We have written this privacy statement (version 09.02.2021-211141422) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679, what information we collect, how we use data and what decision-making options you have as a visitor to this website.
Privacy statements usually sound very technical. This version, on the other hand, is intended to describe the most important things to you as simply and clearly as possible. As far as possible, technical terms are explained in a reader-friendly way. We also want to convey that we only collect and use information with this website if there is a corresponding legal basis. This is certainly not possible by providing the most concise, technical explanations possible, as is often the standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or the other piece of information that you did not know yet.
If you still have questions, we would like to ask you to follow the existing links and look at more information on third party sites, or simply write us an e-mail. You can find our contact details in the imprint.
Automatic data storage
When you visit websites these days, certain information is automatically created and stored, including on this website. This collected data should be collected as sparingly as possible and only with justification. By website, by the way, we mean the entirety of all web pages on your domain, i.e. everything from the home page (homepage) to the very last subpage (like this one). By domain, we mean, for example, example.de or sampleexample.com.
Even while you are visiting our website right now, our web server – that is the computer on which this website is stored – usually automatically saves data for reasons of operational security, to compile access statistics, etc., such as
- the complete Internet address (URL) of the accessed website (e.g. https://www.beispielwebsite.de/beispielunterseite.html/)
- browser and browser version (e.g. Chrome 87)
- the operating system used (e.g. Windows 10)
- the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen.html/)
- the host name and IP address of the device from which access is made (e.g. COMPUTERNAME and 18.104.22.168)
- date and time
- in files called web server log files.
As a rule, these files are stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of unlawful conduct.
In short, your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not share your data!
Storage of personal data
Personal information that you provide to us electronically on this website, such as your name, email address, address or other personal details when submitting a form or commenting on the blog, together with the time and IP address, will only be used by us for the stated purpose, kept secure and not passed on to third parties.
We therefore only use your personal data for communication with those visitors who expressly wish to be contacted and for the processing of the services and products offered on this website. We do not disclose your personal data without consent, but we cannot exclude the possibility that this data may be accessed in the event of unlawful conduct.
If you send us personal data by e-mail – thus away from this website – we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data unencrypted by e-mail.
Rights under the General Data Protection Regulation
According to the provisions of the GDPR and the Austrian Data Protection Act (DSG), you are generally entitled to the following rights:
- Right to rectification (Article 16 GDPR)
- Right to erasure (“right to be forgotten”) (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to notification – obligation to notify in connection with the rectification or erasure of personal data or the restriction of processing (Article 19 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR)
Wenn Sie glauben, dass die Verarbeitung Ihrer Daten gegen das Datenschutzrecht verstößt oder Ihre datenschutzrechtlichen Ansprüche sonst in einer Weise verletzt worden sind, können Sie sich bei der Aufsichtsbehörde beschweren, welche in Österreich die Data protection authority ist, deren Webseite Sie unter https://www.dsb.gv.at/ finden.
TLS encryption with https
TLS, encryption and https sound very technical and they are. We use HTTPS (Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) to transfer data tap-proof on the Internet, which means that the complete transfer of all data from your browser to our web server is secured – no one can “listen in”.
In this way, we have introduced an additional layer of security and fulfil data protection by design of technology Article 25(1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transfer on the internet, we can ensure the protection of confidential data. You can recognise the use of this data transfer protection by the small lock symbol at the top left of the browser to the left of the internet address (e.g. beispielseite.de) and the use of the https scheme (instead of http) as part of our internet address. If you would like to know more about encryption, we recommend a Google search for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.
On our website we use Google Fonts of the company Google Inc. For the European area the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible. We have integrated the Google fonts locally, i.e. on our web server – not on Google’s servers. This means that there is no connection to Google servers and therefore no data transfer or storage.
What are Google Fonts?
Google Fonts used to be called Google Web Fonts. This is an interactive directory of over 800 fonts that Google provides for free. With Google Fonts, you could use fonts without uploading them to your own server. But to prevent any information transfer to Google servers in this regard, we have downloaded the fonts to our server. This way we act privacy compliant and do not send any data to Google Fonts.
