Privacy Policy

Introduction and Overview

We have drafted this privacy policy (version 13.05.2024-122786140) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (short data) we, as data controllers, and the processors we commission (e.g., providers) process, will process in the future, and what legitimate options you have. The terms used are to be understood in a gender-neutral manner. In short: We provide you with comprehensive information about the data we process about you. Privacy policies typically sound very technical and use legal terminology. However, this privacy policy is intended to describe the most important things to you as simply and transparently as possible. Where transparency is beneficial, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. In this way, we provide information in clear and simple language that we only process personal data within the scope of our business activities when there is a corresponding legal basis. This is certainly not possible if one gives as concise, unclear, and legally technical explanations as are often standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information that you did not already know. If you still have questions, we ask you to contact the responsible office listed below or in the imprint, to follow the existing links, and to view further information on third-party sites. You can of course also find our contact details in the imprint.

Scope

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information in the sense of Art. 4 No. 1 GDPR, such as name, email address, and postal address of a person. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

  • all online presences (websites, online shops) that we operate
  • social media presences and email communication
  • mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed within the company via the channels mentioned. Should we enter into legal relationships with you outside of these channels, we will inform you separately.

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal basis of the General Data Protection Regulation, which allow us to process personal data. With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. This EU General Data Protection Regulation can be read online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679. We only process your data if at least one of the following conditions applies:

  1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the data you entered in a contact form.
  2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information beforehand.
  3. Legal Obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
  4. Legitimate Interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Further conditions such as the exercise of activities in the public interest and the exercise of public authority as well as the protection of vital interests usually do not apply to us. If such a legal basis should be relevant, it will be indicated at the appropriate place. In addition to the EU regulation, national laws also apply:

  • In Austria, this is the Federal Act concerning the Protection of Personal Data (Data Protection Act), abbreviated as DSG.
  • In Germany, this is the Federal Data Protection Act, abbreviated as BDSG.

If further regional or national laws apply, we will inform you about them in the following sections.

Contact Details of the Controller

If you have any questions about data protection or the processing of personal data, you will find below the contact details of the responsible person or body: Mr. Marcovici Michael Email: [email protected] Phone: +43 699 1 5852 848 Imprint: https://wave.cc/impressum/

Storage Duration

It is a general criterion for us that we only store personal data for as long as it is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased, for example, for accounting purposes. If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as soon as possible and to the extent that there is no obligation to store it. We will inform you about the specific duration of the respective data processing below, if we have further information about it.

Rights under the General Data Protection Regulation

According to Articles 13, 14 GDPR, we inform you about the following rights that you are entitled to so that data processing is fair and transparent:

  • According to Article 15 GDPR, you have the right to information as to whether we process data about you. If this is the case, you have the right to receive a copy of the data and to learn the following information:
    • for what purpose we process the data;
    • the categories, i.e., the types of data that are processed;
    • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
    • how long the data is stored;
    • the existence of the right to rectification, erasure, or restriction of processing and the right to object to processing;
    • that you can complain to a supervisory authority (you will find links to these authorities below);
    • the origin of the data if we did not collect it from you;
    • whether profiling is carried out, i.e., whether data is automatically evaluated in order to create a personal profile of you.
  • According to Article 16 GDPR, you have the right to have data corrected, which means that we must correct data if you find errors.
  • According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which means that you can request the erasure of your data.
  • According to Article 18 GDPR, you have the right to restrict processing, which means that we may only store the data but not use it further.
  • According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
  • According to Article 21 GDPR, you have a right to object, which, when enforced, brings about a change in the processing.
    • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
    • If data is used for direct marketing purposes, you can object to this type of data processing at any time. We may no longer use your data for direct marketing purposes thereafter.
    • If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling thereafter.
  • According to Article 22 GDPR, under certain circumstances, you have the right not to be subject to a decision based solely on automated processing (e.g., profiling).
  • According to Article 77 GDPR, you have the right to lodge a complaint. That means you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible office listed above with us! If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Head: Dr. Matthias Schmidl Address: Barichgasse 40-42, 1030 Vienna Phone number: +43 1 52 152-0 Email address: [email protected] Website: https://www.dsb.gv.at/

Data Processing Agreement (DPA)

In this section, we would like to explain to you what a Data Processing Agreement is and why it is needed. Because the term “Data Processing Agreement” is quite a mouthful, we will also use the acronym DPA frequently in this text. Like most companies, we do not work alone, but also avail services from other companies or individuals. By involving various companies or service providers, we may share personal data for processing. These partners then act as data processors, with whom we enter into a contract, the so-called Data Processing Agreement (DPA). The most important thing for you to know is that the processing of your personal data is carried out exclusively according to our instructions and must be governed by the DPA.

Who are Data Processors?

As a company and website owner, we are responsible for all data we process from you. In addition to the data controllers, there may also be so-called data processors. This includes any company or person who processes personal data on our behalf. More precisely, and according to the GDPR definition: any natural or legal person, authority, agency, or other body that processes personal data on our behalf is considered a data processor. Data processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft. For a better understanding of the terminology, here’s an overview of the three roles in the GDPR: Data Subject (you as a customer or prospect) β†’ Data Controller (us as a company and data controller) β†’ Data Processor (service providers such as web hosts or cloud providers).

Contents of a Data Processing Agreement

As mentioned above, we have entered into a DPA with our partners who act as data processors. In this agreement, it is primarily stipulated that the data processor processes the data exclusively in accordance with the GDPR. The contract must be concluded in writing, although electronic contract conclusion is also considered “in writing” in this context. The processing of personal data only takes place on the basis of the contract. The following must be included in the contract:

  • Binding to us as the data controller
  • Duties and rights of the data controller
  • Categories of data subjects
  • Type of personal data
  • Nature and purpose of data processing
  • Subject matter and duration of data processing
  • Location of data processing

Furthermore, the contract contains all obligations of the data processor. The most important obligations are:

  • To ensure data security measures
  • To take possible technical and organizational measures to protect the rights of data subjects
  • To maintain a data processing register
  • To cooperate with the data protection supervisory authority upon request
  • To conduct a risk analysis regarding the personal data received
  • Sub-data processors may only be engaged with the written consent of the data controller

You can view what such a DPA looks like, for example, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html. Here, a sample contract is presented.

Cookies

Summary of Cookies

πŸ‘₯ Data Subjects: Website visitors
🀝 Purpose: Depending on the specific cookie. More details can be found below or from the manufacturer of the software that sets the cookie.
πŸ““ Processed Data: Depending on the cookie used. More details can be found below or from the manufacturer of the software that sets the cookie.
πŸ“… Storage Duration: Depending on the specific cookie, ranging from hours to years
βš–οΈ Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit.f GDPR (Legitimate interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data. Below, we explain what cookies are and why they are used, so you can better understand the following privacy policy. Whenever you browse the internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies. It is undeniable that cookies are really useful little helpers. Almost all websites use cookies. More specifically, they are HTTP cookies, as there are also other cookies for other application areas. HTTP cookies are small files that are stored by our website on your computer. These cookie files are automatically placed in the cookie folder, essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified. Cookies store certain user data from you, such as language or personal page settings. When you revisit our site, your browser sends the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file. The following graphic shows a possible interaction between a web browser such as Chrome and the web server. In this scenario, the web browser requests a website and receives a cookie back from the server, which the browser reuses when requesting another page. HTTP Cookie Interaction between Browser and Web Server There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. Also, the expiration time of a cookie varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans, or other “malware”. Cookies also cannot access information on your PC. Here’s how cookie data can look, for example: Name: _ga Value: GA1.2.1326744211.152122786140-9 Purpose: Distinguishing website visitors Expiration Date: after 2 years A browser should be able to support these minimum sizes:

  • At least 4096 bytes per cookie
  • At least 50 cookies per domain
  • At least 3000 cookies in total

Types of Cookies

The question of which cookies we specifically use depends on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies. Four types of cookies can be distinguished: Essential Cookies: These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed if a user puts a product in the shopping cart, then continues surfing on other pages, and later goes to the checkout. These cookies prevent the shopping cart from being deleted, even if the user closes their browser window. Functional Cookies: These cookies collect information about user behavior and whether the user receives any error messages. Furthermore, these cookies also measure the loading time and behavior of the website with different browsers. Performance Cookies: These cookies ensure a better user experience. For example, entered locations, font sizes, or form data are stored. Advertising Cookies: These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very practical, but also very annoying. Typically, you are asked about these types of cookies when you first visit a website. And of course, this decision is also stored in a cookie. If you want to know more about cookies and don’t mind technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of Processing via Cookies

The purpose ultimately depends on the specific cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

What Data is Processed?

Cookies are small helpers for many different tasks. Unfortunately, data stored in cookies cannot be generalized, but we will inform you within the scope of the following privacy policy about the processed or stored data.

Storage Duration of Cookies

The storage duration depends on the specific cookie and will be further specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years. You also have influence on the storage duration yourself. You can manually delete all cookies via your browser at any time (see also below “Right to Object”). Furthermore, cookies based on consent are deleted no later than upon revocation of your consent, without affecting the lawfulness of storage up to that point.

Right to Object – How Can I Delete Cookies?

Whether and how you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies. If you want to find out which cookies have been stored in your browser, change cookie settings, or delete them, you can find this in your browser settings:

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. This way, you can decide for each individual cookie whether you allow it or not. The procedure varies depending on the browser. It’s best to search for the instructions on Google using the search term “Delete cookies Chrome” or “Disable cookies Chrome” for Chrome browsers.

Legal Basis

Since 2009, there have been the so-called “Cookie Directives”. These state that storing cookies requires consent (Article 6 para. 1 lit. a GDPR) from you. However, there are still very different reactions to these directives within the EU countries. In Austria, however, these directives were implemented in Β§ 165 para. 3 of the Telecommunications Act (2021). In Germany, the cookie directives were not implemented as national law. Instead, these directives were largely implemented in Β§ 15 para. 3 of the Telemedia Act (TMG). For strictly necessary cookies, even if no consent is given, there are legitimate interests (Article 6 para. 1 lit. f GDPR), which are mostly of an economic nature. We want to provide visitors to the website with a pleasant user experience, and for that, certain cookies are often absolutely necessary. Where non-essential cookies are used, this is only done with your consent. The legal basis is then Art. 6 para. 1 lit. a GDPR. In the following sections, you will be informed in more detail about the use of cookies if the software used uses cookies.

Web Analytics Introduction

Summary of Web Analytics Privacy Policy

πŸ‘₯ Data Subjects: Website visitors
🀝 Purpose: Evaluation of visitor information to optimize the web offering.
πŸ““ Processed Data: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found with the respective Web Analytics Tool.
πŸ“… Storage Duration: Depends on the Web Analytics tool used
βš–οΈ Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is Web Analytics?

We use software on our website to analyze the behavior of website visitors, commonly referred to as web analytics or web analysis. Data is collected, stored, managed, and processed by the respective analytics tool provider (also called tracking tool). The data is used to create analyses of user behavior on our website and provided to us as website operators. In addition, most tools offer various testing options. For example, we can test which offers or content are most appealing to our visitors. For a limited period of time, we show two different offers. After the test (called an A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as well as for other analytics procedures, user profiles can be created, and data can be stored in cookies.

Why Do We Conduct Web Analytics?

With our website, we have a clear goal in mind: we want to deliver the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting content, and also ensure that you feel comfortable on our website. With the help of web analytics tools, we can take a closer look at the behavior of our website visitors and then improve our web offering for you and us accordingly. For example, we can determine the average age of our visitors, where they come from, when our website is most visited, or which content or products are particularly popular. All this information helps us to optimize the website and thus tailor it perfectly to your needs, interests, and wishes.

What Data is Processed?

Exactly what data is stored depends, of course, on the analytics tools used. However, in general, data such as which content you view on our website, which buttons or links you click on, when you access a page, which browser you use, with which device (PC, tablet, smartphone, etc.) you visit the website, or what computer system you use is usually stored. If you consented to the collection of location data, this data can also be processed by the web analytics tool provider. Additionally, your IP address is stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored pseudonymously (i.e., in unrecognizable and shortened form). For the purpose of testing, web analytics, and web optimization, no direct data, such as your name, age, address, or email address, is generally stored. All this data, if collected, is stored pseudonymously. Therefore, you cannot be identified as a person. The following example schematically shows the functioning of Google Analytics as an example of client-based web tracking with JavaScript code. Schematic Data Flow in Google Analytics The duration for which the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, while others can store data for several years.

Duration of Data Processing

We will inform you about the duration of data processing below if we have further information about it. Generally, we only process personal data for as long as it is absolutely necessary to provide our services and products. If, for example, it is legally required, such as in the case of accounting, this storage period can also be exceeded.

Right to Object

You also have the right and the possibility to revoke your consent to the use of cookies or third parties at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Legal Basis

The use of web analytics requires your consent, which we obtained with our cookie popup. This consent constitutes the legal basis for the processing of personal data, such as that which may occur during data collection by web analytics tools, according to Art. 6 para. 1 lit. a GDPR (Consent). In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. With the help of web analytics, we identify website errors, can identify attacks, and improve profitability. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only use the tools if you have given consent. Since cookies are used in web analytics tools, we also recommend reading our general cookie privacy policy. To find out exactly which data about you is stored and processed, you should read the privacy policies of the respective tools. Information about specific web analytics tools, if available, will be provided in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary

πŸ‘₯ Affected individuals: Website visitors
🀝 Purpose: Evaluation of visitor information to optimize the web offering.
πŸ““ Processed data: Access statistics including data such as access locations, device data, access duration and time, navigation behavior, and click behavior. More details can be found below in this privacy policy.
πŸ“… Storage period: individually adjustable, Google Analytics 4 defaults to storing data for 14 months
βš–οΈ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is Google Analytics?

We use the analysis tracking tool Google Analytics version Google Analytics 4 (GA4) from the American company Google Inc. For the European region, the company responsible for all Google services is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). Google Analytics collects data about your actions on our website. By combining various technologies such as cookies, device IDs, and login information, you can be identified as a user across different devices. This allows your actions to be analyzed across platforms. For example, when you click on a link, this event is stored in a cookie and sent to Google Analytics. With the reports we receive from Google Analytics, we can better tailor our website and service to your needs. Below, we will provide more information about the tracking tool and, in particular, inform you about which data is processed and how you can prevent this. Google Analytics is a tracking tool used for traffic analysis of our website. The basis of these measurements and analyses is a pseudonymous user identification number. This number does not contain personal data such as name or address, but is used to assign events to an end device. GA4 uses an event-based model that captures detailed information about user interactions such as page views, clicks, scrolling, conversion events. In addition, GA4 also incorporates various machine learning features to better understand user behavior and certain trends. GA4 uses modeling with the help of machine learning features. This means that based on the collected data, missing data can also be extrapolated to optimize the analysis and to be able to make forecasts. In order for Google Analytics to function in principle, a tracking code is built into the code of our website. When you visit our website, this code records various events that you perform on our website. With GA4’s event-based data model, we as website operators can define and track specific events to obtain analyses of user interactions. Thus, in addition to general information such as clicks or page views, special events that are important for our business can also be tracked. Such special events could be, for example, submitting a contact form or purchasing a product. Once you leave our website, this data is sent to and stored on the Google Analytics servers. Google processes the data and we receive reports about your user behavior. These reports may include, among other things:

  • Audience reports: Audience reports help us better understand our users and know more precisely who is interested in our service.
  • Advertisement reports: Through advertisement reports, we can analyze and improve our online advertising more easily.
  • Acquisition reports: Acquisition reports provide us with helpful information on how we can attract more people to our service.
  • Behavior reports: Here we learn how you interact with our website. We can track the path you take on our site and which links you click on.
  • Conversion reports: A conversion is when you perform a desired action based on a marketing message. For example, when you go from being just a website visitor to being a buyer or newsletter subscriber. With these reports, we learn more about how our marketing efforts are received by you. We aim to increase our conversion rate with this information.
  • Real-time reports: Here we immediately see what is happening on our website. For example, we see how many users are currently reading this text.

In addition to the above-mentioned analysis reports, Google Analytics 4 also offers the following functions, among others:

  • Event-based data model: This model captures very specific events that can occur on our website. For example, playing a video, purchasing a product, or subscribing to our newsletter.
  • Advanced analysis features: With these features, we can better understand your behavior on our website or certain general trends. For example, we can segment user groups, conduct comparison analyses of target groups, or track your path on our website.
  • Prediction modeling: Based on collected data, missing data can be extrapolated through machine learning to predict future events and trends. This can help us develop better marketing strategies.
  • Cross-platform analysis: Data collection and analysis are possible from both websites and apps. This allows us to analyze user behavior across platforms, provided you have consented to data processing.

