliegens. Dies umfasst in der Regel Angaben wie Name, Kontaktinformationen und gegebenenfalls weitere Informationen, die uns mitgeteilt werden und zur angemessenen Bearbeitung erforderlich sind. Wir nutzen diese Daten ausschließlich für den angegebenen Zweck der Kontaktaufnahme und Kommunikation;
Rechtsgrundlagen: Vertragserfüllung und vorvertragliche Anfragen (Art. 6 Abs. 1 S. 1 lit. b) DSGVO), Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).Webanalyse, Monitoring und OptimierungDie Webanalyse (auch als „Reichweitenmessung" bezeichnet) dient der Auswertung der Besucherströme unseres Onlineangebots und kann Verhalten, Interessen oder demografische Informationen zu den Besuchern, wie beispielsweise Alter oder Geschlecht, als pseudonyme Werte umfassen. Mithilfe der Reichweitenanalyse können wir zum Beispiel erkennen, zu welcher Zeit unser Onlineangebot oder dessen Funktionen beziehungsweise Inhalte am häufigsten genutzt werden, oder zur Wiederverwendung einladen. Ebenso ist es uns möglich, nachzuvollziehen, welche Bereiche der Optimierung bedürfen. Neben der Webanalyse können wir auch Testverfahren einsetzen, um etwa unterschiedliche Versionen unseres Onlineangebots oder seiner Bestandteile zu testen und zu optimieren.Sofern nachfolgend nicht anders angegeben, können zu diesen Zwecken Profile, also zu einem Nutzungsvorgang zusammengefasste Daten, angelegt und Informationen in einem Browser bzw. in einem Endgerät gespeichert und dann ausgelesen werden. Zu den erhobenen Angaben gehören insbesondere besuchte Websites und dort genutzte Elemente sowie technische Auskünfte, wie etwa der verwendete Browser, das benutzte Computersystem sowie Angaben zu Nutzungszeiten. Sofern sich Nutzer in die Erhebung ihrer Standortdaten uns gegenüber oder gegenüber den Anbietern der von uns eingesetzten Dienste einverstanden erklärt haben, ist auch die Verarbeitung von Standortdaten möglich.Darüber hinaus werden die IP-Adressen der Nutzer gespeichert. Jedoch nutzen wir ein IP-Masking-Verfahren (d. h. Pseudonymisierung durch Kürzung der IP-Adresse) zum Schutz der Nutzer. Generell werden die im Rahmen von Webanalyse, A/B-Testings und Optimierung keine Klardaten der Nutzer (wie z. B. E-Mail-Adressen oder Namen) gespeichert, sondern Pseudonyme. Das heißt, wir als auch die Anbieter der eingesetzten Software kennen nicht die tatsächliche Identität der Nutzer, sondern nur die zum Zweck der jeweiligen Verfahren in deren Profilen gespeicherten Angaben.Hinweise zu Rechtsgrundlagen: Sofern wir die Nutzer um deren Einwilligung in den Einsatz der Drittanbieter bitten, stellt die Rechtsgrundlage der Datenverarbeitung die Einwilligung dar. Ansonsten werden die Nutzerdaten auf Grundlage unserer berechtigten Interessen (d. h. Interesse an effizienten, wirtschaftlichen und empfängerfreundlichen Leistungen) verarbeitet. In diesem Zusammenhang möchten wir Sie auch auf die Informationen zur Verwendung von Cookies in dieser Datenschutzerklärung hinweisen.
Verarbeitete Datenarten: Nutzungsdaten (z. B. Seitenaufrufe und Verweildauer, Klickpfade, Nutzungsintensität und -frequenz, verwendete Gerätetypen und Betriebssysteme, Interaktionen mit Inhalten und Funktionen). Meta-, Kommunikations- und Verfahrensdaten (z. B. IP-Adressen, Zeitangaben, Identifikationsnummern, beteiligte Personen).
Betroffene Personen: Nutzer (z. B. Webseitenbesucher, Nutzer von Onlinediensten).
Zwecke der Verarbeitung: Reichweitenmessung (z. B. Zugriffsstatistiken, Erkennung wiederkehrender Besucher); Profile mit nutzerbezogenen Informationen (Erstellen von Nutzerprofilen). Bereitstellung unseres Onlineangebotes und Nutzerfreundlichkeit.
Aufbewahrung und Löschung: Löschung entsprechend Angaben im Abschnitt "Allgemeine Informationen zur Datenspeicherung und Löschung". Speicherung von Cookies von bis zu 2 Jahren (Sofern nicht anders angegeben, können Cookies und ähnliche Speichermethoden für einen Zeitraum von zwei Jahren auf den Geräten der Nutzer gespeichert werden.).
Sicherheitsmaßnahmen: IP-Masking (Pseudonymisierung der IP-Adresse).
Rechtsgrundlagen: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO). Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).
Weitere Hinweise zu Verarbeitungsprozessen, Verfahren und Diensten:
Google Analytics:
Wir verwenden Google Analytics zur Messung und Analyse der Nutzung unseres Onlineangebotes auf der Grundlage einer pseudonymen Nutzeridentifikationsnummer. Diese Identifikationsnummer enthält keine eindeutigen Daten, wie Namen oder E-Mail-Adressen. Sie dient dazu, Analyseinformationen einem Endgerät zuzuordnen, um zu erkennen, welche Inhalte die Nutzer innerhalb eines oder verschiedener Nutzungsvorgänge aufgerufen haben, welche Suchbegriffe sie verwendet haben, diese erneut aufgerufen haben oder mit unserem Onlineangebot interagiert haben. Ebenso werden der Zeitpunkt der Nutzung und deren Dauer gespeichert, sowie die Quellen der Nutzer, die auf unser Onlineangebot verweisen und technische Aspekte ihrer Endgeräte und Browser.
Dabei werden pseudonyme Profile von Nutzern mit Informationen aus der Nutzung verschiedener Geräte erstellt, wobei Cookies eingesetzt werden können. Google Analytics protokolliert und speichert keine individuellen IP-Adressen für EU-Nutzer. Analytics stellt jedoch grobe geografische Standortdaten bereit, indem es die folgenden Metadaten von IP-Adressen ableitet: Stadt (und der abgeleitete Breiten- und Längengrad der Stadt), Kontinent, Land, Region, Subkontinent (und ID-basierte Gegenstücke). Beim EU-Datenverkehr werden die IP-Adressdaten ausschließlich für diese Ableitung von Geolokalisierungsdaten verwendet, bevor sie sofort gelöscht werden. Sie werden nicht protokolliert, sind nicht zugänglich und werden nicht für weitere Verwendungszwecke genutzt. Wenn Google Analytics Messdaten sammelt, werden alle IP-Abfragen auf EU-basierten Servern durchgeführt, bevor der Verkehr zur Verarbeitung an Analytics-Server weitergeleitet wird;
Dienstanbieter: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland;
Rechtsgrundlagen: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO);
Website: https://marketingplatform.google.com/intl/de/about/analytics/;
Safety measures:
IP masking (pseudonymization of the IP address);
Privacy statement:
https://policies.google.com/privacy;
Order processing contract:
https://business.safety.google/adsprocessorterms/;
Basis for transfers to third countries: Data Privacy Framework (DPF), standard contractual clauses (
https://business.safety.google/adsprocessorterms), Data Privacy Framework (DPF) standard contractual clauses (
https://business.safety.google/adsprocessorterms);
Objection option (opt-out): Opt-out plugin:
https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertisements:
https://myadcenter.google.com/personalizationoff.
More information:
https://business.safety.google/adsservices/ (Types of processing and data processed).
