We have written this data protection declaration (version 29.10.2019-211105520) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act (DSG) , which information we collect, how we use data and which decision-making options As a visitor to this website.
Unfortunately, it is in the nature of things that these explanations sound very technical. However, we have tried to describe the most important things as simply and clearly as possible.
Automatic data storage
When you visit websites these days, certain information is automatically created and stored, including on this website.
If you visit our website as you are now, our web server (computer on which this website is stored) automatically saves data such as
- the address (URL) of the accessed website
- Browser and browser version
- the operating system used
- the address (URL) of the previously visited page (referrer URL)
- the host name and the IP address of the device from which access is made
- Date and Time
in files (web server log files).
As a rule, web server log files are stored for two weeks and then automatically deleted. We do not pass this data on, but we cannot rule out that this data will be viewed in the event of illegal behavior.
Storage of personal data
Personal data that you transmit to us electronically on this website, such as name, e-mail address, address or other personal information in the context of submitting a form or comments in the blog, are saved by us together with the time and the IP address. The address is only used for the specified purpose, stored securely and not passed on to third parties.
We therefore only use your personal data for communication with those visitors who expressly request contact and for processing the services and products offered on this website. We do not pass on your personal data without your consent, but we cannot rule out that this data will be viewed in the event of illegal behavior.
If you send us personal data by e-mail – outside of this website – we cannot guarantee the secure transmission and protection of your data. We recommend that you never send confidential data unencrypted by email.
Rights according to the General Data Protection Regulation
According to the provisions of the GDPR and the Austrian Data Protection Act (DSG) , you have the following rights:
- Right to rectification (Article 16 GDPR)
- Right to erasure (“right to be forgotten”) (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to notification – obligation to notify in connection with the correction or deletion of personal data or the restriction of processing (Article 19 GDPR)
- Right to data portability (Article 20 GDPR)
- Right of objection (Article 21 GDPR)
- Right not to be subject to a decision based solely on automated processing – including profiling (Article 22 GDPR)
If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority, which is the data protection authority in Austria whose website you can find at https: // www. Find dsb.gv.at/ .
Evaluation of visitor behavior
In the following data protection declaration, we will inform you whether and how we evaluate data from your visit to this website. The evaluation of the collected data is usually anonymous and we cannot infer your person from your behavior on this website.
You can find out more about the possibilities to object to this analysis of the visit data in the following data protection declaration.
TLS encryption with https
We use https to transfer data securely on the Internet (data protection through technology design, Article 25 (1) GDPR ). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize the use of this protection of data transmission by the small lock symbol in the top left of the browser and the use of the https (instead of http) scheme as part of our Internet address.
Our primary goal is to ensure that our website is as secure and secure as possible for you and for us. To ensure this, we use Google reCAPTCHA from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA). With reCAPTCHA we can determine whether you are really a flesh and blood human and not a robot or other spam software. We understand spam as any unsolicited information that comes to us electronically. With the classic CAPTCHAS, you mostly had to solve text or picture puzzles to check. With reCAPTCHA from Google, we usually don’t have to bother you with such puzzles. In most cases, it is sufficient to simply tick the box and confirm that you are not a bot. With the new Invisible reCAPTCHA version you don’t even have to check the box anymore. How this works exactly and, above all, which data is used for it, you will find out in the course of this data protection declaration.
What is reCAPTCHA?
Why do we use reCAPTCHA on our website?
We only want to welcome people of flesh and blood on our side. Bots or spam software of all kinds can safely stay at home. That is why we do all we can to protect ourselves and offer you the best possible user-friendliness. For this reason we use Google reCAPTCHA from Google. So we can be pretty sure that we will remain a “bot-free” website. By using reCAPTCHA, data is transmitted to Google that Google uses to determine whether you are really human. reCAPTCHA therefore serves the security of our website and consequently also your security. For example, without reCAPTCHA, it could happen that a bot registers as many email addresses as possible in order to “spam” on forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.
Which data is saved by reCAPTCHA?
ReCAPTCHA collects personal data from users in order to determine whether the actions on our website actually originate from people. The IP address and other data that Google needs for the reCAPTCHA service can therefore be sent to Google. Within the member states of the EU or other signatory states to the Agreement on the European Economic Area, IP addresses are almost always shortened beforehand before the data ends up on a server in the USA. The IP address will not be combined with other Google data unless you are logged into your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed on your browser. ReCAPTCHA then sets an additional cookie in your browser and takes a snapshot of your browser window.
The following list of collected browser and user data does not claim to be exhaustive. Rather, they are examples of data that, to our knowledge, are processed by Google.
- Referrer URL (the address of the page from which the visitor comes)
- IP address (e.g. 2184.108.40.206)
- Information about the operating system (the software that enables the operation of your computer. Known operating systems are Windows, Mac OS X or Linux)
- Cookies (small text files that save data in your browser)
- Mouse and keyboard behavior (every action you perform with the mouse or keyboard is saved)
- Date and language settings (which language or which date you have preset on your PC is saved)
- Screen resolution (shows how many pixels the image display consists of)
It is undisputed that Google uses and analyzes this data even before you click on the tick “I am not a robot”. With the Invisible reCAPTCHA version, there is even no ticking and the entire recognition process runs in the background. How much and which data Google stores exactly cannot be found out in detail from Google.
