Privacy Policy

Introduction and Overview

We have drafted this Privacy Policy (Version 03.03.2022-111956989) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we, as controllers – and the processors commissioned by us (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In brief: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This Privacy Policy, however, aims to describe the most important aspects to you as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible if one provides explanations that are as concise, unclear, and legally technical as they often are on the internet when it comes to data protection. We hope you find the following explanations interesting and informative, and perhaps you will find some information you did not yet know.
If you still have questions, we kindly ask you to contact the responsible body mentioned below or in the imprint, follow the provided links, and view further information on third-party sites. Our contact details can, of course, also be found in the imprint.

Scope

This Privacy Policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this Privacy Policy includes:

• all online presences (websites, online shops) that we operate
• social media presences and email communication
• mobile apps for smartphones and other devices

In brief: The Privacy Policy applies to all areas where personal data is processed in a structured manner within the company via the channels mentioned. Should we enter into legal relationships with you outside these channels, we will inform you separately if necessary.

Legal Bases

In the following Privacy Policy, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which allow us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6 Paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data you entered in a contact form.
2. Contract (Article 6 Paragraph 1 lit. b GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase agreement with you, we require personal information beforehand.
3. Legal Obligation (Article 6 Paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate Interests (Article 6 Paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions, such as the performance of tasks carried out in the public interest and the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Datenschutzgesetz), or DSG for short.
• In Germany, the Bundesdatenschutzgesetz (Federal Data Protection Act), or BDSG for short, applies.

If further regional or national laws apply, we will inform you about them in the following sections.

Storage Duration

The principle that we only store personal data for as long as is absolutely necessary for the provision of our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased, for example, for accounting purposes.

Should you wish for your data to be deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, if we have further information on it.

Rights according to the General Data Protection Regulation

According to Article 13 GDPR, you have the following rights to ensure fair and transparent data processing:

• According to Article 15 GDPR, you have a right to information as to whether we process your data. If this is the case, you have the right to receive a copy of the data and to know the following information:
  • for what purpose we carry out the processing;
  • the categories, i.e., the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure, or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we did not collect it from you;
  • whether profiling is carried out, i.e., whether data is automatically evaluated to arrive at a personal profile of you.
• According to Article 16 GDPR, you have a right to rectification of data, which means that we must correct data if you find errors.
• According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the deletion of your data.
• According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
• According to Article 19 GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
• According to Article 21 GDPR, you have a right to object, which, once exercised, leads to a change in processing.
  • If the processing of your data is based on Article 6 Paragraph 1 lit. e (public interest, exercise of official authority) or Article 6 Paragraph 1 lit. f (legitimate interest) of the GDPR, you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
  • If data is used for direct marketing, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
  • If data is used for profiling, you can object to this type of data processing at any time. We may then no longer use your data for profiling.
• According to Article 22 GDPR, you may, in certain circumstances, have the right not to be subject to a decision based solely on automated processing (e.g., profiling).

In brief: You have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:

Austrian Data Protection Authority

Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Phone No.: +43 1 52 152-0
Email Address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Transfer to Third Countries

We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if it is legally required, or contractually necessary, and in any case only to the extent generally permitted. Your consent is in most cases the most important reason for us to process data in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, can mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. In addition, collected data may be linked with data from other services of the same provider, if you have a corresponding user account. Wherever possible, we try to use server locations within the EU, if available.

We will inform you more precisely about data transfer to third countries at the appropriate points in this Privacy Policy, if applicable.

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our capabilities, for third parties to infer personal information from our data.

Art. 25 GDPR refers to “data protection by design and by default” and means that security should always be considered and appropriate measures implemented for both software (e.g., forms) and hardware (e.g., access to the server room). In the following, we will, if necessary, go into specific measures.

TLS Encryption with HTTPS

TLS, encryption, and HTTPS sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet, preventing eavesdropping.
This means that the entire transmission of all data from your browser to our web server is secured – no one can “listen in.”

This has added an additional layer of security and fulfills data protection by design (Article 25 Paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small padlock symbol at the top left of the browser, to the left of the internet address (e.g., examplepage.de) and the use of the https scheme (instead of http) as part of our internet address.
If you would like to know more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.

Communication

Communication Summary 👥 Data Subjects: All who communicate with us via phone, email, or online form 📓 Processed Data: e.g., phone number, name, email address, entered form data. More details can be found for each contact method used 🤝 Purpose: Handling communication with customers, business partners, etc. 📅 Storage Duration: Duration of the business case and legal requirements ⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. Art. 6 para. 1 (b) GDPR (Contract) 1 lit. f GDPR (Legitimate Interests)

If you contact us and communicate by phone, email, or online form, personal data may be processed.

The data is processed for the handling and processing of your query and the associated business transaction. The data will be stored for as long as necessary or as required by law.

Data Subjects

All individuals who seek contact with us via the communication channels we provide are affected by the aforementioned processes.

Telephone

If you call us, the call data is pseudonymized and stored on the respective device and by the telecommunications provider used. In addition, data such as name and phone number may subsequently be sent by email and stored for answering inquiries. The data will be deleted as soon as the business case has been concluded and legal requirements permit.

