Introduction and Overview
We have drafted this Privacy Policy (version 16/12/2023-122688162) in order to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter “data”) we, as the controller, and the processors commissioned by us (e.g., service providers) process, will process in the future, and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: we provide comprehensive information about the data we process about you.
Privacy policies are usually very technical and use legal terminology. This Privacy Policy, however, aims to describe the most important matters as simply and transparently as possible. Where this supports transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data in the course of our business activities when there is an appropriate legal basis. This is certainly not possible if one provides overly brief, unclear, and overly legal-technical statements, as is often standard on the internet when it comes to privacy. We hope you find the following explanations interesting and informative and that you may discover one or two aspects you did not know before.
If you still have questions, we kindly ask you to contact the responsible entity listed below or in the legal notice (Imprint), follow the links provided, and consult further information on third-party sites. You will, of course, also find our contact details in the legal notice (Imprint).
Scope of Application
This Privacy Policy applies to all personal data processed within our company and to all personal data processed by companies commissioned by us (processors). Personal data means information within the meaning of Art. 4 No. 1 GDPR, such as a person’s name, email address, or postal address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline.
The scope of this Privacy Policy includes:
In short: this Privacy Policy applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned above. If we enter into legal relationships with you outside of these channels, we will inform you separately where appropriate.
Legal Bases
In the following Privacy Policy, we provide transparent information about the legal principles and provisions, i.e., the legal bases under the GDPR that allow us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL dated 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex (Access to European Union law) at:
https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679
We process your data only if at least one of the following conditions applies:
Additional grounds such as processing for tasks carried out in the public interest, the exercise of official authority, or protecting vital interests generally do not apply to us. If such a legal basis should become relevant, it will be indicated at the appropriate place.
In addition to the EU Regulation, national laws also apply:
If further regional or national laws apply, we will inform you in the following sections.
Contact Details of the Controller
If you have questions about data protection or the processing of personal data, you will find the contact details of the responsible person/entity below:
RocFortis Group Holding GmbH
Hietzinger Hauptstraße 120
1130 Vienna
Austria
Email: office@rocfortis.com
Imprint
Storage Period
As a general principle, we store personal data only for as long as it is absolutely necessary for providing our services and products. This means that we delete personal data as soon as the reason for processing no longer applies. In some cases, we are legally obligated to store certain data even after the original purpose has ceased to apply, for example for accounting purposes.
If you request the deletion of your data or withdraw your consent to data processing, the data will be deleted as quickly as possible, provided there is no legal obligation to retain it.
We will inform you further below about the specific duration of the respective data processing where further information is available.
Rights under the General Data Protection Regulation (GDPR)
In accordance with Articles 13 and 14 GDPR, we inform you of the following rights to ensure fair and transparent processing of data:
In short: you have rights — do not hesitate to contact the responsible entity listed above.
If you believe that the processing of your data violates data protection law or that your rights have been infringed in any other way, you may lodge a complaint with the supervisory authority. In Austria, this is the Austrian Data Protection Authority, whose website can be found at: https://www.dsb.gv.at/. In Germany, each federal state has its own data protection authority. For further information, you may contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The local data protection authority responsible for our company is:
Austrian Data Protection Authority
Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/
Data Transfers to Third Countries
We only transfer or process data in countries outside the scope of the GDPR (third countries) if you have consented to such processing or if another legal authorization exists. This applies in particular if processing is required by law or necessary to fulfill a contractual relationship, and in any event only to the extent generally permitted. In most cases, your consent is the primary basis on which data may be processed in third countries.
Processing personal data in third countries such as the USA, where many software providers offer services and maintain server locations, may mean that personal data is processed and stored in unexpected ways.
We expressly point out that, according to the opinion of the European Court of Justice, an adequate level of protection for data transfers to the USA currently exists only if a US company that processes personal data of EU citizens in the USA is an active participant in the EU–US Data Privacy Framework. Further information can be found at:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en
Data processing by US services that are not active participants in the EU–US Data Privacy Framework may lead to data being processed and stored without anonymization. Furthermore, US governmental authorities may gain access to individual data. It may also happen that collected data is linked with data from other services of the same provider if you have a corresponding user account. Where possible, we attempt to use server locations within the EU, provided this is offered.
We provide more detailed information on transfers to third countries at the relevant points in this Privacy Policy if applicable.
Security of Data Processing
In order to protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our means, for third parties to infer personal information from our data.
Art. 25 GDPR refers to “data protection by design and by default” and means that security measures should always be considered for both software (e.g., forms) and hardware (e.g., access to server rooms). Where required, we will address specific measures below.
TLS Encryption with HTTPS
TLS, encryption, and HTTPS sound very technical — and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet and protect it from interception.
This means that the complete transmission of all data from your browser to our web server is secured — no one can “listen in”.
By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the internet, we fulfill data protection by design (Art. 25(1) GDPR) and ensure the protection of confidential data. You can recognize the secured transmission by the small lock icon displayed in the browser (to the left of the internet address, e.g., examplepage.com) and the use of the https scheme (instead of http).
If you would like to know more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find useful links for further information.
Communication
Communication Summary
👤Affected persons: all individuals communicating with us via telephone, email, or online form
📘Processed data: e.g., telephone number, name, email address, entered form data (further details depend on the type of communication used)
🤝Purpose: handling communication with customers, business partners, etc.
📅Storage period: duration of the business case and legal requirements
⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interests)
If you contact us via telephone, email, or online form, personal data may be processed.
The data will be processed in order to handle and respond to your inquiry and the related business transaction. The data will be stored for as long as the business case lasts and/or as long as required by law.
Affected Persons
All persons who contact us via the communication channels provided are affected.
Telephone
If you call us, call data is stored in pseudonymized form on the device used and by the telecommunications provider. In addition, data such as your name and telephone number may subsequently be transmitted by email and stored for the purpose of responding to your inquiry. The data will be deleted as soon as the business case is concluded and legal retention requirements permit.
If you communicate with us by email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and on the email server. The data will be deleted as soon as the business case is concluded and legal requirements permit.
Online Forms
If you communicate with us via online form, data will be stored on our web server and may be forwarded to an email address within our organization. The data will be deleted as soon as the business case is concluded and legal requirements permit.
Legal Bases
Processing is based on the following legal bases:
Data Processing Agreement (DPA)
In this section, we explain what a data processing agreement is and why it is necessary. Since the term “data processing agreement” can be quite cumbersome, we will often use the abbreviation “DPA”. Like most companies, we do not work alone, but also use services provided by other companies or individuals. By involving various companies and service providers, it may be necessary to share personal data for processing. These partners then act as processors with whom we conclude a data processing agreement (DPA). The most important point for you is that the processing of your personal data takes place exclusively in accordance with our instructions and must be governed by the DPA.
Who are processors?
As a company and website operator, we are responsible for all data we process about you. In addition to controllers, there are so-called processors. This includes any company or individual that processes personal data on our behalf. More precisely, under the GDPR definition: any natural or legal person, public authority, agency, or other body that processes personal data on our behalf is considered a processor. Processors may therefore include service providers such as hosting providers, cloud providers, payment providers, newsletter providers, or large companies such as Google or Microsoft.
For better understanding, here is an overview of the three roles under the GDPR:
Data subject (you as customer or interested party) → Controller (we as company/client) → Processor (service provider such as web host or cloud provider)
Contents of a Data Processing Agreement
As stated above, we have concluded a DPA with our partners acting as processors. This agreement specifies that the processor will process the data exclusively in accordance with the GDPR. The contract must be concluded in writing, although electronic conclusion is also regarded as “written” in this context. Only on the basis of such an agreement may the processing of personal data take place. The agreement must include, among other things:
The agreement also includes all duties of the processor. The most important obligations include:
An example DPA template can be found at:
https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html
Cookies
Cookies Summary
👤Affected persons: website visitors
🤝Purpose: depending on the specific cookie (more details below and/or from the respective provider)
📘Processed data: depending on the cookie used (more details below and/or from the respective provider)what cookies are and why they are used, so that you can better understand this Privacy Policy.
📅Storage period: depends on the cookie, ranging from hours to years
⚖️Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What are cookies?
Our website uses HTTP cookies to store user-specific data. Below, we explain what cookies are and why they are used to help you better understand the following privacy policy.
Whenever you browse the internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
Cookies are very useful tools. Almost all websites use cookies. More specifically, these are HTTP cookies, although other types exist for other applications. HTTP cookies are small files stored on your computer by our website. These cookie files are automatically stored in your browser’s cookie folder. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain usage data about you, such as language settings or personal page preferences. When you revisit our site, your browser sends the “user-related” information back to our site. Thanks to cookies, our website recognizes you and provides the settings you are used to.
Some browsers store each cookie in a separate file, while others (such as Firefox) store all cookies in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans, or other malicious elements. Cookies also cannot access information on your PC.
Example cookie data may look like this:
Name: _ga
Value: GA1.2.1326744211.152122688162-9
Purpose: distinguishing website visitors
Expiry date: after 2 years
Minimum browser requirements:
What types of cookies exist?
Which specific cookies we use depends on the services employed and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies
There are four types of HTTP cookies:
Essential cookies
These are required to ensure basic website functions. For example, when a user adds a product to a shopping cart, continues browsing, and later proceeds to checkout. These cookies ensure that the cart is not deleted even if the browser window is closed.
Functional cookies
These collect information about user behavior and whether any error messages occur. They also measure loading times and website performance across different browsers.
Targeted cookies
These improve user-friendliness, e.g., by storing entered locations, font sizes, or form data.
Advertising cookies
These are also called targeting cookies. They are used to deliver personalized advertising.
Typically, you are asked during your first visit which types of cookies you wish to allow. This decision is stored in a cookie.
If you would like to learn more about cookies and do not mind technical documentation, we recommend RFC6265 from the Internet Engineering Task Force (IETF): https://datatracker.ietf.org/doc/html/rfc6265
Purpose of processing via cookies
The purpose ultimately depends on the specific cookie. Further details can be found below or from the respective software provider.
Which data is processed?