The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo . All of these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:
Expiry time: after one year
Use: This cookie is set by DoubleClick (also owned by Google) to register and report the actions of a user on the website when dealing with advertisements. In this way, the effectiveness of the advertising can be measured and appropriate optimization measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Example value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-211105520
Expiry time: after one month
Usage: This cookie collects website usage statistics and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to show relevant advertisements to users. The cookie can also be used to prevent a user from seeing the same ad more than once.
Example value: 2019-5-14-12
Expiry time: after 9 months
Use: We were unable to find out much information about this cookie. In Google’s data protection declaration, the cookie is used in connection with “advertising cookies” such as. B. “DSID”, “FLC”, “AID”, “TAID” mentioned. ANID is saved under the domain google.com.
Example value: U7j1v3dZa2111055200xgZFmiqWppRWKOr
Expiry time: after 19 years
Use: The cookie stores the status of a user’s consent to the use of various Google services. CONSENT is also used for security in order to check users, to prevent fraudulent login information and to protect user data from unauthorized attacks.
Example value: YES + AT.de + 20150628-20-0
Expiry time: after 6 months
Usage: NID is used by Google to tailor advertisements to your Google searches. With the help of the cookie, Google “remembers” your most frequently entered search queries or your previous interaction with advertisements. So you always get tailor-made advertisements. The cookie contains a unique ID that Google uses to collect personal settings of the user for advertising purposes.
Example value: 0WmuWqy211105520zILzqV_nmt3sDXwPeM5Q
Expiry time: after 10 minutes
Usage: As soon as you have checked the “I am not a robot” checkbox, this cookie will be set. The cookie is used by Google Analytics for personalized advertising. DV collects information in an anonymous form and is also used to be able to distinguish between users.
Example value: gEAABBCjJMXcI0dSAAAANbqc211105520
Note: This list cannot claim to be complete, as experience has shown that Google changes the choice of their cookies again and again.
Our website uses HTTP cookies to save user-specific data.
In the following we explain what cookies are and why they are used so that you can better understand the following data protection declaration.
What exactly are cookies?
Whenever you surf the Internet, you are using a browser. Well-known browsers are, for example, Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites save small text files in your browser. These files are called cookies.
Cookies store certain user data about you, such as language or personal page settings. When you call up our site again, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings that you are used to. In some browsers each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly from our side, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other “pests”. Cookies cannot access information on your PC either.
For example, cookie data can look like this:
Value: GA1.2.1326744211.152211105520 Purpose : Differentiation of website visitors
Expiry date: after 2 years
A browser should be able to support these minimum sizes:
- At least 4096 bytes per cookie
- At least 50 cookies per domain
- At least 3000 cookies in total
What types of cookies are there?
The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the data protection declaration. At this point we would like to briefly discuss the different types of HTTP cookies.
There are 4 types of cookies:
These cookies are necessary to ensure the basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues surfing on other pages and only goes to checkout later. These cookies do not delete the shopping cart, even if the user closes his browser window.
These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and the behavior of the website in different browsers.
These cookies ensure better user-friendliness. For example, entered locations, font sizes or form data are saved.
These cookies are also called targeting cookies. They serve to deliver customized advertising to the user. That can be very practical, but also very annoying.
When you visit a website for the first time, you will usually be asked which of these types of cookies you would like to allow. And of course this decision is also saved in a cookie.
How can I delete cookies?
If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:
If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. For each individual cookie, you can decide whether or not to allow the cookie. The procedure differs depending on the browser. It is best to search for the instructions in Google with the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser.
What about my data protection?
The so-called “cookie guidelines” have existed since 2009. It states that the saving of cookies requires your consent. Within the EU countries, however, there are still very different reactions to these guidelines. In Austria, however, this guideline was implemented in Section 96 Para. 3 of the Telecommunications Act (TKG).
If you want to know more about cookies and don’t shy away from technical documentation, we recommend https://tools.ietf.org/html/rfc6265 , the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Newsletter data protection declaration
If you subscribe to our newsletter, you transmit the personal data mentioned above and give us the right to contact you by email. We use the data stored when registering for the newsletter only for our newsletter and do not pass it on.
If you unsubscribe from the newsletter – you will find the link for this at the bottom of every newsletter – then we will delete all data that was saved when you registered for the newsletter.
We send newsletters with MailChimp and use the functions of the MailChimp newsletter service from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA on this website to record newsletter registrations.