Unlike other web fonts, Google allows us unlimited access to all fonts. So we can have unlimited access to a sea of fonts and get the most out of our website. You can find out more about Google Fonts and other issues at https://developers.google.com/fonts/faq?tid=211141422.
We have integrated YouTube videos on our website. This way we can present you interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you call up a page on our website that has a YouTube video embedded, your browser automatically connects to the YouTube or Google servers. In the process, various data are transferred (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European area.
In the following, we would like to explain in more detail which data is processed, why we have integrated YouTube videos and how you can manage or delete your data.
What is YouTube?
On YouTube, users can watch, rate, comment and upload videos for free. Over the last few years, YouTube has become one of the most important social media channels in the world. In order for us to display videos on our website, YouTube provides a code snippet that we have built into our site.
Why do we use YouTube videos on our website?
YouTube is the video platform with the most visitors and the best content. We are committed to providing you with the best possible user experience on our website. And of course, we can’t do without interesting videos. With the help of our embedded videos, we provide you with further helpful content in addition to our texts and images. In addition, the embedded videos make our website easier to find on the Google search engine. Also, when we run ads through Google Ads, Google can – thanks to the collected data – really only show these ads to people who are interested in what we have to offer.
What data is stored by YouTube?
As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually assign your interactions on our website to your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet service provider. Other data may include contact details, any ratings, sharing of content via social media or adding to your favourites on YouTube.
Wenn Sie nicht in einem Google-Konto oder einem Youtube-Konto angemeldet sind, speichert Google Daten mit einer eindeutigen Kennung, die mit Ihrem Gedevice, browser, or app. For example, your preferred language setting is retained. But a lot of interaction data can’t be stored because fewer cookies are set.
In the following list we show cookies that were set in the browser in a test. On the one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be complete, because the user data always depends on the interactions on YouTube.
Verwendungszweck: Dieses Cookie registriert Ihre eindeutige ID auf mobilen Geräten, um den GPS-Standort zu tracken.
Ablaufdatum: nach 30 Minuten
Verwendungszweck: Dieses Cookie versucht die Bandbreite des Users auf unseren Webseiten (mit eingebautem YouTube-Video) zu schätzen.
Ablaufdatum: nach 8 Monaten
Other cookies that are set when you are logged in with your YouTube account:
Name: APISID Value: zILlvClZSkqGsSwI/AU1aZI6HY7211141422- Purpose: This cookie is used to create a profile about your interests. The data is used for personalized advertisements. Expiration date: after 2 years.
Name: CONSENT Value: YES+AT.en+20150628-20-0 Purpose: The cookie stores the status of a user’s consent to use various Google services. CONSENT is also used for security purposes to verify users and protect user data from unauthorized attacks. Expiration date: after 19 years
Name: SAPISID Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile about your interests. Expiration date: after 2 years.
Name: SIDCC Value: AN0-TYuqub2JOcDTyL Purpose: This cookie stores information about how you use the site and what advertisements you may have seen before visiting our site Expiration date: after 3 months
How long and where is the data stored?
The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. You can see exactly where Google’s data centers are located at https://www.google.com/about/datacenters/inside/locations/?hl=de. Your data is spread across the servers. So the data is faster retrievable and better gescontactort against manipulation.
Google stores the collected data for different lengths of time. Some data you can delete at any time, others are automatically deleted after a limited time and still others are stored by Google for a longer period of time. Some data (such as items from “My activity”, photos or documents, products) stored in your Google Account will remain stored until you delete them. Even if you’re not signed in to a Google Account, you can delete some data associated with your device, browser, or app.
How can I delete my data or prevent data storage?
Basically, you can manually delete data in Google Account. With the automatic deletion function of location and activity data introduced in 2019, information is stored depending on your decision – either 3 or 18 months and then deleted.
Whether you have a Google account or not, you can configure your browser to delete or disable cookies from Google. Depending on which browser you use, this works in different ways. The following instructions show how to manage cookies in your browser: