Privacy Policy

Introduction and Overview

Through this Privacy Policy (version dated 03/02/2024), we aim to inform you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, about the types of personal data (hereafter referred to simply as “data”) that we, as the data controller, including our appointed service providers (e.g., hosting providers), collect and will continue to collect in the future, as well as explain your legal rights in this regard. The terms used in this document are intended to be gender-neutral.

In simple terms: We provide full transparency on the data about you that we process.

Scope of Application

This Privacy Policy applies to all personal data processed by our company and to the data processed by third parties commissioned by us (data processors). By personal data, we refer to information as defined in Article 4 (1) of the GDPR, such as an individual’s name, email address, and postal address. Processing this data enables us to provide and bill for our services and products, both online and offline. The scope of this Privacy Policy includes:

  • All our online presences (websites, webapps) that we operate
  • Our social media profiles and email communications
  • Mobile applications for smartphones and other devices

Legal Basis

In our Privacy Policy, we aim to give you clear information about the legal frameworks and the bases of the General Data Protection Regulation that allow for the processing of personal data. With respect to EU law, we refer to the GDPR of 27 April 2016, accessible at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

Your personal data is processed only under the following conditions:

  • Consent (Article 6 (1)(a) GDPR): You have given your explicit consent to process your data for a specific purpose.
  • Contractual necessity (Article 6 (1)(b) GDPR): Processing your data is necessary for the performance of a contract or pre-contractual measures with you.
  • Legal obligation (Article 6 (1)(c) GDPR): Processing is necessary for compliance with a legal obligation, such as keeping invoices for accounting purposes.
  • Legitimate interest (Article 6 (1)(f) GDPR): We reserve the right to process data if there is a legitimate interest that does not override your fundamental rights and freedoms.

In addition to the GDPR, national laws are also applicable:

  • In Austria, the Data Protection Act (DSG).
  • In Germany, the Federal Data Protection Act (BDSG).

Information on the application of additional regional or national laws will be provided in the corresponding sections.

Contact Information for Data Protection Inquiries

If you have any questions regarding data protection or the processing of your personal data, please contact:

Storage period

Our policy is to store personal data only for as long as absolutely necessary for the provision of our services and products. This means that personal data is deleted once the purpose for processing is no longer applicable. However, legal obligations may require us to retain certain data beyond the original purpose of processing, for example, for accounting purposes.

If you request the deletion of your data or withdraw your consent for processing, the data will be deleted as soon as possible, provided there are no legal requirements to retain it.

Further information on the specific duration of data processing will be provided in the following sections, if available.

Your Rights Under the General Data Protection Regulation

According to Articles 13 and 14 of the GDPR, we inform you about your rights that ensure fair and transparent processing of your data:

  • Under Article 15 GDPR you have the right to know whether we process data about you. If so, you are entitled to:
    • Receive a copy of the data.
    • Be informed about the purpose of the processing.
    • Learn the categories of processed data.
    • Know who receives the data and how security is ensured when transferring data to third countries.
    • Know the duration of data storage.
    • Understand your right to rectification, deletion, or restriction of processing and your right to object to processing.
    • Be aware that you can lodge a complaint with a supervisory authority.
    • Learn the source of the data if it was not collected directly from you.
    • Know whether profiling is being conducted.
  • Article 16 GDPR entitles you to correct inaccurate data.
  • Article 17 GDPR grants you the right to have your data deleted.
  • Article 18 GDPR allows you to restrict the processing of your data.
  • Article 20 GDPR ensures your right to data portability.
  • According to Article 21 GDPR, you have the right to object to data processing.
  • If processing is based on public interest or legitimate interest, you can object.
  • You can object at any time to the use of your data for direct marketing purposes.
  • You can also object to data processing for profiling purposes.
  • Article 22 GDPR gives you the right not to be subject to a decision based solely on automated processing, including profiling.
  • Under Article 77 GDPR, you have the right to complain to a data protection authority if you believe the processing of your personal data violates the GDPR.

If you believe that the processing of your personal data violates data protection laws or that your data protection rights have been infringed in any other way, you are entitled to file a complaint with the competent data protection authority. In Austria, this authority is the Datenschutzbehörde (https://www.dsb.gv.at/). In Germany, each federal state has its own data protection officer; for an overview, visit the BfDI (https://www.bfdi.bund.de).

Security of Data Processing

To protect personal data, we have implemented a range of technical and organizational measures. Whenever possible, we encrypt or pseudonymize personal data to make it as difficult as possible for unauthorized third parties to infer personal information from our data.

Article 25 GDPR refers to “data protection by design and by default,” meaning that security considerations should be integrated into both software (e.g., forms) and hardware (e.g., securing the server room) from the outset. We will detail specific measures further if necessary.

Communication

When you contact us via phone, email, or online form, it may involve the processing of personal data.

We use this data exclusively to handle and respond to your inquiries and related business processes. The data is retained as long as necessary for the business case and as permitted by law.

Affected Parties

Anyone who contacts us through the communication channels we provide is affected.

Phone

For calls, we pseudonymously store call data on the device and with telecom providers. Names and phone numbers may be stored in emails for inquiry processing. These data are deleted after the business case is concluded, if legal regulations allow.

Email

Communicating with us via email results in data storage on the used devices and email servers, deleted after the business case concludes, as permitted by law.

Online Forms

Data transmitted via online forms are stored on our web server and may be forwarded via email. These data are also deleted after the business case concludes, if legally allowed.

Legal Bases for Data Processing

  • Art. 6 (1)(a) GDPR (Consent): You have given us your consent to store and use your data for business purposes.
  • Art. 6 (1)(b) GDPR (Contractual Necessity): Processing is necessary for the performance of a contract with you or for pre-contractual actions.
  • Art. 6 (1)(f) GDPR (Legitimate Interests): The processing is for the purpose of professionally handling customer inquiries and business communication using technical facilities.

Cookies

Our website uses cookies – small text files stored on your device by your web browser. They help make our online service more user-friendly, efficient, and secure.

Types of Cookies

The specific cookies we use depend on the services deployed. Here’s a brief overview of the different types of cookies:

  • Essential Cookies: Necessary for basic website functions, such as maintaining the shopping cart while browsing.
  • Functional Cookies: These cookies ensure an optimal user experience.
  • Marketing Cookies: Deliver personalized advertising tailored to the user.

Purpose of Cookie Processing

The specific purpose varies by cookie. More detailed information can be found in the following sections or from the developers of each cookie.

Processed Data

The data stored in cookies are diverse and specific to their use. Further information on processed data will be provided throughout this privacy policy.

Duration of Cookie Storage

The duration varies by cookie. Some are deleted shortly after use, while others may be stored longer. You can influence the storage duration by manually deleting cookies through your browser.

Right to Object and Cookie Management

The choice of whether and how to use cookies is yours. Regardless of their source, you have the option to delete, disable, or partially allow cookies, for example, blocking third-party cookies while allowing all others.

Legal Basis for Using Cookies

Since 2009, the so-called “Cookie Directive” has required user consent for storing cookies (Article 6 (1)(a) GDPR). Implementation varies across EU countries (e.g., § 165(3) TKG 2021 in Austria, § 15 (3) TMG in Germany).

For essential cookies necessary for website operation, we rely on legitimate interests (Article 6 (1)(f) GDPR). The use of non-essential cookies is subject to your consent (Article 6 (1)(a) GDPR). Further details appear in later sections.

Customer Data

We process data of our customers and business partners to provide our services and fulfill contractual obligations. This includes all information collected in the context of contractual or pre-contractual cooperation.

Why do we process customer data?

Reasons for collecting data include:

  • Providing our services
  • Processing purchases of products or services
  • Optimizing marketing and sales
  • Enhancing our customer service

What data is processed?

The type of processed data depends on the services used. This may include:

  • Name, contact address, email address, phone number
  • Date of birth, payment data, contract data
  • Usage data (e.g., visited websites), metadata (e.g., IP address)

Duration of Storage

Customer data is deleted once it is no longer necessary for our service provision unless legal retention periods apply. Customer data will not be shared with third parties without explicit consent.

Legal Basis

Data processing is based on:

  • Art. 6 (1)(a) GDPR (Consent)
  • Art. 6 (1)(b) GDPR (Contractual Necessities)
  • Art. 6 (1)(f) GDPR (Legitimate Interests)
  • Art. 9 (2)(a) GDPR (Special Categories of Data when voluntarily provided)

Registration Process and Data Processing

Registering on our platform may involve the processing of your personal data, including data you enter and those automatically collected, like your IP address.

Please note: Only provide necessary data, use a secure password, and an email address you regularly check.

What is registration?

Registration allows you to easily sign in and use your account, streamlining the process for future interactions.

Purpose of data processing

We process personal data to enable account creation and use, which avoids repeated data entry and enhances the efficiency of our services.

What data is processed?

We process data provided during registration, sign-in, and account use, including but not limited to:

  • First and last name, email address, company name
  • Address, place of residence, postal code, country
  • At sign-in: username and password
  • During account use: data related to service use

Duration of Storage

Your data is stored as long as your account is active and contractual obligations exist. After the contract ends, we keep data according to legal retention requirements.

Right to object

You have the right to object to data processing at any time. Contact details for the data protection officer can be found in the upper section.

Legal Basis

  • Art. 6 (1)(b) GDPR for pre-contractual actions and contract fulfillment
  • Art. 6 (1)(a) GDPR for consent, e.g., for additional data or advertising
  • Art. 6 (1)(f) GDPR for legitimate interests, to know our users and ensure compliance with the terms of use

Webhosting and Data Processing

When visiting websites, including this one, information is automatically collected and stored, including personal data. The aim is to process this data sparingly and only for valid reasons.

Purpose of Data Processing

  • Provision and security of website hosting
  • Maintenance of operational and IT security
  • Anonymous analysis of user behavior to improve our offer and for legal action if necessary

What data is processed?

During your visit to our website, our web server automatically records data such as:

  • The full URL of the accessed website
  • Browser and browser version
  • Operating system
  • Referrer URL
  • Hostname and IP address of the accessing device
  • Date and time
  • This information is stored in web server log files

Duration of Storage

The aforementioned data are generally stored for two weeks and then automatically deleted. These data are not shared, but they can be accessed by authorities in case of unlawful activities.

Legal Basis

The processing of personal data in the context of web hosting is based on Art. 6 (1)(f) GDPR (pursuit of legitimate interests). Using professional hosting services is necessary to present our online presence securely and user-friendly and to manage potential security risks.

A data processing agreement with our hosting provider ensures compliance with data protection and guarantees data security according to Art. 28 ff GDPR.

Hetzner

We use Hetzner, among others a web hosting provider, for our website. The service provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

You can find out more about the data processed through the use of Hetzner in their privacy policy at https://www.hetzner.com/de/legal/legal-notice/.

Web Analytics

We employ web analytics software to evaluate the behavior of visitors to our website. Data is collected and analyzed to improve our online offering and tailor it to the needs of our users. Such analyses include A/B testing to determine which content or offers are more appealing. User profiles may also be created for these analytical purposes, and data may be stored in cookies.

Purpose of Web Analytics

Our goal is to provide the best possible web offering and enhance your user experience. By analyzing user behavior, we can refine our website and align it with your preferences, for example, by identifying which content is most in demand.

What data is processed?

The data collected depends on the analytics tool used but typically includes:

  • Viewed content, clicked buttons/links
  • Time of page access
  • Used browser and device type
  • Location data, if consented

IP addresses are considered personal data under the GDPR but are usually processed in a pseudonymized form. Direct personal data such as names or email addresses are not stored for analytical purposes. All collected data are pseudonymized to prevent the identification of individuals.

Duration of Storage

Personal data are processed only as necessary for our services or as required by law, such as for accounting purposes.

Right to object

You can withdraw your consent to cookies or third-party services at any time, either through our cookie management tool or by managing, disabling, or deleting cookies in your browser.

Legal Basis

Our web analytics relies on your consent (Art. 6 (1)(a) GDPR) with legitimate interests in improving our website (Art. 6 (1)(f) GDPR), provided consent has been given.

Note on Cookies: As web analytics tools employ cookies, please see our general cookie section for more information. Consult the privacy policies of the specific tools for details on processed data.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) for users within the EU. Google processes data on our behalf in accordance with the GDPR and Standard Contractual Clauses for data transfers to the USA.

Purpose of Processing
Google Analytics helps us understand how visitors interact with our website (e.g., which pages are visited, how long users stay, and which links are clicked) so that we can improve our online offering.

What Data is Processed

  • Pseudonymized IP address (IP anonymization enabled)
  • Device and browser information
  • Pages visited, actions performed
  • Referrer URLs, approximate location (city level)
  • Date and time of website access

Cookies Used

  • _ga (2 years): Distinguishes users
  • _ga_<ID> (2 years): Stores session state
  • _gid (24 hours): Distinguishes users

Legal Basis
Processing takes place only after you have given your consent (Art. 6 (1)(a) GDPR). Consent can be withdrawn at any time via our cookie management tool.

Storage Duration
Data is deleted or anonymized after 14 months. Cookies have different storage periods as listed above.

Transfers to Third Countries
Google may process data in the United States. Appropriate safeguards (Standard Contractual Clauses under Art. 46 GDPR) are in place.

Embedded YouTube Videos

We embed videos from the YouTube platform, operated by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) for EU users.

Purpose of Processing
By embedding YouTube videos, we can display multimedia content directly on our website. Data is transmitted to YouTube only after you have given your consent for functional cookies in our cookie management tool.

What Data is Processed

  • IP address
  • Information about the device and browser
  • Pages visited and interactions with the video
  • Referrer URL

If you are logged into your YouTube/Google account, your activity may be directly linked to your profile.

Legal Basis
Processing takes place only after you have given your consent (Art. 6 (1)(a) GDPR). You can revoke this consent at any time through our cookie management tool.

Transfers to Third Countries
Data may be transmitted to the United States. Appropriate safeguards (Standard Contractual Clauses under Art. 46 GDPR) are in place.

Further Information
For more details, please refer to the YouTube privacy policy: https://policies.google.com/privacy.