Cookies are helpful for many tasks, and it is not possible to generalize which data is stored in cookies. We will inform you of the processed and stored data within the following sections of this Privacy Policy.
Cookie storage period
The storage period depends on the cookie and will be specified further below. Some cookies are deleted after less than one hour, others may remain stored for several years.
You also have influence over storage duration. You can manually delete all cookies at any time via your browser (see also “Right to object”). Cookies based on consent are deleted at the latest upon withdrawal of consent, without affecting the lawfulness of storage until withdrawal.
Right to object – how can I delete cookies?
You decide if and how you wish to use cookies. Regardless of which service or website cookies originate from, you always have the option to delete, disable, or only partially allow cookies. For example, you can block third-party cookies while allowing all other cookies.
To find out which cookies are stored in your browser and to change or delete cookie settings, you can do so in your browser settings:
Chrome: delete, enable, and manage cookies in Chrome
Safari: manage cookies and website data in Safari
Firefox: delete cookies to remove data stored by websites
Internet Explorer: delete and manage cookies
Microsoft Edge: delete and manage cookies
If you do not want cookies at all, you can configure your browser to notify you whenever a cookie is to be set, allowing you to decide for each cookie individually.
Legal basis
Since 2009, “cookie guidelines” require consent (Art. 6(1)(a) GDPR) for storing cookies. However, implementation varies across EU countries. In Austria, this directive was implemented in § 96(3) of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not implemented as national law; instead, they were largely implemented via § 15(3) of the Telemedia Act (TMG).
For strictly necessary cookies, legitimate interests (Art. 6(1)(f) GDPR) may apply, usually of an economic nature, as these cookies are often required to provide a pleasant user experience.
Non-essential cookies are used only with your consent. The legal basis is Art. 6(1)(a) GDPR.
Web Hosting – Introduction
Web Hosting Summary
👤 Affected persons: visitors to the website
🤝 Purpose: professional hosting of the website and ensuring operational security
📘 Processed data: IP address, time of the website visit, browser used, and further data. More details can be found below or from the respective web hosting provider.
📅 Storage period: depending on the provider, but usually 2 weeks
⚖️ Legal basis: Art. 6(1)(f) GDPR (legitimate interests)
What is Web Hosting?
When you visit websites nowadays, certain information – including personal data – is automatically generated and stored, including on this website. This data should be processed as sparingly as possible and only where justified.
By “website”, we mean the entirety of all pages under a domain, i.e., everything from the start page (homepage) to the very last subpage (such as this one). By “domain”, we mean, for example, beispiel.de or musterbeispiel.com.
If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You are probably familiar with some of them by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We refer to these simply as “browser” or “web browser”.
In order to display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complex and time-consuming task and is therefore usually handled by professional providers. These providers offer web hosting and ensure reliable, error-free storage of website data.
That is a lot of technical terminology, but please stay with us — it will become clearer.
When the browser on your device (desktop, laptop, tablet, or smartphone) establishes a connection and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must store data for a certain period in order to ensure proper operation.
A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.
Why do we process personal data?
The purposes of data processing are:
Which data is processed?
While you are visiting our website, our web server (the computer on which this website is stored) usually automatically stores data such as:
How long is data stored?
As a rule, the data listed above is stored for two weeks and then automatically deleted. We do not pass this data on, however, we cannot exclude that authorities may access this data in the event of unlawful behavior.
In short: your visit is logged by our provider (the company operating our website on special computers/servers), but we do not share your data without your consent.
Legal basis
The lawfulness of processing personal data in the context of web hosting results from Art. 6(1)(f) GDPR (protection of legitimate interests), because professional hosting by a provider is necessary in order to present the company securely and in a user-friendly manner on the internet and to be able to pursue attacks or related claims if required.
As a rule, a data processing agreement pursuant to Art. 28 GDPR exists between us and the hosting provider, ensuring compliance with data protection law and guaranteeing data security.
Web Analytics – Introduction
Web Analytics Privacy Policy Summary
👤 Affected persons: visitors to the website
🤝 Purpose: evaluation of visitor information to optimize the website offering
📘 Processed data: access statistics containing data such as locations of accesses, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found with the respective web analytics tool.
📅 Storage period: depends on the web analytics tool used
⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What is Web Analytics?
We use software on our website to analyze the behavior of website visitors, referred to as web analytics or web analysis. Data is collected which the respective analytics tool provider (also known as a tracking tool) stores, manages, and processes. Using this data, analyses of user behavior on our website are created and made available to us as the website operator. In addition, most tools offer various testing options. For example, we can test which offers or content our visitors respond to best. For this purpose, we show two different offers over a limited period of time. After the test (so-called A/B testing), we know which product or content our website visitors find more appealing. For such testing procedures, as well as other analytics procedures, user profiles may also be created and the data stored in cookies.
Why do we use Web Analytics?
Our website has a clear objective: we aim to provide the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting content and ensure that you feel fully comfortable on our website. With the help of web analytics tools, we can take a closer look at visitor behavior and improve our web offering accordingly. For example, we can determine the average age of our visitors, where they come from, when our website is visited most frequently, or which content or products are particularly popular. All of this information helps us optimize the website and tailor it to your needs, interests, and wishes.
Which data is processed?
Which data is stored depends on the analytics tools used. Generally, however, the following is stored, for example: which content you view on our website, which buttons or links you click, when you access a page, which browser you use, which device you use to visit the website (PC, tablet, smartphone, etc.), and which computer system you use. If you have agreed that location data may also be collected, this data may also be processed by the web analytics tool provider.
In addition, your IP address is stored. Under the GDPR, IP addresses are considered personal data. However, your IP address is usually stored in pseudonymized form (i.e., in an unrecognizable and shortened form). For the purpose of tests, web analytics, and website optimization, no direct data such as your name, age, address, or email address is stored. If such data is collected, it is stored in pseudonymized form. This means you cannot be identified as a person.
The following example schematically illustrates the functioning of Google Analytics as an example of client-based web tracking using JavaScript code.
How long data is stored depends on the provider. Some cookies store data only for a few minutes or until you leave the website, while other cookies can store data for several years.
Duration of data processing
We will provide information on the duration of data processing further below, if additional information is available. As a general rule, we process personal data only for as long as necessary for the provision of our services and products. If legally required, for example in the case of accounting, this storage period may be exceeded.
Right to object
You have the right and the option at any time to withdraw your consent to the use of cookies and/or third-party providers. This can be done via our cookie management tool or other opt-out functions. For example, you can prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.
Legal basis
The use of web analytics requires your consent, which we obtained via our cookie popup. This consent constitutes the legal basis pursuant to Art. 6(1)(a) GDPR (consent) for the processing of personal data as may occur when using web analytics tools.
In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thereby improving our offering technically and economically. With the help of web analytics, we can detect website errors, identify attacks, and improve economic efficiency. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). However, we only use these tools if you have given consent.
Since web analytics tools use cookies, we also recommend reading our general privacy policy section on cookies. To learn which data is stored and processed about you in detail, you should review the privacy policies of the respective tools.
Information on specific web analytics tools can be found in the following sections, if available.
Google Analytics Privacy Policy
Google Analytics Privacy Policy Summary
👤Affected persons: visitors to the website
🤝 Purpose: evaluation of visitor information to optimize the website offering
📓Processed data: access statistics containing data such as locations of accesses, device data, access duration and time, navigation behavior and click behavior. More details can be found further below in this privacy policy.
📅 Storage period: individually configurable; by default, Google Analytics 4 stores data for 14 months
⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What is Google Analytics?
We use the analytics tracking tool Google Analytics, in the version Google Analytics 4 (GA4), provided by the American company Google Inc. For the European Economic Area, the company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.
Google Analytics collects data about your actions on our website. By combining various technologies such as cookies, device IDs, and login information, you may be identified as a user across multiple devices. This means your actions can also be analyzed across different platforms.
For example, when you click on a link, this event is stored in a cookie and transmitted to Google Analytics. Using the reports we receive from Google Analytics, we can better adapt our website and services to your needs. In the following sections, we provide further information about the tracking tool, including which data is processed and how you can prevent this.
Google Analytics is a tracking tool used to analyze the traffic on our website. The basis for these measurements and analyses is a pseudonymous user identification number. This number does not contain personal data such as name or address, but is used to assign events to a device.
GA4 uses an event-based model, collecting detailed information on user interactions such as page views, clicks, scrolling, and conversion events. In addition, GA4 includes machine learning features that help interpret user behavior and certain trends more effectively. GA4 uses modeling based on the collected data, meaning missing data can be estimated in order to optimize analysis and produce forecasts.
To ensure Google Analytics functions properly, a tracking code is integrated into the code of our website. When you visit our website, this code records various events you perform on our website.
With GA4’s event-based data model, we as the website operator can define and track specific events in order to obtain analyses of user interactions. This means that, in addition to general information such as clicks or page views, specific events relevant to our business can also be tracked. Such events may include, for example, submitting a contact form or purchasing a product.
As soon as you leave our website, this data is transmitted to Google Analytics servers and stored there.
Google processes the data and provides us with reports about your user behavior. These may include, among others, the following reports:
In addition, Google Analytics 4 offers functions such as:
Why do we use Google Analytics on our website?
Our goal is to offer you the best possible service. The statistics and data from Google Analytics help us achieve this.
The aggregated statistics show strengths and weaknesses of our website. This allows us to optimize our website so it can be found more easily via Google and helps us better understand visitors. We can determine what needs improvement to provide the best service. The data also helps us optimize marketing and advertising measures and show our offers only to people who are likely to be interested.
Which data is stored by Google Analytics?
Google Analytics uses a tracking code to create a random, unique ID linked to your browser cookie. This allows Google Analytics to recognize you as a new user and assign a user ID. The next time you visit, you are recognized as a “returning” user. All data collected is stored together with this user ID, enabling pseudonymous user profiles.
To analyze our website, a property ID must be included in the tracking code. The data is stored in the corresponding property. Each new property uses Google Analytics 4 by default, and retention depends on the property settings.
Your interactions (if you have consented) may be measured across platforms using identifiers such as cookies, app instance IDs, user IDs or custom parameters.
Interactions include all types of actions you perform on our website. If you use other Google systems (such as a Google account), Google Analytics data may be linked with third-party cookies. Google does not share Google Analytics data unless we approve it, except if required by law.
According to Google, Google Analytics 4 does not log or store IP addresses. Google uses IP address data to derive location data and deletes the IP data immediately afterwards. All IP addresses collected from users in the EU are deleted before being stored in a data center or on a server.
Since GA4 focuses on event-based data, it uses significantly fewer cookies than previous versions. Nevertheless, some cookies used by GA4 include:
Name: _ga
Value: 2.1326744211.152122688162-5
Purpose: used to store the user ID and distinguish visitors.
Expiration: 2 years
Name: _gid
Value: 2.1687193234.152122688162-1
Purpose: distinguishes visitors.
Expiration: 24 hours
Name: gat_gtag_UA<property-id>
Value: 1
Purpose: reduces request rate.
Expiration: 1 minute
Note: This list is not necessarily complete. Google may change cookies at any time. GA4 aims to improve privacy and offers options to control data collection, such as retention settings.
Overview of types of data collected
Heatmaps: show which areas you click, providing insights into user movement.
Session duration: time spent on our website; a session ends automatically after 20 minutes of inactivity.
Bounce rate: when you view only one page and then leave the website.
Account creation: when you create an account or place an order.
Location: location data derived from IP addresses (IP is not logged or stored).
Technical information: browser type, ISP, screen resolution, etc.
Source of origin: which website or ad brought you to our website.
Other data may include contact data, reviews, playing of media, sharing content via social media, or adding items to favorites. This list is not exhaustive.
How long and where is the data stored?
Google has servers distributed worldwide. You can read where Google data centers are located at:
https://www.google.com/about/datacenters/locations/?hl=de
Your data is distributed across physical storage devices, which improves availability and protection against manipulation. Each Google data center has emergency programs in place. Even in the event of hardware failures or natural disasters, the risk of service disruption remains low.
Retention depends on the configured properties. Google Analytics offers four options:
There is also an option where data is deleted only if you do not return within the chosen time period; in that case, the retention period resets with each visit.
When the retention period expires, data is deleted once per month. This applies to data linked to cookies, user identifiers and advertising IDs.
Aggregated report results are stored independently of user data.
How can I delete my data or prevent storage?
Under EU data protection law, you have the right to access your data, update it, delete it or restrict processing.
You can use the browser add-on to disable Google Analytics JavaScript (analytics.js, gtag.js), preventing Google Analytics 4 from using your data. It can be downloaded here:
https://tools.google.com/dlpage/gaoptout?hl=de
Please note that this add-on only disables data collection by Google Analytics.
You can also manage, disable or delete cookies in your browser. Links to common browser instructions can be found in the “Cookies” section.
Legal basis
The use of Google Analytics requires your consent, which we obtained via our cookie popup. This consent constitutes the legal basis under Art. 6(1)(a) GDPR.
In addition, we have a legitimate interest in analyzing visitor behavior to improve our offering technically and economically. With Google Analytics we can recognize website errors, identify attacks and improve economic efficiency. The legal basis is Art. 6(1)(f) GDPR. We only use Google Analytics if you have consented.
Google processes data in the USA. Google is an active participant in the EU-US Data Privacy Framework. More information:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en
Google also uses Standard Contractual Clauses (Art. 46(2) and (3) GDPR). These ensure compliance with EU standards even if data is transferred to third countries such as the USA. Decision and SCCs:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
Google Ads data processing terms:
https://business.safety.google/intl/de/adsprocessorterms/
More information about Analytics:
https://marketingplatform.google.com/about/analytics/terms/de/
https://support.google.com/analytics/answer/6004245?hl=de
Google privacy policy:
https://policies.google.com/privacy?hl=de
Data Processing Agreement (DPA) Google Analytics
We have concluded a data processing agreement with Google pursuant to Art. 28 GDPR.
This contract is legally required because Google processes personal data on our behalf. It clarifies that Google may only process data according to our instructions and must comply with GDPR.
Link:
https://business.safety.google/intl/de/adsprocessorterms/
Google Analytics Reports on Demographics and Interests
We have enabled advertising reporting functions in Google Analytics. These reports contain information on age, gender and interests. This gives us a better picture of our users without being able to assign the data to individual persons.
More information:
https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad
You can stop the use of your Google account activity data under “Ad settings”:
https://adssettings.google.com/authenticated
Google Analytics in consent mode
Depending on your consent, personal data is processed by Google Analytics in so-called consent mode. You can decide whether you want to accept Google Analytics cookies. This determines which data Google Analytics may process. The collected data is used primarily to measure user behavior, deliver targeted advertising and provide us with analysis reports. Usually you consent via a cookie consent tool. If you do not consent, only aggregated data is collected, meaning no user profile is created. You may also consent only to statistical measurement, in which case no personal data is processed for advertising or ad performance measurement.
Google Analytics IP anonymization
We have implemented IP anonymization for Google Analytics on this website. This function ensures compliance with applicable data protection requirements and recommendations of local data protection authorities, especially where storing full IP addresses is prohibited. The anonymization/masking of the IP address occurs as soon as the IP reaches the Google Analytics data collection network, before storage or processing.
More information:
https://support.google.com/analytics/answer/2763052?hl=de
Google Site Kit Privacy Policy
Google Site Kit Privacy Policy Summary
👤Affected persons: visitors to the website
🤝 Purpose: evaluation of visitor information to optimize the website offering
📘 Processed data: access statistics containing data such as locations of access, device data, access duration and time, navigation behavior, click behavior and IP addresses. More details can be found below and in the Google Analytics privacy policy.
📅 Storage period: depends on the properties used
⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What is Google Site Kit?
We have integrated the WordPress plugin Google Site Kit by Google Inc. into our website. For Europe, Google Ireland Limited is responsible.Google Site Kit allows us to view statistics from Google products such as Google Analytics directly in the WordPress dashboard. The tool and integrated services may also collect personal data. In this privacy policy we explain why we use it, how long and where data is stored and which other privacy texts are relevant.
Google Site Kit can link Google Search Console, PageSpeed Insights, Google AdSense, Google Optimize and Google Tag Manager.
Why do we use Google Site Kit?
Our goal is to provide the best possible experience. Statistics help us understand users better and adjust our offering. Site Kit simplifies this because we can view and analyze the data directly in the dashboard without logging into each tool separately.
Which data is stored?
If you have consented to tracking tools via the cookie notice, Google services (e.g., Analytics) set cookies and send data about your behavior to Google.
For more detailed information about the individual services, we have dedicated sections in this privacy policy. For example, please refer to our privacy policy on Google Analytics. There, we explain in detail which data is collected. You will learn how long Google Analytics stores, manages and processes data, which cookies may be used, and how you can prevent data storage. We also provide separate privacy policies with comprehensive information for other Google services such as Google Tag Manager or Google AdSense.
Below, we show examples of Google Analytics cookies that may be set in your browser, provided you have generally consented to data processing by Google. Please note that these cookies are only a selection:
Name: _ga
Value: 2.1326744211.152122688162-2
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. In general, it is used to distinguish website visitors.
Expiration: after 2 years
Name: _gid
Value: 2.1687193234.152122688162-7
Purpose: This cookie is also used to distinguish website visitors.
Expiration: after 24 hours
Name: gat_gtag_UA<property-id>
Value: 1
Purpose: This cookie is used to reduce the request rate.
Expiration: after 1 minute
How long and where is data stored?
Google stores data on servers worldwide, most in the USA. Locations:
https://www.google.com/about/datacenters/locations/?hl=de
Analytics data is typically stored for 26 months, then deleted.
How can I delete or prevent storage?
You can always request access, deletion, correction or restriction. You can disable cookies in your browser.
Legal basis
The use of Google Site Kit requires your consent, which we have obtained via our cookie popup. According to Art. 6(1)(a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when data is collected by web analytics tools.
In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors in order to improve our services from both a technical and an economic perspective. With the help of Google Site Kit, we can detect website errors, identify attacks, and improve efficiency. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). However, we only use Google Site Kit if you have given your consent.
Google processes your data, among other things, in the United States. Google is an active participant in the EU–US Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the United States. More information can be found here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Google uses so-called Standard Contractual Clauses (Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are template agreements provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the United States) and stored there. Through the EU–US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the United States. These clauses are based on an implementing decision of the European Commission. You can find the decision and the relevant Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at: https://business.safety.google/intl/de/adsprocessorterms/.
To learn more about how Google processes data, we recommend reviewing Google’s comprehensive privacy policy at: https://policies.google.com/privacy?hl=de.
Email Marketing Introduction
Email Marketing Summary
👤 Affected persons: newsletter subscribers
🤝 Purpose: direct marketing via email, notification about system-relevant events
📘 Processed data: entered registration data, at minimum the email address. More details depend on the email marketing tool used.
📅 Storage period: duration of the subscription
⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What is email marketing?
To keep you informed, we use email marketing. If you have agreed to receive emails/newsletters, your data will be processed and stored.
Email marketing is part of online marketing. News or information about a company, products or services are sent by email to a group of people interested in them.
Newsletter registration usually only requires an email address. Sometimes we may also request salutation and name.
Newsletter sign-up typically uses the double opt-in procedure. You receive a confirmation email. This ensures that the email address belongs to you. We or a notification tool logs each registration to prove legal compliance, including registration time, confirmation time and IP address. Changes to stored data are also logged.
Why do we use email marketing?
We want to stay in contact and share important news. We use newsletters as a key part of online marketing. We aim to send only relevant information (company updates, products, actions). We may use professional sending providers for secure delivery. The purpose is to inform you and support business objectives.
Which data is processed?
When you subscribe, we store IP address and email address, and potentially salutation, name, address and phone number (only with your consent). Data marked as required is necessary for participation; other fields are voluntary.
We also record your consent to prove compliance.
Duration of processing
If you unsubscribe, we may store your address for up to 3 years based on legitimate interests to prove the prior consent. We process this only if needed to defend against claims.