Email

If you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data will be stored on the email server. The data will be deleted as soon as the business case has been concluded and legal requirements permit.

Online Forms

If you communicate with us using an online form, data will be stored on our web server and, if applicable, forwarded to one of our email addresses. The data will be deleted as soon as the business case has been concluded and legal requirements permit.

Legal Bases

The processing of data is based on the following legal bases:

• Art. 6 Para. 1 lit. a GDPR (Consent): You give us consent to store your data and continue to use it for purposes related to the business case;
• Art. 6 Para. 1 lit. b GDPR (Contract): There is a necessity for the fulfillment of a contract with you or a processor, such as the telephone provider, or we must process the data for pre-contractual activities, such as preparing an offer;
• Art. 6 Para. 1 lit. f GDPR (Legitimate Interests): We aim to conduct customer inquiries and business communication in a professional manner. For this purpose, certain technical facilities such as email programs, Exchange servers, and mobile network operators are necessary to enable efficient communication.

Cookies

Cookies Summary 👥 Data Subjects: Website visitors 🤝 Purpose: depends on the respective cookie. More details can be found below or with the software manufacturer that sets the cookie. 📓 Processed Data: Depends on the cookie used. More details can be found below or with the software manufacturer that sets the cookie. 📅 Storage Duration: depends on the respective cookie, can vary from hours to years ⚖️ Legal Bases: Art. 6 para. Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
In the following, we explain what cookies are and why they are used, so that you can better understand the following Privacy Policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are truly useful helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other types of cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you revisit our site, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are accustomed to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser, such as Chrome, and the web server. The web browser requests a website and receives a cookie back from the server, which the browser uses again when another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other “malware.” Cookies also cannot access information on your PC.

For example, cookie data might look like this:

Name: _ga
Value: GA1.2.1326744211.152111956989-9
Purpose: Distinguishing website visitors
Expiration Date: after 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which specific cookies we use depends on the services used and will be clarified in the following sections of the Privacy Policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

Four types of cookies can be distinguished:

Essential Cookies
These cookies are necessary to ensure basic website functions. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing other pages, and only later proceeds to checkout. These cookies prevent the shopping cart from being deleted, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behavior of the website with different browsers.

Targeting Cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes, or form data are stored.

Advertising Cookies
These cookies are also called tracking cookies. They are used to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.

Usually, when you visit a website for the first time, you are asked which of these cookie types you wish to allow. And, of course, this decision is also stored in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism.”

Purpose of Processing via Cookies

The purpose ultimately depends on the respective cookie. More details can be found below or with the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize what data is stored in cookies, but we will inform you about the processed or stored data in the context of the following Privacy Policy.

Storage Duration of Cookies

The storage duration depends on the respective cookie and will be specified further below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have influence over the storage duration yourself. You can manually delete all cookies at any time via your browser (see also “Right to Object” below). Furthermore, cookies based on consent will be deleted at the latest after revocation of your consent, whereby the legality of storage until then remains unaffected.

Right to Object – How Can I Delete Cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set up your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. It is best to search for instructions on Google using the search term “delete cookies Chrome” or “disable cookies Chrome” in the case of a Chrome browser.

Legal basis

Since 2009, there have been the so-called “Cookie Directives.” These state that storing cookies requires your consent (Article 6 Para. 1 lit. a GDPR). However, within EU countries, there are still very different reactions to these directives. In Austria, this directive was implemented in § 96 Para. 3 of the Telecommunications Act (TKG). In Germany, the Cookie Directives were not implemented as national law. Instead, this directive was largely implemented in § 15 Para. 3 of the Telemedia Act (TMG).

For strictly necessary cookies, even if no consent is given, there are legitimate interests (Article 6 Para. 1 lit. f GDPR), which are in most cases of an economic nature. We want to provide website visitors with a pleasant user experience, and certain cookies are often absolutely necessary for this.

Insofar as non-essential cookies are used, this only occurs with your consent. The legal basis in this respect is Art. 6 Para. 1 lit. a GDPR.

In the following sections, you will be informed in more detail about the use of cookies, provided that the software used employs cookies.

Web Hosting Introduction

Web Hosting Summary 👥 Data Subjects: Website visitors 🤝 Purpose: Professional hosting of the website and securing its operation 📓 Processed Data: IP address, time of website visit, browser used, and other data. More details can be found below or with the respective web hosting provider. 📅 Storage Duration: depends on the respective provider, but usually 2 weeks ⚖️ Legal Bases: Art. 6 Para. 1 lit. f GDPR (Legitimate Interests)

What is Web Hosting?

When you visit websites today, certain information – including personal data – is automatically created and stored, and this also applies to this website. This data should be processed as sparingly as possible and only with justification. By website, we mean the entirety of all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By domain, we mean, for example, example.de or sampleexample.com.

If you want to view a website on a screen, you use a program called a web browser. You are probably familiar with some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.

This web browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complex and demanding task, which is why it is usually handled by professional providers. These providers offer web hosting and thus ensure reliable and error-free storage of website data.

When the browser on your computer (desktop, laptop, smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must also store data for a certain period to ensure proper operation.

For illustration:

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and securing its operation
2. to maintain operational and IT security
3. Anonymous evaluation of access behavior to improve our offerings and, if necessary, for law enforcement or the pursuit of claims

What data is processed?

