Privacy Statement
Introduction and overview
The purpose of this data protection declaration (version 25.11.2022-112342483) is to provide you with information in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, by detailing which personal data (data for short) we as the responsible party – and the processors commissioned by us (e.g. service providers) – are processing and will process in the future, and what legal options are available to you. The terms used are to be understood as gender-neutral.
In short: This is to inform you of the type of data we collect, how it is processed, and for what purposes.
Instead of the technical language and legal jargon commonly used in privacy statements, this data protection declaration is intended to be as simple and transparent as possible. Wherever it aids transparency, we provide reader-friendly explanations of technical terms, as well as useful links for further information.
Our primary goal is to let you know that we will process your personal data exclusively within the context of our business activities, and only if there is a corresponding legal basis.
If you still have questions, please contact the responsible party named below (as well as in the imprint), follow the links provided, and look at further information on third-party websites. Our contact details can be found in the imprint.
Scope of application
This data protection declaration applies to all personal data processed by our company and third-party companies commissioned by us (processors). By personal data we are referring to information defined in Art. 4 No. 1 GDPR, such as a person’s name, email address and postal address. The processing of personal data ensures that we can provide and invoice for our services and products, whether online or offline. This privacy policy applies to:
- All online presences (website, software, etc.) operated by us
- Social media and email communication
- Mobile apps for smartphones and other devices
In short: The Data Protection Declaration applies to all areas in which personal data is processed in a structured manner by our company via the channels mentioned. If we enter into a legal relationship with you outside of these channels, we will provide you with separate information if necessary.
Legal bases
In the following data protection declaration, we provide you with transparent information on the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation, which enable us to process personal data.
With regards to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND THE THE COUNCIL of April 27, 2016. You are able to read the EU General Data Protection Regulation online at EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex:32016R0679 .
We only process your data if at least one of the following conditions applies:
- Consent (Article 6 Paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the data you entered on a contact form.
- Contract (Article 6 Paragraph 1 lit. b GDPR): We will process your data in order to fulfill a contract or pre-contractual obligations. For example, we will need your personal information prior to concluding a sales contract with you.
- Legal obligation (Article 6 Paragraph 1 lit. c GDPR): We will process your data whenever we have a legal obligation to do so. For example, we are required by law to keep invoices for accounting purposes. These usually contain personal data.
Legitimate interests (Article 6 Paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to be able to operate our website securely and in a manner that is conducive to our business interests. This type of data processing is therefore classed as a legitimate interest.
In addition to the EU regulation, national laws also apply:
- In Austria, this is the federal law for the protection of natural persons with regard to the processing of personal data (Data Protection Act), DSG for short.
Items that are subject to other regional or national laws are outlined in the following sections.
Contact details of the responsible party
If you have any questions about data protection or the processing of your personal data, you will find the contact details of the responsible person or office below:
Komet Austria GmbH
Julius Durst Str. 10, 9900 Lienz, Austria
Authorized to represent: DI Arno Drechsel, CEO
Email: crm@kometirrigation.com
Telephone: +43 485271550500
Cookie policy
In order to provide you with an even more precise, comprehensive and clear explanation of the processing carried out when you visit our website, we have compiled a separate summary and description of the cookies set by us and our processors at https://www.kometirrigation.com/cookies
Storage duration
Our overall criteria is to store personal data only for as long as is absolutely necessary in order to provide our services and products. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
If you would like your data to be deleted or wish to revoke your consent for data processing, your data will be deleted as quickly as possible, provided there is no legal obligation to store it.
More details on the duration of specific types of data processing can be found later in this document.
Your rights under the General Data Protection Regulation
In accordance with Articles 13 and 14 GDPR, we hereby inform you of your legal rights with regards to fair and transparent data processing:
- In accordance with Article 15 GDPR, you have a right to know whether we are processing your data. If this is the case, you have the right to receive a copy of the data we have collected along with the following information on request:
- the purpose(s) for which we carry out the processing;
- the categories, i.e. the types of data that are processed;
- who receives this data and – if the data is transferred to non-EU countries – how data security can be ensured;
- how long the data is stored;
- your right to rectify, prevent or restrict the processing of your data, and to object to processing;
- your right to complain to a supervisory authority (the relevant links can be found below);
- the origins of the data if we did not collect it directly from you
- whether profiling is carried out, i.e. whether your data is automatically evaluated in order to create a personal user profile
- According to Article 16 GDPR, you have the right to have your data rectified, which means that we must correct data if it contains errors.
- According to Article 17 GDPR, you have the right for your data to be erased (the ”right to be forgotten”), in other words: you can request for your data to be deleted.
- According to Article 18 GDPR, you have the right to restrict processing, in which case we can only store your data but not use it further.
- According to Article 20 GDPR, you have the right to data portability, which means that we must provide you with your data in a common format upon request.
- According to Article 21 GDPR, you have the right to object, which, after implementation, will result in a change in processing.
- If your data is being processed on the basis of Article 6 Para. 1 lit. e (public interest, exercise of official authority) or Article 6 para. 1 lit. f (legitimate interest), you have the right to object. We will then determine as quickly as possible whether we are legally permitted to comply with your objection.
- If data is used for the purpose of direct advertising, you have the right to object at any time. We are then no longer able to use your data for direct marketing purposes.
- If data is used for the purpose of profiling, you have the right to object to this type of data processing at any time. We are then no longer able to use your data for profiling purposes.
- According to Article 22 DSGVO, you have – under certain circumstances – the right not to be subject to a decision based solely on automated processing (for example, profiling).
- According to Article 77 GDPR, you have the right to lodge a complaint. This means that you are able to complain to the data protection authority at any time if you believe that the processing of your personal data is in violation of the GDPR.
Should you believe that the processing of your data is in violation of data protection law, or that your data protection rights have been violated in any other way, you are able to complain to the supervisory authority. The data protection authority for Austria can be found at https://www.dsb.gv.at/ . In Germany, there is a data protection officer for each federal state. For more information, please contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) .
The following data protection authority is responsible for our company:
Austria Data Protection Authority
Director: Mag. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Telephone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/
Data transfer to third countries
We only transfer your data to be processed in countries outside the EU (third countries) if either you have given your consent, it is required by law, or is contractually necessary and – in any case – only to the extent that it is generally permitted. In most cases, your consent is the primary reason we will send your data to be processed in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, may mean that your personal data is processed and stored in unanticipated ways.
We expressly point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transferred to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously. In addition, US government authorities may have access to individual data. If you have a corresponding user account, your data may also be linked to other services offered by the same provider.