You can request deletion at any time. If you object permanently, we may store your email address in a block list. Otherwise, we keep your address while you are subscribed.
Right to object
You can cancel the subscription at any time by withdrawing consent. Usually there is an unsubscribe link in every email. If not, contact us and we will unsubscribe you immediately.
Legal basis
Das Versenden unseres Newsletters erfolgt auf Grundlage Ihrer Einwilligung (Artikel 6 Abs. 1 lit. a DSGVO). Das heißt, wir dürfen Ihnen nur dann einen Newsletter schicken, wenn Sie sich zuvor aktiv dafür angemeldet haben. Gegebenenfalls können wir Ihnen auch Werbenachrichten senden, sofern Sie unser Kunde geworden sind und der Verwendung Ihrer E-Mailadresse für Direktwerbung nicht widersprochen haben.
Informationen zu speziellen E-Mail-Marketing Diensten und wie diese personenbezogene Daten verarbeiten, erfahren Sie – sofern vorhanden – in den folgenden Abschnitten.
Social Media Introduction
Social Media Privacy Policy Summary
👤 Affected persons: visitors to the website
🤝 Purpose: presentation and optimization of our services, contact with visitors/interested parties, advertising
📘 Processed data: e.g., phone numbers, email addresses, contact data, user behavior, device information, IP address. More details depend on the platform used.
📅 Storage period: depends on the social media platform
⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What is social media?
In addition to our website, we are active on various social media platforms. Data may be processed to address users interested in us. Social media elements may also be embedded in our website, such as social buttons linking to our profiles. Social media includes websites and apps where registered members create content, share content openly or in groups, and network.
Why do we use social media?
For years, social media platforms have been the place where people communicate online and stay in touch. Through our social media presence, we can introduce our products and services to interested parties. The social media elements integrated into our website help you access our social media content quickly and without complications.
The data stored and processed through your use of a social media channel is primarily used to carry out web analytics. The goal of these analyses is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the evaluated data can be used to draw conclusions about your interests and to create so-called user profiles. This also enables the platforms to show you tailored advertisements. In most cases, cookies are placed in your browser for this purpose, storing data about your usage behavior.
As a rule, we assume that we remain responsible under data protection law even when using services provided by a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. Where this applies, we will explicitly point this out and operate on the basis of a corresponding agreement. The key points of this agreement are then described further below for the relevant platform.
Please note that when using social media platforms or our embedded elements, your data may also be processed outside the European Union, as many social media channels—such as Facebook or Twitter—are American companies. As a result, it may be more difficult for you to assert or enforce your rights regarding your personal data.
Which data is processed?
The exact data that is stored and processed depends on the respective provider of the social media platform. However, it usually includes data such as phone numbers, email addresses, data you enter into a contact form, usage data such as which buttons you click, what you like or follow, which pages you have visited and when, information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have your own profile on the social media channel you visit and you are logged in, the data may be linked to your profile.
All data collected via a social media platform is also stored on the providers’ servers. This means that only the providers have access to the data and can provide you with the relevant information or make changes.
If you want to know exactly which data is stored and processed by social media providers and how you can object to the processing, you should carefully read the respective company’s privacy policy. If you have questions about data storage and processing or want to exercise your rights, we recommend contacting the provider directly.
Duration of processing
We provide details below if available. Platforms may store data until no longer needed. For example, Facebook may delete customer data matched with user data within two days. In general we process data only as long as necessary; legal obligations may extend retention.
Right to object
You have the right and the option at any time to withdraw your consent to the use of cookies or third-party providers, such as embedded social media elements. This can be done either via our cookie management tool or through other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling, or deleting cookies in your browser.
Since social media tools may use cookies, we also recommend that you read our general privacy policy regarding cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.
Legal basis
If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for the data processing (Art. 6 para. 1 lit. a GDPR). In general, if consent has been given, your data may also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in maintaining fast and effective communication with you or with other customers and business partners. However, we only use these tools to the extent that you have provided your consent.
Most social media platforms also place cookies in your browser in order to store data. For this reason, we recommend that you read our privacy policy section on cookies carefully and consult the privacy policy or cookie policy of the respective service provider.
Information on specific social media platforms can be found—if applicable—in the following sections.
Cookie Consent Management Platform Introduction
CMP Summary
👤 Affected persons: website visitors
🤝 Purpose: obtaining and managing consent for certain cookies/tools
📘 Processed data: settings administration such as IP address, time of consent, type of consent, individual consents.
📅 Storage period: depends on the tool; could be several years
⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What is a Cookie Consent Management Platform?
We use a Consent Management Platform (CMP) software on our website that makes it easier for us and for you to handle the scripts and cookies used in a correct and secure manner. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides you with the cookie consent required under data protection law, and helps us and you keep track of all cookies. With most cookie consent management tools, all existing cookies are identified and categorized. You, as a website visitor, then decide for yourself whether and which scripts and cookies you allow or do not allow. The following graphic shows the relationship between the browser, web server and CMP.
Why do we use a cookie management tool?
Our goal is to provide you with the greatest possible transparency in the area of data protection. In addition, we are legally obliged to do so. We want to inform you as well as possible about all tools and all cookies that can store and process data from you. It is also your right to decide for yourself which cookies you accept and which you do not. In order to grant you this right, we first need to know exactly which cookies have ended up on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we are aware of all cookies and can provide you with information about them in compliance with the GDPR. You can then accept or reject cookies via the consent system.
Which data is processed?
As part of our cookie management tool, you can manage each individual cookie yourself and have full control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to ask you again each time you visit our website and so that we can also prove your consent if legally required. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent varies. In most cases, this data (such as a pseudonymous user ID, time of consent, detailed information about cookie categories or tools, browser, device information) is stored for up to two years.
Duration of data processing
We will inform you further below about the duration of the data processing, provided we have further information about it. In general, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, others can be stored in your browser for several years. The exact duration of data processing depends on the tool used; in most cases, you should expect a storage period of several years. In the respective privacy policies of the individual providers, you will generally find precise information about the duration of data processing.
Right to object
You also have the right and the possibility at any time to revoke your consent to the use of cookies. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent the collection of data by cookies by managing, deactivating or deleting cookies in your browser.
Information on specific cookie management tools can be found – if available – in the following sections.
Legal basis
If you consent to cookies, personal data from you will be processed and stored via these cookies. If we are allowed to use cookies on the basis of your consent (Article 6 para. 1 lit. a GDPR), this consent is also at the same time the legal basis for the use of cookies and/or the processing of your data. In order to manage cookie consent and enable you to give consent, cookie consent management platform software is used. The use of this software enables us to operate the website efficiently and in compliance with the law, which constitutes a legitimate interest (Article 6 para. 1 lit. f GDPR).
BorlabsCookie Privacy Policy
We use BorlabsCookie on our website, which is, among other things, a tool for storing your cookie consent. The service provider is the German company Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany. You can find out more about the data processed through the use of BorlabsCookie in the privacy policy at https://de.borlabs.io/datenschutz/.
Security & Anti-Spam
Security & Anti-Spam Privacy Policy Summary
👤 Affected persons: Visitors to the website
🤝 Purpose: Cybersecurity
📘 Processed data: Data such as your IP address, name or technical data such as browser version
More details can be found further below and in the individual privacy texts.
📅 Storage duration: Most data is stored until it is no longer required to fulfill the service
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)
What is security and anti-spam software?
With so-called security and anti-spam software, you and we can protect ourselves from various spam or phishing emails and possible other cyberattacks. Spam refers to advertising emails from mass mailings that one did not request. Such emails are also called data garbage and can also cause costs. Phishing emails, on the other hand, are messages that aim to build trust through fake messages or websites in order to obtain personal data. Anti-spam software generally protects against unwanted spam messages or malicious emails that could, for example, introduce viruses into our system. We also use general firewall and security systems that protect our computers from unwanted network attacks.
Why do we use security and anti-spam software?
We place a particularly high value on security on our website. After all, it is not only about our security, but above all about your security. Unfortunately, cyber threats have now become part of everyday life in the world of IT and the internet. Hackers often try to steal personal data from an IT system by means of a cyberattack. And therefore a good defense system is absolutely necessary. A security system monitors all incoming and outgoing connections to our network and/or computer. In order to achieve even greater security against cyberattacks, we use additional external security services in addition to the standardized security systems on our computer. Unauthorized data traffic is thereby better prevented and we thus protect ourselves from cybercrime.
Which data is processed by security and anti-spam software?
Which data is exactly collected and stored depends of course on the respective service. However, we always strive to use only programs that collect data very sparingly and/or only store data that is necessary for the fulfillment of the offered service. In principle, the service can store data such as name, address, IP address, email address and technical data such as browser type or browser version. Performance and log data may also be collected in order to detect possible incoming threats in good time. This data is processed within the scope of the services and in compliance with the applicable laws. This also includes the GDPR for US providers (via the standard contractual clauses). These security services in some cases also work with third-party providers who may store and/or process data under instruction and in accordance with the privacy policies and further security measures. Data storage usually takes place via cookies.
Duration of data processing
We will inform you below about the duration of the data processing, provided we have further information about it. For example, security programs store data until you or we revoke the data storage. In general, personal data is only stored for as long as it is absolutely necessary for the provision of the services. In many cases, unfortunately, we lack precise information from providers about the length of storage.
Right to object
You also have the right and the possibility at any time to revoke your consent to the use of cookies and/or third-party providers of security software. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent the collection of data by cookies by managing, deactivating or deleting cookies in your browser.
Since cookies may also be used with such security services, we also recommend our general privacy policy about cookies. In order to find out which data from you is exactly stored and processed, you should read the privacy policies of the respective tools.
Legal basis
We use the security services primarily on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) in having a good security system against various cyberattacks.
Certain processing operations, in particular the use of cookies as well as the use of security functions, require your consent. If you have consented that data from you may be processed and stored by embedded security services, this consent serves as the legal basis for the data processing (Art. 6 para. 1 lit. a GDPR). Most services we use place cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and consult the privacy policy or the cookie policy of the respective service provider.
Information on specific tools can be found – if available – in the following sections.