Why do we use Google Analytics on our website?

Our goal with this website is clear: We want to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal. The statistically evaluated data gives us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site to make it easier for interested people to find it on Google. On the other hand, the data helps us to better understand you as a visitor. Thus, we know very precisely what we need to improve on our website to offer you the best possible service. The data also helps us to carry out our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.

What data does Google Analytics store?

Google Analytics creates a random, unique ID associated with your browser cookie using a tracking code. This way, Google Analytics recognizes you as a new user and assigns you a user ID. The next time you visit our site, you are recognized as a “returning” user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles. To analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, Google Analytics 4 Property is the default. Depending on the property used, data is stored for different lengths of time. Interactions, if consented to, are measured across platforms using identifiers such as cookies, app instance IDs, user IDs, or custom event parameters. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated by Google Analytics can be linked to third-party cookies. Google does not share Google Analytics data unless we as website operators approve it. Exceptions may occur if required by law. According to Google, IP addresses are not logged or stored in Google Analytics 4. The IP addresses are anonymized immediately after processing and before they are stored. This means that IP addresses are only processed in shortened form and cannot be associated with individual persons. As part of Google Analytics, Google may also collect data about the devices from which you access our website and your click path on our website. This may include other information about your device, such as screen resolution, browser used, language settings, operating system, and the version of the browser software. Your IP address is also recorded, but it is anonymized using the _anonymizeIp() method before the geolocation is determined. The _anonymizeIp() method removes the last octet of the IP address for IPv4 and the last 80 bits of the IPv6 address. All in all, the information stored by Google Analytics about you and your user behavior is stored on Google servers. For example, cookies store this data. Cookies are small text files that are usually set in your browser. The data collected in the cookies is usually sent to a Google server in the USA and stored there.

How long and where is the data stored?

Google has servers all over the world. Most servers are located in America and therefore your data is mainly stored on American servers. Here you can read in detail where Google’s data centers are located: https://www.google.com/about/datacenters/inside/locations/index.html. Your data is distributed on different physical media. This has the advantage that the data can be accessed more quickly and is better protected against manipulation. Google’s data retention period is determined by the settings you have made. For example, you can delete your data manually or have it deleted automatically by Google after a certain period of time. Regardless of the retention period you have set, you can always delete your data at Google using the “Delete data” function. The data collected by us is automatically deleted after 14 months. Data that has reached the retention period is automatically deleted once a month. You can also manually delete this data if you wish. As part of your user ID, data is stored pseudonymously. This means that Google and its partners do not use the collected information to identify you personally. You can also prevent the collection and processing of this data by Google. To do this, you need to deactivate the storage of cookies in your browser. We would like to point out, however, that this may mean that you may not be able to use all functions of our website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de. Alternatively to the browser plug-in or within browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data on this website in the future (this opt-out cookie only works in this browser and only for this domain, if you delete your cookies in this browser, you will need to click this link again): Click here to set the opt-out cookie.

How can I delete my data or prevent data storage?

You have the right to view personal data stored by Google about you. You can also request the deletion of your personal data. Whether or not data is deleted depends on whether it is still required to fulfill legal obligations. Google has a data protection declaration that provides comprehensive information on data processing. You can also use the following link to learn more about data usage by Google: https://policies.google.com/privacy.

Legal Basis

The use of Google Analytics requires your consent, which we have obtained through our cookie popup. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, as may occur during the collection by web analytics tools. In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors to improve our offering technically and economically. With the help of Google Analytics, we can identify website errors, detect attacks, and improve profitability. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). However, we only use Google Analytics if you have given consent. Google processes data from you, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. Additionally, Google uses so-called standard contractual clauses (Art. 46, para. 2 and 3 GDPR). Standard contractual clauses (Standard Contractual Clauses – SCC) are template contracts provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de. The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/. We hope we have provided you with the most important information about the data processing of Google Analytics. If you would like to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de. If you would like to learn more about data processing, please use the Google Privacy Policy at https://policies.google.com/privacy?hl=de.

Google Analytics Data Processing Agreement (DPA)

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a data processing agreement (DPA) with Google. You can read about what a DPA is and especially what it must contain in our general section “Data Processing Agreement (DPA)”. This contract is legally required because Google processes personal data on our behalf. It clarifies that Google may only process data received from us according to our instructions and must comply with the GDPR. You can find the link to the data processing terms under https://business.safety.google/intl/de/adsprocessorterms/.

Google Analytics Reports on Demographic Characteristics and Interests

We have enabled the advertising reports feature in Google Analytics. The reports on demographic characteristics and interests contain information about age, gender, and interests. This allows us to get a better picture of our users without being able to assign this data to individual persons. You can learn more about advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad. You can opt out of the use of your Google account’s activities and information under “Ad Settings” at https://adssettings.google.com/authenticated by checking the checkbox.

Depending on your consent, personal data from you is processed by Google Analytics in the so-called consent mode. You can choose whether to consent to Google Analytics cookies or not. By doing so, you also choose which data Google Analytics may process from you. This collected data is primarily used to conduct measurements of user behavior on the website, to display targeted advertising, and to provide us with web analytics reports. Usually, you consent to data processing by Google through a cookie consent tool. If you do not consent to data processing, only aggregated data will be collected and processed. This means that data cannot be attributed to individual users, and thus no user profile of you is created. You can also only agree to statistical measurement. In this case, no personal data is processed and consequently not used for advertisements or advertising success measurements.

Google Site Kit Privacy Policy

Summary of Google Site Kit Privacy Policy

πŸ‘₯ Affected: Website visitors
🀝 Purpose: Evaluation of visitor information to optimize the web offering.
πŸ““ Processed data: Access statistics, including data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found below and in the Google Analytics Privacy Policy.
πŸ“… Storage period: depending on the properties used
βš–οΈ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests)

What is Google Site Kit?

We have integrated the WordPress plugin Google Site Kit from the American company Google Inc. into our website. For the European region, the company responsible for all Google services is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). With Google Site Kit, we can quickly and easily view statistics directly in our WordPress dashboard that come from various Google products such as Google Analytics. The tool or the tools integrated into Google Site Kit also collect personal data from you. In this privacy policy, we explain why we use Google Site Kit, how long and where data is stored, and which other privacy policies are relevant to you in this context. Google Site Kit is a plugin for the WordPress content management system. With this plugin, we can view important website analysis statistics directly in our dashboard. These are statistics collected by other Google products, primarily by Google Analytics. In addition to Google Analytics, services such as Google Search Console, Page Speed Insight, Google AdSense, Google Optimize, and Google Tag Manager can also be linked to Google Site Kit.

Why do we use Google Site Kit on our website?

As a service provider, it is our responsibility to provide you with the best possible experience on our website. You should feel comfortable on our website and quickly and easily find exactly what you are looking for. Statistical evaluations help us to get to know you better and to tailor our offer to your wishes and interests. For these evaluations, we use various Google tools. Site Kit greatly facilitates our work in this regard because we can view and analyze the statistics of the Google products directly in the dashboard. So, we no longer have to log in separately for each tool. Site Kit thus always provides a good overview of the most important analysis data.

What data does Google Site Kit store?

If you have actively consented to tracking tools in the cookie notice (also called script or banner), Google products such as Google Analytics set cookies and send data from you, such as your user behavior, to Google, where it is stored and processed. This also includes personal data such as your IP address. For more detailed information on the individual services, we have our own sections in this privacy policy. Take a look at our privacy policy for Google Analytics, for example. Here we go into great detail about the data collected. You will learn how long Google Analytics stores, manages, and processes data, which cookies may be used, and how to prevent data storage. We also have our own privacy policies with comprehensive information for other Google services such as Google Tag Manager or Google AdSense. Below, we show you exemplary Google Analytics cookies that can be set in your browser, provided you have generally consented to data processing by Google. Please note that these cookies are only a selection: Name: _ga Value: 2.1326744211.152122786140-2 Purpose: By default, analytics.js uses the _ga cookie to store the user ID. In principle, it is used to distinguish website visitors. Expiration date: after 2 years Name: _gid Value: 2.1687193234.152122786140-7 Purpose: This cookie also serves to distinguish website visitors. Expiration date: after 24 hours Name: _gat_gtag_UA_<property-id> Value: 1 Purpose: This cookie is used to reduce the request rate. Expiration date: after 1 minute

How long and where are the data stored?

Google stores collected data on its own Google servers, which are distributed worldwide. Most servers are located in the United States, so it is easy for your data to be stored there as well. On https://www.google.com/about/datacenters/locations/?hl=de you can see exactly where the company provides servers. Data collected by Google Analytics is kept for standardized 26 months. After that, your user data will be deleted. The retention period applies to all data linked to cookies, user identification, and advertising IDs.

How can I delete my data or prevent data storage?

You always have the right to request information about your data, to have your data deleted, corrected, or restricted. You can also deactivate, delete, or manage cookies in your browser at any time. If you want to generally deactivate, delete, or manage cookies, you will find the corresponding links to the instructions for the most popular browsers under the “Cookies” section.

Legal basis

The use of Google Site Kit requires your consent, which we obtained with our cookie popup. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent is the legal basis for the processing of personal data, as it may occur when collected by web analytics tools. In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors and thus improving our offer technically and economically. With the help of Google Site Kit, we can identify errors on the website, identify attacks, and improve efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (legitimate interests). However, we only use Google Site Kit to the extent that you have given consent. Google processes data from you, among other things, also in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. Google also uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 DSGVO). Standard contractual clauses (Standard Contractual Clauses – SCC) are model templates provided by the European Commission and are intended to ensure that your data also comply with European data protection standards when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and through the standard contractual clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the relevant standard contractual clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/. To learn more about Google’s data processing, we recommend that you read Google’s comprehensive privacy policies at https://policies.google.com/privacy?hl=de.

Explanation of Terms Used

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or specific technical terms (such as cookies, IP address). However, we do not want to use them without explanation. Below is an alphabetical list of important terms we have used, which we may not have explained sufficiently in the privacy policy so far. If these terms have been taken from the GDPR and are definitions, we will also include the GDPR texts here and, if necessary, add our own explanations.

Processor

Definition according to Article 4 of the GDPR In the context of this Regulation, the term:

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the controllers, there may also be so-called processors. These include any company or person that processes personal data on our behalf. Processors can therefore include, in addition to service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Consent

Definition according to Article 4 of the GDPR In the context of this Regulation, the term:

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: In most cases, such consent is obtained on websites through a cookie consent tool. You probably know this. Whenever you visit a website for the first time, you are usually asked via a banner whether you consent to data processing. Usually, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data may be processed from you. In principle, consent can also be given in writing, i.e., not via a tool.

Personal Data

Definition according to Article 4 of the GDPR In the context of this Regulation, the term:

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is any data that can identify you as a person. These are usually data such as:

  • Name
  • Address
  • Email address
  • Postal address
  • Phone number
  • Date of birth
  • Identification numbers such as social security number, tax identification number, identity card number, or matriculation number
  • Bank details such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and subsequently identify you as the subscriber. Therefore, storing an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called “special categories” of personal data, which are also particularly worthy of protection. These include:

  • racial and ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetic data such as data obtained from blood or saliva samples
  • biometric data (these are information about physical, physiological, or behavioral characteristics that can identify a person). Health data
  • Data on sexual orientation or sex life

Profiling

Definition according to Article 4 of the GDPR In the context of this Regulation, the term:

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

Explanation: Profiling involves gathering various information about a person to learn more about them. In the web area, profiling is often used for advertising purposes or for credit checks, for example. Web or advertising analysis programs collect data about your behavior and interests on a website. This results in a specific user profile, which can be used to target advertising to a specific audience.

Controller

Definition according to Article 4 of the GDPR In the context of this Regulation, the term:

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for processing your personal data and therefore the “controller”. If we pass on collected data for processing to other service providers, these are “processors”. A “data processing agreement (DPA)” must be signed for this.

Processing

Definition according to Article 4 of the GDPR In the context of this Regulation, the term:

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

Note: When we talk about processing in our privacy policy, we mean any type of data processing. This includes, as mentioned above in the original GDPR explanation, not only collection but also storage and processing of data. All texts are protected by copyright.


Generated by adsimple. Translated by ChatGPT