Types of Processed Data
- inventory data, e.g. names, addresses, ...
- contact information, e.g. e-mail, phone numbers, ...
- content data, e.g. text input, photographs, videos, ...
- usage data, e.g. visited websites and content, access times, ...
- meta & communication data, e.g. device information, IP addresses, ...
Categories of Affected Persons
Visitors and users of our sites.
Purpose of Processing
- to be able to provide our online services, their functions and contents
- to answer contact requests and to communicate with users
- as safety measures
- to optimize our services, e.g. reach measurement
- for marketing
Personal data is any information which identifies or allows to identify a person - the data subject. e.g. a name, an ID, location data, a cookie or an IP-Address or any physical, physiological, genetic, mental, economic, cultural or social feature.
Processing is every handling of that data - manual or automatic.
Pseudonymisation means to process personal data that it no longer can identify a person.
Profiling evaluates personal data to gain special insights.
The responsible person decides on how to process personal data.
The processor processes personal data on behalf of the responsible person.
Relevant Legal Regulations
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. If the legal basis is not mentioned, the following applies: The legal basis for obtaining consent is Art. 6 (1) lit. a and Art. 7 GDPR, for contract fulfillment and the response to inquiries Art. 6 (1) lit. b GDPR, for legal obligations Art. 6 (1) lit. c GDPR, for legitimate interests Art. 6 (1) lit. f GDPR.
In accordance with Art. 32 GDPR - under consideration of the state of art, implementation costs, nature, scope, circumstance and purpose as well as the likelihood and severity of the involved risk - we take appropriate technical measures to provide an appropriate level of protection.
This includes to ensure the confidentiality, integrity and availability by controlling the physical access, as well as strategies to ensure access, input, disclosure, backup, deletion, availability and separation. We consider privacy already during development of our software, selection of hardware according to ARt. 25 GDPR.
Collaboration with Processors and Third Parties
If we provide data to others or allow access to data to others, this is only on basis of legal obligations, to fulfill contractual obligations, for legitimate interests, of if you have explicitly expressed your prior consent.
We commission third parties as processors only on basis of contract processing contracts according to Art. 28 GDPR.
Processing in Third Countries
We process data outside the European Union or the European Economic Area or if this happens due to outsourced processors only under the special conditionsof Art. 44 seq. GDPR. That the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (e.g. for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations - standard contractual clauses.
Rights of Data Subjects
You have the right to ask for confirmation that data is being processed and for information about this data as well as for further information and a copy of the data according to Art. 15 GDPR.
You have the right to ask for completion and correction of your data according to Art. 16 GDPR.
You have the right to ask for deletion according to Art. 17 GDPR or for restricted processing according to Art. 18 GDPR.
You have the right to ask for your data or to provide it to third parties according to Art. 20 GDPR.
You have the right to file a complaint with the supervisory authorities according to Art. 77 GDPR.
Right of Withdrawal
You have the right to withdraw a granted consent according to Art. 7 (3) GDPR effecting future processing.
Right of Objection
You can object to future processing at any time according to Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes.
Cookies store information in the browser to survive various page visits. We use only session or transient cookies, which are deleted automatically after 30 minutes. Our cookies store only data for the login status and non personal data.
If users do not want cookies stored on their computer, they can disable the option in their browser settings. Saved cookies can also be deleted in the browser settings. The exclusion of cookies can lead to functional restrictions.
Deletion of Data
The processed data is deleted or limited according to Art. 17 and 18 GDPR. Unless explicitly stated, stored data is deleted as soon as no longer required. Data is processed only for the required purposes.
Due to Austrian legal regulations the storage is required for 7 years according to § 132 (1) BAO - accounting documents, invoices, accounts, vouchers, business papers, statement of income and expenses, etc. and for 10 years in case of documents relating to electronically supplied services provided to non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop (MOSS) is used.
- contract data, e.g. subject, term, customer category
- Payment data, e.g. bank details, payment history
of our customers, prospects and business partners for the purpose of providing contractual services, customer care, marketing and market research.
As processor we process data of our clients as part of our contractual services which include software development, software and server maintenance, data analysis and consulting services. The actual processing depends on the client and is strictly on basis of contract processing contracts according to Art. 28 GDPR
External Payment Service Providers
We and/or our clients use external payment service providers for payment transactions - e.g. Paypal https://www.paypal.com/webapps/mpp/ua/privacy-full, Visa https://www.visa.de/datenschutz, Mastercard https://www.mastercard.de/de-de/datenschutz.html, American Express https://www.americanexpress.com/de/content/privacy-policy-statement.html, wirecard https://www.wirecard.at/datenschutz/, stripe https://stripe.com/at/privacy.
For the payment transactions, the terms and conditions and the privacy notices of the respective payment service providers, which are available within the respective websites, or transaction applications apply. Also refer to these for further information and assertion of rights of withdrawal, information and other data subjects.
Participation in Affiliate Affiliate Programs
We use the following partners to cross finance some of our services and might/will share data with them:
Our sites may contain links to products or services from Amazon.com, Inc. – 2021 Seventh Ave Seattle, Washington 98121, USA.
Amazon participates in the EU-US Privacy Shield framework and guaranties to uphold the privacy regulations of the GDPR. For more information see https://www.amazon.com/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=202135380.
Our sites may contain links to products or services from iTunes / Apple Inc. 1 Infinite Loop, Cupertino, California 95014, USA.
Our sites may contain advertisements provided by Google Ireland, Gordon House, Barrow Street, Dublin 4, Irland.
We use the service AdSense, which allows ads to appear on our sites and reward us for their display or when you follow the link. Usage data, e.g. the click and your IP address, is processed, whereby the IP address is shortened and pseudonymised.
We use AdSense with personalized ads. In doing so, Google draws conclusions about the interests based on the websites you have visited or used apps. Advertisers use this information to align their campaigns with these interests, which benefits users and advertisers alike. For Google, ads are personalized when collected or known data determines or influences ad selection. These include past searches, activities, site visits, apps, demographics, and location information. Specifically, this includes demographic targeting, interest category targeting, remarketing, and targeting to customer comparison lists and audience lists uploaded to DoubleClick Bid Manager or Campaign Manager.
When contacting us by mail, eMail, contact form, telefone or social media the information of the user is stored according to Art. 6 (1) lit. b GDPR.
The communication is deleted when no longer required. We check the necessity every year. Legal archiving obligations apply.
By subscribing to our newsletter, you agree to the receipt and the following procedures.
We send newsletters, emails and other electronic notifications with advertising information only with the consent of the recipient or a legal permission.
Registration for our newsletters uses double-opt-in. That After registration, you will receive an email asking to confirm your registration. This is logged to prove the registration process due to the legal requirements.
To subscribe to the newsletter, it is sufficient to provide your e-mail address. we ask for a name solely to address you personally in the newsletter
The dispatch of newsletters and the associated performance measurement are based on a consent according to Art. 6 (1) lit. a, Art. 7 GDPR and § 107 (2) TKG.
You may terminate the receipt of our newsletters at any time. A link to cancel the newsletter can be found at the end of each newsletter. We may save the submitted email addresses for up to three years based on our legitimate interests before we delete them to provide prior consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for cancellation is possible at any time, provided that at the same time the former existence of a consent is confirmed.
The newsletters contain a pixel-sized file that is retrieved from our server when opening the newsletter. This call collects technical information, such as information about the browser and your system, as well as your IP address and time of retrieval.
The evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Hosting and eMail
We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to our sites on the basis of our legitimate interests according to Art. 6 (1) lit. f and Art. 28 GDPR.
Collection of Access Data and Log Files
We, or our hosting provider, collect on the basis of our legitimate interests according to Art. 6 (1) lit. f GDPR data on every access to our servers. The access data includes name of the retrieved service / web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, the previously visited page, the IP address and the requesting provider.
Logfile information is stored for security purposes to investigate abusive or fraudulent activities for a maximum of 30 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
Based on our legitimate interests according to Art. 6 (1) lit. f GDPR - e.g. analysis, optimization and economic operation - we use Google Analytics provided by Google Ireland, Gordon House, Barrow Street, Dublin 4, Irland.
Google uses this information on our behalf to evaluate the use of our sites, to compile reports on the activities. In this case, pseudonymous usage profiles of the users are created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
The IP address submitted by the user's browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly. Users may also prevent the collection of data and the processing of such data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Some of our sites use fonts provided by Google Ireland, Gordon House, Barrow Street, Dublin 4, Irland.
The usage of Google Fonts does not use any authentication and will not provide Cookies to Google. Should you have an account with Google, your account ID might be transmitted to Google. Google logs the usage of the accessed files. Moue information is available at https://developers.google.com/fonts/faq.