More detailed information about third-country data transfers can be found in the appropriate items of this data protection declaration, where applicable.
Security of data processing
We have implemented technical as well as organizational measures in order to protect your privacy. By encrypting or pseudonymizing personal data, we make it as difficult as possible for third parties to infer personal information from our data.
Art. 25 GDPR refers to “Data Protection through Technology Design, and through Data-Protection-Friendly Default Settings”. This means that security is a primary consideration with regards to both software (e.g. online forms) and hardware (e.g. access to the server room). Where applicable, the specific measures are detailed below.
TLS encryption with https
We use HTTPS (the Hypertext Transfer Protocol Secure stands for “secure hypertext transmission protocol”) to transmit data securely on the internet. This means that the complete transmission of all data from your browser to our web server is secure – nobody can “eavesdrop”.
We have thereby introduced an additional security layer in compliance with Data Protection through Technology Design (Article 25 Paragraph 1 GDPR) . By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize the use of this protection protocol by the small lock symbol in the top left of the browser, to the left of the IP address (e.g. examplepage.com) and the use of the https scheme (instead of http) as part of our IP address.
If you would like to know more about encryption, a Google search for “Hypertext Transfer Protocol Secure wiki” will provide useful links.
Communication
When you contact us by phone, email or via an online form, your personal data may be processed for the purpose of handling your inquiry and any related business transactions. The data is then stored for as long as the law requires.
Affected persons
The processes outlined above apply to anyone who communicates with us via our available communication channels.
Phone
When you contact us by phone, your call data will be stored pseudonymously on the respective end device, as well as with the respective telecommunications provider. In addition, data such as your name and phone number may subsequently be forwarded in a company-internal email and saved for the purpose of handling your inquiry.
When you contact us via email, your email address may be stored on the respective end device (computer, laptop, smartphone, …). These details will also be stored on the email server.
Online forms
When you contact us using an online form, the data you have provided will be stored on our web server and, if necessary, forwarded to one of our email addresses.
Legal bases
Your personal data will be processed on the basis of one or more of the following:
- 6 para. 1 lit. a GDPR (Consent): You have given us your permission to store your data, and to continue using it for business purposes;
- 6 para. 1 lit. b GDPR (Contract): Data processing is required to fulfill a contract between us and you, or between us and an external processor, or to enable us to carry out pre-contractual activities (such as providing you with an initial quote).
- 6 para. 1 lit. f GDPR (Legitimate Interests): Data processing is required for an efficient flow of business-related communications (including responding to customer inquiries) via technology platforms such as email programs, exchange servers and mobile phone operators.
Order processing contract (AVV)
Like most companies, we do not work alone, but also use the services of other business and individuals. In the course of working with external partners, we may pass on personal data for processing. These partners then act as processors with whom we enter into a contract, the so-called Data Processing Contract (AVV). The most important thing for you to know is that the processing of your personal data by our contracted partners takes place exclusively according to our instructions and in strict compliance with the AVV.
Who are our third-party processors?
As a company and website owner, we are responsible for all personal data we collect and process. In addition, we may also collaborate with so-called processors. This includes any company or person who processes personal data on our behalf. More precisely and according to the GDPR definition: Any natural or legal person, authority, institution or other body that processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as web hosting or cloud service providers, payment or newsletter providers, or large companies such as Google or Microsoft.
To make the terminology easier to understand, these are the three subjects of the General Data Protection Regulation (GDPR) and their respective roles:
Data Subject (you, as the website user) → Controller (we, the website owner)
→ Processor (e.g. web hosting or cloud service providers)
Content of an order processing contract
As mentioned above, we enter into an AVV contract with our partners who act as our external processors. The agreement first and foremost states that the contracted partner will process the respective data exclusively in accordance with the GDPR. The contract must be completed in writing, although in this context, electronic confirmation also counts as a ‘written’ agreement. The processing of personal data only takes place on the basis of this contract, which must contain the following:
- Confirmation of the binding commitment of the Controller
- Obligations and rights of the Controller
- Categorization of the involved parties
- Type of personal data to be processed
- Type and purpose of data processing
- Objective and duration of data processing
- Location of data processing
Furthermore, the contract must detail the obligations of the Processor. The most important obligations are:
- To implement data security measures
- To implement possible technical and organizational measures to protect the rights of the Data
- Subject
- To keep a data processing record
- To cooperate with the data protection supervisory authority upon request
- To carry out a risk analysis regarding the personal data received
- To commission sub-processors only with the written consent of the Controller
See https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html for a (German-language) AVV sample contract.
Web Hosting
When you visit any website today, certain information – including personal data – is automatically collected and stored. This data should be processed as sparingly as possible and only for specific purposes. With the term ‘website’, we are referring to the entirety of all web pages on a domain – i.e. everything from the start page (homepage) to the very last sub-page (like this one). A domain is identified in the form of, for instance, example.com.
In order to view a website on a computer, tablet or smartphone, you use a program called a web browser (or browser for short). Examples include Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari.
To display the website, the browser has to connect to another computer where the website’s code is stored: the web server. The web server is usually operated by web hosting providers, who ensure the reliable and bug-free storage of website data. When the browser on your computer (desktop, laptop, tablet or smartphone) connects to the web server, and in the course of data transfers to and from the server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must also store data for a period of time to ensure proper operation.
Why do we process personal data?
The purposes of data processing are:
- Professional website hosting and operation security
- Maintaining operational and IT security
- Anonymous evaluation of access behavior to improve our content and, if necessary, for criminal prosecution or the pursuit of claims
What data is processed?
Even as you are visiting our website right now, our web server (the computer on which this website is stored) will automatically save data such as:
- the full internet address (URL) of the accessed website;
- browser type and version (e.g. Chrome 87);
- the operating system used (e.g. Windows 10);
- the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichkommen/ );
- the hostname and IP address of the accessing device (e.g. COMPUTER NAME and 194.23.43.121);
- date and time stamps in so-called log files.
How long is data stored?
As a rule, this data is stored for two weeks and then automatically deleted. While we do not pass this data on, it is possible that it may be viewed by the authorities in the event of illegal behavior.
Legal basis
The processing of personal data in a web-hosting context complies with Art. 6 Para. 1 lit. f DSGVO (Protection of Legitimate Interests), because using the professional web hosting services of a third-party provider is necessary to ensure a secure and user-friendly internet presence for our company, as well as enable us to trace cyber attacks and legal action, if necessary.
We have entered into an order processing contract with the web hosting service provider in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.
MADE IN CIMA Srl acts as our web hosting provider, which has its registered office in Via Solteri 16/A, 38121 Trento (TN), Italy. To find out how “MADE IN CIMA” ensures compliance with the GDPR, please see their data protection guidelines: https://www.madeincima.it/privacy
Website modular systems
Our website is created using a website construction kit – a special type of content management system (CMS) that enables website operators to build a website without any programming knowledge. Web hosting services also frequently use these modular systems, which facilitate the collection, storage and processing of personal data. In this document, we present an overview of data processing by modular systems.
Why are we using a website construction kit?
The greatest advantage of a modular content management system is its user-friendliness: we want to provide visitors with a clear, simple and well-structured website that we can easily operate and maintain ourselves without external support. A modular system also offers numerous useful functions, which we can implement without in-depth programming knowledge. This enables us to design our website according to our wishes, and provide those visiting our site with a pleasant and informative experience.
What data is stored by a modular system?
Exactly which data is stored depends on the specific website construction kit. Each provider collects and processes different data from the website visitor. However, technical user data such as the operating system, browser, screen resolution, language and keyboard settings, hosting provider and the date of your website visit are usually collected. Tracking data (e.g. browser activity, clickstream activities, activity heatmaps, etc.) can also be processed. In addition, personal data may be recorded and stored. This mostly refers to contact information such as your email address, phone number (if you have provided it), IP address and location data. Please refer to the provider’s data protection declaration to see exactly what data is being stored.
How long and where is the data stored?
Information about the duration of data processing by this particular website construction kit can be found later in this document, as well as in the provider’s data protection declaration. We generally only process personal data for as long as is absolutely necessary for the provision of our services and products. It is however possible that the provider stores your data according to their own specifications, over which we have no influence.
Right to object
You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact those responsible for the website system we are using. The contact details can be found later in this document and on the website of the relevant service provider.
You can delete, disable or manage cookies that providers use for their functions in your web browser. Depending on which browser you use, this works in different ways. Please note, however, that this can negatively impact the performance of some functions.
Legal basis
We have a legitimate interest in using a website construction kit to optimize our online services and present them in an efficient and user-friendly manner. The corresponding legal basis for this is Art. 6 Para. 1 lit. f GDPR (Legitimate Interests).
Insofar as the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This applies in particular to tracking activities. The legal basis in this respect is Art. 6 Para. 1 lit. a GDPR.
With this data protection declaration, we have brought you the most important general information about data processing. If you would like more detailed information on this topic, please see the following section or the data protection declaration of the service provider.
WordPress.com Privacy Policy
Our website is created using WordPress.com, a modular website construction kit. Our service provider is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.
WordPress also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transferred to the USA. This can be associated with various risks for the legality and security of data processing.
WordPress uses so-called Standard Contractual Clauses (= Art. 46 Para. 2 and 3 GDPR) as the basis for data processing by recipients based in third countries (countries outside the European Union, Iceland, Liechtenstein and Norway – i.e. in particular in the USA) and for data transfers to recipients in third countries. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data is treated in compliance with European data protection standards even when it is transferred to third countries (such as the USA) and stored there.
With these clauses, WordPress pledges to comply with European data protection standards when processing your data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here, among other places:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Data Processing Agreements, which correspond to the Standard Contractual Clauses, can be found at https://wordpress.com/support/data-processing-agreements/ . To find out more about which data will be processed through the use of WordPress.com, please see the company’s privacy policy at https://automattic.com/de/privacy/ .
Order processing agreement (AVV) WordPress.com
We have entered into an order processing contract (AVV) with WordPress.com in accordance with Article 28 of the General Data Protection Regulation (GDPR). This contract is required by law because WordPress.com processes personal data on our behalf. The contract clarifies that WordPress.com may only process data they receive from us in accordance with our instructions and in compliance with the GDPR. The link to the data processing agreement (AVV) can be found at https://wordpress.com/support/data-processing-agreements/ .
Web Analytics
We use software on our website to evaluate the behavior of website visitors. This process – which is known as web analytics – involves collecting data that is subsequently stored, managed and processed by the respective analytic tool provider (also known as a tracking tool). The data is used to create analyses of user behavior on our website, and is made available to us (the website operator). In addition, most tools offer various testing options. For example, we can test which offers or content are best received by our website visitors. To do this, we show visitors two different offers for a limited period of time. After the test (known as an A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as for other analytics procedures, user profiles can also be created and the data stored in cookies.
Why do we run web analytics?
With our website, we have a clear goal in mind: to deliver the best online experience within our market. In order to achieve this, we strive to offer the most interesting and high-quality content, while at the same time making sure that visitors feel completely comfortable as they navigate our site. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and improve our website accordingly. For example, we can see the average age of our visitors, where they are based, at what time our website has the highest traffic, or which content or products are particularly popular. This information helps us optimize our website and adapt it in line with your needs, interests and preferences.
What data is processed?
Exactly what data is stored depends on the respective analysis tools. As a rule, however, the stored data will include what content you view on our website, which buttons or links you click on, at what time you open a page, as well as your browser type, operating system and device (PC, tablet, smartphone, etc.). If you have agreed that location data may be collected, this may also be processed by the web analytics tool provider.
Your IP address will also be saved. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored in pseudonymized form (i.e. in an unrecognizable and shortened form). As a rule, no person-specific data (such as your name, age, address or email address) will be stored for testing purposes. All collected data is stored in pseudonymized form, which means you are not personally identifiable.
How long the respective data is stored depends on the respective service provider. Some cookies only store data for a few minutes or until you leave the website, other cookies can store data for several years.
Duration of data processing
Below we offer information on the duration of data processing. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, such as in the context of accounting, this storage period may be exceeded.
Right to object
You are able to revoke your consent regarding the use of cookies or third-party providers at any time. You can do this via our cookie management tool or other opt-out functions. For example, you can manage, deactivate or delete the cookies in your browser in order to prevent data collection by cookies.
Legal basis
The use of web analytics requires your consent, which we have obtained with our cookie popup. According to Art . 6 Para. 1 lit. a GDPR (Consent), your consent represents the legal basis for the type of personal data processing that may occur in the context of web analytics tools.
In addition to your consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our content both in terms of technological performance and business profitability. With the help of web analytics, we recognize errors on the website, can identify cyber attacks and improve company profitability. The legal basis for this is Art. 6 Para. 1 lit. f GDPR (Legitimate Interests). However, we only use these tools if you have given your consent.
Given that web analytics tools use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, please read the data protection declarations of the respective tools.
Available information on specific web analytics tools can be found in the following sections.
Facebook Conversions API Privacy Policy
Our website uses Facebook Conversions API, a server-side event tracking tool. The service provider is the American company Meta Platforms Inc. For Europe, the service provider is Meta platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
Facebook also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transferred to the USA. This can be associated with various risks for the legality and security of data processing.
Facebook uses so-called Standard Contractual Clauses (= Art. 46 Para. 2 and 3 GDPR) as the basis for data processing by recipients based in third countries (meaning countries outside the European Union, Iceland, Liechtenstein and Norway – i.e. in particular in the USA) as well as for data transfers to third countries. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data is treated in compliance with European data protection standards even when it is transferred to third countries (such as the USA) and stored there.
With these clauses, Facebook pledges to comply with European data protection standards when processing your relevant data, even when the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here, among other places:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Facebook data processing terms, which correspond to the Standard Contractual Clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing .
More about the data processed by using the Facebook Conversions API can be found in Facebook’s privacy policy at https://www.facebook.com/about/privacy.
Google Analytics Privacy Policy
What is Google Analytics?
Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is stored in a cookie and sent to Google Analytics.
The reports we receive from Google Analytics allow us to better tailor our website and services to your needs. Below, we will go into more detail about the tracking tool and, above all, inform you about which data is stored and how you can prevent this, if desired.
Google Analytics is a tracking tool used to analyze traffic on our website. In order for Google Analytics to work, a tracking code is built into the code of our website. When you visit our website, this code records various actions that you take on our website. As soon as you leave our website, this data is sent to the Google Analytics servers and stored there. Google processes the data, and we receive reports on your user behavior. These reports may include the following:
- Target Group Reports: With target group reports, we get to know our users better and know more precisely who is interested in our service.
- Ad Reports: Ad reports make it easier for us to analyze and improve our online advertising.
- Acquisition Reports: Acquisition reports provide us with helpful information on how to attract more people to our service.
- Behavior Reports: Here we learn how you interact with our website. We can understand in what sequence you navigate our site and which links you click on.
- Conversion Reports: Conversion is a process in which you perform a desired action based on a marketing message – for example, if you change from a pure website visitor to a newsletter subscriber. These reports enable us to learn more about how our marketing activities resonate with you, thereby helping us to increase our conversion rate .
- Real-Time Reports: Real-time reports allow us to see what is happening on our website at any given time. For example, we can see how many users are currently reading this text.
Why do we use Google Analytics on our website?
Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal. The statistically evaluated data gives us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that interested web users can find us more easily on Google. On the other hand, the data helps us better understand you as a visitor. This helps us understand how our website can be improved in order to provide you with the best possible experience. The data also helps us carry out our advertising and marketing activities more individually and cost-effectively. After all, it only makes sense to show our products and services to those with an interest in the subject.
What data is stored by Google Analytics?
Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This is how Google Analytics recognizes you as a new user. Next time you visit our site, you will be recognized as a “returning” user. All collected data is stored together with this user ID. Only then is it possible to evaluate pseudonymous user profiles .
In order to be able to analyze our website with Google Analytics, a property ID must be included in the tracking code. The data is then stored in the corresponding property. Google Analytics 4 is the default
for every newly created property. Alternatively, we are also able to create the Universal Analytics property. Depending on the property used, data is stored for different lengths of time.
Identifiers such as cookies and app instance IDs are used to measure how you interact with our website. Interactions are any type of action you take on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics can be linked to third-party cookies. Google does not pass on Google Analytics data unless we as the website operator authorize this. Exceptions may arise if required by law.
The following cookies are used by Google Analytics:
Name: _ga
Value: 2.1326744211.152112342483-5
Purpose: By default, analytics.js uses the cookie _ ga to store the user ID. Basically, it serves to differentiate between website visitors.
Expiry date: after 2 years
Name: _gid
Value: 2.1687193234.152112342483-1
Purpose: This cookie, too, is used to distinguish between website visitors
Expiry date: after 24 hours
Name: _gat_gtag_UA_ <property-id> Value : 1 _
Purpose: This cookie is used to lower the request rate. If Google Analytics is provided via Google Tag Manager, this cookie is given the name _ dc_gtm _ < property-id >.
Expiry date: after 1 minute
Name: AMP_TOKEN
Value: no information
Purpose: The cookie has a token that can be used to retrieve a user ID from the AMP Client ID service. Other possible values indicate an opt-out, a request, or an error.
Expiry date: after 30 seconds to one year
Surname: utma
Value: 1564498958.1564498958.1564498958.1
Purpose: This cookie can be used to track your behavior on the website and measure our online performance. The cookie is updated each time information is sent to Google Analytics.
Expiry date: after 2 years
Surname: utmt value: 1
Purpose: Just like _ gat_gtag_UA _< property-id > , this cookie is used to throttle the request rate.
Expiry date: after 10 minutes
Surname: etc
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.
Expiry date: after 30 minutes
Surname: utmc Value: 167421564
Purpose: This cookie is used to set new sessions for returning visitors. This is a session cookie and is only stored until you close the browser.
Expiry date: after closing the browser
Surname: utmz
Value: m|utmccn =( referral )| utmcmd = referral|utmcct =/
Purpose: The cookie is used to identify the source of traffic to our website . This means that the cookie stores the last site you visited (this could be another page or an advert) before visiting our website.
Expiry date: after 6 months
Surname: utmv Value: not specified
Purpose: The cookie is used to store user-defined user data. It is updated every time information is sent to Google Analytics.
Expiry date: after 2 years
Please note: This list cannot be considered complete, since Google is constantly changing the choice of its cookies.
Here we present an overview of the most important data that is collected with Google Analytics:
Heatmaps: Google creates so-called heatmaps. Heat maps show exactly which areas of our website you click on. This is how we get information about where you are on our site.
Session Duration: Google defines the session duration as the time you spend on our site without leaving the site. If you have been inactive for 20 minutes, the session ends automatically.
Bounce Rate: A bounce is when you only view one page on our website and then leave our website again.
Account Creation: If you create an account or place an order on our website, Google Analytics collects this data.
IP Address: The IP address is only shown in abbreviated form so that no clear assignment to a specific individual is possible.
Location: The country and your approximate location can be determined via the IP address. This process is referred to as IP location determination.
Technical information: The technical information includes, among others, your browser type, your internet provider or your screen resolution.
Source of Origin: Google Analytics (as well as our company) are of course also interested in knowing which website or advert brought you to our site.
Other collected data may include your contact details, ratings (if applicable), media playback (e.g. if you click to view a video on our site), and whether you share content from our website via social media or add it to your favorites. Please note that this list cannot be considered complete, and only serves as a general guide to understanding data storage by Google Analytics.
How long and where is the data stored?
Google has distributed its servers all over the world. Most of the servers are located in the USA and consequently your data is mostly stored on US servers. Here you can read exactly where the Google data centers are located: https://www.google.com/about/datacenters/locations/?hl=de
Your data is distributed across different physical media. This has the advantage that the data can be called up more quickly and is better protected against manipulation. Every Google data center has emergency programs for your data. For example, if Google’s hardware fails or natural disasters paralyze servers, the risk of a service interruption at Google remains low.
The retention period of the data depends on the properties used. When using the newer Google Analytics 4 properties, the retention period for your user data is fixed at 14 months. For other so-called event data, we (as the website operators) have the option of choosing a retention period of 2 months or 14 months.
With Universal Analytics properties, Google Analytics has a standardized retention period of 26 months for your user data. After that time, your user data will be deleted. However, we (as the website operators) have the option of choosing the retention period for user data ourselves. We have five options available for this:
- Deletion after 14 months
- Deletion after 26 months
- Deletion after 38 months
- Deletion after 50 months
- No automatic deletion
In addition, there is also the option that data will only be deleted if you no longer visit our website within the period of time chosen by us. In this case, the retention period will be reset each time you revisit our website within the specified period.
When the specified period has expired, the data will be deleted once a month. This retention period applies to your data associated with cookies, user recognition and advertising IDs (e.g. cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a merging of individual data into a larger unit.
How can I delete my data or prevent data storage?
Under European Union data protection law, you have the right to access, update, delete or restrict your data. You can prevent Google Analytics from using your data by using the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can download and install the browser add-on from https://tools.google.com/dlpage/gaoptout?hl=de . Please note that this add-on only disables data collection by Google Analytics.
If you would like to deactivate, delete or manage other cookies, you can find the corresponding links to the instructions for the most popular browsers in the “Cookies” section.
Legal basis
The use of Google Analytics requires your consent, which we have obtained via our cookie popup. According to Art . 6 Para. 1 lit. a GDPR (Consent), your consent represents the legal basis for the type of personal data processing that may occur in the context of web analytics tools.
In addition to your consent, there is a legitimate interest on our part in analyzing the behavior of website visitors and thus improving our content both in terms of technological performance and business profitability. With the help of Google Analytics, we are able to recognize errors on the website, can identify cyber attacks and improve company profitability. The legal basis for this is Art. 6 Para. 1 lit. f GDPR (Legitimate Interests). However, we only use Google Analytics if you have given your consent.
Google also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transferred to the USA. This can be associated with various risks for the legality and security of data processing.
As the basis for data processing by recipients based in third countries (meaning countries outside the European Union, Iceland, Liechtenstein and Norway – i.e. in particular in the USA) as well as for data transfers to third countries, Google uses so-called Standard Contractual Clauses (= Art. 46 Para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data is treated in compliance with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. With these clauses, Google pledges to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here, among other places:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which correspond to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/ .
We hope we were able to offer you a basic overview of data processing by Google Analytics.
If you would like to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de .
Order processing contract (AVV) Google Analytics
We have entered into an order processing contract (AVV) with Google in accordance with Article 28 of the General Data Protection Regulation (GDPR). This contract is required by law because Google processes personal data on our behalf. The contract clarifies that Google may only process data they receive from us in accordance with our instructions and in compliance with the GDPR. The link to the data processing conditions can be found at https://business.safety.google/intl/de/adsprocessorterms/
Google Analytics Demographics and Interest Reports
On our website we have activated the advertising report functions in Google Analytics. The Demographics and Interest Reports contain information on age, gender and interests. This enables us to get a better picture of our users without being able to assign this data to individual persons. You can find out more about the advertising functions at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=%20ad .
You are able to prevent the use of the activities and information from your Google account under “Advertising settings” at https://adssettings.google.com/authenticated by checking the relevant box.
Google Analytics in consent mode
Depending on your consent, your personal data will be processed by Google Analytics in the so-called consent mode. You can choose whether or not to accept Google Analytics cookies. This also allows you to choose which of your data Google Analytics may process. The collected data is mainly used to measure user behavior on the website, to aid targeted advertising, and to provide us with web analysis reports. As a rule, you consent to data processing by Google via a cookie consent tool. If you do not consent to data processing, only aggregated data will be collected and processed. This means that data cannot be assigned to individual users and therefore no user profile is created for you. You can also agree to the statistic evaluation only. In that case, no personal data will be processed and used for advertising purposes or ad sequencing.
Google Analytics IP anonymization
We have activated Google Analytics IP address anonymization on this website. This function was developed by Google, and enables our website to comply with applicable data protection regulations and recommendations from local data protection authorities if they prohibit the storage of the full IP address. The IP is anonymized or masked as soon as the IP addresses arrive in the Google Analytics data collection network, and before the data is stored or processed.
More information on IP anonymization can be found at https://support.google.com/analytics/answer/2763052?hl=de .
Email Marketing
We use email marketing as part of our effort to always keep you up-to-date. If you have agreed to be added to our list of email or newsletter recipients, your data will be processed and stored. Email marketing is a subset of online marketing. This involves sending news or general information about a company, product or service via email to a specific group of people who are interested in this subject.
If you would like to receive our email marketing content (usually sent in the form of a digital newsletter), your email address is generally all that is required. Registration takes place via an online form. It is, however, possible that we may also ask you for your name and title, to give us the opportunity to address you personally.
We will log every registration via a notification tool. This is necessary as it also serves as evidence of a legally correct registration process. As a rule, the time of registration, the time of confirmation, and your IP address are saved. In addition, it is also logged if you make changes to your stored data.
Why do we use email marketing?
We want to give you access to the latest news and information that we believe you will find relevant. To this end, we use email marketing (commonly known simply as a ‘newsletter’) as an essential part of our communication strategy. If you have given your consent or there is another legal basis permitting us to do so, we will send newsletters, automated emails and other digital notifications to your registered email address. Within the context of this text, the term ‘newsletter’ refers to any email communication sent out on a regular basis. To make sure that our newsletter is never an unwelcome intrusion, we always strive to offer only relevant and interesting content – including insights into our company, services or products, as well as special opportunities and promotions. Our digital newsletters are sent out using a professional and safe distribution tool.
What data is processed?
If you subscribe to our newsletter via our website, you will be asked to confirm that you wish to be added to our mailing list. In addition to your IP and email address, your title, name, postal address and phone number may also be saved – provided you agree for these details to be stored. Essential details – i.e. information that you must provide in order to participate in this service – will be marked as such. Any information you provide is voluntary, but failing to provide certain details will result in you not being able to use the service.
In addition, information about your device or your preferred content may be stored on our website. For more information about how data is saved when you visit a website, see the Automatic Data Storage section. We record your declaration of consent so that we can always prove that it complies with our laws.
Duration of data processing
If you remove your email address from our e-mail / newsletter distribution list, we may store your address for up to three years on the basis of our legitimate interests, so that we can still prove your consent at the time. We are only permitted to process this data if we have to defend ourselves against any legal claims.
Once you have consented to be added to our mailing list, you are still able to submit an individual removal request at any time. If you choose to revoke your consent for the permanent future, we reserve the right to save your email address to a blacklist. As long as you have voluntarily subscribed to our newsletter, we will of course keep your email address.
Right to object
You are of course able to cancel your newsletter subscription at any time. All you have to do is revoke your consent to registering for the newsletter. This can usually be done in the space of a few seconds with one or two clicks. In most cases, you will find a link at the end of every email to unsubscribe from the newsletter. If the link cannot be found in the newsletter, please contact us by email and we will immediately cancel your newsletter subscription.
Legal basis
Our newsletter is sent on the basis of your consent (Article 6 (1) ( a) GDPR). This means that we may only send you a newsletter if you have previously actively signed up for it. We may also send you advertising messages on the basis of § 7 Para. 3 UWG, provided that you are a registered member of our mailing list and have not objected to the use of your email address for direct advertising.
Information on special email marketing services and how they process personal data can be found in the following sections.
Online Marketing
Online marketing refers to all online activities carried out for the purpose of achieving marketing goals, such as increasing brand awareness or improving sales. Our online marketing campaigns are also designed to make users aware of our website. In essence, we use online marketing in order reach as many people as possible. This mostly takes the form of online ads, content marketing or search engine optimization. Storing and processing personal data allows us to use online marketing in an efficient and targeted manner. On the one hand, this data enables us to share our content only with those who are interested – on the other hand, it helps us evaluate the success of our online marketing activities.
Why do we use online marketing tools?
We want to share our website with everyone who might benefit from what we have to offer. We are aware that this requires deliberate measures. This is why we pursue online marketing. There are various tools that make our online marketing campaigns easier to implement, whilst also collecting important data that helps us improve our marketing content. As a result, we are able to tailor our campaigns more precisely to our specific target group. Ultimately, the reason we use these online marketing tools is to continuously optimize our content.
What data is processed?
In order to ensure and evaluate the success of our online marketing activities, user profiles are created and data is stored, for example, in cookies (small text files). With the help of this data, we can not only place advertising in the classic way, but also display our content directly on our website in line with your preferences. There are various third-party tools that offer these functions and collect and store your data to this end. Cookies, for example, will store which web pages you visited on our website, how long you viewed these pages, which links or buttons you clicked, or which website you visited before visiting our site. In addition, technical information can also be stored. For example, your IP address, your browser type, the device on which you are viewing our website, the time when you accessed our website and when you left it again. If you have agreed that we may determine your location, this data will also be stored and processed.
Your IP address will be stored in pseudonymized (i.e. abbreviated) form. Unique data that directly identifies you as a person, such as your name, address or email address, is only stored in pseudonymized form as part of our advertising and online marketing process. So we cannot identify you as an individual – the only data we have stored is the pseudonymized information of your user profile.
Cookies may also be deployed, analyzed and used for advertising purposes on other websites that work with the same advertising tools. This means that the data may also be stored on the servers of the advertising tool providers.
In exceptional cases, person-specific data (name, email address, etc.) may also be stored in the user profile . This storage occurs, for example, if you are a member of a social media platform that we use for our online marketing activities, and if the network links up previously received data with your user profile. This storage also occurs if you voluntarily provide us with person-specific data on our website in order for us to contact you.
With all of the advertising tools we use that store your data on their servers, we only ever receive summarized information and never data that makes you identifiable as an individual. The data only shows to what extent our advertising activities were successful. For example, we can see which adverts have persuaded you or other users to visit our website and purchase a service or product there. Based on these analyzes we can improve our advertising approach in the future, and adapt it even more precisely to the needs and wishes of interested parties.
Duration of data processing
Below, we will inform you of the duration of data processing. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for various periods of time. Some cookies are deleted as soon as you have left the website, others can be stored in your browser for several years. The respective data protection declarations of the individual providers usually contain precise information about the individual cookies that the provider uses.
Right to object
You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting the cookies in your browser. The lawfulness of data processing up until the time of revocation remains unaffected.
Since cookies are frequently used with online marketing tools, we also recommend reading our general data protection declaration on cookies. To find out exactly which of your data is stored and processed, please see the data protection declarations of the respective tools.
Legal basis
If you have consented to the use of third-party providers, your consent serves the legal basis for the relevant data processing. According to Art . 6 Para. 1 lit. a GDPR (Consent), your consent is considered the legal basis for the processing of personal data collected by online marketing tools.
We also have a legitimate interest in evaluating our online marketing activities in an anonymous form, in order to use the obtained data to optimize our content and our marketing initiatives. The corresponding legal basis for this is Art. 6 Para. 1 lit. f GDPR (Legitimate Interests). However, we only use these tools if you have given your consent.
Information on specific online marketing tools can be found in the following sections.
Facebook Custom Audiences Privacy Policy
Our website uses Facebook Custom Audiences, a server-side event tracking tool. The service provider is the American company Meta Platforms Inc. For Europe, the provider is Meta platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Facebook also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transferred to the USA. This can be associated with various risks for the legality and security of data processing.
Facebook uses so-called Standard Contractual Clauses (= Art. 46 Para. 2 and 3 GDPR) as the basis for data processing by recipients based in third countries (meaning countries outside the European Union, Iceland, Liechtenstein and Norway – i.e. in particular in the USA) or data transfers to third countries. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data is treated in compliance with European data protection standards even when it is transferred to third countries (such as the USA) and stored there.
With these clauses, Facebook pledges to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA.
These clauses are based on an implementing decision of the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Facebook data processing terms, which correspond to the Standard Contractual Clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing .
To find out more about which data will be processed in the context of Facebook Custom Audiences, please refer to Facebook’s privacy policy at https://www.facebook.com/about/privacy .
Google Marketing Platform (formerly: DoubleClick ) Privacy Policy
Our website uses Google Marketing Platform products. These include various marketing tools such as Data Studio, Surveys, Campaign Manager 360, Display & Video 360 or Search Ads 360. The service provider is the American company Google Inc. For Europe, the provider is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) responsible for all Google services.
Google also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transferred to the USA. This can be associated with various risks for the legality and security of data processing.
As the basis for data processing by recipients based in third countries (meaning countries outside the European Union, Iceland, Liechtenstein and Norway – i.e. in particular in the USA) or data transfers to third countries. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data is treated in compliance with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. With these clauses, Google pledges to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here, among other places:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which correspond to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/ .
To find out more about the data processed in connection with
Google Marketing Platform products, please refer to Google’s privacy policy at https://policies.google.com/privacy?hl=de .
HubSpot Privacy Policy
Our website uses a digital marketing tool called HubSpot. The service provider is the American company HubSpot , Inc., 25 First St 2nd Floor Cambridge, MA, USA. The company also has a registered office in Ireland at 1 Sir John Rogerson’s Quay, Dublin 2, Ireland.
HubSpot also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transferred to the USA. This can be associated with various risks for the legality and security of data processing.
HubSpot uses so-called Standard Contractual Clauses (= Art. 46 Para. 2 and 3 GDPR) as the basis for data processing by recipients based in third countries (meaning countries outside the European Union, Iceland, Liechtenstein and Norway – i.e. in particular in the USA) or data transfers to third countries. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data is treated in compliance with European data protection standards even when it is transferred to third countries (such as the USA) and stored there.
With these clauses, HubSpot pledges to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here, among other places:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The data processing agreement, which corresponds to the Standard Contractual Clauses, can be found at https://legal.hubspot.com/dpa .
To find out more about data processing in connection with HubSpot, please refer to Hubspot’s privacy policy at https://legal.hubspot.com/de/privacy-policy.
Order processing agreement (AVV) HubSpot
We have entered into an order processing contract (AVV) with HubSpot in accordance with Article 28 of the General Data Protection Regulation (GDPR). This contract is required by law because HubSpot processes personal data on our behalf. The contract clarifies that HubSpot may only process data they receive from us according to our instructions, and must comply with the GDPR. The link to the order processing contract (AVV) can be found at https://legal.hubspot.com/dpa .
LinkedIn Insight Tag Privacy Policy
Our website uses a tag conversion tracking tool. The service provider is the American company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. The company LinkedIn Ireland Unlimited (Wilton Place, Dublin 2, Ireland) is responsible for the data protection aspects in the European Economic Area (EEA), the EU and Switzerland.
LinkedIn also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transferred to the USA. This can be associated with various risks for the legality and security of data processing.
As a basis for data processing by recipients based in third countries (meaning countries outside the European Union, Iceland, Liechtenstein and Norway – i.e. in particular in the USA) or data transferred to third countries, LinkedIn uses so-called Standard Contractual Clauses (= Art. 46. Para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data is treated in compliance with European data protection standards even when it is transferred to third countries (such as the USA) and stored there.
With these clauses, LinkedIn pledges to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here, among others:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
More information about the Standard Contractual Clauses at LinkedIn can be found at https://de.linkedin.com/legal/l/dpa or https://www.linkedin.com/legal/l/eu-sccs
To learn more about the LinkedIn Insight Tag, visit https://www.linkedin.com/help/linkedin/answer/a427660 . You can find out more about data processing in connection with the LinkedIn Insight Tag in LinkedIn’s data protection declaration at https://de.linkedin.com/legal/privacy-policy .
Audio & Video
We have included audio and video elements on our website, enabling users to, for example, watch videos directly on our website. The content is provided by service providers, which means that all content is obtained from the corresponding servers of the providers.
These are integrated functional elements of platforms such as Vimeo. The use of these portals is usually free of charge, though they also facilitate the publication of payable content. Thanks to these integrated elements, users are able to listen to, or view, the respective content via our website.
If you listen to or view audio or video elements on our website, your personal data may also be transmitted to the service providers, and consequently processed and stored.
Why do we use audio & video elements on our website?
Our goal is to provide users of our website with a comprehensive and informative experience. And we are aware that content is no longer conveyed solely in the form of text and static images. Instead of just presenting you with a link to a video, we offer audio and video formats right on our website that are entertaining or informative, and ideally both. Giving you easy access to interesting content forms an integral part of our service. This is why, in addition to texts and images, we also offer video and/or audio content.
What Data is Stored by Audio & Video Elements?
When you visit a page on our website that has an embedded video, for example, your server connects to the service provider’s server. Your data will therefore also be transferred to the third-party provider and stored there. Some information is collected and stored regardless of whether or not you have an account with this third party. This usually includes your IP address, browser type, operating system and other general information about your device. Furthermore, most providers also collect information about your web activity. This includes session duration, bounce rate, which button you clicked or which website you are using to access the service. All this information is usually stored via cookies or pixel tags (also called web beacons). Pseudonymized data is usually stored in cookies in your browser. You can always find out exactly which data is stored and processed from the data protection declaration of the respective provider.
Duration of data processing
You can find out exactly how long the data is stored on the servers of the third-party providers, either by reading the data protection policy of the respective tool (below), or the data protection declaration of the provider.
Vimeo Privacy Policy
We use videos on our website that we embed from the Vimeo video service. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plug-in, we can show you interesting video material directly on our website. Certain data may be transferred to Vimeo. In this data protection declaration, we will show you what data is involved, why we use Vimeo and how you can manage or prevent your data and data transmission.
What is Vimeo?
Vimeo is a video platform that was founded in 2004 and has been providing HD quality video streaming since 2007. Since 2015 it has also been possible to stream in 4K Ultra HD. The platform can be used free of charge, but payable content can also be published. Compared to the market leader YouTube, Vimeo prioritizes high-quality content. On the one hand, the platform offers a lot of artistic content such as music videos and short films, but on the other hand, it also contains interesting documentary material on a wide variety of topics.
Why do we use Vimeo on our website?
The aim of our website is to provide you with the best possible content that is as easily accessible as possible. Only when we have managed that are we satisfied with our service. The video service Vimeo helps us achieve this goal. Vimeo offers us the opportunity to present you with high-quality content directly on our website. Instead of just showing you a link to an interesting video, you can watch the video directly on our site. Giving you easy access to interesting content forms an integral part of our service. This is why, in addition to texts and images, we also offer video and/or audio content.