Google Tag Manager:
We use Google Tag Manager, a software from Google that allows us to manage so-called website tags centrally via a user interface. Tags are small code elements on our website that are used to record and analyze visitor activity. This technology helps us improve our website and the content offered on it. The Google Tag Manager itself does not create user profiles, does not store cookies with user profiles and does not carry out any independent analyses. Its function is limited to simplifying and managing tools and services that we use on our website and making them more efficient. Nevertheless, when using Google Tag Manager, the users' IP addresses are transmitted to Google, which is necessary for technical reasons to implement the services we use. Cookies can also be set in the process. However, this data processing only takes place if services are integrated via Tag Manager. For more detailed information about these services and their data processing, please refer to the further sections of this privacy policy;
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Legal bases: consent (Article 6 (1) (1) (a) GDPR);
Site:
https://marketingplatform.google.com;
Privacy statement:
https://policies.google.com/privacy;
Order processing contract:https://business.safety.google/adsprocessorterms.
Basis for transfers to third countries: Data Privacy Framework (DPF), standard contractual clauses (
https://business.safety.google/adsprocessorterms), Data Privacy Framework (DPF) standard contractual clauses (
https://business.safety.google/adsprocessorterms) .Presences on social networks (social media) We maintain online presences within social networks and process user data within this framework in order to communicate with users active there or to provide information about us.We would like to point out that user data may be processed outside the European Union. This may result in risks for users, for example because it could make it more difficult to enforce user rights. Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. The latter may in turn be used, for example, to place advertisements within and outside the networks that presumably match the interests of users. Therefore, cookies are usually stored on users' computers, in which the usage behavior and interests of the users are stored. In addition, data can also be stored in the user profiles regardless of the devices used by the users (in particular if they are members of the respective platforms and logged in there). For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks. Even in the case of requests for information and the assertion of data subject rights, we point out that these are most effective with the providers can be claimed. Only the latter have access to user data and can directly take appropriate measures and provide information. Should you still need help, you can contact us.
Types of data processed: Contact data (e.g. postal and e-mail addresses or telephone numbers); content data (e.g. textual or pictorial messages and contributions and information relating to them, such as information on authorship or time of creation). Usage data (e.g. page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).
Affected persons: users (e.g. website visitors, users of online services).
Purposes of processing: Communication; feedback (e.g. collecting feedback via online form). public relations.
Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section.
Legal bases: Legitimate interests (Art. 6 (1) (f) GDPR).
Further information on processing processes, procedures and services:
Instagram:
Social network, allows you to share photos and videos, comment on and favorite posts, send messages, subscribe to profiles and pages;
Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;
Legal bases: legitimate interests (Art. 6 (1) (f) GDPR);
Site:
https://www.instagram.com;
Privacy statement:
https://privacycenter.instagram.com/policy/.
Basis for transfers to third countries: Data Privacy Framework (DPF), Data Privacy Framework (DPF).
Facebook pages:
Profiles within the social network Facebook - Together with Meta Platforms Ireland Limited, we are responsible for collecting (but not further processing) data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content that users view or interact with, or the actions they take (see “Things done and provided by you and others” in the Facebook Data Policy:
https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see “Device Information” in the Facebook Data Policy:
https://www.facebook.com/privacy/policy/). As stated in the Facebook data policy under “How do we use this information?” Facebook also explains, collects and uses information to provide analytics services, so-called “page insights,” for site operators so that they obtain insights into how people interact with their pages and with the content associated with them. We have signed a special agreement with Facebook (“Page Insights Information,”
https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must comply with and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). Users' rights (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information about page insights” (
https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular with regard to the transfer of the data to the parent company Meta Platforms, Inc. in the USA;
Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;
Legal bases: legitimate interests (Art. 6 (1) (f) GDPR);
Site:
https://www.facebook.com;
Privacy statement:
https://www.facebook.com/privacy/policy/.
Basis for transfers to third countries: Data Privacy Framework (DPF), standard contractual clauses (
https://www.facebook.com/legal/EU_data_transfer_addendum), Data Privacy Framework (DPF) standard contractual clauses (
https://www.facebook.com/legal/EU_data_transfer_addendum).
LinkedIn:
Social network - Together with LinkedIn Ireland Unlimited Company, we are responsible for collecting (but not further processing) data from visitors, which are used to create the “page insights” (statistics) of our LinkedIn profiles. This data includes information about the types of content that users view or interact with and the actions they take. Details about the devices used are also collected, such as IP addresses, operating system, browser type, language settings and cookie data, as well as information from user profiles, such as job function, country, industry, hierarchical level, company size and employment status. Data protection information on the processing of user data by LinkedIn can be found in LinkedIn's privacy policy:
https://www.linkedin.com/legal/privacy-policyWe have signed a special agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum”,
https://legal.linkedin.com/pages-joint-controller-addendum), which in particular regulates which security measures LinkedIn must comply with and in which LinkedIn has agreed to fulfill the rights of those affected (i.e. users can direct requests for information or deletion directly to LinkedIn, for example). The rights of users (in particular the right to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. The joint responsibility is limited to the collection and transfer of data to LinkedIn Ireland Unlimited Company, a company based in the EU. LinkedIn Ireland Unlimited Company is solely responsible for further processing of the data, in particular as regards the transmission of the data to the parent company LinkedIn Corporation in the USA;
Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;
Legal bases: legitimate interests (Art. 6 (1) (f) GDPR);
Site:
https://www.linkedin.com;
Privacy statement:
https://www.linkedin.com/legal/privacy-policy;
Basis for transfers to third countries: Data Privacy Framework (DPF), standard contractual clauses (
https://legal.linkedin.com/dpa), Data Privacy Framework (DPF) standard contractual clauses (
https://legal.linkedin.com/dpa).
Objection option (opt-out):
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
YouTube:
social network and video platform;
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Legal bases: legitimate interests (Art. 6 (1) (f) GDPR);
Privacy statement:
https://policies.google.com/privacy;
Basis for transfers to third countries: Data Privacy Framework (DPF), Data Privacy Framework (DPF).
Objection option (opt-out):
https://myadcenter.google.com/personalizationoff.plug-ins and embedded functions and contentWe integrate functional and content elements into our online offering, which are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos or city maps (hereinafter uniformly referred to as “content”). The integration always requires that the third-party providers of this content process the user's IP address, as they could not send the content to their browser without an IP address. The IP address is therefore required to display this content or functions. We make every effort to use only content whose respective providers only use the IP address to deliver the content. Third parties can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information, such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and include technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, but can also be linked to such information from other sources.
Information on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
Types of data processed: Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved). Event data (Facebook) (“event data” is information that is sent to the provider Meta via meta pixels (whether via apps or other channels) and relates to people or their actions. This data includes details of website visits, interactions with content and features, app installations, and product purchases. The event data is processed with the aim of creating target groups for content and advertising messages (custom audiences). It is important to note that event data does not include actual content such as written comments, login information, and contact information such as names, email addresses, or telephone numbers. “Event data” is deleted by Meta after a maximum of two years, and the resulting target groups disappear when our meta user accounts are deleted.).
Affected persons: users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online offering and usability; reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest/behavioral profiling, use of cookies); target group formation; marketing. Profiles with user-related information (creating user profiles).
Retention and deletion: Deletion in accordance with the “General Information on Data Storage and Deletion” section. Storage of cookies of up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on users' devices for a period of two years).
Legal bases: Consent (Art. 6 (1) (a) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).
Further information on processing processes, procedures and services:Facebook plug-ins and content:
Facebook social plugins and content - This may include content such as images, videos or texts and buttons with which users can share content from this online offer within Facebook. The list and appearance of Facebook social plugins can be viewed here:
https://developers.facebook.com/docs/plugins/ - We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt as part of a transmission (but not further processing) of “event data” that Facebook collects or receives as part of a transmission for the following purposes using the Facebook social plug-ins (and embedding functions for content) carried out on our online offering; b) Delivery commercial and transaction-related Messages (e.g. addressing users via Facebook Messenger); c) Improving ad delivery and personalizing features and content (e.g. improving the recognition of which content or advertising information presumably corresponds to users' interests). We have concluded a special agreement with Facebook (“Amendment for Responsible Persons”,
https://www.facebook.com/legal/controller_addendum), which in particular regulates which security measures Facebook must comply with (
https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can send information or deletion requests directly to Facebook, for example). Note: If Facebook provides us with metrics, analyses and reports (which are aggregated, i.e. do not receive information about individual users and are anonymous to us), then this processing is not carried out as part of joint responsibility, but on the basis of an order processing agreement (“data processing conditions”,
https://www.facebook.com/legal/terms/dataprocessing), the “data security conditions” (
https://www.facebook.com/legal/terms/data_security_terms) and with regard to processing in the USA on the basis of standard contractual clauses (“Facebook-EU Data Transfer Amendment,
https://www.facebook.com/legal/EU_data_transfer_addendum). Users' rights (in particular to information, deletion, objection and complaint with the competent supervisory authority) are not restricted by the agreements with Facebook;
Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;
Legal bases: consent (Article 6 (1) (1) (a) GDPR);
Site:
https://www.facebook.com;
Privacy statement:
https://www.facebook.com/privacy/policy/.
Basis for transfers to third countries: Data Privacy Framework (DPF), Data Privacy Framework (DPF).
Instagram plugins and content:
Instagram plugins and content - This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Instagram. - Together with Meta Platforms Ireland Limited, we are responsible for the collection or receipt of “event data” that Facebook collects using Instagram functions (e.g. embedding functions for content) carried out on our online offering, or in As part of a transfer to receives the following purposes, jointly responsible: a) displaying content and advertising information that corresponds to the alleged interests of users; b) delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger); c) improving ad delivery and personalizing features and content (e.g. improving recognition of which content or advertising information presumably corresponds to users' interests). We have concluded a special agreement with Facebook (“Amendment for Responsible Persons”,
https://www.facebook.com/legal/controller_addendum), which in particular regulates which security measures Facebook must comply with (
https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can send information or deletion requests directly to Facebook, for example). Note: If Facebook provides us with metrics, analyses and reports (which are aggregated, i.e. do not receive information about individual users and are anonymous to us), then this processing is not carried out as part of joint responsibility, but on the basis of an order processing agreement (“data processing conditions”,
https://www.facebook.com/legal/terms/dataprocessing), the “data security conditions” (
https://www.facebook.com/legal/terms/data_security_terms) and with regard to processing in the USA on the basis of standard contractual clauses (“Facebook-EU Data Transfer Amendment,
https://www.facebook.com/legal/EU_data_transfer_addendum). Users' rights (in particular to information, deletion, objection and complaint with the competent supervisory authority) are not restricted by the agreements with Facebook;
Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland;
Legal bases: legitimate interests (Art. 6 (1) (f) GDPR);
Site:
https://www.instagram.com.
Privacy statement:
https://privacycenter.instagram.com/policy/.
YouTube videos: video content;
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Legal bases: consent (Article 6 (1) (1) (a) GDPR);
Site:
https://www.youtube.com;
Privacy statement:
https://policies.google.com/privacy;
Basis for transfers to third countries: Data Privacy Framework (DPF), Data Privacy Framework (DPF).
Objection option (opt-out): Opt-out plugin:
https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertisements:
https://myadcenter.google.com/personalizationoff.Amendment and updateWe ask you to regularly check the content of our privacy policy. We will adjust the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification. If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.Definitions of termsThis section provides an overview of the terms used in this privacy policy. Insofar as the terms are defined by law, their legal definitions apply. The following explanations, on the other hand, are primarily intended for understanding.
Inventory data: Inventory data includes essential information that is necessary to identify and manage contract partners, user accounts, profiles and similar assignments. This data may include personal and demographic information such as names, contact information (addresses, telephone numbers, email addresses), dates of birth, and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between people and services, facilities or systems by enabling unambiguous attribution and communication.
Content data: Content data includes information that is generated in the course of creating, editing, and publishing all types of content. This category of data can include text, images, videos, audio files, and other multimedia content published on various platforms and media. Content data is not only limited to the actual content, but also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates
contact details: Contact data is essential information that enables communication with people or organizations. They include telephone numbers, postal addresses and email addresses, as well as means of communication such as social media handles and instant messaging identifiers.
Meta, communication and process data: Meta, communication, and procedural data are categories that contain information about how data is processed, transmitted, and managed. Meta data, also known as data about data, includes information that describes the context, origin, and structure of other data. They can include information about the file size, creation date, author of a document, and change histories. Communication data records the exchange of information between users via various channels, such as email traffic, call logs, messages on social networks and chat histories, including the people involved, time stamps, and transmission channels. Procedural data describes the processes and operations within systems or organizations, including workflow documentation, logs of transactions and activities, and audit logs that are used to track and review operations.
Usage data: Usage data refers to information that records how users interact with digital products, services, or platforms. This data includes a wide range of information that shows how users use applications, which features they prefer, how long they spend on specific pages, and which paths they use to navigate through an application. Usage data may also include frequency of use, time stamps of activities, IP addresses, device information, and location data. They are particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. In addition, usage data plays a decisive role in identifying trends, preferences and potential problem areas within digital offerings
Personal data: “Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special characteristics that express the physical, physiological, genetic, psychological, economic, are the cultural or social identity of that natural person.
Profiles with user-related information: The processing of “profiles with user-related information”, or “profiles” for short, comprises any type of automated processing of personal data, which consists of using this personal data to analyze, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information regarding demographics, behavior and interests, such as interaction with websites and their content, etc.) (e.g. interests in specific content or products, click behavior on a website or location). Cookies and web beacons are often used for profiling purposes.
Log data: Log data is information about events or activities that have been logged on a system or network. This data typically includes information such as time stamps, IP addresses, user actions, error messages, and other details about the use or operation of a system. Log data is often used to analyze system issues, monitor security, or generate performance reports.
Range measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offer and can include visitors' behavior or interests in certain information, such as the content of websites. With the help of reach analysis, operators of online offers can, for example, recognize at what time users visit their websites and what content they are interested in. This allows them, for example, to better adapt the content of the websites to the needs of their visitors. Pseudonymous cookies and web beacons are often used for audience analysis purposes to recognize returning visitors and thus obtain more detailed analyses of the use of an online offer.
Tracking: We speak of “tracking” when the behavior of users can be traced across several online offerings. As a rule, behavioral and interest information with regard to the online offers used is stored in cookies or on servers of the providers of tracking technologies (so-called profiling). This information can then be used, for example, to show users advertisements that are likely to match their interests.
responsible person: “Responsible person” is the natural or legal person, authority, agency or other body which, alone or together with others, decides on the purposes and means of processing personal data.
processing: “Processing” means any process carried out with or without the aid of automated procedures or any such series of processes in connection with personal data. The term is broad and covers virtually any handling of data, whether collection, evaluation, storage, transmission or deletion.
Target group formation: Target group building (English “custom audiences”) is when target groups are determined for advertising purposes, e.g. displaying advertisements. For example, based on a user's interest in specific products or topics on the Internet, it can be concluded that this user is interested in advertisements for similar products or the online shop in which he viewed the products. In turn, we speak of “lookalike audiences” (or similar target groups) when the content considered suitable is displayed to users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are usually used for the purpose of creating custom audiences and lookalike audiences.
Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke 