Google reCAPTCHA Privacy Policy
Google reCAPTCHA Privacy Policy Summary
👤 Affected persons: Visitors to the website
🤝 Purpose: Optimization of our service and protection against cyberattacks
📘Processed data: Data such as IP address, browser information, your operating system, limited location and usage data
More details can be found further below in this privacy policy.
📅 Storage duration: depends on the stored data
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)
What is reCAPTCHA?
Our top priority is to secure and protect our website for you and for us as best as possible. To ensure this, we use Google reCAPTCHA from Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA we can determine whether you are really a human being of flesh and blood and not a robot or other spam software. Spam refers to any unwanted information that reaches us electronically without being requested. With classic CAPTCHAs, you usually had to solve text or image puzzles for verification. With Google’s reCAPTCHA, we usually do not have to bother you with such puzzles. In most cases, it is sufficient for you to simply tick a checkbox and thereby confirm that you are not a bot. With the new Invisible reCAPTCHA version, you do not even have to tick a checkbox. How exactly this works and, above all, which data is used for it, you will learn in the course of this privacy policy.
reCAPTCHA is a free CAPTCHA service from Google that protects websites from spam software and misuse by non-human visitors. This service is most often used when you fill out forms on the internet. A CAPTCHA service is a kind of automated Turing test intended to ensure that an action on the internet is performed by a human and not by a bot. In the classic Turing test (named after the computer scientist Alan Turing), a human determines the difference between a bot and a human. In the case of CAPTCHAs, this is done by the computer or software program. Classic CAPTCHAs work with small tasks that are easy for humans to solve but pose significant difficulties for machines. With reCAPTCHA you do not have to actively solve puzzles anymore. The tool uses modern risk techniques to distinguish humans from bots. Here you only have to tick the text field “I’m not a robot” or, in the case of Invisible reCAPTCHA, even that is no longer necessary. With reCAPTCHA, a JavaScript element is embedded into the source code and the tool then runs in the background and analyzes your user behavior. From these user actions, the software calculates a so-called CAPTCHA score. Google uses this score to calculate, even before the CAPTCHA input, how likely it is that you are a human. reCAPTCHA or CAPTCHAs in general are always used when bots could manipulate or misuse certain actions (such as registrations, surveys, etc.).
Why do we use reCAPTCHA on our website?
We want to welcome only real human beings on our website. Bots or spam software of all kinds should simply stay at home. Therefore, we do everything we can to protect ourselves and provide you with the best possible user experience. For this reason, we use Google reCAPTCHA from Google. This gives us a fairly high certainty that we remain a “bot-free” website. By using reCAPTCHA, data is transmitted to Google in order to determine whether you really are a human. reCAPTCHA therefore serves the security of our website and, as a result, also your security. For example, without reCAPTCHA it could happen that a bot registers as many email addresses as possible during registration, and then “spams” forums or blogs with unwanted advertising content. With reCAPTCHA, we can avoid such bot attacks.
What data is stored by reCAPTCHA?
reCAPTCHA collects personal data from users in order to determine whether actions on our website actually come from humans. This means it may send the IP address and other data that Google requires for the reCAPTCHA service to Google. IP addresses within the member states of the EU or other contracting states of the Agreement on the European Economic Area are almost always truncated beforehand, before the data ends up on a server in the USA. The IP address is not combined with other Google data unless you are logged into your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed in your browser. Afterwards, reCAPTCHA sets an additional cookie in your browser and records a snapshot of your browser window.
The following list of collected browser and user data does not claim to be complete. Rather, it is an example of data that, according to our knowledge, is processed by Google.
It is undisputed that Google uses and analyzes this data even before you click the checkbox “I’m not a robot”. With the Invisible reCAPTCHA version, even ticking the box is no longer required and the entire recognition process runs in the background. How much and which data Google stores exactly is not disclosed in detail by Google.
The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo. All of these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:
Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-122688162-8
Purpose: This cookie is set by the company DoubleClick (also belongs to Google) to register and report a user’s actions on the website in dealing with advertisements. This allows the advertising effectiveness to be measured and corresponding optimization measures to be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiration date: after one year
Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects statistics about website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to show users relevant advertising. Furthermore, it can be used to prevent a user from seeing the same ad more than once.
Expiration date: after one month
Name: ANID
Value: U7j1v3dZa1226881620xgZFmiqWppRWKOr
Purpose: We were not able to find out much information about this cookie. In Google’s privacy policy, the cookie is mentioned in connection with “advertising cookies” such as “DSID”, “FLC”, “AID”, “TAID”. ANID is stored under the domain google.com.
Expiration date: after 9 months
Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: This cookie stores the status of a user’s consent for the use of various Google services. CONSENT also serves security purposes, to verify users, prevent credential fraud, and protect user data from unauthorized attacks.
Expiration date: after 19 years
Name: NID
Value: 0WmuWqy122688162zILzqV_nmt3sDXwPeM5Q
Purpose: NID is used by Google to adapt advertising to your Google searches. With the help of the cookie, Google “remembers” your most frequently entered search queries or your previous interaction with ads. This allows you to receive tailored ads. The cookie contains a unique ID used by Google to collect user preferences for advertising purposes.
Expiration date: after 6 months
Name: DV
Value: gEAABBCjJMXcI0dSAAAANbqc122688162-4
Purpose: As soon as you have ticked the “I’m not a robot” checkbox, this cookie is set. The cookie is used by Google Analytics for personalized advertising. DV collects information in anonymized form and is also used to differentiate users.
Expiration date: after 10 minutes
Note: This list cannot claim to be complete, since Google changes its choice of cookies from time to time.
How long and where is the data stored?
By integrating reCAPTCHA, data from you is transferred to Google’s servers. Google does not clearly disclose where exactly this data is stored, even after repeated inquiries. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on European or American Google servers. The IP address transmitted to Google by your browser is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plugin, the data will be merged. In that case, the differing privacy policies of Google apply.
How can I delete my data or prevent data storage?
If you do not want any data about you and your behavior to be transmitted to Google, you must completely log out of Google and delete all Google cookies before visiting our website or using reCAPTCHA. In principle, data is automatically transmitted to Google as soon as you access our site. To delete this data again, you must contact Google Support at https://support.google.com/?hl=de&tid=122688162.
By using our website, you agree that Google LLC and its representatives may automatically collect, process and use data.
Please note that by using this tool, data from you may also be stored and processed outside the EU. Most third countries (including the USA) are currently considered unsafe under European data protection law. Data must therefore not simply be transferred to unsafe third countries, stored and processed there unless suitable guarantees (such as EU standard contractual clauses) exist between us and the non-European service provider.
Legal basis
If you have consented to the use of Google reCAPTCHA, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent constitutes the legal basis for processing personal data such as may occur when collected through Google reCAPTCHA.
Additionally, we have a legitimate interest in using Google reCAPTCHA to optimize our online service and make it more secure. The corresponding legal basis is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only use Google reCAPTCHA if you have provided consent.
Google processes data from you, among other things, also in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Google also uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard contractual clauses (Standard Contractual Clauses – SCC) are template clauses provided by the EU Commission and are intended to ensure that your data meets European data protection standards even when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
You can learn a bit more about reCAPTCHA on Google’s web developer page at https://developers.google.com/recaptcha/. Google does describe the technical development of reCAPTCHA there, but detailed information about data storage and data protection topics is also hard to find there. A good overview of Google’s general use of data can be found in Google’s own privacy policy at https://policies.google.com/privacy.
Audio & Video Introduction
Audio & Video Privacy Policy Summary
👤 Affected persons: Visitors to the website
🤝 Purpose: Optimization of our service
📘 Processed data: Data such as contact details, user behavior data, information about your device and your IP address may be stored.
More details can be found further below in the corresponding privacy texts.
📅 Storage duration: Data is generally stored as long as necessary for the service purpose
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)
What are audio and video elements?
We have embedded audio and/or video elements on our website so that you can directly view videos or listen to music/podcasts via our website. The content is provided by service providers. This means all content is also obtained from the providers’ servers.
These are embedded functional elements from platforms such as YouTube, Vimeo or Spotify. The use of these portals is generally free, but paid content can also be published. With the help of these embedded elements, you can listen to or view the respective content via our website.
If you use audio or video elements on our website, personal data from you may also be transmitted to the service providers, processed and stored.
Why do we use audio and video elements on our website?
Of course, we want to provide you with the best offering on our website. And we are aware that content is no longer conveyed solely through text and static images. Instead of simply giving you a link to a video, we offer you audio and video formats directly on our website that are entertaining or informative and ideally both. This expands our service and makes it easier for you to access interesting content. Accordingly, alongside our texts and images, we also provide video and/or audio content.
Which data is stored through audio and video elements?
When you access a page on our website that contains, for example, an embedded video, your server connects to the service provider’s server. In doing so, data from you is transmitted to the third-party provider and stored there. Some data is collected and stored completely independently of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system, and other general information about your device. Furthermore, most providers also obtain information about your web activity. This includes, for example, session duration, bounce rate, which button you clicked, or via which website you use the service. All this information is usually stored via cookies or pixel tags (also called web beacons). Pseudonymized data is usually stored in cookies in your browser. You can always find out exactly which data is stored and processed in the privacy policy of the respective provider.
Duration of data processing
How long the data is stored on the third-party providers’ servers can be found either further below in the privacy text of the respective tool or in the provider’s privacy policy. In principle, personal data is always processed only as long as necessary for the provision of our services or products. This generally also applies to third-party providers. Usually, you can assume that certain data is stored for several years on the servers of third-party providers. Data can be stored for different periods, especially in cookies. Some cookies are deleted immediately after leaving the website, others can remain stored in your browser for several years.
Right to object
You also have the right and the possibility at any time to revoke your consent to the use of cookies or third-party providers. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent the collection of data by cookies by managing, deactivating or deleting cookies in your browser. The lawfulness of processing before revocation remains unaffected.
Since the embedded audio and video functions on our site often use cookies, you should also read our general privacy policy about cookies. The privacy policies of the respective third-party providers provide more detailed information about how your data is handled and stored.