General information about MailChimp
Rocket Science Group LLC (MailChimp) maintains online platforms that enable our users to stay in touch with their subscribers, primarily via email. They allow users to add email addresses and other information about the subscriber profile, such as: B. Name, physical address and other demographic information to be uploaded to the MailChimp database. This information is used to send emails and to enable the use of certain other MailChimp functions for these users. In accordance with the published data protection guidelines, MailChimp shares some information with third party providers in order to provide and support the services that MailChimp offers to users. MailChimp also shares some information with third-party advertising partners in order to better understand users’ needs and interests so that more relevant content and targeted advertising can be served to these users and other users.
Newsletter Sign up
If you register for our newsletter on our website, the data entered will be saved by MailChimp.
Deletion of your data
You can withdraw your consent to receive our newsletter at any time within the received email by clicking on the link in the area below. If you have unsubscribed by clicking on the unsubscribe link, your data will be deleted from MailChimp.
When you receive a newsletter via MailChimp, information such as IP address, browser type and email program are saved in order to give us information about the performance of our newsletter. MailChimp can use the images called web beacons integrated in the HTML e-mails (details can be found at https://kb.mailchimp.com/reports/about-open-tracking ) to determine whether the e-mail has arrived, whether it has opened and whether links were clicked. All of this information is stored on MailChimp’s servers, not on this website.
MailChimp order data processing contract
We have concluded a contract with MailChimp on order data processing (Data Processing Addendum). This contract serves to secure your personal data and ensures that MailChimp adheres to the applicable data protection regulations and does not pass on your personal data to third parties.
You can find more information about this contract at http://mailchimp.com/legal/forms/data-processing-agreement/ .
We use Google Fonts from Google Inc. on our website. (1600 Amphitheater Parkway Mountain View, CA 94043, USA). We have integrated the Google fonts locally, ie on our web server – not on the Google servers. As a result, there is no connection to Google servers and therefore no data transmission or storage.
What are Google Fonts?
In the past, Google Fonts was also called Google Web Fonts. This is an interactive directory with over 800 fonts that Google LLC provides free of charge. With Google Fonts you could use fonts without uploading them to your own server. But in order to prevent any information transfer to Google servers in this regard, we have downloaded the fonts to our server. In this way, we act in compliance with data protection regulations and do not send any data to Google Fonts.
Unlike other web fonts, Google allows us unrestricted access to all fonts. We can therefore have unlimited access to a sea of fonts and thus get the most out of our website. You can find more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=211105520 .
We use Google Fonts on our website. These are the “Google Fonts” from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA).
You do not have to log in or enter a password to use Google fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested from the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don’t need to worry that your Google account data will be transmitted to Google while you are using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will take a closer look at what the data storage looks like later.
What are Google Fonts?
Google Fonts (formerly Google Web Fonts) is a directory with over 800 fonts that Google LLC makes available to its users free of charge.
Many of these fonts are released under the SIL Open Font License, while others are released under the Apache license. Both are free software licenses.
Why do we use Google Fonts on our website?
With Google Fonts, we can use fonts on our own website and do not have to upload them to our own server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web and this saves data volume and is a great advantage, especially for use on mobile devices. When you visit our site, the small file size ensures a quick loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can partially distort texts or entire websites. Thanks to the fast content delivery network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So we use Google Fonts so that we can present our entire online service as beautifully and consistently as possible.
Which data is saved by Google?
When you visit our website, the fonts are downloaded from a Google server. This external call transfers data to the Google server. In this way, Google also recognizes that you or your IP address are visiting our website. The Google Fonts API was developed to reduce the use, storage and collection of end-user data to what is necessary for the proper provision of fonts. By the way, API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software sector.
Google Fonts securely stores CSS and font requests with Google and is therefore protected. With the usage figures collected, Google can determine how well the individual fonts are being received. Google publishes the results on internal analysis sites such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the BigQuery database by Google Fonts. Entrepreneurs and developers use the Google web service BigQuery to examine and move large amounts of data.
It should be noted, however, that with every Google Font request, information such as language settings, IP address, version of the browser, screen resolution of the browser and the name of the browser are automatically transmitted to the Google server. It is not clear whether this data is saved or not clearly communicated by Google.
How long and where will the data be stored?
Google stores requests for CSS assets for one day on your servers, which are mainly located outside the EU. This enables us to use the fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to quickly and easily change the design or font of a website, for example.
The font files are stored by Google for one year. With this, Google is pursuing the goal of fundamentally improving the loading time of websites. If millions of web pages refer to the same fonts, they are cached after the first visit and immediately reappear on all other web pages visited later. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.
How can I delete my data or prevent data storage?
The data that Google stores for a day or a year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. To be able to delete this data prematurely, you must contact Google support at https://support.google.com/?hl=de&tid=211105520 . In this case, you only prevent data storage if you are not visiting our site.
Unlike other web fonts, Google allows us unrestricted access to all fonts. We can therefore have unlimited access to a sea of fonts and thus get the most out of our website. You can find more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=211105520 . Although Google deals with data protection issues there, it does not contain any really detailed information about data storage. It is relatively difficult to get really precise information about stored data from Google.
You can also read which data is generally recorded by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/ .