Privacy Policy

Introduction and Overview

We have drafted this privacy policy (version 22.05.2023-112507282) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as "data") we as data controller – and the processors commissioned by us (e.g. providers) – process, will process in the future, and what lawful options you have. The terms used are to be understood in a gender-neutral manner.
In short: We inform you comprehensively about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, is intended to describe the most important things to you as simply and transparently as possible. Where it serves transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that we only process personal data in the course of our business activities when there is a corresponding legal basis. This is certainly not possible when one provides the briefest, most unclear and legally technical explanations, as is often the standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative, and perhaps there is some information that you did not yet know.
If you still have questions, we kindly ask you to contact the responsible party named below or in the legal notice, to follow the existing links, and to look at further information on third-party sites. Our contact details can of course also be found in the legal notice.

Scope

This privacy policy applies to all personal data processed by us within our company and to all personal data processed by companies commissioned by us (processors). By personal data we mean information within the meaning of Art. 4 No. 1 GDPR, such as the name, email address and postal address of a person. The processing of personal data ensures that we can offer and invoice our services and products, both online and offline. The scope of this privacy policy covers:

• all online presences (websites, online shops) that we operate
• social media presences and email communication
• mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned. Should we enter into legal relationships with you outside these channels, we will inform you separately if necessary.

Legal Bases

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online on EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data you entered in a contact form.
2. Contract (Article 6(1)(b) GDPR): In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we require personal information in advance.
3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to retain invoices for accounting purposes. These generally contain personal data.
4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. We need to process certain data, for example, in order to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions such as the performance of tasks carried out in the public interest and the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. Should such a legal basis be relevant, it will be indicated at the appropriate point.

In addition to the EU Regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Datenschutzgesetz), abbreviated as DSG.
• In Germany, the Federal Data Protection Act (Bundesdatenschutzgesetz), abbreviated as BDSG, applies.

If further regional or national laws apply, we will inform you in the following sections.

Contact Details of the Data Controller

Should you have any questions about data protection or the processing of personal data, please find below the contact details of the responsible person or entity:
Dipl.-Ing. Bernhard Bruckner, BSc
Feldweg 6, 3281 Oberndorf, Austria
Email: bernhard@bbruckner.at
Phone: +43 664 2010784
Legal notice: https://www.bbruckner.at/impressum/

Retention Period

As a general principle, we only store personal data for as long as is absolutely necessary for the provision of our services and products. This means we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to retain certain data even after the original purpose has ceased, for example for accounting purposes.

If you wish to have your data deleted or to withdraw your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it.

We will inform you below about the specific duration of the respective data processing, where we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 GDPR, we inform you of the following rights to which you are entitled, to ensure fair and transparent data processing:

• Under Article 15 GDPR, you have a right of access as to whether we process data about you. If this is the case, you have the right to receive a copy of the data and to be informed of the following:
  • the purpose for which we carry out the processing;
  • the categories, i.e. the types of data processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data is stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found further below);
  • the origin of the data, if we did not collect it from you;
  • whether profiling is carried out, i.e. whether data is automatically evaluated in order to arrive at a personal profile of you.
• Under Article 16 GDPR, you have a right to rectification of data, which means we must correct data if you find errors.
• Under Article 17 GDPR, you have the right to erasure ("right to be forgotten"), which specifically means you may request the deletion of your data.
• Under Article 18 GDPR, you have the right to restriction of processing, which means we may only store but not further use the data.
• Under Article 20 GDPR, you have the right to data portability, which means we will provide you with your data in a common format upon request.
• Under Article 21 GDPR, you have a right to object, which, once enforced, results in a change in processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.
  • If data is used for direct marketing purposes, you may object to this type of data processing at any time. We may then no longer use your data for direct marketing.
  • If data is used for profiling purposes, you may object to this type of data processing at any time. We may then no longer use your data for profiling.
• Under Article 22 GDPR, you may in certain circumstances have the right not to be subject to a decision based solely on automated processing (e.g. profiling).
• Under Article 77 GDPR, you have the right to lodge a complaint. This means you can contact the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority (Datenschutzbehörde), whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Security of Data Processing

To protect personal data, we have implemented both technical and organisational measures. Where possible, we encrypt or pseudonymise personal data. This makes it as difficult as possible, within our means, for third parties to infer personal information from our data.

Art. 25 GDPR refers to “data protection by design and by default” and means that both software (e.g. forms) and hardware (e.g. access to the server room) should always be designed with security in mind and appropriate measures should be taken. We will go into specific measures below, where necessary.

TLS Encryption with HTTPS

TLS, encryption and HTTPS sound very technical - and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely on the internet.
This means that the complete transmission of all data from your browser to our web server is secured – no one can “eavesdrop”.

We have thus introduced an additional layer of security and comply with data protection by design (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognise the use of this data transmission security by the small lock symbol in the upper left corner of the browser, to the left of the internet address (e.g. examplesite.com), and by the use of the scheme https (instead of http) as part of our internet address.
If you want to learn more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” for good links to further information.

Communication

If you contact us and communicate by phone, email or online form, personal data may be processed.

The data is processed for the handling and processing of your enquiry and the associated business transaction. The data is stored for as long as required by law.

Affected Persons

All persons who seek contact with us via the communication channels we provide are affected by the aforementioned processes.

Phone

If you call us, the call data will be stored in pseudonymised form on the respective end device and at the telecommunications provider used. In addition, data such as your name and phone number may subsequently be sent by email and stored for the purpose of answering your enquiry. The data will be deleted once the business case has been concluded and legal requirements permit.

Email

If you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone,…) and data is stored on the email server. The data will be deleted once the business case has been concluded and legal requirements permit.

Online Forms

If you communicate with us via an online form, data is stored on our web server and may be forwarded to one of our email addresses. The data will be deleted once the business case has been concluded and legal requirements permit.

Legal Bases

The processing of data is based on the following legal bases:

• Art. 6(1)(a) GDPR (consent): You give us your consent to store your data and continue to use it for purposes related to the business case;
• Art. 6(1)(b) GDPR (contract): There is a necessity for the fulfilment of a contract with you or a processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as the preparation of a quotation;
• Art. 6(1)(f) GDPR (legitimate interests): We want to conduct customer enquiries and business communications in a professional manner. Certain technical facilities, such as email programmes, Exchange servers and mobile network operators, are necessary to handle communications efficiently.

Cookies

What are Cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is certain: cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder - essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are accustomed to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans or other "malware". Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152112507282-9
Purpose: Distinguishing website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What Types of Cookies are There?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly outline the different types of HTTP cookies.

There are 4 types of cookies:

Essential Cookies
These cookies are necessary to ensure the basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues to browse other pages and only goes to checkout later. These cookies ensure that the shopping cart is not deleted, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behaviour and whether the user receives any error messages. These cookies are also used to measure the loading time and behaviour of the website in different browsers.

Targeting Cookies
These cookies ensure a better user experience. For example, entered locations, font sizes or form data are stored.

Advertising Cookies
These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very practical but also very annoying.

Usually, when you first visit a website, you are asked which of these cookie types you wish to allow. And of course, this decision is also stored in a cookie.

If you want to learn more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of Processing via Cookies

The purpose ultimately depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

What Data is Processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalise which data is stored in cookies, but we will inform you about the data processed or stored in the context of the following privacy policy.

Retention Period of Cookies

The retention period depends on the respective cookie and is specified in more detail below. Some cookies are deleted after less than an hour, while others may remain stored on a computer for several years.

You also have an influence on the retention period yourself. You can manually delete all cookies at any time via your browser (see also "Right to Object" below). Furthermore, cookies based on consent will be deleted at the latest after you revoke your consent, although the lawfulness of storage until that point remains unaffected.

Right to Object - How Can I Delete Cookies?

How and whether you want to use cookies is your own decision. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate or only partially allow cookies. For example, you can block third-party cookies while allowing all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can do so in your browser settings:

Chrome: Delete, enable and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you fundamentally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. This way, you can decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. The best approach is to search for instructions in Google using the search term "delete cookies Chrome" or “disable cookies Chrome” for a Chrome browser.

Legal Basis

Since 2009, the so-called "Cookie Directives" have been in place. They stipulate that the storage of cookies requires your consent (Article 6(1)(a) GDPR). However, the reactions to these directives still vary considerably within the EU countries. In Austria, this directive was implemented in Section 96(3) of the Telecommunications Act (TKG). In Germany, the Cookie Directives were not implemented as national law. Instead, this directive was largely implemented in Section 15(3) of the Telemedia Act (TMG).

For strictly necessary cookies, even where no consent has been given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide website visitors with a pleasant user experience, and certain cookies are often strictly necessary for this purpose.

Where non-essential cookies are used, this is only done with your consent. The legal basis in this respect is Art. 6(1)(a) GDPR.

In the following sections, you will be informed in more detail about the use of cookies, insofar as the software used employs cookies.

Web Hosting Introduction

What is Web Hosting?

When you visit websites today, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, we mean the entirety of all web pages on a domain, i.e. everything from the homepage to the very last subpage (like this one). By domain, we mean, for example, bbruckner.at or examplesite.com.

If you want to view a website on a computer, tablet or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We refer to them simply as browsers or web browsers.

To display the website, the browser must connect to another computer where the website code is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why this is usually handled by professional providers. These offer web hosting and thus ensure reliable and error-free storage of website data. Quite a lot of technical terms, but please stay with us - it gets better!

When your computer (desktop, laptop, tablet or smartphone) connects to the browser and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must also store data for a certain period of time to ensure proper operation.

A picture says more than a thousand words, so the following graphic illustrates the interaction between the browser, the internet and the hosting provider.

Why Do We Process Personal Data?

The purposes of data processing are:

1. Professional hosting of the website and securing of operations
2. Maintaining operational and IT security
3. Anonymous analysis of access behaviour to improve our offering and, if necessary, for prosecution or the pursuit of claims

What Data is Processed?

Even while you are currently visiting our website, our web server - the computer on which this website is stored - automatically stores data such as

• the full internet address (URL) of the accessed web page
• browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/)
• the hostname and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
• date and time
• in files called web server log files

How Long is Data Stored?

As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out that this data may be viewed by authorities in the event of unlawful conduct.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not pass on your data without your consent!

Legal Basis

The lawfulness of the processing of personal data in the context of web hosting arises from Art. 6(1)(f) GDPR (safeguarding of legitimate interests), as the use of professional hosting with a provider is necessary to present the company on the internet in a secure and user-friendly manner and to be able to pursue attacks and claims arising therefrom if necessary.

There is generally a data processing agreement in place between us and the hosting provider in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

World4You Privacy Policy

You may well have heard of the web hosting provider World4You before. Especially in Austria, the web hoster enjoys great popularity. The service provider is the Austrian company World4You Internet Services GmbH, Hafenstrasse 35, 4020 Linz, Austria.

What is World4You?

The company from the Upper Austrian capital has been active in the field of web hosting since 1998. World4You operates several of its own data centres in Austria and relies on in-house technology. This ensures fail-safe operation and a fast server connection. As you may have already read in our introduction to web hosting, data from you is also transferred to World4You's servers and processed there. This primarily concerns technical data such as browser version or operating system, but in addition, personal data is also processed via your IP address.

Why Do We Use World4You?

When it comes to a website, we value - probably similarly to you - reliability, speed and security. Even if you access our website in the middle of the night or we already have many visitors, it must work flawlessly. When you click on subpages, it should not take an eternity for the page to fully load. And if problems do arise, there should be a good backup system that secures our content and protects all data. To ensure all this to our satisfaction, we naturally need a reliable web hoster. With World4You, we believe we have found a partner that meets our requirements. World4You has its own data centres and thus a fixed bandwidth, which makes a website quickly accessible. We also appreciate the company's personal support.

You can of course also use this support if you have specific questions about data protection at World4You. We also recommend the privacy policy of the website, which you can find at https://www.world4you.com/de/unternehmen/datenschutzerklaerung.html. The FAQs at https://www.world4you.com/faq/de/dsgvo.html also have a dedicated GDPR section where you can find many useful pieces of information.

Security & Anti-Spam

What is Security & Anti-Spam Software?

With so-called security & anti-spam software, you and we can protect ourselves from various spam or phishing emails and possible other cyber attacks. Spam refers to mass advertising emails that were not requested. Such emails are also called junk data and can also incur costs. Phishing emails are messages that aim to build trust through fake messages or websites in order to obtain personal data. Anti-spam software usually protects against unwanted spam messages or malicious emails that could, for example, introduce viruses into our system. We also use general firewall and security systems that protect our computers from unwanted network attacks.

Why Do We Use Security & Anti-Spam Software?

We place great importance on security on our website. After all, it is not just about our security, but above all about yours. Unfortunately, cyber threats are now part of everyday life in the world of IT and the internet. Hackers often try to steal personal data from an IT system with the help of a cyber attack. That is why a good defence system is absolutely necessary. A security system monitors all incoming and outgoing connections to our network or computer. In order to achieve even greater security against cyber attacks, we also use additional external security services in addition to the standardised security systems on our computers. Unauthorised data traffic is thereby better prevented, and we protect ourselves from cybercrime.

What Data is Processed by Security & Anti-Spam Software?

Exactly which data is collected and stored depends, of course, on the respective service. However, we always endeavour to use only programmes that collect data very sparingly or only store data that is necessary for the fulfilment of the service offered. In principle, the service may store data such as name, address, IP address, email address and technical data such as browser type or browser version. Performance and log data may also be collected in order to detect potential incoming threats in a timely manner. This data is processed within the scope of the services and in compliance with applicable laws. This also includes the GDPR for US providers (via the Standard Contractual Clauses). In some cases, these security services also work with third-party providers who may store and/or process data under instruction and in accordance with privacy policies and other security measures. Data is usually stored via cookies.

Duration of Data Processing

We will inform you about the duration of data processing below, insofar as we have further information on this. For example, security programmes store data until you or we revoke the data storage. In general, personal data is only stored for as long as is absolutely necessary for the provision of the service. Unfortunately, in many cases we lack precise information from the providers about the length of storage.

Right to Object

You also have the right and the option at any time to revoke your consent to the use of cookies or third-party security software. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection via cookies by managing, deactivating or deleting cookies in your browser.

Since cookies may also be used by such security services, we recommend our general privacy policy on cookies. To find out exactly which data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal Basis

We primarily use the security services on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in a good security system against various cyber attacks.

Certain processing operations, in particular the use of cookies and the use of security features, require your consent. If you have consented to data being processed and stored by integrated security services, this consent constitutes the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the services we use set cookies in your browser to store data. We therefore recommend that you read our privacy policy text on cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Information on special tools can be found – where available – in the following sections.

Google reCAPTCHA Privacy Policy

What is reCAPTCHA?

Our primary goal is to secure and protect our website in the best possible way for you and for us. To ensure this, we use Google reCAPTCHA from Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA, we can determine whether you are really a human being and not a robot or other spam software. By spam, we mean any unsolicited information sent to us electronically without being asked. With classic CAPTCHAs, you usually had to solve text or image puzzles for verification. With reCAPTCHA from Google, we usually do not have to bother you with such puzzles. In most cases, it is sufficient to simply tick a checkbox to confirm that you are not a bot. With the new Invisible reCAPTCHA version, you do not even need to tick a checkbox anymore. Exactly how this works and, above all, what data is used for this purpose, you will learn in the course of this privacy policy.

reCAPTCHA is a free captcha service from Google that protects websites from spam software and abuse by non-human visitors. This service is most commonly used when you fill in forms on the internet. A captcha service is a type of automatic Turing test designed to ensure that an action on the internet is performed by a human and not by a bot. In the classic Turing test (named after computer scientist Alan Turing), a human determines the difference between a bot and a human. With captchas, the computer or a software programme takes over this task. Classic captchas work with small tasks that are easy for humans to solve but pose significant difficulties for machines. With reCAPTCHA, you no longer need to actively solve puzzles. The tool uses modern risk techniques to distinguish humans from bots. Here, you only need to tick the text field "I am not a robot", or with Invisible reCAPTCHA, even that is no longer necessary. With reCAPTCHA, a JavaScript element is embedded in the source code and then the tool runs in the background and analyses your user behaviour. The software calculates a so-called captcha score from these user actions. Google calculates with this score, even before the captcha input, how likely it is that you are a human. reCAPTCHA and captchas in general are always used when bots could manipulate or abuse certain actions (such as registrations, surveys, etc.).

Why Do We Use reCAPTCHA on Our Website?

We only want to welcome real human beings on our website. Bots or spam software of all kinds can safely stay home. That is why we pull out all the stops to protect ourselves and offer you the best possible user experience. For this reason, we use Google reCAPTCHA from Google. This way, we can be fairly sure that we remain a "bot-free" website. By using reCAPTCHA, data is transmitted to Google to determine whether you are really a human being. reCAPTCHA therefore serves the security of our website and, consequently, your security as well. For example, without reCAPTCHA, it could happen that during a registration, a bot registers as many email addresses as possible in order to subsequently "spam" forums or blogs with unwanted advertising content. With reCAPTCHA, we can avoid such bot attacks.

What Data is Stored by reCAPTCHA?

reCAPTCHA collects personal data from users to determine whether the actions on our website are really performed by humans. The IP address and other data that Google needs for the reCAPTCHA service may therefore be sent to Google. IP addresses are almost always truncated beforehand within the member states of the EU or other contracting states of the Agreement on the European Economic Area before the data ends up on a server in the USA. The IP address is not combined with other Google data, unless you are logged into your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) are already placed on your browser. Then reCAPTCHA sets an additional cookie in your browser and captures a snapshot of your browser window.

The following list of collected browser and user data does not claim to be exhaustive. Rather, these are examples of data that, to our knowledge, are processed by Google.

• Referrer URL (the address of the page from which the visitor came)
• IP address (e.g. 256.123.123.1)
• Information about the operating system (the software that enables the operation of your computer. Common operating systems are Windows, Mac OS X or Linux)
• Cookies (small text files that store data in your browser)
• Mouse and keyboard behaviour (every action you perform with the mouse or keyboard is stored)
• Date and language settings (which language and date you have preset on your PC is stored)
• All JavaScript objects (JavaScript is a programming language that enables websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)
• Screen resolution (indicates how many pixels the image display consists of)

It is undisputed that Google uses and analyses this data even before you click on the "I am not a robot" checkbox. With the Invisible reCAPTCHA version, even the ticking is omitted and the entire recognition process runs in the background. Google does not disclose in detail how much and what data it stores exactly.

The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:

Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-112507282-8
Purpose: This cookie is set by the company DoubleClick (which also belongs to Google) to register and report a user's actions on the website when interacting with advertisements. This allows advertising effectiveness to be measured and appropriate optimisation measures to be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiry date: after one year

Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. Furthermore, the cookie can be used to prevent a user from seeing the same advertisement more than once.
Expiry date: after one month

Name: ANID
Value: U7j1v3dZa1125072820xgZFmiqWppRWKOr
Purpose: We were unable to find out much information about this cookie. In Google's privacy policy, the cookie is mentioned in connection with "advertising cookies" such as “DSID”, “FLC”, “AID”, “TAID”. ANID is stored under the domain google.com.
Expiry date: after 9 months

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user's consent to the use of various Google services. CONSENT also serves security purposes, to verify users, prevent credential fraud, and protect user data from unauthorised attacks.
Expiry date: after 19 years

Name: NID
Value: 0WmuWqy112507282zILzqV_nmt3sDXwPeM5Q
Purpose: NID is used by Google to customise advertisements to your Google search. With the help of the cookie, Google "remembers" your most frequently entered search queries or your previous interaction with advertisements. This way, you always get tailored advertisements. The cookie contains a unique ID to collect the user's personal settings for advertising purposes.
Expiry date: after 6 months

Name: DV
Value: gEAABBCjJMXcI0dSAAAANbqc112507282-4
Purpose: Once you have ticked the "I am not a robot" checkbox, this cookie is set. The cookie is used by Google Analytics for personalised advertising. DV collects information in anonymised form and is also used to make user distinctions.
Expiry date: after 10 minutes

Note: This list cannot claim to be exhaustive, as experience has shown that Google changes its choice of cookies from time to time.

How Long and Where is the Data Stored?

By embedding reCAPTCHA, data from you is transferred to Google servers. Where exactly this data is stored is not clearly disclosed by Google, even after repeated enquiries. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website, or language settings are stored on European or American Google servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged. The differing privacy policies of Google apply in this case.

How Can I Delete My Data or Prevent Data Storage?

If you do not want any data about you and your behaviour to be transmitted to Google, you must log out of Google completely and delete all Google cookies before visiting our website or using the reCAPTCHA software. In principle, the data is automatically transmitted to Google as soon as you access our site. To delete this data again, you must contact Google support at https://support.google.com/?hl=de&tid=112507282.

If you use our website, you agree that Google LLC and its representatives automatically collect, process and use data.

Please note that when using this tool, data from you may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data may therefore not simply be transferred to, stored in and processed in insecure third countries unless there are suitable guarantees (such as EU Standard Contractual Clauses) between us and the non-European service provider.

Legal Basis

If you have consented to the use of Google reCAPTCHA, the legal basis for the corresponding data processing is this consent. This consent constitutes, according to Art. 6(1)(a) GDPR (consent), the legal basis for the processing of personal data, as may occur when collected by Google reCAPTCHA.

On our part, there is also a legitimate interest in using Google reCAPTCHA to optimise our online service and make it more secure. The corresponding legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). Nevertheless, we only use Google reCAPTCHA insofar as you have given your consent.

Google also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be associated with various risks for the lawfulness and security of data processing.

As a basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfers thereto, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can learn more about reCAPTCHA on Google's web developer page at https://developers.google.com/recaptcha/. Google goes into more detail about the technical development of reCAPTCHA here, but you will also search in vain for precise information about data storage and data protection-related topics. A good overview of the basic use of data at Google can be found in the company's own privacy policy at https://www.google.com/intl/de/policies/privacy/.

Web Design Introduction

What is Web Design?

We use various tools on our website that serve our web design. Web design is not, as is often assumed, just about making our website look pretty, but also about functionality and performance. But of course, the right appearance of a website is also one of the major goals of professional web design. Web design is a subfield of media design and deals with both the visual as well as the structural and functional design of a website. The aim is to improve your experience on our website with the help of web design. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all the impressions and experiences that a website visitor has on a website. A sub-aspect of user experience is usability. This concerns the user-friendliness of a website. The main focus here is on ensuring that content, subpages or products are clearly structured and that you can find what you are looking for easily and quickly. To offer you the best possible experience on our website, we also use so-called third-party web design tools. Under the category "web design" in this privacy policy, we include all services that improve our website in terms of design. These can be, for example, fonts, various plugins or other integrated web design functions.

Why Do We Use Web Design Tools?

How you absorb information on a website depends heavily on the structure, functionality and visual perception of the website. That is why good and professional web design has become increasingly important to us. We are constantly working to improve our website and see this as an extended service for you as a website visitor. Furthermore, a beautiful and functional website also has economic advantages for us. After all, you will only visit us and make use of our offerings if you feel completely comfortable.

What Data is Stored by Web Design Tools?

When you visit our website, web design elements may be integrated into our pages that can also process data. The exact data involved naturally depends heavily on the tools used. Below you will see exactly which tools we use for our website. We recommend reading the respective privacy policies of the tools used for more detailed information about data processing. You will usually find out which data is processed, whether cookies are used and how long the data is stored. Through fonts such as Google Fonts, for example, information such as language settings, IP address, browser version, screen resolution of the browser and browser name are also automatically transmitted to Google servers.

Duration of Data Processing

How long data is processed is very individual and depends on the web design elements used. When cookies are used, for example, the retention period can range from just one minute to several years. Please inform yourself in this regard. We recommend both our general text section on cookies as well as the privacy policies of the tools used. There you will usually find out exactly which cookies are used and what information is stored in them. Google Font files, for example, are stored for one year. This is intended to improve the loading time of a website. In principle, data is only retained for as long as is necessary for the provision of the service. In the case of legal requirements, data may also be stored for longer.

Right to Object

You also have the right and the option at any time to revoke your consent to the use of cookies or third-party providers. This works either via our cookie management tool or via other opt-out functions. You can also prevent data collection via cookies by managing, deactivating or deleting cookies in your browser. However, among web design elements (usually fonts), there is also data that cannot be so easily deleted. This is the case when data is automatically collected upon a page visit and transmitted to a third-party provider (such as Google). In this case, please contact the support of the respective provider. In the case of Google, you can reach support at https://support.google.com/?hl=de.

Legal Basis

If you have consented to the use of web design tools, the legal basis for the corresponding data processing is this consent. This consent constitutes, according to Art. 6(1)(a) GDPR (consent), the legal basis for the processing of personal data, as may occur when collected by web design tools. On our part, there is also a legitimate interest in improving the web design of our website. After all, we can only deliver a beautiful and professional web offering if we do so. The corresponding legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). Nevertheless, we only use web design tools insofar as you have given your consent. We want to emphasise this here once more.

Information on special web design tools can be found – where available – in the following sections.

Font Awesome Privacy Policy

What is Font Awesome?

We use Font Awesome by the American company Fonticons (307 S. Main St., Suite 202, Bentonville, AR 72712, USA) on our website. When you access one of our web pages, the web font Font Awesome (specifically icons) is loaded via the Font Awesome Content Delivery Network (CDN). This way, texts, fonts and icons are displayed appropriately on every device. In this privacy policy, we go into more detail about the data storage and data processing by this service.

Icons play an increasingly important role for websites. Font Awesome is a web font specially developed for web designers and web developers. With Font Awesome, icons can be scaled and coloured at will using the stylesheet language CSS, for example. They thus replace old image icons. Font Awesome CDN is the easiest way to load icons or fonts onto your website. To do this, we only had to embed a small line of code into our website.

Why Do We Use Font Awesome on Our Website?

Font Awesome allows content on our website to be better presented. This way, you can navigate our website more easily and grasp the content more readily. With icons, it is sometimes even possible to replace whole words and save space. This is particularly practical when we optimise content specifically for smartphones. These icons are inserted as HTML code instead of images. This allows us to edit the icons with CSS in any way we want. At the same time, we also improve our loading speed with Font Awesome, as these are only HTML elements and not image icons. All these advantages help us make the website even clearer, fresher and faster for you.

What Data is Stored by Font Awesome?

The Font Awesome Content Delivery Network (CDN) is used to load icons and symbols. CDNs are networks of servers distributed worldwide that make it possible to quickly load files from nearby locations. So, as soon as you access one of our pages, the corresponding icons are provided by Font Awesome.

For the web fonts to be loaded, your browser must establish a connection to the servers of the company Fonticons, Inc. In doing so, your IP address is recognised. Font Awesome also collects data on which icon files are downloaded and when. Furthermore, technical data such as your browser version, screen resolution or the time of the accessed page are also transmitted.

This data is collected and stored for the following reasons:

• to optimise Content Delivery Networks
• to detect and fix technical errors
• to protect CDNs from misuse and attacks
• to be able to charge fees from Font Awesome Pro customers
• to determine the popularity of icons
• to know which computer and software you are using

If your browser does not allow web fonts, a default font of your PC is automatically used. According to the current state of our knowledge, no cookies are set. We are in contact with the data protection department of Font Awesome and will inform you as soon as we learn more.

How Long and Where is the Data Stored?

Font Awesome stores data about the use of the Content Delivery Network on servers also in the United States of America. However, the CDN servers are located worldwide and store user data where you are located. In identifiable form, data is generally stored for only a few weeks. Aggregated statistics about the use of the CDNs may also be stored for longer. Personal data is not included here.

How Can I Delete My Data or Prevent Data Storage?

According to the current state of our knowledge, Font Awesome does not store any personal data via the Content Delivery Networks. If you do not want data about the icons used to be stored, unfortunately you cannot visit our website. If your browser does not allow web fonts, no data is transmitted or stored. In this case, your computer's default font is simply used.

Legal Basis

If you have consented to the use of Font Awesome, the legal basis for the corresponding data processing is this consent. This consent constitutes, according to Art. 6(1)(a) GDPR (consent), the legal basis for the processing of personal data, as may occur when collected by Font Awesome.

On our part, there is also a legitimate interest in using Font Awesome to optimise our online service. The corresponding legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). Nevertheless, we only use Font Awesome insofar as you have given your consent.

We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. The data processing is essentially carried out by Font Awesome. This may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. It may also be possible that this data is linked with data from other possible services of Font Awesome with which you have a user account.

If you want to learn more about Font Awesome and how they handle data, we recommend the privacy policy at https://fontawesome.com/privacy and the help page at https://fontawesome.com/support.

Google Fonts Local Privacy Policy

On our website, we use Google Fonts from Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible. We have embedded the Google fonts locally, i.e. on our web server – not on Google's servers. As a result, there is no connection to Google servers and therefore no data transfer or storage.

What are Google Fonts?

Google Fonts used to be called Google Web Fonts. This is an interactive directory of over 800 fonts that Google provides free of charge. With Google Fonts, one could use fonts without uploading them to one's own server. However, in order to prevent any information transfer to Google servers in this regard, we have downloaded the fonts to our server. In this way, we act in compliance with data protection regulations and do not send any data to Google Fonts.

Explanation of Terms Used

We always endeavour to write our privacy policy as clearly and comprehensibly as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we do not want to use them without explanation. Below you will find an alphabetical list of important terms used, which we may not have sufficiently addressed in the previous privacy policy. If these terms were taken from the GDPR and are definitions, we will also cite the GDPR texts here and add our own explanations where appropriate.

Supervisory Authority

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"supervisory authority" means an independent public authority which is established by a Member State pursuant to Article 51;

Explanation: “Supervisory authorities” are always independent state bodies that also have the power to issue directives in certain cases. They serve to carry out so-called state supervision and are located in ministries, special departments or other authorities. For data protection in Austria, there is an Austrian Data Protection Authority; for Germany, each federal state has its own data protection authority.

Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data that we process about you. In addition to controllers, there can also be so-called processors. This includes any company or person that processes personal data on our behalf. Processors can therefore include, in addition to service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: On websites, such consent is usually given via a cookie consent tool. You are surely familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to or consent to data processing. You can usually also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data may be processed about you. In principle, consent can of course also be given in writing, i.e. not via a tool.

Recipient

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

Explanation: Every person and every company that receives personal data is considered a recipient. Thus, we and our processors are also so-called recipients. Only authorities that have an investigation mandate are not considered recipients.

Personal Data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"personal data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is therefore all data that can identify you as a person. This is typically data such as:

• Name
• Address
• Email address
• Postal address
• Phone number
• Date of birth
• Identification numbers such as social security number, tax identification number, identity card number or student number
• Banking data such as account number, credit information, account balances, and more

According to the European Court of Justice (ECJ), your IP address also counts as personal data. IT experts can use your IP address to determine at least the approximate location of your device and, consequently, you as the connection holder. Therefore, the storage of an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called "special categories" of personal data, which are particularly worthy of protection. These include:

• racial and ethnic origin
• political opinions
• religious or philosophical beliefs
• trade union membership
• genetic data, such as data obtained from blood or saliva samples
• biometric data (this is information about psychological, physical or behavioural characteristics that can identify a person).
  Health data
• data concerning sexual orientation or sex life

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Explanation: Profiling involves gathering various pieces of information about a person in order to learn more about that person. In the web context, profiling is frequently used for advertising purposes or credit checks. Web or advertising analysis programmes collect, for example, data about your behaviour and interests on a website. This results in a special user profile, with the help of which advertising can be targeted at a specific audience.

Pseudonymisation

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

Explanation: In our privacy policy, we frequently refer to pseudonymised data. Through pseudonymised data, you can no longer be identified as a person unless other information is added. However, you should not confuse pseudonymisation with anonymisation. With anonymisation, all personal references are removed, so that they can only be reconstructed through a disproportionately large technical effort.

Controller

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for the processing of your personal data and are therefore the “controller”. If we pass on collected data to other service providers for processing, they are “processors”. For this purpose, a “data processing agreement (DPA)” must be signed.

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we speak of processing in our privacy policy, we mean any kind of data processing. This includes, as mentioned above in the original GDPR explanation, not only the collection but also the storage and processing of data.

All texts are copyrighted.

Quelle: Erstellt mit dem Datenschutz Generator von AdSimple