Privacy Policy
Introduction and OverviewWe have created this privacy policy (Version 02.10.2023-112631098) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, what personal data (referred to as "data") we, as the data controller, and the data processors we have engaged (e.g., providers), process, will process in the future, and what legal options you have. The terms used in this policy are gender-neutral.In summary, we provide comprehensive information about the data we process about you.Privacy policies typically sound very technical and use legal terminology. However, this privacy policy aims to describe the most important aspects as simply and transparently as possible. Where transparency is beneficial, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. In clear and simple language, we inform you that we only process personal data in the course of our business activities when there is a legal basis for doing so. This is not possible if we provide brief, unclear, and legally technical explanations, as is often the standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative, and perhaps there is some information you were not aware of.If you still have questions, we kindly ask you to contact the responsible entity mentioned below or in the imprint, follow the provided links, and review further information on third-party websites. Our contact details can also be found in the imprint.
ScopeThis privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies we have engaged as data processors. When we refer to personal data, we mean information as defined in Article 4(1) of the GDPR, such as a person's name, email address, and postal address. The processing of personal data enables us to provide and bill for our services and products, whether online or offline. The scope of this privacy policy includes:• All online presences (websites, online shops) operated by us• Social media presences and email communication• Mobile apps for smartphones and other devicesIn short, this privacy policy applies to all areas within the company where personal data is processed in a structured manner through the mentioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.
Legal BasisIn the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal basis of the General Data Protection Regulation, which allows us to process personal data.Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can find this EU General Data Protection Regulation online on EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.We only process your data if at least one of the following conditions applies:1. Consent (Article 6(1)(a) GDPR): You have given us consent to process data for a specific purpose. An example would be storing the data you entered in a contact form.2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For instance, if we enter into a purchase agreement with you, we require your personal information in advance.3. Legal obligation (Article 6(1)(c) GDPR): When we are subject to a legal obligation, we process your data. For example, we are legally obligated to retain invoices for accounting purposes. These invoices typically contain personal data.4. Legitimate interests (Article 6(1)(f) GDPR): In cases of legitimate interests that do not infringe on your fundamental rights, we reserve the right to process personal data. For example, we may need to process certain data to ensure the secure and economically efficient operation of our website. This processing constitutes a legitimate interest.Additional conditions, such as the exercise of public interest and the exercise of official authority, as well as the protection of vital interests, typically do not apply in our context. If such a legal basis were to be applicable, it would be indicated in the relevant section.In addition to the EU regulation, national laws also apply:• In Austria, this is the Federal Act concerning the Protection of Personal Data (Datenschutzgesetz), abbreviated as DSG.• In Germany, the Federal Data Protection Act, abbreviated as BDSG, applies.If further regional or national laws come into play, we will inform you in the following sections.
Contact Information for the Data ControllerIf you have any questions regarding data protection or the processing of personal data, please find below the contact details of the responsible individual or entity:
GES Green Earth Solutions e.UKarin GoettlichAlthanstraße 16, 1090 Vienna, AustriaEmail: office@greenearth-solutions.com Imprint: https://greenearth-solutions.com/imprint/
Data RetentionOne of our fundamental principles is that we only retain personal data for as long as it is absolutely necessary for providing our services and products. This means that we delete personal data when the purpose for data processing no longer exists. In some cases, we are legally obligated to retain certain data even after the original purpose has ceased, such as for accounting purposes.If you wish to have your data deleted or revoke your consent for data processing, the data will be deleted as soon as possible, provided there is no legal obligation to retain it.We will provide you with specific information about the duration of each data processing activity below if we have additional information on this matter.
Rights According to the General Data Protection RegulationIn accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights that are granted to you to ensure fair and transparent data processing:• According to Article 15 of the GDPR, you have the right to know whether we are processing your data. If so, you have the right to receive a copy of the data and to obtain the following information: - The purpose for which we are processing the data - The categories or types of data being processed - Who receives this data, and if the data is transmitted to third countries, how the security is guaranteed - How long the data will be stored - The existence of the right to rectify, erase, or restrict processing, and the right to object to processing - Your right to lodge a complaint with a supervisory authority (links to these authorities can be found below) - The source of the data if it was not collected from you - Whether profiling is conducted, i.e., whether data is automatically analyzed to create a personal profile of you.• According to Article 16 of the GDPR, you have the right to rectify data, meaning that we must correct any errors you find.• According to Article 17 of the GDPR, you have the right to erasure ("right to be forgotten"), meaning that you can request the deletion of your data.• According to Article 18 of the GDPR, you have the right to restrict processing, which means that we can only store the data but not use it further.• According to Article 20 of the GDPR, you have the right to data portability, meaning that upon request, we will provide your data in a commonly used format.• According to Article 21 of the GDPR, you have the right to object, which, when enforced, results in a change in the processing. - If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then assess as quickly as possible whether we can legally comply with this objection. - If data is used for direct marketing, you can object to this type of data processing at any time. We may no longer use your data for direct marketing thereafter. - If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling thereafter.• According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g., profiling) under certain circumstances.• According to Article 77 of the GDPR, you have the right to lodge a complaint. This means that you can complain to the supervisory authority at any time if you believe that the processing of personal data is in violation of the GDPR.In summary: You have rights – do not hesitate to contact the responsible entity listed above!If you believe that the processing of your data is in violation of data protection law or your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this authority is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:
Austria Data Protection Authority - Österreich DatenschutzbehördeDirector: Mag. Dr. Andrea JelinekAddress: Barichgasse 40-42, 1030 ViennaPhone: +43 1 52 152-0Email: dsb@dsb.gv.atWebsite: https://www.dsb.gv.at/
Data Processing SecurityTo protect personal data, we have implemented both technical and organizational measures. Wherever possible, we encrypt or pseudonymize personal data. This means that, within the scope of our capabilities, we make it as difficult as possible for third parties to deduce personal information from our data.Article 25 of the GDPR refers to this as "data protection by design and by default," emphasizing the importance of considering security in both software (e.g., forms) and hardware (e.g., server room access) and taking appropriate measures. Below, if necessary, we will provide details about specific measures. TLS Encryption with HTTPSTLS, encryption, and HTTPS may sound highly technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure), which stands for "secure hypertext transfer protocol," to transmit data securely over the internet.This means that the entire transmission of data from your browser to our web server is secured, and no one can eavesdrop.By implementing HTTPS, we have added an extra layer of security and comply with data protection by design (Article 25(1) GDPR). Through the use of TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.You can recognize the use of this data transmission security by the small padlock symbol located at the top left of your browser, next to the web address (e.g., examplepage.com), and the use of the "https" scheme instead of "http" in our web address.If you want to learn more about encryption, we recommend doing a Google search for "Hypertext Transfer Protocol Secure wiki" to find useful links to further information. CommunicationCommunication Summary:👥 Data Subjects: Anyone who communicates with us via phone, email, or online forms.📓 Processed Data: Examples include phone numbers, names, email addresses, and data entered into forms. More details can be found for each respective method of contact.🤝 Purpose: Handling communication with customers, business partners, etc.📅 Data Retention: For the duration of the business transaction and in compliance with legal requirements.⚖️ Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(b) GDPR (Contract), Article 6(1)(f) GDPR (Legitimate Interests)When you contact us and communicate via phone, email, or online forms, there may be the processing of personal data.The data is processed for the purpose of handling and responding to your inquiry and related business transactions. The data is retained for as long as necessary or as required by law.Data SubjectsAll individuals who seek contact with us through the communication channels we provide are affected by the processes mentioned.PhoneWhen you call us, call data is pseudonymized and stored on the respective device and with the telecommunications provider used. Additionally, data such as name and phone number may be sent via email and stored for the purpose of responding to the inquiry. The data is deleted once the business transaction is completed and legal requirements permit.EmailWhen you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data is stored on the email server. The data is deleted once the business transaction is completed and legal requirements permit.Online FormsWhen you communicate with us using online forms, data is stored on our web server and may be forwarded to one of our email addresses. The data is deleted once the business transaction is completed and legal requirements permit.Legal BasisThe processing of data is based on the following legal bases:• Article 6(1)(a) GDPR (Consent): You give us consent to store your data and use it for purposes related to the business transaction.• Article 6(1)(b) GDPR (Contract): There is a necessity for the performance of a contract with you or a data processor, such as the telephone provider, or we need to process data for pre-contractual activities, such as preparing an offer.• Article 6(1)(f) GDPR (Legitimate Interests): We aim to conduct customer inquiries and business communication in a professional context. Certain technical facilities, such as email programs, exchange servers, and mobile network operators, are necessary to efficiently manage communication. CookiesCookies Summary:👥 Data Subjects: Website visitors.🤝 Purpose: Depends on the specific cookie. More details can be found below or with the software manufacturer that sets the cookie.📓 Processed Data: Depends on the specific cookie. More details can be found below or with the software manufacturer that sets the cookie.📅 Data Retention: Depends on the specific cookie, ranging from hours to years.⚖️ Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests) What are Cookies?Our website uses HTTP cookies to store user-specific data.In the following, we explain what cookies are and why they are used so that you can better understand the following privacy policy.Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.One thing is for sure: cookies are really useful little helpers. Almost all websites use cookies. More specifically, these are HTTP cookies, as there are also other cookies for different application areas. HTTP cookies are small files that are stored by our website on your computer. These cookie files are automatically placed in the cookie folder, which is essentially your browser's "brain." A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.Cookies store certain user data from you, such as language or personal page settings. When you revisit our site, your browser sends the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.The following diagram shows a possible interaction between a web browser like Chrome and the web server. In this scenario, the web browser requests a website and receives a cookie from the server, which the browser uses again when requesting another page.There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie needs to be evaluated individually as each cookie stores different data. The expiration time of a cookie also varies, ranging from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans, or other "malware." Cookies also cannot access information on your PC. Here's how cookie data can look:Name: _gaValue: GA1.2.1326744211.152112631098-9Purpose: Distinguishing website visitorsExpiration Date: after 2 yearsBrowsers should support at least these minimum sizes for cookies:• At least 4096 bytes per cookie• At least 50 cookies per domain• At least 3000 cookies in total Types of Cookies:The specific types of cookies we use depend on the services used and will be explained in the following sections of the privacy policy. At this point, we'd like to briefly discuss the different types of HTTP cookies. There are 4 types of cookies that can be distinguished: Essential Cookies:These cookies are necessary to ensure the basic functionality of the website. For example, these cookies are needed when a user adds a product to the shopping cart, continues to browse other pages, and later proceeds to checkout. These cookies prevent the shopping cart from being deleted even if the user closes their browser window. Functional Cookies:These cookies collect information about user behavior and whether the user receives error messages. Additionally, these cookies measure the loading time and the behavior of the website in various browsers. Preference Cookies:These cookies enhance user-friendliness. For example, entered locations, font sizes, or form data may be stored using these cookies. Advertising Cookies:These cookies are also known as targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very practical but also potentially annoying.Typically, when you visit a website for the first time, you will be asked which of these types of cookies you want to allow. Your decision is also stored in a cookie.If you want to learn more about cookies and don't mind technical documentation, we recommend checking out https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) called the "HTTP State Management Mechanism."The purpose of processing through cookies ultimately depends on the specific cookie in question. More details can be found below or with the manufacturer of the software that sets the cookie.As for what data is processed in cookies, it cannot be generalized as it varies depending on the specific cookie. However, we will inform you about the processed or stored data as part of the following privacy policy.The storage duration of cookies depends on the specific cookie and will be specified further below. Some cookies are deleted in less than an hour, while others can remain stored on a computer for several years.You also have control over the storage duration. You can manually delete all cookies at any time via your browser (see also "Right to Object" below). Furthermore, cookies based on consent will be deleted no later than upon the withdrawal of your consent, with the lawfulness of storage remaining unaffected until then. Right to Object – How Can I Delete Cookies?Whether and how you want to use cookies is up to you. Regardless of the service or website from which the cookies originate, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies. If you want to find out which cookies are stored in your browser, change cookie settings, or delete them, you can find this in your browser settings:- Chrome: Clear, enable, and manage cookies in Chrome- Safari: Manage cookies and website data with Safari- Firefox: Delete cookies to remove data that websites have placed on your computer- Internet Explorer: Delete and manage cookies- Microsoft Edge: Delete and manage cookies The Legal BasisIf you do not want any cookies at all, you can configure your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not. The process varies depending on the browser. It's best to search for instructions on Google using the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.Since 2009, there have been the so-called "Cookie Directives," which require consent (Article 6(1)(a) GDPR) for the storage of cookies. However, there are still very different reactions to these directives within EU countries. In Austria, these directives were implemented in § 96(3) of the Telecommunications Act (TKG). In Germany, the Cookie Directives were not implemented as national law. Instead, the implementation of these directives was largely done in § 15(3) of the Telemedia Act (TMG).For strictly necessary cookies, even in cases where no consent is given, legitimate interests exist (Article 6(1)(f) GDPR), which are usually of an economic nature. We want to provide website visitors with a pleasant user experience, and for this, certain cookies are often absolutely necessary.Where non-essential cookies are used, this is only done with your consent. The legal basis in such cases is Article 6(1)(a) GDPR.In the following sections, you will be provided with more detailed information about the use of cookies if the deployed software uses cookies. Webhosting IntroductionWebhosting Summary👥 Data Subjects: Visitors to the Website🤝 Purpose: Professional hosting of the website and ensuring its operation📓 Processed Data: IP address, time of website visit, used browser, and other data. More details can be found below or with the respective web hosting provider.📅 Storage Period: Depends on the respective provider, but typically around 2 weeks⚖️ Legal Basis: Article 6(1)(f) GDPR (Legitimate Interests) What is Webhosting?When you visit websites nowadays, certain information – including personal data – is automatically generated and stored, including on this website. This data should be processed sparingly and only with justification. By "website," we mean the entirety of all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By "domain," we mean something like example.com or sampleexample.net.When you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply refer to them as browsers or web browsers.To display the website, the browser needs to connect to another computer where the website's code is stored: the web server. Operating a web server is a complicated and labor-intensive task, which is why it is usually handled by professional providers, known as hosting providers. They offer web hosting and thus ensure the reliable and error-free storage of website data. There are many technical terms, but please stay with us; it will get better!When the browser on your computer (desktop, laptop, tablet, or smartphone) establishes a connection and during the data transfer to and from the web server, personal data processing may occur. On the one hand, your computer stores data, and on the other hand, the web server also needs to store data for a while to ensure proper operation.A picture is worth a thousand words, so the following diagram illustrates the interaction between the browser, the internet, and the hosting provider for clarification. Why Do We Process Personal Data?The purposes of data processing are as follows:1. Professional hosting of the website and ensuring its operation.2. To maintain operational and IT security.3. Anonymous analysis of access behavior to improve our offerings and, if necessary, for law enforcement or claims pursuit. What Data Is Processed?Even as you visit our website right now, our web server, which is the computer where this webpage is stored, typically automatically stores data such as:• The complete internet address (URL) of the accessed webpage.• Browser and browser version (e.g., Chrome 87).• The operating system used (e.g., Windows 10).• The address (URL) of the previously visited page (referrer URL) (e.g., https://www.example-source-site.com/how-I-got-here/).• The hostname and IP address of the accessing device (e.g., COMPUTERNAME and 194.23.43.121).• Date and time.• In files, the so-called web server log files. How Long Are Data Stored?Usually, the data mentioned above are stored for two weeks and then automatically deleted. We do not disclose this data, but we cannot rule out that it may be inspected by authorities in the event of unlawful behavior. In summary, your visit is logged by our provider (the company that runs our website on specialized computers or servers), but we do not share your data without consent. Legal BasisThe legality of processing personal data in the context of web hosting is based on Article 6(1)(f) GDPR (legitimate interests) because the use of professional hosting with a provider is necessary to securely and user-friendly present the company on the internet and to potentially pursue attacks and claims.Typically, there is a contract for order processing between us and the hosting provider in accordance with Articles 28 and following of the GDPR, which ensures compliance with data protection and guarantees data security. External Web Hosting Provider Privacy PolicyBelow you will find the contact information for our external hosting provider, where you can find more information about data processing in addition to the information above:WEB.COM Group Inc.5335 Gate Pkwy Jacksonville, FL, 32256-3070 United StatesYou can learn more about data processing with this provider in their privacy policy.
Introduction to Cookie Consent Management PlatformCookie Consent Management Platform Summary👥 Data Subjects: Website visitors🤝 Purpose: Obtaining and managing consent for specific cookies and the use of certain tools📓 Processed Data: Data for managing the configured cookie settings, such as IP address, consent timestamp, type of consent, individual consents. More details can be found in the respective tool's documentation.📅 Storage Period: Depends on the tool in use, can range from several years⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests)
What Is a Cookie Consent Management Platform?We use a Consent Management Platform (CMP) software on our website, which facilitates the correct and secure handling of scripts and cookies used. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides a legally required cookie consent for you, and helps us and you keep track of all cookies. In most Cookie Consent Management Tools, all existing cookies are identified and categorized. As a website visitor, you then decide whether and which scripts and cookies you allow or disallow. The following diagram illustrates the relationship between the browser, web server, and CMP. Why Do We Use a Cookie Management Tool?Our goal is to provide you with the best possible transparency in the field of data protection. We are also legally obliged to do so. We want to inform you as comprehensively as possible about all the tools and cookies that can store and process data from you. It is also your right to decide for yourself which cookies you accept and which you do not. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we have knowledge of all cookies and can provide you with GDPR-compliant information about them. Through the consent system, you can then accept or reject cookies. What Data Is Processed?In the context of our cookie management tool, you can manage each individual cookie yourself and have full control over the storage and processing of your data. The explanation of your consent is stored so that we do not have to ask you for it again on each new visit to our website, and we can provide proof of your consent if legally required. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent may vary. Usually, this data (such as pseudonymous user ID, consent timestamp, detailed information about cookie categories or tools, browser, device information) is stored for up to two years.
Duration of Data ProcessingWe will inform you about the duration of data processing below if we have further information on this. In general, we process personal data only for as long as it is absolutely necessary to provide our services and products. Data stored in cookies is kept for different durations. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years. The exact duration of data processing depends on the tool used, but most often you should expect data to be stored for several years. In the respective privacy policies of individual providers, you will usually find precise information about the duration of data processing. Right to ObjectYou also have the right and the possibility to revoke your consent to the use of cookies at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can prevent data collection through cookies by managing, disabling, or deleting cookies in your browser. Legal BasisWhen you consent to cookies, personal data about you is processed and stored through these cookies. If we are allowed to use cookies through your consent (Article 6(1)(a) GDPR), this consent is also the legal basis for the use of cookies or the processing of your data. To manage your consent to cookies and enable you to give your consent, a Cookie Consent Management Platform software is used. The use of this software enables us to operate the website in a legally compliant manner in an efficient way, which represents a legitimate interest (Article 6(1)(f) GDPR). Security & Anti-Spam Privacy Policy Summary👥 Data Subjects: Website visitors🤝 Purpose: Cybersecurity📓 Processed Data: Data such as your IP address, name, or technical data like browser versionMore details can be found below and in the individual privacy policies.📅 Storage Duration: Most data is stored until it is no longer needed to fulfill the service⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests) What Is Security & Anti-Spam Software?Security & Anti-Spam software is used to protect yourself and us from various spam or phishing emails and potential other cyberattacks. Spam refers to mass-sent promotional emails that you did not request. Such emails are also called junk mail and can incur costs. Phishing emails, on the other hand, are messages aimed at building trust through fake messages or websites to obtain personal data. Anti-Spam software typically protects against unwanted spam messages or malicious emails that could introduce viruses into our system. We also use general firewall and security systems to protect our computers from unwanted network attacks. Why Do We Use Security & Anti-Spam Software?We place a high value on security on our website. After all, it is not only about our security but especially about yours. Unfortunately, cyber threats are now part of everyday life in the world of IT and the internet. Hackers often attempt to steal personal data from an IT system through a cyberattack. Therefore, a good defense system is absolutely necessary. A security system monitors all incoming and outgoing connections to our network or computer. To achieve even greater security against cyberattacks, we use additional external security services alongside the standardized security systems on our computer. Unauthorized data traffic is thus better prevented, protecting us from cybercrime. What Data Is Processed by Security & Anti-Spam Software?The specific data collected and stored depends on the respective service. However, we always strive to use programs that collect data very sparingly or only store data that is necessary to fulfill the offered service. In general, the service may collect data such as name, address, IP address, email address, and technical data like browser type or version. Performance and log data may also be collected to detect potential incoming threats in a timely manner. These data are processed as part of the services and in compliance with applicable laws. This also includes compliance with the GDPR for US-based providers (via standard contractual clauses). In some cases, these security services may also work with third-party providers who store and/or process data under instruction and in accordance with privacy policies and other security measures. Data storage is often done through cookies. Duration of Data ProcessingWe will inform you about the duration of data processing below if we have further information on this. For example, security programs may store data until you or we revoke data storage. Generally, personal data is only stored for as long as it is absolutely necessary to provide the services. In many cases, we unfortunately lack precise information from providers about the duration of storage. Right to ObjectYou also have the right and the possibility to revoke your consent to the use of cookies or third-party security software at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can prevent data collection through cookies by managing, disabling, or deleting cookies in your browser. Legal BasisWe primarily use security services based on our legitimate interests (Art. 6(1)(f) GDPR) in a good security system against various cyberattacks.Certain processing, especially the use of cookies and the use of security features, requires your consent. If you have consented to the processing and storage of data by embedded security services, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the services we use set cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and view the privacy policy or cookie policies of the respective service provider.Information about specific tools can be found in the following sections, if available. Cloud ServicesCloud Services Privacy Policy Summary👥 Data Subjects: We as website operators and you as website visitors🤝 Purpose: Security and data storage📓 Processed Data: Data such as your IP address, name, or technical data like browser versionMore details can be found below and in the individual privacy policies or in the privacy policies of the providers.📅 Storage Duration: Most data is stored until it is no longer needed to fulfill the service⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests) What Are Cloud Services?Cloud services provide us as website operators with storage space and computing power over the internet. Data can be transmitted, processed, and stored in an external system via the internet. The management of this data is handled by the respective cloud provider. Depending on the requirements, an individual or a company can choose the size of storage space or computing power. Cloud storage is accessed through an API or storage protocols. API stands for Application Programming Interface and refers to a programming interface that connects software with hardware components. Why Do We Use Cloud Services?We use cloud services for several reasons. A cloud service allows us to securely store our data. Additionally, we can access the data from various locations and devices, providing us with more flexibility and simplifying our work processes. Cloud storage also saves us costs because we do not need to establish and manage our own infrastructure for data storage and security. By centrally storing our data in the cloud, we can expand our fields of application and manage our information much more effectively.As website operators or as a company, we primarily use cloud services for our own purposes. For example, we use these services to manage our calendar or to store documents and other important information in the cloud. However, this may also involve the storage of personal data provided by you. This is the case, for example, when you provide us with your contact information (such as name and email address), and we store our customer data with a cloud provider. As a result, data that we process from you may also be stored and processed on external servers. If we offer certain forms or content from cloud services on our website, cookies for web analytics and advertising purposes may also be set. Furthermore, such cookies remember your settings (such as the language used) so that you will find your familiar web environment on your next visit to our website. What Data Is Processed by Cloud Services?Many of the data stored in the cloud by us do not have any personal reference, but some data falls under the definition of personal data according to the GDPR. This often includes customer data such as name, address, IP address, or phone number, or technical device information. Videos, images, and audio files can also be stored in the cloud. The exact collection and storage of data depend on the respective service. We strive to use only services that handle data very responsibly and professionally. In general, services like Amazon Drive have access to stored files in order to provide and optimize their own service accordingly. However, these services require permissions, such as the right to copy files for security reasons. This data is processed and managed as part of the services and in compliance with applicable laws, including the GDPR for US-based providers (via standard contractual clauses). In some cases, these cloud services may also collaborate with third-party providers who can process data under instruction and in accordance with privacy policies and other security measures. We would like to emphasize once again that all well-known cloud services (such as Amazon Drive, Google Drive, or Microsoft OneDrive) request the right to access stored content in order to offer and optimize their own service. Duration of Data ProcessingWe will inform you about the duration of data processing below if we have further information on this. In general, cloud services store data until you or we revoke data storage or delete the data. Generally, personal data is only stored for as long as it is absolutely necessary to provide the services. However, final data deletion from the cloud can take several months. This is because data is usually not stored on a single server but distributed across multiple servers. Right to ObjectYou also have the right and the possibility to revoke your consent to data storage in a cloud at any time. If cookies are used, you also have the right to object here. This can be done either through our cookie management tool or through other opt-out functions. For example, you can prevent data collection through cookies by managing, disabling, or deleting cookies in your browser. We also recommend our general privacy policy on cookies. To find out exactly which data of yours is stored and processed, you should read the privacy policies of the respective cloud providers. Legal BasisWe primarily use cloud services based on our legitimate interests (Art. 6(1)(f) GDPR) in a good security and storage system.Certain processing, especially the use of cookies and the use of storage functions, requires your consent. If you have consented to the processing and storage of data by cloud services, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the services we use set cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and view the privacy policy or cookie policies of the respective service provider.Information about specific tools can be found in the following sections, if available. Google Cloud Privacy PolicyWe use Google Cloud, an online storage service for files, photos, and videos, for our website. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google processes data from you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. Additionally, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de Google provides a contract for data processing in accordance with Art. 28 GDPR, which serves as the data protection basis for our customer relationship with Google. This contract refers to the EU Standard Contractual Clauses. You can find the data processing terms here: https://business.safety.google/intl/de/adsprocessorterms/ You can learn more about the data processed through the use of Google Cloud in the Privacy Policy at https://policies.google.com/privacy?hl=de. Video Conferences & Streaming IntroductionVideo Conferences & Streaming Privacy Policy Summary👥 Affected Parties: Users who use our video conferencing or streaming tools🤝 Purpose: Communication and presentation of content📓 Processed Data: Access statistics containing data such as name, address, contact details, email address, telephone number, or IP address. For more details, refer to the respective video conferencing or streaming tool.📅 Storage Duration: Dependent on the video conferencing or streaming tool used⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests), Art. 6(1)(b) GDPR (Contract) What are Video Conferences & Streaming?We use software programs that enable us to conduct video conferences, online meetings, webinars, display sharing, and/or streaming. During a video conference or streaming session, information is transmitted simultaneously through audio and moving images. With the help of such video conferencing or streaming tools, we can communicate quickly and easily over the internet with customers, business partners, clients, and employees. Naturally, we ensure compliance with the applicable legal framework when selecting service providers.In general, third-party providers may process data when you interact with the software program. Third-party providers of video conferencing or streaming solutions use your data and metadata for various purposes. The data helps enhance the tool's security and improve the service. In most cases, data may also be used for the third-party provider's own marketing purposes. Why Do We Use Video Conferences & Streaming on Our Website?We want to communicate with you, our customers, and business partners digitally, quickly, conveniently, and securely. This works best with user-friendly video conferencing solutions. Most tools also work directly through your browser, and with just a few clicks, you can join a video meeting. These tools also offer useful additional features such as chat and screen sharing or the ability to share content among meeting participants. What Data Is Processed?When you participate in our video conference or streaming, your data is also processed and stored on the servers of the respective service provider.The specific data that is stored depends on the solutions used. Each provider stores and processes different amounts and types of data. However, in most cases, most providers store your name, address, contact details such as your email address or phone number, and your IP address. Additionally, information about the device you use, usage data such as which websites you visit, when you visit a website, or which buttons you click may also be stored. Data shared within the video conference, such as photos, videos, texts, can also be stored. Data Processing DurationInformation about the duration of data processing will be provided further below in connection with the specific service, if we have more information on that topic. In general, we process personal data only as long as it is strictly necessary for providing our services and products. It is possible that the provider stores data from you according to their own criteria, over which we have no control. Right to ObjectYou always have the right to access, rectify, and delete your personal data. If you have any questions, you can also contact the responsible party for the video conferencing or streaming tools used. Contact information can be found in our specific privacy policy or on the website of the respective provider.Cookies used by providers for their functions can be deleted, disabled, or managed in your browser. Depending on which browser you use, this may work differently. However, please note that some functions may no longer work as expected if you do this. Legal BasisIf you have consented to the processing and storage of your data by the video or streaming solution, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Additionally, we may offer a video conference as part of our services if it has been contractually agreed with you in advance (Art. 6(1)(b) GDPR). Generally, your data is also processed based on our legitimate interests (Art. 6(1)(f) GDPR) in efficient and effective communication with you or other customers and business partners, but only if you have at least consented. Most video or streaming solutions also use cookies in your browser to store data. Therefore, we recommend reading our cookie privacy policy carefully and reviewing the privacy policy or cookie guidelines of the respective service provider for details.Information on specific video conferencing and streaming solutions can be found, if available, in the following sections. Explanation of Used TermsWe always strive to make our privacy policy as clear and understandable as possible. However, in technical and legal matters, it is not always easy. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we do not want to use these terms without explanation. Below is an alphabetical list of important terms used, which we may not have sufficiently addressed in the previous privacy policy. If these terms are derived from the GDPR and are definitions, we will also provide the GDPR texts and, if necessary, add our own explanations.
Data ProcessorDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"processor" means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;Explanation: As a company and website owner, we are responsible for all the data we process from you. In addition to controllers, there may also be data processors. This includes any company or person that processes personal data on our behalf. Data processors can include service providers such as accountants, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft, among others. File SystemDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"filing system" means any structured collection of personal data that are accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis;Explanation: Any organized storage of data on a computer's storage device is referred to as a "file system." For example, if we store your name and email address on a server for our newsletter, this data is in a "file system." The key functions of a "file system" include rapid searching and retrieval of specific data and, of course, the secure storage of data.
ConsentDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"consent" of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;Explanation: In most cases on websites, such consent is obtained through a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner if you consent to data processing. You can often make individual settings and decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data can be processed. In principle, consent can also be given in writing, not just through a tool. Personal DataDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;Explanation: Personal data is any data that can identify you as an individual. Typically, these are data such as:- Name- Address- Email address- Postal address- Phone number- Date of birth- Identification numbers such as social security number, tax identification number, ID number, or student number- Bank data such as account number, credit information, account balances, and more.According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and subsequently identify you as the account holder. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called "special categories" of personal data, which are particularly sensitive. These include:- Racial and ethnic origin- Political opinions- Religious or philosophical beliefs- Trade union membership- Genetic data, such as data taken from blood or saliva samples- Biometric data (information about psychological, physical, or behavioral characteristics that can identify a person)- Health data- Data about sexual orientation or sex life ProfilingDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;Explanation: Profiling involves gathering various pieces of information about a person to learn more about them. In the web context, profiling is often used for advertising purposes or for credit checks. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile that can be used to target advertising to a particular audience. ControllerDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;Explanation: In our case, we are responsible for processing your personal data and, therefore, the "controller." When we share collected data with other service providers for processing, they are considered "processors." For this, a "data processing agreement (DPA)" must be signed. ProcessingDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction;Note: When we refer to processing in our privacy policy, we mean any kind of data processing. This includes, as mentioned in the original GDPR definition above, not only collecting but also storing and processing data. Closing WordsCongratulations! If you are reading these lines, you have really "fought your way through" our entire privacy policy or at least scrolled down to this point. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously.It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. However, we not only want to inform you about the data that is processed but also bring you closer to the reasons for using various software programs. Privacy policies usually sound very technical and legal. However, since most of you are not web developers or lawyers, we wanted to take a different approach in terms of language and explain the matter in simple and clear terms. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy.If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible entity. We wish you a pleasant time and hope to welcome you back to our website soon. All texts are protected by copyright. Source: Created with the privacy policy generator from AdSimple.
Data Processing SecurityTo protect personal data, we have implemented both technical and organizational measures. Wherever possible, we encrypt or pseudonymize personal data. This means that, within the scope of our capabilities, we make it as difficult as possible for third parties to deduce personal information from our data.Article 25 of the GDPR refers to this as "data protection by design and by default," emphasizing the importance of considering security in both software (e.g., forms) and hardware (e.g., server room access) and taking appropriate measures. Below, if necessary, we will provide details about specific measures. TLS Encryption with HTTPSTLS, encryption, and HTTPS may sound highly technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure), which stands for "secure hypertext transfer protocol," to transmit data securely over the internet.This means that the entire transmission of data from your browser to our web server is secured, and no one can eavesdrop.By implementing HTTPS, we have added an extra layer of security and comply with data protection by design (Article 25(1) GDPR). Through the use of TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.You can recognize the use of this data transmission security by the small padlock symbol located at the top left of your browser, next to the web address (e.g., examplepage.com), and the use of the "https" scheme instead of "http" in our web address.If you want to learn more about encryption, we recommend doing a Google search for "Hypertext Transfer Protocol Secure wiki" to find useful links to further information. CommunicationCommunication Summary:👥 Data Subjects: Anyone who communicates with us via phone, email, or online forms.📓 Processed Data: Examples include phone numbers, names, email addresses, and data entered into forms. More details can be found for each respective method of contact.🤝 Purpose: Handling communication with customers, business partners, etc.📅 Data Retention: For the duration of the business transaction and in compliance with legal requirements.⚖️ Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(b) GDPR (Contract), Article 6(1)(f) GDPR (Legitimate Interests)When you contact us and communicate via phone, email, or online forms, there may be the processing of personal data.The data is processed for the purpose of handling and responding to your inquiry and related business transactions. The data is retained for as long as necessary or as required by law.Data SubjectsAll individuals who seek contact with us through the communication channels we provide are affected by the processes mentioned.PhoneWhen you call us, call data is pseudonymized and stored on the respective device and with the telecommunications provider used. Additionally, data such as name and phone number may be sent via email and stored for the purpose of responding to the inquiry. The data is deleted once the business transaction is completed and legal requirements permit.EmailWhen you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data is stored on the email server. The data is deleted once the business transaction is completed and legal requirements permit.Online FormsWhen you communicate with us using online forms, data is stored on our web server and may be forwarded to one of our email addresses. The data is deleted once the business transaction is completed and legal requirements permit.Legal BasisThe processing of data is based on the following legal bases:• Article 6(1)(a) GDPR (Consent): You give us consent to store your data and use it for purposes related to the business transaction.• Article 6(1)(b) GDPR (Contract): There is a necessity for the performance of a contract with you or a data processor, such as the telephone provider, or we need to process data for pre-contractual activities, such as preparing an offer.• Article 6(1)(f) GDPR (Legitimate Interests): We aim to conduct customer inquiries and business communication in a professional context. Certain technical facilities, such as email programs, exchange servers, and mobile network operators, are necessary to efficiently manage communication. CookiesCookies Summary:👥 Data Subjects: Website visitors.🤝 Purpose: Depends on the specific cookie. More details can be found below or with the software manufacturer that sets the cookie.📓 Processed Data: Depends on the specific cookie. More details can be found below or with the software manufacturer that sets the cookie.📅 Data Retention: Depends on the specific cookie, ranging from hours to years.⚖️ Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests) What are Cookies?Our website uses HTTP cookies to store user-specific data.In the following, we explain what cookies are and why they are used so that you can better understand the following privacy policy.Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.One thing is for sure: cookies are really useful little helpers. Almost all websites use cookies. More specifically, these are HTTP cookies, as there are also other cookies for different application areas. HTTP cookies are small files that are stored by our website on your computer. These cookie files are automatically placed in the cookie folder, which is essentially your browser's "brain." A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.Cookies store certain user data from you, such as language or personal page settings. When you revisit our site, your browser sends the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.The following diagram shows a possible interaction between a web browser like Chrome and the web server. In this scenario, the web browser requests a website and receives a cookie from the server, which the browser uses again when requesting another page.There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie needs to be evaluated individually as each cookie stores different data. The expiration time of a cookie also varies, ranging from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans, or other "malware." Cookies also cannot access information on your PC. Here's how cookie data can look:Name: _gaValue: GA1.2.1326744211.152112631098-9Purpose: Distinguishing website visitorsExpiration Date: after 2 yearsBrowsers should support at least these minimum sizes for cookies:• At least 4096 bytes per cookie• At least 50 cookies per domain• At least 3000 cookies in total Types of Cookies:The specific types of cookies we use depend on the services used and will be explained in the following sections of the privacy policy. At this point, we'd like to briefly discuss the different types of HTTP cookies. There are 4 types of cookies that can be distinguished: Essential Cookies:These cookies are necessary to ensure the basic functionality of the website. For example, these cookies are needed when a user adds a product to the shopping cart, continues to browse other pages, and later proceeds to checkout. These cookies prevent the shopping cart from being deleted even if the user closes their browser window. Functional Cookies:These cookies collect information about user behavior and whether the user receives error messages. Additionally, these cookies measure the loading time and the behavior of the website in various browsers. Preference Cookies:These cookies enhance user-friendliness. For example, entered locations, font sizes, or form data may be stored using these cookies. Advertising Cookies:These cookies are also known as targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very practical but also potentially annoying.Typically, when you visit a website for the first time, you will be asked which of these types of cookies you want to allow. Your decision is also stored in a cookie.If you want to learn more about cookies and don't mind technical documentation, we recommend checking out https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) called the "HTTP State Management Mechanism."The purpose of processing through cookies ultimately depends on the specific cookie in question. More details can be found below or with the manufacturer of the software that sets the cookie.As for what data is processed in cookies, it cannot be generalized as it varies depending on the specific cookie. However, we will inform you about the processed or stored data as part of the following privacy policy.The storage duration of cookies depends on the specific cookie and will be specified further below. Some cookies are deleted in less than an hour, while others can remain stored on a computer for several years.You also have control over the storage duration. You can manually delete all cookies at any time via your browser (see also "Right to Object" below). Furthermore, cookies based on consent will be deleted no later than upon the withdrawal of your consent, with the lawfulness of storage remaining unaffected until then. Right to Object – How Can I Delete Cookies?Whether and how you want to use cookies is up to you. Regardless of the service or website from which the cookies originate, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies. If you want to find out which cookies are stored in your browser, change cookie settings, or delete them, you can find this in your browser settings:- Chrome: Clear, enable, and manage cookies in Chrome- Safari: Manage cookies and website data with Safari- Firefox: Delete cookies to remove data that websites have placed on your computer- Internet Explorer: Delete and manage cookies- Microsoft Edge: Delete and manage cookies The Legal BasisIf you do not want any cookies at all, you can configure your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not. The process varies depending on the browser. It's best to search for instructions on Google using the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.Since 2009, there have been the so-called "Cookie Directives," which require consent (Article 6(1)(a) GDPR) for the storage of cookies. However, there are still very different reactions to these directives within EU countries. In Austria, these directives were implemented in § 96(3) of the Telecommunications Act (TKG). In Germany, the Cookie Directives were not implemented as national law. Instead, the implementation of these directives was largely done in § 15(3) of the Telemedia Act (TMG).For strictly necessary cookies, even in cases where no consent is given, legitimate interests exist (Article 6(1)(f) GDPR), which are usually of an economic nature. We want to provide website visitors with a pleasant user experience, and for this, certain cookies are often absolutely necessary.Where non-essential cookies are used, this is only done with your consent. The legal basis in such cases is Article 6(1)(a) GDPR.In the following sections, you will be provided with more detailed information about the use of cookies if the deployed software uses cookies. Webhosting IntroductionWebhosting Summary👥 Data Subjects: Visitors to the Website🤝 Purpose: Professional hosting of the website and ensuring its operation📓 Processed Data: IP address, time of website visit, used browser, and other data. More details can be found below or with the respective web hosting provider.📅 Storage Period: Depends on the respective provider, but typically around 2 weeks⚖️ Legal Basis: Article 6(1)(f) GDPR (Legitimate Interests) What is Webhosting?When you visit websites nowadays, certain information – including personal data – is automatically generated and stored, including on this website. This data should be processed sparingly and only with justification. By "website," we mean the entirety of all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By "domain," we mean something like example.com or sampleexample.net.When you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply refer to them as browsers or web browsers.To display the website, the browser needs to connect to another computer where the website's code is stored: the web server. Operating a web server is a complicated and labor-intensive task, which is why it is usually handled by professional providers, known as hosting providers. They offer web hosting and thus ensure the reliable and error-free storage of website data. There are many technical terms, but please stay with us; it will get better!When the browser on your computer (desktop, laptop, tablet, or smartphone) establishes a connection and during the data transfer to and from the web server, personal data processing may occur. On the one hand, your computer stores data, and on the other hand, the web server also needs to store data for a while to ensure proper operation.A picture is worth a thousand words, so the following diagram illustrates the interaction between the browser, the internet, and the hosting provider for clarification. Why Do We Process Personal Data?The purposes of data processing are as follows:1. Professional hosting of the website and ensuring its operation.2. To maintain operational and IT security.3. Anonymous analysis of access behavior to improve our offerings and, if necessary, for law enforcement or claims pursuit. What Data Is Processed?Even as you visit our website right now, our web server, which is the computer where this webpage is stored, typically automatically stores data such as:• The complete internet address (URL) of the accessed webpage.• Browser and browser version (e.g., Chrome 87).• The operating system used (e.g., Windows 10).• The address (URL) of the previously visited page (referrer URL) (e.g., https://www.example-source-site.com/how-I-got-here/).• The hostname and IP address of the accessing device (e.g., COMPUTERNAME and 194.23.43.121).• Date and time.• In files, the so-called web server log files. How Long Are Data Stored?Usually, the data mentioned above are stored for two weeks and then automatically deleted. We do not disclose this data, but we cannot rule out that it may be inspected by authorities in the event of unlawful behavior. In summary, your visit is logged by our provider (the company that runs our website on specialized computers or servers), but we do not share your data without consent. Legal BasisThe legality of processing personal data in the context of web hosting is based on Article 6(1)(f) GDPR (legitimate interests) because the use of professional hosting with a provider is necessary to securely and user-friendly present the company on the internet and to potentially pursue attacks and claims.Typically, there is a contract for order processing between us and the hosting provider in accordance with Articles 28 and following of the GDPR, which ensures compliance with data protection and guarantees data security. External Web Hosting Provider Privacy PolicyBelow you will find the contact information for our external hosting provider, where you can find more information about data processing in addition to the information above:WEB.COM Group Inc.5335 Gate Pkwy Jacksonville, FL, 32256-3070 United StatesYou can learn more about data processing with this provider in their privacy policy.
Introduction to Cookie Consent Management PlatformCookie Consent Management Platform Summary👥 Data Subjects: Website visitors🤝 Purpose: Obtaining and managing consent for specific cookies and the use of certain tools📓 Processed Data: Data for managing the configured cookie settings, such as IP address, consent timestamp, type of consent, individual consents. More details can be found in the respective tool's documentation.📅 Storage Period: Depends on the tool in use, can range from several years⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests)
What Is a Cookie Consent Management Platform?We use a Consent Management Platform (CMP) software on our website, which facilitates the correct and secure handling of scripts and cookies used. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides a legally required cookie consent for you, and helps us and you keep track of all cookies. In most Cookie Consent Management Tools, all existing cookies are identified and categorized. As a website visitor, you then decide whether and which scripts and cookies you allow or disallow. The following diagram illustrates the relationship between the browser, web server, and CMP. Why Do We Use a Cookie Management Tool?Our goal is to provide you with the best possible transparency in the field of data protection. We are also legally obliged to do so. We want to inform you as comprehensively as possible about all the tools and cookies that can store and process data from you. It is also your right to decide for yourself which cookies you accept and which you do not. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we have knowledge of all cookies and can provide you with GDPR-compliant information about them. Through the consent system, you can then accept or reject cookies. What Data Is Processed?In the context of our cookie management tool, you can manage each individual cookie yourself and have full control over the storage and processing of your data. The explanation of your consent is stored so that we do not have to ask you for it again on each new visit to our website, and we can provide proof of your consent if legally required. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent may vary. Usually, this data (such as pseudonymous user ID, consent timestamp, detailed information about cookie categories or tools, browser, device information) is stored for up to two years.
Duration of Data ProcessingWe will inform you about the duration of data processing below if we have further information on this. In general, we process personal data only for as long as it is absolutely necessary to provide our services and products. Data stored in cookies is kept for different durations. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years. The exact duration of data processing depends on the tool used, but most often you should expect data to be stored for several years. In the respective privacy policies of individual providers, you will usually find precise information about the duration of data processing. Right to ObjectYou also have the right and the possibility to revoke your consent to the use of cookies at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can prevent data collection through cookies by managing, disabling, or deleting cookies in your browser. Legal BasisWhen you consent to cookies, personal data about you is processed and stored through these cookies. If we are allowed to use cookies through your consent (Article 6(1)(a) GDPR), this consent is also the legal basis for the use of cookies or the processing of your data. To manage your consent to cookies and enable you to give your consent, a Cookie Consent Management Platform software is used. The use of this software enables us to operate the website in a legally compliant manner in an efficient way, which represents a legitimate interest (Article 6(1)(f) GDPR). Security & Anti-Spam Privacy Policy Summary👥 Data Subjects: Website visitors🤝 Purpose: Cybersecurity📓 Processed Data: Data such as your IP address, name, or technical data like browser versionMore details can be found below and in the individual privacy policies.📅 Storage Duration: Most data is stored until it is no longer needed to fulfill the service⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests) What Is Security & Anti-Spam Software?Security & Anti-Spam software is used to protect yourself and us from various spam or phishing emails and potential other cyberattacks. Spam refers to mass-sent promotional emails that you did not request. Such emails are also called junk mail and can incur costs. Phishing emails, on the other hand, are messages aimed at building trust through fake messages or websites to obtain personal data. Anti-Spam software typically protects against unwanted spam messages or malicious emails that could introduce viruses into our system. We also use general firewall and security systems to protect our computers from unwanted network attacks. Why Do We Use Security & Anti-Spam Software?We place a high value on security on our website. After all, it is not only about our security but especially about yours. Unfortunately, cyber threats are now part of everyday life in the world of IT and the internet. Hackers often attempt to steal personal data from an IT system through a cyberattack. Therefore, a good defense system is absolutely necessary. A security system monitors all incoming and outgoing connections to our network or computer. To achieve even greater security against cyberattacks, we use additional external security services alongside the standardized security systems on our computer. Unauthorized data traffic is thus better prevented, protecting us from cybercrime. What Data Is Processed by Security & Anti-Spam Software?The specific data collected and stored depends on the respective service. However, we always strive to use programs that collect data very sparingly or only store data that is necessary to fulfill the offered service. In general, the service may collect data such as name, address, IP address, email address, and technical data like browser type or version. Performance and log data may also be collected to detect potential incoming threats in a timely manner. These data are processed as part of the services and in compliance with applicable laws. This also includes compliance with the GDPR for US-based providers (via standard contractual clauses). In some cases, these security services may also work with third-party providers who store and/or process data under instruction and in accordance with privacy policies and other security measures. Data storage is often done through cookies. Duration of Data ProcessingWe will inform you about the duration of data processing below if we have further information on this. For example, security programs may store data until you or we revoke data storage. Generally, personal data is only stored for as long as it is absolutely necessary to provide the services. In many cases, we unfortunately lack precise information from providers about the duration of storage. Right to ObjectYou also have the right and the possibility to revoke your consent to the use of cookies or third-party security software at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can prevent data collection through cookies by managing, disabling, or deleting cookies in your browser. Legal BasisWe primarily use security services based on our legitimate interests (Art. 6(1)(f) GDPR) in a good security system against various cyberattacks.Certain processing, especially the use of cookies and the use of security features, requires your consent. If you have consented to the processing and storage of data by embedded security services, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the services we use set cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and view the privacy policy or cookie policies of the respective service provider.Information about specific tools can be found in the following sections, if available. Cloud ServicesCloud Services Privacy Policy Summary👥 Data Subjects: We as website operators and you as website visitors🤝 Purpose: Security and data storage📓 Processed Data: Data such as your IP address, name, or technical data like browser versionMore details can be found below and in the individual privacy policies or in the privacy policies of the providers.📅 Storage Duration: Most data is stored until it is no longer needed to fulfill the service⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests) What Are Cloud Services?Cloud services provide us as website operators with storage space and computing power over the internet. Data can be transmitted, processed, and stored in an external system via the internet. The management of this data is handled by the respective cloud provider. Depending on the requirements, an individual or a company can choose the size of storage space or computing power. Cloud storage is accessed through an API or storage protocols. API stands for Application Programming Interface and refers to a programming interface that connects software with hardware components. Why Do We Use Cloud Services?We use cloud services for several reasons. A cloud service allows us to securely store our data. Additionally, we can access the data from various locations and devices, providing us with more flexibility and simplifying our work processes. Cloud storage also saves us costs because we do not need to establish and manage our own infrastructure for data storage and security. By centrally storing our data in the cloud, we can expand our fields of application and manage our information much more effectively.As website operators or as a company, we primarily use cloud services for our own purposes. For example, we use these services to manage our calendar or to store documents and other important information in the cloud. However, this may also involve the storage of personal data provided by you. This is the case, for example, when you provide us with your contact information (such as name and email address), and we store our customer data with a cloud provider. As a result, data that we process from you may also be stored and processed on external servers. If we offer certain forms or content from cloud services on our website, cookies for web analytics and advertising purposes may also be set. Furthermore, such cookies remember your settings (such as the language used) so that you will find your familiar web environment on your next visit to our website. What Data Is Processed by Cloud Services?Many of the data stored in the cloud by us do not have any personal reference, but some data falls under the definition of personal data according to the GDPR. This often includes customer data such as name, address, IP address, or phone number, or technical device information. Videos, images, and audio files can also be stored in the cloud. The exact collection and storage of data depend on the respective service. We strive to use only services that handle data very responsibly and professionally. In general, services like Amazon Drive have access to stored files in order to provide and optimize their own service accordingly. However, these services require permissions, such as the right to copy files for security reasons. This data is processed and managed as part of the services and in compliance with applicable laws, including the GDPR for US-based providers (via standard contractual clauses). In some cases, these cloud services may also collaborate with third-party providers who can process data under instruction and in accordance with privacy policies and other security measures. We would like to emphasize once again that all well-known cloud services (such as Amazon Drive, Google Drive, or Microsoft OneDrive) request the right to access stored content in order to offer and optimize their own service. Duration of Data ProcessingWe will inform you about the duration of data processing below if we have further information on this. In general, cloud services store data until you or we revoke data storage or delete the data. Generally, personal data is only stored for as long as it is absolutely necessary to provide the services. However, final data deletion from the cloud can take several months. This is because data is usually not stored on a single server but distributed across multiple servers. Right to ObjectYou also have the right and the possibility to revoke your consent to data storage in a cloud at any time. If cookies are used, you also have the right to object here. This can be done either through our cookie management tool or through other opt-out functions. For example, you can prevent data collection through cookies by managing, disabling, or deleting cookies in your browser. We also recommend our general privacy policy on cookies. To find out exactly which data of yours is stored and processed, you should read the privacy policies of the respective cloud providers. Legal BasisWe primarily use cloud services based on our legitimate interests (Art. 6(1)(f) GDPR) in a good security and storage system.Certain processing, especially the use of cookies and the use of storage functions, requires your consent. If you have consented to the processing and storage of data by cloud services, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the services we use set cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and view the privacy policy or cookie policies of the respective service provider.Information about specific tools can be found in the following sections, if available. Google Cloud Privacy PolicyWe use Google Cloud, an online storage service for files, photos, and videos, for our website. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google processes data from you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. Additionally, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de Google provides a contract for data processing in accordance with Art. 28 GDPR, which serves as the data protection basis for our customer relationship with Google. This contract refers to the EU Standard Contractual Clauses. You can find the data processing terms here: https://business.safety.google/intl/de/adsprocessorterms/ You can learn more about the data processed through the use of Google Cloud in the Privacy Policy at https://policies.google.com/privacy?hl=de. Video Conferences & Streaming IntroductionVideo Conferences & Streaming Privacy Policy Summary👥 Affected Parties: Users who use our video conferencing or streaming tools🤝 Purpose: Communication and presentation of content📓 Processed Data: Access statistics containing data such as name, address, contact details, email address, telephone number, or IP address. For more details, refer to the respective video conferencing or streaming tool.📅 Storage Duration: Dependent on the video conferencing or streaming tool used⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests), Art. 6(1)(b) GDPR (Contract) What are Video Conferences & Streaming?We use software programs that enable us to conduct video conferences, online meetings, webinars, display sharing, and/or streaming. During a video conference or streaming session, information is transmitted simultaneously through audio and moving images. With the help of such video conferencing or streaming tools, we can communicate quickly and easily over the internet with customers, business partners, clients, and employees. Naturally, we ensure compliance with the applicable legal framework when selecting service providers.In general, third-party providers may process data when you interact with the software program. Third-party providers of video conferencing or streaming solutions use your data and metadata for various purposes. The data helps enhance the tool's security and improve the service. In most cases, data may also be used for the third-party provider's own marketing purposes. Why Do We Use Video Conferences & Streaming on Our Website?We want to communicate with you, our customers, and business partners digitally, quickly, conveniently, and securely. This works best with user-friendly video conferencing solutions. Most tools also work directly through your browser, and with just a few clicks, you can join a video meeting. These tools also offer useful additional features such as chat and screen sharing or the ability to share content among meeting participants. What Data Is Processed?When you participate in our video conference or streaming, your data is also processed and stored on the servers of the respective service provider.The specific data that is stored depends on the solutions used. Each provider stores and processes different amounts and types of data. However, in most cases, most providers store your name, address, contact details such as your email address or phone number, and your IP address. Additionally, information about the device you use, usage data such as which websites you visit, when you visit a website, or which buttons you click may also be stored. Data shared within the video conference, such as photos, videos, texts, can also be stored. Data Processing DurationInformation about the duration of data processing will be provided further below in connection with the specific service, if we have more information on that topic. In general, we process personal data only as long as it is strictly necessary for providing our services and products. It is possible that the provider stores data from you according to their own criteria, over which we have no control. Right to ObjectYou always have the right to access, rectify, and delete your personal data. If you have any questions, you can also contact the responsible party for the video conferencing or streaming tools used. Contact information can be found in our specific privacy policy or on the website of the respective provider.Cookies used by providers for their functions can be deleted, disabled, or managed in your browser. Depending on which browser you use, this may work differently. However, please note that some functions may no longer work as expected if you do this. Legal BasisIf you have consented to the processing and storage of your data by the video or streaming solution, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Additionally, we may offer a video conference as part of our services if it has been contractually agreed with you in advance (Art. 6(1)(b) GDPR). Generally, your data is also processed based on our legitimate interests (Art. 6(1)(f) GDPR) in efficient and effective communication with you or other customers and business partners, but only if you have at least consented. Most video or streaming solutions also use cookies in your browser to store data. Therefore, we recommend reading our cookie privacy policy carefully and reviewing the privacy policy or cookie guidelines of the respective service provider for details.Information on specific video conferencing and streaming solutions can be found, if available, in the following sections. Explanation of Used TermsWe always strive to make our privacy policy as clear and understandable as possible. However, in technical and legal matters, it is not always easy. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we do not want to use these terms without explanation. Below is an alphabetical list of important terms used, which we may not have sufficiently addressed in the previous privacy policy. If these terms are derived from the GDPR and are definitions, we will also provide the GDPR texts and, if necessary, add our own explanations.
Data ProcessorDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"processor" means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;Explanation: As a company and website owner, we are responsible for all the data we process from you. In addition to controllers, there may also be data processors. This includes any company or person that processes personal data on our behalf. Data processors can include service providers such as accountants, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft, among others. File SystemDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"filing system" means any structured collection of personal data that are accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis;Explanation: Any organized storage of data on a computer's storage device is referred to as a "file system." For example, if we store your name and email address on a server for our newsletter, this data is in a "file system." The key functions of a "file system" include rapid searching and retrieval of specific data and, of course, the secure storage of data.
ConsentDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"consent" of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;Explanation: In most cases on websites, such consent is obtained through a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner if you consent to data processing. You can often make individual settings and decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data can be processed. In principle, consent can also be given in writing, not just through a tool. Personal DataDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;Explanation: Personal data is any data that can identify you as an individual. Typically, these are data such as:- Name- Address- Email address- Postal address- Phone number- Date of birth- Identification numbers such as social security number, tax identification number, ID number, or student number- Bank data such as account number, credit information, account balances, and more.According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and subsequently identify you as the account holder. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called "special categories" of personal data, which are particularly sensitive. These include:- Racial and ethnic origin- Political opinions- Religious or philosophical beliefs- Trade union membership- Genetic data, such as data taken from blood or saliva samples- Biometric data (information about psychological, physical, or behavioral characteristics that can identify a person)- Health data- Data about sexual orientation or sex life ProfilingDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;Explanation: Profiling involves gathering various pieces of information about a person to learn more about them. In the web context, profiling is often used for advertising purposes or for credit checks. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile that can be used to target advertising to a particular audience. ControllerDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;Explanation: In our case, we are responsible for processing your personal data and, therefore, the "controller." When we share collected data with other service providers for processing, they are considered "processors." For this, a "data processing agreement (DPA)" must be signed. ProcessingDefinition according to Article 4 of the GDPRFor the purposes of this Regulation:"processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction;Note: When we refer to processing in our privacy policy, we mean any kind of data processing. This includes, as mentioned in the original GDPR definition above, not only collecting but also storing and processing data. Closing WordsCongratulations! If you are reading these lines, you have really "fought your way through" our entire privacy policy or at least scrolled down to this point. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously.It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. However, we not only want to inform you about the data that is processed but also bring you closer to the reasons for using various software programs. Privacy policies usually sound very technical and legal. However, since most of you are not web developers or lawyers, we wanted to take a different approach in terms of language and explain the matter in simple and clear terms. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy.If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible entity. We wish you a pleasant time and hope to welcome you back to our website soon. All texts are protected by copyright. Source: Created with the privacy policy generator from AdSimple.