Legal basis
If you have consented that data from you may be processed and stored by embedded audio and video elements, this consent is considered the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the embedded audio and video elements if you have given consent.
YouTube Privacy Policy
YouTube Privacy Policy Summary
👤 Affected persons: Visitors to the website
🤝 Purpose: Optimization of our service
📘 Processed data: Data such as contact details, user behavior data, information about your device and your IP address may be stored.
More details can be found further below in this privacy policy.
📅 Storage duration: Data is generally stored as long as necessary for the service purpose
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)
What is YouTube?
We have embedded YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you access a page on our website that has an embedded YouTube video, your browser automatically connects to the servers of YouTube or Google. In doing so (depending on settings), various data is transmitted. For all data processing within the European area, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible.
In the following, we want to explain in more detail which data is processed, why we have embedded YouTube videos, and how you can manage or delete your data.
Users can watch videos on YouTube for free, rate them, comment on them, and upload videos themselves. Over the years, YouTube has become one of the most important social media channels worldwide. In order for us to display videos on our website, YouTube provides a code snippet that we have integrated on our site.
Why do we use YouTube videos on our website?
YouTube is the video platform with the most visitors and the best content. We strive to provide you with the best possible user experience on our website. And of course, interesting videos should not be missing. With the help of our embedded videos, we provide you with additional helpful content alongside our texts and images. In addition, our website is easier to find on the Google search engine due to the embedded videos. Even if we run advertising via Google Ads, Google can, thanks to the collected data, show these ads only to people who are interested in our offerings.
What data is stored by YouTube?
As soon as you visit one of our pages that has an embedded YouTube video, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile with the help of cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet provider. Other data may include contact details, any ratings, sharing content via social media or adding it to your favorites on YouTube.
If you are not logged into a Google account or YouTube account, Google stores data with a unique identifier that is linked to your device, browser or app. For example, your preferred language setting is retained. However, many interaction data may not be stored because fewer cookies are set.
In the following list, we show cookies that were set in a browser test. We show cookies that are set without being logged into a YouTube account, and cookies that are set with a logged-in account. The list cannot claim to be complete, since user data always depends on interactions on YouTube.
Name: YSC
Value: b9-CV6ojI5Y122688162-1
Purpose: This cookie registers a unique ID to store statistics of the viewed video.
Expiration date: after the end of the session
Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics via PREF on how you use YouTube videos on our website.
Expiration date: after 8 months
Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices in order to track GPS location.
Expiration date: after 30 minutes
Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie attempts to estimate the user’s bandwidth on our websites (with embedded YouTube video).
Expiration date: after 8 months
Further cookies that are set when you are logged into your YouTube account:
Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7122688162-
Purpose: This cookie is used to create a profile of your interests. The data is used for personalized advertising.
Expiration date: after 2 years
Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: This cookie stores the status of a user’s consent to the use of various Google services. CONSENT also serves security purposes, to verify users and protect user data from unauthorized attacks.
Expiration date: after 19 years
Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile of your interests. This data helps to display personalized advertising.
Expiration date: after 2 years
Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Purpose: This cookie stores information about your login data.
Expiration date: after 2 years
Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and your device. It is used to create a profile of your interests.
Expiration date: after 2 years
Name: SID
Value: oQfNKjAsI122688162-
Purpose: This cookie stores your Google account ID and your last login time in digitally signed and encrypted form.
Expiration date: after 2 years
Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information on how you use the website and which advertising you may have seen before visiting our site.
Expiration date: after 3 months
How long and where is the data stored?
The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. At https://www.google.com/about/datacenters/locations/?hl=de you can see exactly where Google data centers are located. Your data is distributed across the servers. This allows faster access and provides better protection against manipulation.
Google stores the collected data for different periods of time. Some data you can delete at any time, other data is automatically deleted after a limited time, and yet other data is stored by Google for a longer period. Some data (such as elements from “My Activity”, photos or documents, products) that is stored in your Google account remains stored until you delete it. Even if you are not logged into a Google account, you can delete some data linked to your device, browser or app.
How can I delete my data or prevent data storage?
In principle, you can manually delete data in your Google account. With the automatic deletion function for location and activity data introduced in 2019, information is stored depending on your decision — either 3 or 18 months — and then deleted.
Regardless of whether you have a Google account or not, you can configure your browser so that cookies from Google are deleted or disabled. Depending on which browser you use, this works in different ways. In the “Cookies” section you will find links to the instructions for the most common browsers.
If you do not want cookies at all, you can set up your browser so that it always informs you when a cookie is about to be set. Then you can decide for each individual cookie whether you want to allow it or not.
Legal basis
If you have consented that data from you may be processed and stored by embedded YouTube elements, this consent is considered the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the embedded YouTube elements if you have given consent. YouTube also sets cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and consult the privacy policy or the cookie policy of the respective service provider.
YouTube processes data from you, among other things, also in the USA. YouTube and/or Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Google also uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard contractual clauses (Standard Contractual Clauses – SCC) are template clauses provided by the EU Commission and are intended to ensure that your data meets European data protection standards even when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about how your data is handled, we recommend the privacy policy at https://policies.google.com/privacy?hl=de.
YouTube Subscribe Button Privacy Policy
We have embedded the YouTube Subscribe button (English “Subscribe button”) on our website. You can usually recognize the button by the classic YouTube logo. The logo shows the words “Subscribe” or “YouTube” in white lettering on a red background and to the left of it the white “play symbol”. However, the button may also be displayed in a different design.
Our YouTube channel regularly offers funny, interesting or exciting videos. With the embedded “Subscribe button” you can subscribe to our channel directly from our website and do not have to open the YouTube website separately. We want to make access to our extensive content as easy as possible. Please note that YouTube may store and process data from you through this.
If you see an embedded subscribe button on our site, YouTube — according to Google — sets at least one cookie. This cookie stores your IP address and our URL. YouTube can also learn information about your browser, your approximate location and your preset language. In our test, the following four cookies were set without being logged into YouTube:
Name: YSC
Value: b9-CV6ojI5122688162Y
Purpose: This cookie registers a unique ID to store statistics of the viewed video.
Expiration date: after the end of the session
Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics via PREF on how you use YouTube videos on our website.
Expiration date: after 8 months
Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices in order to track GPS location.
Expiration date: after 30 minutes
Name: VISITOR_INFO1_LIVE
Value: 12268816295Chz8bagyU
Purpose: This cookie attempts to estimate the user’s bandwidth on our websites (with embedded YouTube video).
Expiration date: after 8 months
Note: These cookies were set after a test and cannot claim to be complete.
If you are logged into your YouTube account, YouTube can store many of your actions/interactions on our website with the help of cookies and assign them to your YouTube account. For example, YouTube receives information about how long you browse on our site, which browser type you use, which screen resolution you prefer or which actions you perform.
YouTube uses this data on the one hand to improve its own services and offers, and on the other hand to provide analyses and statistics for advertisers (who use Google Ads).
Web Design Introduction
Web Design Privacy Policy Summary
👤 Affected persons: Visitors to the website
🤝 Purpose: Improving the user experience
📘 Processed data: Which data is processed depends heavily on the services used. Usually it includes IP address, technical data, language settings, browser version, screen resolution and browser name. More details can be found with the respective web design tools used.
📅 Storage duration: depends on the tools used
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)
What is web design?
We use various tools on our website that serve our web design. Web design is not, as often assumed, only about making our website look pretty, but also about functionality and performance. Of course, an appealing appearance is also one of the major goals of professional web design. Web design is a sub-area of media design and deals with both the visual as well as the structural and functional design of a website. The aim is to improve your experience on our website with the help of web design. In web design jargon, this is referred to as user experience (UX) and usability. User experience includes all impressions and experiences that a website visitor has on a website. A sub-point of user experience is usability. This concerns the user-friendliness of a website. It focuses particularly on ensuring that content, subpages or products are clearly structured and that you can find what you are looking for easily and quickly. In order to offer you the best possible experience on our website, we also use so-called web design tools from third-party providers. The category “web design” in this privacy policy therefore includes all services that improve the design of our website. These may include fonts, various plugins or other embedded web design functions.
Why do we use web design tools?
How you absorb information on a website depends heavily on the structure, functionality and visual perception of the website. Therefore, good and professional web design has also become increasingly important for us. We are constantly working on improving our website and also consider this an extended service for you as a website visitor. Furthermore, a beautiful and well-functioning website also has economic advantages for us. Ultimately, you will only visit us and use our services if you feel completely comfortable.
Which data is stored by web design tools?
When you visit our website, web design elements may be embedded in our pages that can also process data. What kind of data this is depends heavily on the tools used. Further below you can see exactly which tools we use for our website. For more information about data processing, we also recommend reading the privacy policy of the respective tools used. In most cases, you will learn there which data is processed, whether cookies are used and how long the data is stored. Fonts such as Google Fonts, for example, automatically transmit information such as language settings, IP address, browser version, browser screen resolution and browser name to Google servers.
Duration of data processing
How long data is processed is very individual and depends on the web design elements used. If cookies are used, for example, the retention period may be only one minute or several years. Please inform yourself about this. For this purpose, we recommend both our general section on cookies and the privacy policies of the tools used. There you usually learn which cookies are used and what information is stored in them. Google Font files, for example, are stored for one year. This is intended to improve the loading time of a website. In general, data is only stored for as long as necessary to provide the service. If legally required, data may also be stored longer.
Right to object
You also have the right and the possibility at any time to revoke your consent to the use of cookies or third-party providers. This works either via our cookie management tool or via other opt-out functions. You can also prevent data collection via cookies by managing, deactivating or deleting cookies in your browser. Under web design elements (often in the case of fonts), there is also data that cannot be deleted quite so easily. This is the case when data is collected automatically directly when a page is accessed and transmitted to a third-party provider (such as Google). In that case, please contact the support of the respective provider. In the case of Google, you can reach support at https://support.google.com/?hl=de.
Legal basis
If you have consented that web design tools may be used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent constitutes the legal basis for processing personal data such as may occur through web design tools. In addition, we have a legitimate interest in improving the web design of our website. After all, we can only provide you with a beautiful and professional web offering if we do so. The corresponding legal basis is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only use web design tools if you have given consent. We definitely want to emphasize this again here.
Information on specific web design tools can be found – if available – in the following sections.
Font Awesome Privacy Policy
Font Awesome Privacy Policy Summary
👤 Affected persons: Visitors to the website
🤝 Purpose: Optimization of our service
📘 Processed data: e.g., IP address and which icon files are loaded
More details can be found further below in this privacy policy.
📅 Storage duration: Files in identifiable form are stored for a few weeks
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)
What is Font Awesome?
We use Font Awesome from the American company Fonticons (307 S. Main St., Suite 202, Bentonville, AR 72712, USA) on our website. When you access one of our web pages, the Font Awesome web font (specifically icons) is loaded via the Font Awesome Content Delivery Network (CDN). This ensures that texts/fonts and icons are displayed correctly on every device. In this privacy policy, we explain the storage and processing of data by this service in more detail.
Icons are becoming increasingly important for websites. Font Awesome is a web font specifically developed for web designers and web developers. With Font Awesome, icons can be scaled and colored as desired using the stylesheet language CSS. They replace old image icons. Font Awesome CDN is the easiest way to load icons or fonts onto your website. For this, we only needed to embed a small line of code into our website.
Why do we use Font Awesome on our website?
Font Awesome improves the presentation of content on our website. This makes it easier for you to navigate our website and to understand the content. With icons, it is sometimes possible to replace entire words and save space. This is especially practical when optimizing content for smartphones. These icons are inserted as HTML code rather than as images. This allows us to edit the icons with CSS as we wish. At the same time, we also improve our loading speed with Font Awesome because these are only HTML elements and not icon images. All these benefits help us make the website clearer, fresher and faster for you.
What data is stored by Font Awesome?
The Font Awesome Content Delivery Network (CDN) is used to load icons and symbols. CDNs are networks of servers distributed worldwide and make it possible to load files quickly from nearby. Thus, as soon as you access one of our pages, the corresponding icons are provided by Font Awesome.
In order for the web fonts to load, your browser must establish a connection to the servers of the company Fonticons, Inc. During this process, your IP address is recognized. Font Awesome also collects data about which icon files are downloaded and when. In addition, technical data such as your browser version, screen resolution or the time the accessed page was retrieved is transmitted.
This data is collected and stored for the following reasons:
If your browser does not allow web fonts, a standard font from your PC is automatically used. According to our current knowledge, no cookies are set. We are in contact with Font Awesome’s data protection department and will inform you as soon as we learn more.
How long and where is the data stored?
Font Awesome stores data about the use of the content delivery network on servers also in the United States of America. However, the CDN servers are located worldwide and store user data wherever you are located. In identifiable form, data is generally stored for only a few weeks. Aggregated statistics about CDN usage may be stored longer. Personal data is not included here.
How can I delete my data or prevent data storage?
According to the current state of our knowledge, Font Awesome does not store personal data via the content delivery networks. If you do not want data about the icons used to be stored, unfortunately you cannot visit our website. If your browser does not allow web fonts, no data is transmitted or stored. In that case, your computer’s standard font is simply used.
Legal basis
If you have consented that Font Awesome may be used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent constitutes the legal basis for processing personal data such as may occur through the collection via Font Awesome.
In addition, we have a legitimate interest in using Font Awesome to optimize our online service. The corresponding legal basis is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only use Font Awesome if you have provided consent.
We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. Data processing is essentially carried out by Font Awesome. This may result in data being processed and stored not in anonymized form. Furthermore, US authorities may have access to individual data. It may also happen that this data is linked to data from other Font Awesome services for which you have a user account.
If you want to learn more about Font Awesome and their handling of data, we recommend the privacy policy at https://fontawesome.com/privacy and the help page at https://fontawesome.com/support.
Google Fonts Local Privacy Policy
On our website we use Google Fonts from Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible. We have embedded the Google fonts locally, i.e., on our web server – not on Google’s servers. This means there is no connection to Google servers and therefore no data transfer or storage.
What are Google Fonts?
Google Fonts used to be called Google Web Fonts. This is an interactive directory with over 800 fonts that Google provides free of charge. With Google Fonts, you could use fonts without uploading them to your own server. However, in order to prevent any transfer of information to Google servers, we downloaded the fonts to our server. In this way, we act in compliance with data protection regulations and do not send any data to Google Fonts.
Online Map Services Introduction
Online Map Services Privacy Policy Summary
👤 Affected persons: Visitors to the website
🤝 Purpose: Improving the user experience
📘 Processed data: Which data is processed depends heavily on the services used. Usually it includes IP address, location data, search entries and/or technical data. More details can be found with the respective tools used.
📅 Storage duration: depends on the tools used
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)
What are online map services?
We use online map services on our website as an extended service. Google Maps is likely the service you are most familiar with, but there are also other providers specializing in the creation of digital maps. Such services make it possible to display locations, route plans or other geographic information directly via our website. By embedding a map service, you no longer have to leave our website to view, for example, the route to a location. To ensure the online map works on our website, map sections are embedded using HTML code. The services can then display road maps, the earth’s surface or aerial/satellite images. If you use the embedded map offering, data is also transmitted to the tool used and stored there. This data can also include personal data.
Why do we use online map services on our website?
Generally speaking, it is our intention to provide you with a pleasant time on our website. And your time is only pleasant if you can easily find your way around our website and quickly and easily find all the information you need. Therefore, we thought an online map system could significantly optimize our service on the website. Without leaving our website, you can easily view directions, locations or sights using the map system. It is also extremely practical that you can see at a glance where our company headquarters are located so that you can find us quickly and safely. As you can see, there are many advantages and we clearly consider online map services on our website to be part of our customer service.
What data is stored by online map services?
When you open a page on our website that has an embedded online map function, personal data may be transmitted to the respective service and stored there. Usually this includes your IP address, through which your approximate location can also be determined. In addition to the IP address, data such as entered search terms and longitude and latitude coordinates are stored. If you enter an address for route planning, this data is also stored. The data is not stored by us, but on the servers of the embedded tools. You can imagine it like this: you are on our website, but when you interact with a map service, that interaction actually takes place on their website. For the service to function properly, at least one cookie is generally set in your browser. Google Maps, for example, also uses cookies to record user behavior in order to optimize its own service and to run personalized advertising. You can learn more about cookies in our section “Cookies”.
How long and where is the data stored?
Each online map service processes user data differently. If we have further information, we will inform you about the duration of data processing further below in the relevant sections on the individual tools. In principle, personal data is always kept only as long as necessary for the provision of the service. Google Maps, for example, stores certain data for a defined period, while other data must be deleted by you yourself. Mapbox, for example, stores the IP address for 30 days and then deletes it. As you can see, each tool stores data for different durations. Therefore, we recommend that you review the privacy policies of the tools used carefully.
The providers also use cookies to store data about your user behavior with the map service. General information about cookies can be found in our “Cookies” section, but the privacy texts of the individual providers also explain which cookies may be used. Usually, however, these lists are only examples and are not complete.
Right to object
You always have the option and the right to access your personal data and to object to its use and processing. You can also revoke your consent at any time. As a rule, the easiest way is via the cookie consent tool. However, there are also other opt-out tools you can use. Any cookies set by the providers can also be managed, deleted or disabled by you yourself with just a few clicks. It may then happen that some functions of the service no longer work as usual. How you manage cookies in your browser depends on the browser you use. In the “Cookies” section you will also find links to the instructions for the most important browsers.
Legal basis
If you have consented that an online map service may be used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent constitutes the legal basis for the processing of personal data such as may occur through the collection by an online map service.
We also have a legitimate interest in using an online map service to optimize our service on our website. The corresponding legal basis is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only ever use an online map service if you have provided consent. We want to explicitly emphasize this again here.
Information on specific online map services can be found – if available – in the following sections.
Google Maps Privacy Policy
Google Maps Privacy Policy Summary
👤 Affected persons: Visitors to the website
🤝 Purpose: Optimization of our service
📘 Processed data: Data such as entered search terms, your IP address and also latitude and longitude coordinates.
More details can be found further below in this privacy policy.
📅 Storage duration: depends on the stored data
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)
What is Google Maps?
We use Google Maps from Google Inc. on our website. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Maps, we can show you locations better and thus tailor our service to your needs. By using Google Maps, data is transmitted to Google and stored on Google servers. Here we now want to explain in more detail what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.
Google Maps is an internet mapping service from Google. With Google Maps you can search for exact locations of cities, sights, accommodations or companies online via a PC, a tablet or an app. If companies are represented on Google My Business, additional information about the company is displayed alongside the location. In order to show directions, map sections of a location can be embedded into a website using HTML code. Google Maps displays the earth’s surface as a street map or as aerial/satellite imagery. Thanks to Street View images and high-quality satellite imagery, very detailed representations are possible.
Why do we use Google Maps on our website?
All our efforts on this site pursue the goal of providing you with a useful and meaningful time on our website. By integrating Google Maps, we can provide you with key information about various locations. You can see at a glance where our company headquarters is located. The directions always show you the best and fastest route to us. You can access directions for routes by car, public transportation, on foot or by bike. For us, providing Google Maps is part of our customer service.
What data is stored by Google Maps?
In order for Google Maps to fully provide its service, the company must collect and store data from you. This includes, among other things, entered search terms, your IP address and also latitude and longitude coordinates. If you use the route planner function, the entered start address is also stored. However, this data storage takes place on Google Maps’ websites. We can only inform you about this, but have no influence over it. Since we have embedded Google Maps into our website, Google sets at least one cookie (Name: NID) in your browser. This cookie stores data about your user behavior. Google uses this data primarily to optimize its own services and to provide you with individualized, personalized advertising.
The following cookie is set in your browser due to the integration of Google Maps:
Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ122688162-5
Purpose: NID is used by Google to adapt advertising to your Google searches. With the help of the cookie, Google “remembers” your most frequently entered search queries or your previous interaction with ads. This allows you to receive tailored ads. The cookie contains a unique ID that Google uses to collect your personal settings for advertising purposes.
Expiration date: after 6 months
Note: We cannot guarantee completeness regarding the stored data. Particularly with cookies, changes can never be ruled out. To identify the NID cookie, a separate test page was created that contained only Google Maps.
How long and where is the data stored?
Google’s servers are located in data centers around the world. However, most servers are located in America. For this reason, your data is increasingly stored in the USA. Here you can read exactly where Google data centers are located: https://www.google.com/about/datacenters/locations/?hl=de
Google distributes the data across different storage media. This makes the data faster to access and protects it from possible manipulation attempts. Each data center also has special emergency programs. For example, if there are issues with Google hardware or a natural disaster disables servers, the data remains protected with high probability.
Google stores some data for a defined period of time. For other data, Google only offers the option to delete it manually. Furthermore, Google also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months.
How can I delete my data or prevent data storage?
With the automatic deletion function for location and activity data introduced in 2019, information on location determination and web/app activity is stored depending on your decision — either 3 or 18 months — and then deleted. In addition, this data can also be manually deleted from the history via your Google account at any time. If you want to completely prevent location tracking, you must pause the category “Web & App Activity” in your Google account. Click “Data & Personalization” and then select “Activity controls”. Here you can turn activities on or off.
In your browser, you can also disable, delete or manage individual cookies. Depending on which browser you use, this works differently. In the “Cookies” section you will find the relevant links to the instructions for the most common browsers.
If you do not want cookies at all, you can set up your browser so that it always informs you when a cookie is about to be set. Then you can decide for each individual cookie whether you want to allow it or not.
Legal basis
If you have consented that Google Maps may be used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent constitutes the legal basis for processing personal data such as may occur through the collection by Google Maps.
In addition, we have a legitimate interest in using Google Maps to optimize our online service. The corresponding legal basis is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only use Google Maps if you have given consent.
Google processes data from you, among other things, also in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Google also uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard contractual clauses (Standard Contractual Clauses – SCC) are template clauses provided by the EU Commission and are intended to ensure that your data meets European data protection standards even when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
If you want to learn more about Google’s data processing, we recommend Google’s own privacy policy at https://policies.google.com/privacy?hl=de.
Miscellaneous Introduction
Miscellaneous Privacy Policy Summary
👤 Affected persons: Visitors to the website
🤝 Purpose: Improving the user experience
📘 Processed data: Which data is processed depends heavily on the services used. Usually it includes IP address and/or technical data. More details can be found with the respective tools used.
📅 Storage duration: depends on the tools used
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)
What falls under “Miscellaneous”?
The category “Miscellaneous” includes those services that do not fit into any of the categories mentioned above. These are generally various plugins and embedded elements that improve our website. In most cases, these functions are obtained from third-party providers and integrated into our website. These may include, for example, web search services such as Algolia Place, Giphy, Programmable Search Engine or online services for weather data such as OpenWeather.
Why do we use additional third-party providers?
We want to offer you the best web service in our industry. A website has long since stopped being merely a company’s business card. Rather, it is a place designed to help you find what you are looking for. In order to make our website even more interesting and helpful for you, we use various third-party services.
What data is processed?
Whenever elements are embedded into our website, your IP address is transmitted to the respective provider, stored and processed there. This is necessary because otherwise the content cannot be delivered to your browser and therefore cannot be displayed accordingly. It may also happen that service providers use pixel tags or web beacons. These are small graphics on websites that record a log file and also create analyses of that file. Using the obtained information, providers can improve their own marketing measures. In addition to pixel tags, such information (such as which button you click or when you access which page) can also be stored in cookies. These can contain not only analysis data about your web behavior but also technical information such as browser type or operating system. Some providers may also link the obtained data with other internal services or third-party providers. Each provider handles your data differently. Therefore, we recommend carefully reading the privacy policies of the respective services. We generally strive to use only services that handle data protection very cautiously.
Duration of data processing
We will inform you further below about the duration of data processing, provided we have further information about it. Generally, we only process personal data for as long as absolutely necessary to provide our services and products.
Legal basis
If we ask you for your consent and you also consent that we may use the service, this is considered the legal basis for processing your data (Art. 6 para. 1 lit. a GDPR). In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only use the tools if you have provided consent.
Information on the specific tools can be found – if available – in the following sections.
Explanation of terms used
We always strive to write our privacy policy as clearly and understandably as possible. Especially for technical and legal topics, however, this is not always easy. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). However, we do not want to use them without explanation. Below you will find an alphabetical list of important terms used that we may not have sufficiently addressed in the privacy policy so far. If these terms come from the GDPR and are definitions, we will also include the GDPR texts here and add our own explanations if necessary.
Supervisory Authority
Definition under Article 4 of the GDPR
For the purposes of this Regulation, the term:
“supervisory authority” means an independent public authority established by a Member State pursuant to Article 51;
Explanation: Supervisory authorities are always governmental, independent institutions that may also have authority to issue instructions in certain cases. They serve the implementation of the so-called state supervision and are located in ministries, special departments or other authorities. For data protection in Austria, there is an Austrian data protection authority; in Germany, each federal state has its own data protection supervisory authority.
Processor
Definition under Article 4 of the GDPR
For the purposes of this Regulation, the term:
“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the controller, there are also so-called processors. This includes every company or person that processes personal data on our behalf. Processors may therefore include, in addition to service providers such as tax advisors, also hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.
Concerned Supervisory Authority
Definition under Article 4 of the GDPR
For the purposes of this Regulation, the term:
“concerned supervisory authority” means a supervisory authority which is concerned by the processing of personal data because:
the controller or processor is established on the territory of the Member State of that supervisory authority;
data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
a complaint has been lodged with that supervisory authority;
Explanation: In Germany, each federal state has its own supervisory authority for data protection. If your company headquarters (main establishment) is in Germany, then the supervisory authority of the respective federal state is generally your contact point. In Austria, there is only one data protection supervisory authority for the entire country.
Third Party
Definition under Article 4 of the GDPR
For the purposes of this Regulation, the term:
“third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
Explanation: The GDPR basically defines here only what a “third party” is not. In practice, every “third party” who also has an interest in personal data but does not belong to the persons, authorities or bodies mentioned above is considered a third party. For example, a parent company may act as a “third party”. In that case, the subsidiary is the controller and the parent company is the “third party”. However, this does not mean that the parent company is automatically allowed to view, collect or store the subsidiary’s personal data.
Consent
Definition under Article 4 of the GDPR
For the purposes of this Regulation, the term:
“consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them;
Explanation: On websites, such consent is usually obtained via a cookie consent tool. You certainly know this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to or consent to data processing. Often, you can also make individual settings and decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data may be processed. Of course, consent can also be given in writing, i.e., not via a tool.
Main Establishment
Definition under Article 4 of the GDPR
For the purposes of this Regulation, the term:
“main establishment”
as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and that establishment has the power to have such decisions implemented; in that case, the establishment having taken such decisions shall be considered to be the main establishment;
as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation;
Explanation: Google, for example, is an American company that also processes data in the USA, but the European main establishment is located in Ireland (Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland). Thus, Google Ireland Limited is legally considered an independent company and is responsible for all Google products offered in the European Economic Area. In contrast to a main establishment, there are also branch offices; however, these do not function as legally independent establishments and are therefore to be distinguished from subsidiaries. A main establishment is therefore generally the place where a company (commercial enterprise) has its center of operations.
Personal Data
Definition under Article 4 of the GDPR
For the purposes of this Regulation, the term:
“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Explanation: Personal data therefore includes all data that can identify you as a person. This typically includes data such as:
According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to at least determine the approximate location of your device and subsequently identify you as the connection owner. Therefore, storing an IP address requires a legal basis within the meaning of the GDPR. There are also so-called “special categories” of personal data that are particularly sensitive. These include:
Profiling
Definition under Article 4 of the GDPR
For the purposes of this Regulation, the term:
“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of that natural person;
Explanation: Profiling involves gathering various information about a person in order to learn more about that person. In the web context, profiling is often used for advertising purposes or credit checks. Web or advertising analytics programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile that can be used to deliver targeted advertising to a certain audience.
Controller
Definition under Article 4 of the GDPR
For the purposes of this Regulation, the term:
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or Member State law, the controller or the specific criteria for its nomination may be provided for by Union law or Member State law;
Explanation: In our case, we are responsible for the processing of your personal data and are therefore the “controller”. If we pass on collected data to other service providers for processing, these are “processors”. For this purpose, a “data processing agreement (DPA)” must be signed.
Processing
Definition under Article 4 of the GDPR
For the purposes of this Regulation, the term:
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Note: When we talk about processing in our privacy policy, we mean any kind of data processing. This includes, as mentioned in the original GDPR definition above, not only collection but also storage and processing of data.
Closing Statement
Congratulations! If you are reading these lines, you have truly “fought your way through” our entire privacy policy or at least scrolled down this far. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously.
It is important to us to inform you, to the best of our knowledge and belief, about the processing of personal data. But we want to tell you not only which data is processed, but also to explain the reasons for the use of various software programs. Privacy policies often sound very technical and legal. Since most of you are not web developers or lawyers, we wanted to take a different approach linguistically and explain the matter in simple and clear language. Of course, this is not always possible due to the topic. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have questions about data protection on our website, please do not hesitate to contact us or the responsible body. We wish you a pleasant time and hope to welcome you again soon on our website.
All texts are protected by copyright.
Source: Created with the privacy policy generator from AdSimple
Die Vereinigten Staaten von Amerika, gegründet 1776 und durch den Vertrag von Paris 1783 anerkannt, erstrecken sich über eine Fläche von 9,83 Millionen Quadratkilometern. Das Land zeichnet sich durch eine große geographische Vielfalt aus, mit gemäßigtem Klima in den meisten Regionen, tropischen Bedingungen in Hawaii und Florida, arktischem Klima in Alaska und trockenen Gebieten im Südwesten. Es verfügt über reichhaltige natürliche Ressourcen, darunter Kohle, Kupfer, Erdgas und Holz, sowie einige der größten Kohlereserven weltweit.
Sicherheit & Verteidigung:
Internationale Herausforderungen:
Natürliche Gefahren:
Raumfahrtprogramm:
