Privacy Policy
Table of Contents
- Introduction and Overview
- Scope
- Legal Bases
- Storage Duration
- Rights under GDPR
- Webhosting Introduction
- Explanation of Terms Used
- Conclusion
Introduction and Overview
We have written this privacy policy (version 11.03.2024-112741833) to inform you according to the requirements of theGeneral Data Protection Regulation (EU) 2016/679 and applicable national laws, about the personal data (hereinafter referred to as data) we process as the responsible party - and those of our processors (e.g., providers) - in the future, and the lawful options you have. The terms used are meant to be gender-neutral.
In short: We inform you comprehensively about the data we process about you.
Privacy policies usually sound very technical and use legal terminology. This privacy policy aims to describe the most important aspects in the simplest and most transparent way possible. To promote transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data within the scope of our business activities if there is a corresponding legal basis. This is not possible with brief, unclear, and legally technical explanations, as is often standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is some information that you were not aware of.
If there are still questions, please contact the responsible body mentioned below or in the imprint, follow the existing links, and view additional information on third-party sites. Our contact details can also be found in the imprint.
Scope
This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information as defined in Art. 4 No. 1 GDPR such as name, email address, and postal address of a person. The processing of personal data ensures that we can provide and bill for our services and products, whether online or offline. The scope of this privacy policy includes:
- all online presences (websites, online shops) we operate
- Social media presences and email communication
- mobile apps for smartphones and other devices
In short: The privacy policy applies to all areas where personal data is processed in the company through the aforementioned channels. If we enter into legal relationships with you outside these channels, we will inform you separately if necessary.
Legal Bases
In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which allow us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, athttps://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies:
- Consent (Article 6 (1) (a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
- Contract (Article 6 (1) (b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
- Legal obligation (Article 6 (1) (c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to keep invoices for accounting purposes. These generally contain personal data.
- Legitimate interests (Article 6 (1) (f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically efficiently. This processing is thus a legitimate interest.
Other conditions such as the performance of tasks carried out in the public interest and the exercise of official authority, as well as the protection of vital interests, do not usually apply to us. If such a legal basis should be relevant, it will be indicated at the appropriate place.
In addition to the EU Regulation, national laws also apply:
- In Austria, this is the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act), abbreviated DSG.
- In Germany, the Federal Data Protection Act, abbreviated BDSG, applies.
If additional regional or national laws apply, we will inform you in the following sections.
Storage Duration
As a general criterion, we store personal data only as long as it is necessary to provide our services and products. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example, for accounting purposes.
If you request the deletion of your data or revoke your consent to data processing, the data will be deleted as soon as possible and provided there is no obligation to store it.
We will inform you about the specific duration of the respective data processing below if we have further information on this.
Rights under GDPR
According to Articles 13 and 14 of the GDPR, we inform you about the following rights that you are entitled to in order to ensure fair and transparent data processing:
- According to Article 15 GDPR, you have the right to know whether we process data from you. If this is the case, you have the right to receive a copy of the data and to know the following information:
- the purpose of the processing;
- the categories, i.e., types of data that are processed;
- who receives this data and if the data is transferred to third countries, how the security can be guaranteed;
- how long the data will be stored;
- the existence of the right to rectification, erasure, restriction of processing, and the right to object to processing;
- that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
- the source of the data, if we did not collect it from you;
- whether profiling is conducted, whether data is automatically evaluated to create a personal profile of you.
- According to Article 16 GDPR, you have the right to rectification of the data, which means we must correct data if you find errors.
- According to Article 17 GDPR, you have the right to erasure (&quoright to be forgotten&quo), which means you may request the deletion of your data.
- According to Article 18 GDPR, you have the right to restrict processing, which means we may only store the data but not use it further.
- According to Article 20 GDPR, you have the right to data portability, which means we must provide your data in a common format upon request.
- According to Article 21 GDPR, you have the right to object, which, if enforced, will result in a change in processing.
- If the processing of your data is based on Article 6 (1) (e) (public interest, exercise of official authority) or Article 6 (1) (f) (legitimate interest), you can object to the processing. We will then review as quickly as possible whether we can legally comply with this objection.
- If data is used to conduct direct advertising, you can object to this type of data processing at any time. We may not use your data for direct marketing thereafter.
- If data is used for profiling, you can object to this type of data processing at any time. We may not use your data for profiling thereafter.
- According to Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g., profiling).
- According to Article 77 GDPR, you have the right to lodge a complaint. This means you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.
In short: You have rights - do not hesitate to contact the responsible party listed above!
If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. In Austria, this is the data protection authority, whose website you can find athttps://www.dsb.gv.at/. In Germany, each federal state has a data protection officer. For more information, you can contact theFederal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:
Webhosting Introduction
Webhosting Summary 👥 Affected parties: Visitors of the website 🤝 Purpose: Professional hosting of the website and ensuring the operation 📓 Processed data: IP address, time of website visit, browser used, and other data. More details can be found below or from the respective web hosting provider. 📅 Storage duration: Depending on the respective provider, but usually 2 weeks ⚖️ Legal basis: Art. 6 para. 1 lit. f GDPR (Legitimate Interests) |
What is Webhosting?
Nowadays, when you visit websites, certain information - including personal data - is automatically created and stored, as is the case with this website. These data should be processed as sparingly and only with justification as possible. By website, we mean all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By domain, we mean, for example, example.com or sample.com.
To view the website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply call them browsers or web browsers.
To display the website, the browser must connect to another computer where the website&aposs code is stored: the web server. Running a web server is a complex and costly task, so it is usually done by professional providers. These offer web hosting services and ensure reliable and error-free storage of website data. A lot of technical terms, but please stay with us, it gets better!
When your browser connects to a computer (desktop, laptop, tablet, or smartphone) and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must store data for a while to ensure proper operation.
A picture says more than a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.
Why do we process personal data?
The purposes of data processing are:
- Professional hosting of the website and ensuring the operation
- Maintaining operational and IT security
- Anonymous evaluation of access behavior to improve our offer and, if necessary, for law enforcement or assertion of claims
What data is processed?
Even while you are visiting our website, our web server, which is the computer on which this website is stored, usually automatically stores data such as
- the complete internet address (URL) of the accessed website
- Browser and browser version (e.g., Chrome 87)
- the operating system used (e.g., Windows 10)
- the address (URL) of the previously visited page (Referrer URL) (e.g.,https://www.example.com/fromwhereicame/)
- the hostname and IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
- Date and time
- in files called web server log files
How long are data stored?
Usually, the data mentioned above is stored for two weeks and then automatically deleted. We do not share this data, but we cannot exclude that these data may be viewed by authorities in the case of unlawful behavior.
In short: Your visit is recorded by our provider (the company that runs our website on special computers (servers)), but we do not share your data without consent!
Legal basis
The lawfulness of processing personal data within the framework of web hosting results from Art. 6 para. 1 lit. f GDPR (legitimate interests), as the use of professional hosting by a provider is necessary to present the company on the internet securely and user-friendly and to be able to pursue attacks and claims arising from it if necessary.
There is usually a contract on order processing (AVV) between us and the hosting provider according to Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.
Explanation of Terms Used
We strive to make our privacy policy as clear and understandable as possible. Especially with technical and legal topics, this is not always easy. It often makes sense to use legal terms (e.g., personal data) or specific technical expressions (e.g., cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used, which we may not have sufficiently explained in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also refer to the GDPR texts here and add our explanations if necessary.
Processors
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term:
“processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the responsible parties, there can also be so-called processors. This includes any company or person that processes personal data on our behalf. Processors can, therefore, include, in addition to service providers such as accountants, also hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.
Consent
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term:
“consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject&aposs wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Explanation: Typically, consent on websites is obtained through a cookie consent tool. You are probably familiar with this. Whenever you first visit a website, you are usually asked through a banner whether you agree to data processing or consent. You can usually also make individual settings and thus decide for yourself which data processing you allow and which not. If you do not consent, no personal data may be processed from you. In principle, of course, consent can also be given in writing, not just through a tool.
Personal Data
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term:
“personal data” means any information relating to an identified or identifiable natural person (&quodata subject&quo); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
Explanation: Personal data are thus all data that can identify you as a person. These are usually data such as:
- Name
- Address
- Email address
- Postal address
- Telephone number
- Birth date
- Identification numbers such as social security number, tax identification number, ID card number, or student number
- Bank data such as account number, credit information, account balances, etc.
According to the European Court of Justice (ECJ), yourIP address is also considered personal data. IT experts can determine your device&aposs approximate location based on your IP address and, subsequently, identify you as the subscriber. Therefore, storing an IP address requires a legal basis under the GDPR. There are also so-called“special categories” of personal data that are particularly worthy of protection. These include:
- racial and ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data such as data extracted from blood or saliva samples
- biometric data (this is information about physical, physiological, or behavioral characteristics that can identify a person).
health data - data concerning a person’s sex life or sexual orientation
Profiling
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term:
“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person&aposs performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
Explanation: Profiling involves collecting various information about a person to learn more about them. In the web area, profiling is often used for advertising purposes or for credit checks. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile, which can be used to target advertising to a specific audience.
Â
Controller
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term:
“controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Explanation: In our case, we are responsible for processing your personal data and thus the &quocontroller&quo. If we pass on collected data to other service providers for processing, they are &quoprocessors&quo. A &quoData Processing Agreement (DPA)&quo must be signed for this.
Â
Processing
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term:
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Note: When we speak of processing in our privacy policy, we mean any type of data processing. As mentioned above in the original GDPR definition, this includes not only collecting but also storing and processing data.
Conclusion
Congratulations! If you are reading these lines, you have indeed &quofought&quo through our entire privacy policy or at least scrolled to this point. As you can see from the scope of our privacy policy, we take the protection of your personal data very seriously.
It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. We do not just want to inform you about which data is processed, but also about the reasons for using various software programs. Privacy policies generally sound very technical and legal. Since most of you are not web developers or lawyers, we wanted to take a different approach linguistically and explain the matter in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible party. We wish you a pleasant time and hope to welcome you back to our website soon.
All texts are copyright protected.
Source: Created with the Data Protection Generator Austria by AdSimple