What data is stored on Vimeo?
When you visit a page on our website that has an embedded Vimeo video, your browser connects to the Vimeo servers. This results in a data transfer. This data is collected, stored and processed on the Vimeo servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical information about your browser type, your operating system or very basic device information. Furthermore, Vimeo stores information about on which website you use the Vimeo service, and what actions (web activities) you perform on that website. These web activities include, for example, session duration, bounce rate or which button you clicked on the website that contains the built-in Vimeo function. Vimeo can track and store these actions using cookies and similar technologies.
If you are logged in to Vimeo as a registered member, more data can usually be collected because more cookies may have already been set in your browser. In addition, your actions on our website are linked directly to your Vimeo account. To prevent this, you must log out of Vimeo while “surfing” our website.
How long and where is the data stored?
Vimeo is headquartered in White Plains, New York State (USA). However, the services are offered worldwide. The company uses computer systems, databases and servers in the USA and also in other countries. Your data may therefore also be stored and processed on servers in America. The data remains stored at Vimeo until the company no longer has any economic reason for storing it. Then the data will be deleted or made anonymous.
How can I delete my data or prevent data storage?
You always have the option of managing cookies in your browser according to your wishes. For example, if you do not want Vimeo to set cookies and thus collect information about you, you can delete or disable cookies at any time in your browser settings. This works in slightly different ways depending on the browser. Please note that after deactivating/deleting cookies, some functions may no longer be fully available. The following instructions show you how to manage or delete cookies in your browser.
Chrome: Delete, enable and manage cookies in Chrome
Safari: Managing Cookies and Website Data with Safari
Firefox: Clear cookies to remove data websites have placed on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Deleting and managing cookies
If you are a registered Vimeo member, you can also manage cookies in the Vimeo settings.
Please note that when using this tool, your data may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. However, data cannot be transferred to unsafe third countries, stored and processed there, unless there are suitable guarantees (such as EU Standard Contractual Clauses) between us and the non-European service provider.
You can find out more about the use of cookies in connection with Vimeo at https://vimeo.com/cookie_policy, and information on data protection at Vimeo can be found at https://vimeo.com/privacy .
As a rule, personal data is only processed for as long as is absolutely necessary for the provision of our services or products. This usually also applies to third-party providers. In most cases, you can assume that certain data will be stored on third-party servers for several years. Data can be stored for different lengths of time, especially in cookies. Some cookies are deleted as soon as you leave the website, others can be stored in your browser for several years.
Right to object
You are able to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can prevent data collection by cookies by managing, deactivating or deleting the cookies in your browser. The lawfulness of the data processing up until the time of revocation remains unaffected.
Since the integrated audio and video functions on our site usually also use cookies, you should also read our general data protection declaration on cookies. You can find out more about the handling and storage of your data in the data protection declarations of the respective third-party providers.
Legal basis
If you have agreed that your data can be processed and stored by integrated audio and video elements, this consent forms the legal basis for data processing (Article 6 (1) ( a ) GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in carrying out quick and effective communication with our customers and business partners. However, we only use the integrated audio and video elements if you have given your consent.
Explanation of Terms Used
We strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal issues. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). But we don’t want to use them without explanation. Below you will find an alphabetical list of important terms used, which we may not have addressed sufficiently in the previous data protection declaration. If these terms were taken from the GDPR and have existing definitions, we will also list the relevant GDPR definitions, adding our own explanations where necessary.
Supervisory Authority: Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“Supervisory Authority” means an independent public authority which is established by a Member State pursuant to Article 51.
Explanation: “Supervisory authorities” are always independent government institutions that are authorized to give instructions in certain cases. They serve to carry out so-called state supervision and are located in ministries, special departments or other authorities. In Austria, this is the DSB.
Processor: Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Explanation: As a company and website owner, we are responsible for all personal data that we process. In addition to us (the “Controller”), there may also be so-called Processors. This includes any company or person who processes personal data on our behalf. In addition to service providers such as tax accountants, Processors can also come in the form of web hosting or cloud service providers, payment or newsletter providers, or large companies such as Google or Microsoft.
Consent: Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Explanation: As a rule, consent is given on websites via a cookie consent tool. Whenever you visit a website for the first time, you will usually be asked by means of a banner whether you agree to your data being processed. You are usually also able to create individual settings and thereby decide for yourself which types of data processing you do or do not allow. If you do not give your consent, no personal data may be processed. In principle, consent can also be given in writing instead of, for example, an online tool.
Personal Data: Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Explanation: Personal data is any data that can identify you as a person. This is usually data such as:
- Surname
- Email address
- Postal address
- Phone number
- Date of birth
- Identification numbers such as social security number, tax identification number, ID card number or matriculation number
- Bank data such as account number, credit card details, account balance sheet, and much more .
According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and subsequently you as the connection owner. Therefore, storing an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called “special categories” of personal data, which are also particularly worthy of protection. These include:
- Racial and ethnic origin
- Political opinions
- Religious or ideological beliefs
- Union membership
- Genetic data (data obtained from blood or saliva samples)
- Biometric data (information about psychological, physical or behavioral characteristics that can identify a person)
- Health data
- Data related to sexual orientation or sex life
Profiling: Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
Explanation: Profiling gathers various pieces of information about a person in order to learn more about them. In the context of the internet, profiling is often used for advertising purposes or credit checks. For example, web and advertising analysis programs collect data about your online behavior and interests. This results in a special user profile that can be used to aim advertising content at a specific target group.
Controller: Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Explanation: As the website owner, we are responsible for the processing of your personal data, and consequently “the Controller”. If we pass on collected data to other service providers for processing, they become our “Processors”. To this end, an “order processing contract (AVV)” must be signed.
Conclusion
Congratulations, you have now reached the end of our privacy policy. As you can see from the scope of our data protection declaration, we take the protection of your personal data very seriously. It is also important to us to maintain full transparency with regards to how we process your personal information, and for what purpose. Our aim is not only to let you know which data is processed, but also to explain our reasons for using various software programs.
If you have any questions about data protection on our website, please do not hesitate to contact us or the respectively responsible body. We hope you continue to enjoy everything our website has to offer.
All texts are copyrighted.
Disclaimer: This document was translated into English for information purposes only. While every care has been taken, the possibility of translation errors, incorrect or incomplete information cannot be excluded. For any legal purposes or disputes, the original German-language version shall apply.