Even while you are currently visiting our website, our web server, which is the computer on which this website is stored, usually automatically saves data such as

• the complete internet address (URL) of the accessed web page
• browser and browser version (e.g., Chrome 87)
• the operating system used (e.g., Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g., https://www.examplesourcesite.de/fromwhereicame.html/)
• the hostname and IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
• date and time
• in files, the so-called web server log files

How long is data stored?

As a rule, the aforementioned data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out that this data may be viewed by authorities in the event of unlawful behavior.

In brief: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not share your data without consent!

Legal basis

The lawfulness of processing personal data within the scope of web hosting results from Art. 6 Para. 1 lit. f GDPR (safeguarding legitimate interests), because the use of professional hosting with a provider is necessary to present the company securely and user-friendly on the internet and, if necessary, to pursue attacks and claims arising therefrom.

Between us and the hosting provider, there is usually a contract for commissioned processing in accordance with Art. 28 et seq. GDPR, which ensures compliance with data protection and guarantees data security.

Website Builder Systems Introduction

Website Builder Systems Privacy Policy Summary 👥 Data Subjects: Website visitors 🤝 Purpose: Optimization of our services 📓 Processed Data: Data such as technical usage information like browser activity, clickstream activities, session heatmaps, as well as contact details, IP address, or your geographical location. More details can be found below in this Privacy Policy and in the providers’ privacy policies. 📅 Storage Duration: depends on the provider ⚖️ Legal Bases: Art. 6 para. 1 lit. f GDPR (Legitimate Interests), Art. 6 para. 1 lit. a GDPR (Consent)

What are Website Builder Systems?

We use a website builder system for our website. Builder systems are special forms of a Content Management System (CMS). With a builder system, website operators can easily create a website without programming knowledge. In many cases, web hosts also offer builder systems. By using a builder system, your personal data may also be collected, stored, and processed. In this privacy text, we provide you with general information about data processing by builder systems. More detailed information can be found in the provider’s privacy policies.

Why do we use website builder systems for our website?

The biggest advantage of a builder system is its ease of use. We want to offer you a clear, simple, and well-structured website that we can easily operate and maintain ourselves – without external support. A builder system now offers many helpful functions that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and offer you an informative and pleasant experience on our website.

What data is stored by a builder system?

What data is stored exactly naturally depends on the website builder system used. Each provider processes and collects different data from website visitors. However, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are usually collected. Furthermore, tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) may also be processed. In addition, personal data may also be collected and stored. This usually includes contact details such as email address, phone number (if you have provided it), IP address, and geographical location data. The exact data stored can be found in the provider’s privacy policy.

How long and where is the data stored?

We will inform you about the duration of data processing below in connection with the website builder system used, if we have further information on it. You can find detailed information on this in the provider’s privacy policy. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It is possible that the provider stores your data according to its own standards, over which we have no influence.

Right to object

You always have the right to access, rectify, and erase your personal data. If you have any questions, you can also contact the responsible parties of the website builder system used at any time. Contact details can be found either in our Privacy Policy or on the website of the respective provider.

You can delete, deactivate, or manage cookies that providers use for their functions in your browser. Depending on the browser you use, this works in different ways. Please note, however, that not all functions may then work as usual.

Legal basis

We have a legitimate interest in using a website builder system to optimize our online service and present it efficiently and appealingly to you. The corresponding legal basis for this is Art. 6 Para. 1 lit. f GDPR (Legitimate Interests). However, we only use the builder system if you have given your consent.

Insofar as the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This applies in particular to tracking activities. The legal basis in this respect is Art. 6 Para. 1 lit. a GDPR.

With this privacy policy, we have outlined the most important general information regarding data processing. If you wish to learn more about this, you will find further information – where applicable – in the following section or in the provider’s privacy policy.

WordPress.com Privacy Policy

We use WordPress.com, a website builder system, for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

WordPress processes your data, among other places, in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

As a basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., particularly in the USA) or a data transfer there, WordPress uses so-called Standard Contractual Clauses (= Art. 46 Para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, WordPress undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Data Processing Agreements, which correspond to the Standard Contractual Clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

You can find more information about the data processed through the use of WordPress.com in the privacy policy at https://automattic.com/de/privacy/.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary 👥 Data Subjects: Website visitors 🤝 Purpose: Analysis of visitor information to optimize the website offering. 📓 Processed Data: Access statistics, including data such as access locations, device data, duration and time of access, navigation behavior, click behavior, and IP addresses. More details can be found further down in this privacy policy. 📅 Storage Duration: depends on the properties used ⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Google Analytics?

We use the analytics tracking tool Google Analytics (GA) from the American company Google Inc. on our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your activities on our website. For example, if you click on a link, this action is stored in a cookie and sent to Google Analytics. With the help of the reports we receive from Google Analytics, we can better adapt our website and service to your needs. In the following, we will explain the tracking tool in more detail and inform you, in particular, about what data is stored and how you can prevent this.

Google Analytics is a tracking tool used for traffic analysis of our website. For Google Analytics to function, a tracking code is embedded in our website’s code. When you visit our website, this code records various actions you perform on our website. As soon as you leave our website, this data is sent to Google Analytics servers and stored there.

Google processes the data, and we receive reports on your user behavior. These reports may include, among others, the following:

• Audience Reports: Through audience reports, we get to know our users better and understand more precisely who is interested in our service.
• Advertising Reports: Advertising reports allow us to more easily analyze and improve our online advertising.
• Acquisition Reports: Acquisition reports provide us with helpful information on how to attract more people to our service.
• Behavior Reports: Here we learn how you interact with our website. We can track your path on our site and which links you click.
• Conversion Reports: A conversion is a process where you perform a desired action based on a marketing message. For example, when you change from being a mere website visitor to a buyer or newsletter subscriber. With the help of these reports, we learn more about how our marketing measures are received by you. This way, we aim to increase our conversion rate.
• Real-time Reports: Here we always know immediately what is happening on our website. For example, we can see how many users are currently reading this text.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data gives us a clear picture of our website’s strengths and weaknesses. On the one hand, we can optimize our site so that it is more easily found on Google by interested individuals. On the other hand, the data helps us to better understand you as a visitor. We therefore know very precisely what we need to improve on our website to offer you the best possible service. The data also helps us to carry out our advertising and marketing measures more individually and cost-effectively. Ultimately, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This allows Google Analytics to recognize you as a new user. The next time you visit our site, you will be recognized as a “returning” user. All collected data is stored together with this user ID. This is what makes it possible to evaluate pseudonymized user profiles.

To analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is the default. Alternatively, you can also create a Universal Analytics property. Depending on the property used, data is stored for different lengths of time.

Your interactions on our website are measured using identifiers such as cookies and app instance IDs. Interactions are all types of actions you perform on our website. If you also use other Google systems (e.g., a Google account), data generated via Google Analytics can be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may occur if legally required.

The following cookies are used by Google Analytics:

Name: _ga
Value: 2.1326744211.152111956989-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It primarily serves to distinguish website visitors.
Expiration Date: after 2 years

Name: _gid
Value: 2.1687193234.152111956989-1
Purpose: This cookie also serves to distinguish website visitors
Expiration Date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to throttle the request rate. If Google Analytics is provided via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.
Expiration Date: after 1 minute

Name: AMP_TOKEN
Value: no information
Purpose: The cookie has a token that can be used to retrieve a user ID from the AMP Client ID service. Other possible values indicate an opt-out, a request, or an error.
Expiration Date: after 30 seconds up to one year

Name: __utma
Value: 1564498958.1564498958.1564498958.1
Purpose: This cookie allows tracking your behavior on the website and measuring performance. The cookie is updated every time information is sent to Google Analytics.
Expiration Date: after 2 years

Name: __utmt
Value: 1
Purpose: Like _gat_gtag_UA_<property-id>, this cookie is used to throttle the request rate.
Expiration Date: after 10 minutes

Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.
Expiration Date: after 30 minutes

Name: __utmc
Value: 167421564
Purpose: This cookie is used to set new sessions for returning visitors. It is a session cookie and is only stored until you close the browser.
Expiration Date: After closing the browser

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: The cookie is used to identify the source of traffic to our website. This means the cookie stores where you came from to our website. This could have been another page or an advertisement.
Expiration Date: after 6 months

Name: __utmv
Value: no information
Purpose: The cookie is used to store custom user data. It is always updated when information is sent to Google Analytics.
Expiration Date: after 2 years

Note: This list cannot claim to be exhaustive, as Google frequently changes its choice of cookies.

Here we provide an overview of the most important data collected with Google Analytics:

Heatmaps: Google creates so-called heatmaps. Heatmaps show exactly which areas you click on. This gives us information about where you are “navigating” on our site.

Session Duration: Google defines session duration as the time you spend on our site without leaving it. If you are inactive for 20 minutes, the session ends automatically.

Bounce Rate: A bounce occurs when you view only one page on our website and then leave our website.

Account Creation: If you create an account or place an order on our website, Google Analytics collects this data.

IP Address: The IP address is only displayed in abbreviated form so that no unique assignment is possible.

Location: The country and your approximate location can be determined via the IP address. This process is also known as IP geolocation.

Technical Information: Technical information includes, among other things, your browser type, your internet provider, or your screen resolution.

Origin Source: Google Analytics, and we, are naturally also interested in which website or advertisement led you to our site.

Further data includes contact details, any ratings, the playing of media (e.g., if you play a video via our site), sharing content via social media, or adding to your favorites. This list is not exhaustive and serves only as a general orientation for data storage by Google Analytics.

How long and where is the data stored?

Google has its servers distributed worldwide. Most servers are located in America, and consequently, your data is mostly stored on American servers. You can read exactly where Google’s data centers are located here: https://www.google.com/about/datacenters/inside/locations/?hl=de

Your data is distributed across various physical data carriers. This has the advantage that the data can be retrieved faster and is better protected against manipulation. Each Google data center has corresponding emergency programs for your data. For example, if Google’s hardware fails or natural disasters shut down servers, the risk of service interruption at Google remains low.

The data retention period depends on the properties used. When using the newer Google Analytics 4 properties, the retention period for your user data is fixed at 14 months. For other so-called event data, we have the option to choose a retention period of 2 months or 14 months.

For Universal Analytics properties, Google Analytics has a standardized retention period of 26 months for your user data. After this, your user data will be deleted. However, we have the option to choose the retention period for user data ourselves. Five options are available to us for this:

• Deletion after 14 months
• Deletion after 26 months
• Deletion after 38 months
• Deletion after 50 months
• No automatic deletion

Additionally, there is also the option that data is only deleted if you do not visit our website again within the period we have chosen. In this case, the retention period is reset each time you visit our website again within the specified period.

Once the specified period has expired, data is deleted once a month. This retention period applies to your data linked to cookies, user recognition, and advertising IDs (e.g., DoubleClick domain cookies). Reporting results are based on aggregated data and are stored independently of user data. Aggregated data is a fusion of individual data into a larger unit.

How can I delete my data or prevent data storage?

Under the data protection law of the European Union, you have the right to obtain information about your data, to update, delete, or restrict it. By using the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js), you prevent Google Analytics from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only deactivates data collection by Google Analytics.

If you generally wish to deactivate, delete, or manage cookies, you will find the corresponding links to the respective instructions for the most common browsers in the “Cookies” section.

Legal basis

The use of Google Analytics requires your consent, which we obtained with our cookie popup. This consent, according to Art. 6 para. 1 lit. a GDPR (Consent), constitutes the legal basis for the processing of personal data, as may occur during collection by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus technically and economically improving our offering. With the help of Google Analytics, we identify website errors, can detect attacks, and improve economic efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). Nevertheless, we only use Google Analytics if you have given your consent.

Google processes your data, among other places, in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

As a basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., particularly in the USA) or a data transfer there, Google uses so-called Standard Contractual Clauses (= Art. 46 Para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Google Ads Data Processing Terms, which correspond to the Standard Contractual Clauses and also apply to Google Analytics, can be found at https://business.safety.google/adsprocessorterms/.

We hope we have provided you with the most important information regarding Google Analytics data processing. If you want to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

Google Analytics Reports on Demographics and Interests

We have enabled the advertising reporting features in Google Analytics. The demographic and interest reports include information on age, gender, and interests. This allows us to get a better picture of our users – without being able to assign this data to individual persons. You can find more about the advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can stop the use of your Google account activities and information by unchecking the box under “Ad settings” at https://adssettings.google.com/authenticated.

Google Analytics Deactivation Link

If you click on the following deactivation link, you can prevent Google from collecting further visits to this website. Attention: Deleting cookies, using your browser’s incognito/private mode, or using a different browser will result in data being collected again.

Deactivate Google Analytics

Google Analytics IP Anonymization

We have implemented IP address anonymization from Google Analytics on this website. This function was developed by Google to allow this website to comply with applicable data protection regulations and recommendations from local data protection authorities when they prohibit the storage of the full IP address. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data occurs.

More information on IP anonymization can be found at https://support.google.com/analytics/answer/2763052?hl=de.

Google Analytics Data Processing Addendum

We have concluded a direct customer agreement with Google for the use of Google Analytics by accepting the “Data Processing Addendum” in Google Analytics.

More about the Data Processing Addendum for Google Analytics can be found here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad

Facebook Privacy Policy

Facebook Privacy Policy Summary 👥 Data Subjects: Website visitors 🤝 Purpose: Optimization of our service 📓 Processed Data: Data such as customer data, user behavior data, information about your device, and your IP address. More details can be found further down in the privacy policy. 📅 Storage Duration: until the data is no longer useful for Facebook’s purposes ⚖️ Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are Facebook Tools?

We use selected tools from Facebook on our website. Facebook is a social media network of Meta Platforms Inc. or, for the European region, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can offer you and people interested in our products and services the best possible offering.

If data about you is collected and transmitted via our embedded Facebook elements or via our Facebook page (Fanpage), both we and Facebook Ireland Ltd. are responsible for this. Facebook alone bears responsibility for the further processing of this data. Our joint obligations have also been laid down in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum. This states, for example, that we must clearly inform you about the use of Facebook tools on our site. Furthermore, we are also responsible for ensuring that the tools are integrated into our website in a data protection-compliant manner. Facebook, on the other hand, is responsible, for example, for the data security of Facebook products. If you have any questions about data collection and data processing by Facebook, you can contact the company directly. If you address the question to us, we are obliged to forward it to Facebook.

Below, we provide an overview of the various Facebook tools, what data is sent to Facebook, and how you can delete this data.

In addition to many other products, Facebook also offers the so-called “Facebook Business Tools.” This is Facebook’s official designation. However, since the term is hardly known, we have decided to simply call them Facebook tools. These include, among others:

• Facebook Pixel
• Social plugins (such as the “Like” or “Share” button)
• Facebook Login
• Account Kit
• APIs (Application Programming Interface)
• SDKs (Software Development Kits)
• Platform Integrations
• Plugins
• Codes
• Specifications
• Documentation
• Technologies and Services

Through these tools, Facebook expands its services and has the ability to obtain information about user activities outside of Facebook.

Why do we use Facebook tools on our website?

We only want to show our services and products to people who are genuinely interested in them. With the help of advertisements (Facebook Ads), we can reach exactly these people. However, for Facebook to show users relevant ads, it needs information about people’s wishes and needs. Thus, information about user behavior (and contact data) on our website is made available to the company. This allows Facebook to collect better user data and display suitable advertisements about our products or services to interested people. The tools thus enable tailored advertising campaigns on Facebook.

Facebook refers to data about your behavior on our website as “Event Data.” This is also used for measurement and analysis services. Facebook can thus create “campaign reports” on our behalf about the effectiveness of our advertising campaigns. Furthermore, analyses give us better insight into how you use our services, website, or products. This allows us to optimize your user experience on our website with some of these tools. For example, you can share content from our site directly on Facebook using the social plugins.

What data is stored by Facebook tools?

By using individual Facebook tools, personal data (customer data) can be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number, and IP address may be transmitted.

Facebook uses this information to match the data with the data it already has about you (if you are a Facebook member). Before customer data is transmitted to Facebook, a process called “hashing” takes place. This means that an arbitrarily large data set is transformed into a string of characters. This also serves to encrypt data.

In addition to contact data, “Event Data” is also transmitted. “Event Data” refers to the information we receive about you on our website. For example, which subpages you visit or which products you purchase from us. Facebook does not share the received information with third-party providers (such as advertisers) unless the company has explicit permission or is legally obliged to do so. “Event Data” can also be linked to contact data. This allows Facebook to offer better personalized advertising. After the aforementioned matching process, Facebook deletes the contact data again.

To deliver optimized advertisements, Facebook only uses event data if it has been combined with other data (collected by Facebook in other ways). Facebook also uses this event data for security, protection, development, and research purposes. Much of this data is transmitted to Facebook via cookies. Cookies are small text files used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, a different number of cookies will be created in your browser. In the descriptions of the individual Facebook tools, we will go into more detail about specific Facebook cookies. General information about the use of Facebook cookies can also be found at https://www.facebook.com/policies/cookies.

How long and where is the data stored?

Facebook generally stores data until it is no longer needed for its own services and Facebook products. Facebook has servers distributed worldwide where its data is stored. However, customer data is deleted within 48 hours after being matched with its own user data.

How can I delete my data or prevent data storage?

In accordance with the General Data Protection Regulation, you have the right to information, rectification, portability, and deletion of your data.

A complete deletion of data only occurs if you completely delete your Facebook account. Here’s how to delete your Facebook account:

1) On Facebook, click on Settings on the right.

2) Then, in the left column, click on “Your Facebook Information.”

3) Now click “Deactivation and Deletion.”

4) Now select “Delete Account” and then click “Continue to Account Deletion.”

5) Now enter your password, click “Continue,” and then “Delete Account.”

The storage of data that Facebook receives via our site occurs, among other things, through cookies (e.g., with social plugins). In your browser, you can deactivate, delete, or manage individual or all cookies. Depending on the browser you use, this works in different ways. Under the “Cookies” section, you will find the corresponding links to the respective instructions for the most common browsers.

If you generally do not want cookies, you can set your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not.

Legal basis

If you have consented to your data being processed and stored by integrated Facebook tools, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and review Facebook’s privacy policy or cookie policies.

Facebook processes your data, among other places, in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

As a basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., particularly in the USA) or a data transfer there, Facebook uses so-called Standard Contractual Clauses (= Art. 46 Para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Facebook Data Processing Terms, which correspond to the Standard Contractual Clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

We hope we have provided you with the most important information about the use and data processing by Facebook tools. If you want to learn more about how Facebook uses your data, we recommend the data policies at https://www.facebook.com/about/privacy/update.

Facebook Login Privacy Policy

We have integrated the convenient Facebook Login on our site. This allows you to easily log in with your Facebook account without having to create another user account. If you choose to register via Facebook Login, you will be redirected to the social media network Facebook. There, you will log in using your Facebook user data. Through this login process, data about you and your user behavior will be stored and transmitted to Facebook.

To store the data, Facebook uses various cookies. Below, we show you the most important cookies that are set in your browser or already exist when you log in to our site via Facebook Login:

Name: fr
Value: 0jieyh4c2GnlufEJ9..Bde09j…1.0.Bde09j
Purpose: This cookie is used to ensure the social plugin on our website functions optimally.
Expiration Date: after 3 months

Name: datr
Value: 4Jh7XUA2111956989SEmPsSfzCOO4JFFl
Purpose: Facebook sets the “datr” cookie when a web browser accesses facebook.com, and the cookie helps to identify login activities and protect users.
Expiration Date: after 2 years

Name: _js_datr
Value: deleted
Purpose: Facebook sets this session cookie for tracking purposes, even if you do not have a Facebook account or are logged out.
Expiration Date: after session end

Note: The listed cookies are only a small selection of the cookies available to Facebook. Other cookies include, for example, _fbp, sb, or wd. A complete list is not possible, as Facebook has a large number of cookies and uses them variably.

Facebook Login offers you a quick and easy registration process, and on the other hand, it allows us to share data with Facebook. This enables us to better tailor our offerings and promotions to your interests and needs. Data we receive from Facebook in this way includes public data such as:

• Your Facebook name
• Your profile picture
• A stored email address
• Friend lists
• Button information (e.g., “Like” button)
• Date of birth
• Language
• Place of residence

In return, we provide Facebook with information about your activities on our website. This includes information about your device, which subpages you visit on our site, or which products you have purchased from us.

By using Facebook Login, you consent to data processing. You can revoke this agreement at any time. If you want more information about data processing by Facebook, we recommend Facebook’s privacy policy at https://www.facebook.com/policy.php?tid=111956989.

If you are logged in to Facebook, you can change your ad settings yourself at https://www.facebook.com/adpreferences/advertisers/?entry_product=ad_settings_screen.

Facebook Social Plugins Privacy Policy

Our website incorporates so-called social plugins from Meta Platforms Inc. You can recognize these buttons by the classic Facebook logo, such as the “Like” button (the hand with a raised thumb), or by a clear “Facebook Plugin” label. A social plugin is a small part of Facebook that is integrated into our site. Each plugin has its own function. The most commonly used functions are the well-known “Like” and “Share” buttons.

The following social plugins are offered by Facebook:

• “Save” button
• “Like” button, Share, Send, and Quote
• Page plugin
• Comments
• Messenger plugin
• Embedded posts and video player
• Group plugin

At https://developers.facebook.com/docs/plugins you can find more information on how the individual plugins are used. We use the social plugins on the one hand to provide you with a better user experience on our site, and on the other hand because Facebook can optimize our advertisements through them.

If you have a Facebook account or have previously visited https://www.facebook.com/, Facebook has already set at least one cookie in your browser. In this case, your browser sends information to Facebook via this cookie as soon as you visit our site or interact with social plugins (e.g., the “Like” button).

The information received is deleted or anonymized again within 90 days. According to Facebook, this data includes your IP address, which website you visited, the date, time, and other information relating to your browser.

To prevent Facebook from collecting a lot of data during your visit to our website and connecting it with Facebook data, you must log out of Facebook during your website visit.

If you are not logged in to Facebook or do not have a Facebook account, your browser sends less information to Facebook because you have fewer Facebook cookies. Nevertheless, data such as your IP address or which website you visit can be transmitted to Facebook. We would like to expressly point out that we do not have exact knowledge of the precise content of the data. However, we try to inform you as best as possible about data processing according to our current state of knowledge. You can also read how Facebook uses the data in the company’s data policy at https://www.facebook.com/about/privacy/update.

The following cookies are set in your browser at a minimum when you visit a website with social plugins from Facebook:

Name: dpr
Value: not specified
Purpose: This cookie is used to ensure that the social plugins on our website function properly.
Expiration date: after end of session

Name: fr
Value: 0jieyh4111956989c2GnlufEJ9..Bde09j…1.0.Bde09j
Purpose: This cookie is also necessary for the plugins to function properly.
Expiration date: after 3 months

Note: These cookies were set after a test, even if you are not a Facebook member.

If you are logged in to Facebook, you can change your ad settings yourself at https://www.facebook.com/adpreferences/advertisers/. If you are not a Facebook user, you can generally manage your usage-based online advertising at https://www.youronlinechoices.com/de/praferenzmanagement/?tid=111956989. There you have the option to deactivate or activate providers.

If you want to learn more about Facebook’s privacy policy, we recommend the company’s own data policies at https://www.facebook.com/policy.php?tip=111956989.

Social Media Introduction

Social Media Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Presentation and optimization of our services, contact with visitors, prospects, etc., advertising 📓 Processed data: Data such as telephone numbers, email addresses, contact details, user behavior data, information about your device, and your IP address. More details can be found in the respective social media tool used. 📅 Storage duration: depends on the social media platforms used ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Social Media?

In addition to our website, we are also active on various social media platforms. User data may be processed so that we can specifically target users who are interested in us via social networks. Furthermore, elements of a social media platform may also be embedded directly in our website. This is the case, for example, when you click on a so-called social button on our website and are redirected directly to our social media presence. Websites and apps through which registered members can produce content, exchange content openly or in specific groups, and network with other members are referred to as social media or social networks.

Why do we use Social Media?

For years, social media platforms have been the place where people communicate and interact online. With our social media presence, we can bring our products and services closer to interested parties. The social media elements embedded on our website help you switch quickly and without complications to our social media content.

The data that is stored and processed through your use of a social media channel primarily serves the purpose of conducting web analyses. The goal of these analyses is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, appropriate conclusions about your interests can be drawn with the help of the analyzed data, and so-called user profiles can be created. This also enables the platforms to present you with tailored advertisements. For this purpose, cookies are usually set in your browser that store data about your usage behavior.

We generally assume that we remain responsible under data protection law, even when we use services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. Where this is the case, we will indicate this separately and work on the basis of a relevant agreement. The essence of the agreement is then reproduced below for the platform concerned.

Please note that when using social media platforms or our embedded elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may no longer be able to claim or enforce your rights regarding your personal data as easily.

What data is processed?

Exactly which data is stored and processed depends on the respective provider of the social media platform. However, it usually involves data such as telephone numbers, email addresses, data you enter into a contact form, user data such as which buttons you click, whom you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have a profile with the social media channel you visit and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers’ servers. This means that only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly which data is stored and processed by social media providers and how you can object to data processing, you should carefully read the respective privacy policy of the company. Also, if you have questions about data storage and data processing or wish to assert corresponding rights, we recommend that you contact the provider directly.

Duration of data processing

We will inform you below about the duration of data processing if we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is matched with the company’s own user data is deleted within two days. Generally, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is legally required, as in the case of accounting, for example, this storage period may also be exceeded.

Right to object

You also have the right and the option at any time to revoke your consent to the use of cookies or third-party providers such as embedded social media elements. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Since cookies may be used with social media tools, we also recommend our general privacy policy on cookies. To find out exactly which data is stored and processed from you, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to data from you being processed and stored by embedded social media elements, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in fast and effective communication with you or other customers and business partners, provided consent has been given. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Information on specific social media platforms can be found—if available—in the following sections.

Instagram Privacy Policy

Instagram Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of our services 📓 Processed data: Data such as user behavior data, information about your device, and your IP address. More details can be found below in the privacy policy. 📅 Storage duration: until Instagram no longer needs the data for its purposes ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Instagram?

We have integrated Instagram features on our website. Instagram is a social media platform of Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and is one of the Facebook products. Embedding Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos, or videos from Instagram directly on our website. When you access pages of our web presence that have an Instagram function integrated, data is transmitted to Instagram, stored, and processed. Instagram uses the same systems and technologies as Facebook. Your data is therefore processed across all Facebook companies.

In the following, we want to give you a more detailed insight into why Instagram collects data, what data it is, and how you can largely control data processing. Since Instagram belongs to Meta Platforms Inc., we obtain our information on the one hand from Instagram’s policies, but on the other hand also from Meta’s privacy policies themselves.

Instagram is one of the most well-known social media networks worldwide. Instagram combines the advantages of a blog with the advantages of audiovisual platforms such as YouTube or Vimeo. You can upload photos and short videos on “Insta” (as many users casually call the platform), edit them with various filters, and also distribute them on other social networks. And if you do not want to be active yourself, you can also just follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really taken off in recent years. And of course, we have also responded to this boom. We want you to feel as comfortable as possible on our website. Therefore, varied presentation of our content is a matter of course for us. Through the embedded Instagram features, we can enrich our content with helpful, entertaining, or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be useful to us for personalized advertising on Facebook. This way, our advertisements only reach people who are genuinely interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive aggregated statistics and thus gain more insight into your wishes and interests. It is important to mention that these reports do not personally identify you.

What data is stored by Instagram?

When you come across one of our pages that has Instagram features (such as Instagram images or plugins) built in, your browser automatically connects to Instagram’s servers. Data is thereby sent to Instagram, stored, and processed. This happens regardless of whether you have an Instagram account or not. This includes information about our website, about your computer, about purchases made, about advertisements you see, and how you use our services. Furthermore, the date and time of your interaction with Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume that this is exactly the case with Instagram as well. Customer data includes, for example, name, address, telephone number, and IP address. This customer data is only transmitted to Instagram after it has been “hashed.” Hashing means that a data record is transformed into a character string. This allows contact data to be encrypted. In addition, the “event data” mentioned above is also transmitted. By “event data,” Facebook—and consequently Instagram—means data about your user behavior. It can also happen that contact data is combined with event data. The collected contact data is matched with the data that Instagram already has from you.

The collected data is transmitted to Facebook via small text files (cookies), which are usually set in your browser. Depending on the Instagram features used and whether you have an Instagram account yourself, different amounts of data are stored.

We assume that data processing works the same way with Instagram as with Facebook. This means: if you have an Instagram account or have visited www.instagram.com, Instagram has set at least one cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram feature. This data is deleted or anonymized again after 90 days (after matching) at the latest. Although we have intensively studied Instagram’s data processing, we cannot say exactly which data Instagram collects and stores.

Below we show you cookies that are set in your browser at a minimum when you click on an Instagram feature (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged in to Instagram, significantly more cookies are set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: “”
Purpose: This cookie is most likely set for security reasons to prevent forgery of requests. However, we could not find out more precisely.
Expiration date: after one year

Name: mid
Value: “”
Purpose: Instagram sets this cookie to optimize its own services and offerings within and outside of Instagram. The cookie establishes a unique user ID.
Expiration date: after end of session

Name: fbsr_111956989124024
Value: not specified
Purpose: This cookie stores the login request for users of the Instagram app.
Expiration date: after end of session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiration date: after end of session

Name: urlgen
Value: “{“194.96.75.33″: 1901}:1iEtYv:Y833k2_UjKvXgYe111956989”
Purpose: This cookie serves Instagram’s marketing purposes.
Expiration date: after end of session

Note: We cannot claim completeness here. Which cookies are set in individual cases depends on the embedded features and your use of Instagram.

How long and where is the data stored?

Instagram shares the information received among Facebook companies with external partners and with people you connect with worldwide. Data processing is carried out in compliance with its own data policy. Your data is distributed across Facebook servers around the world, among other reasons for security purposes. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to access, portability, correction, and deletion of your data. You can manage your data in Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

And this is how deleting your Instagram account works:

First, open the Instagram app. On your profile page, go down and click on “Help Center.” You will now be taken to the company’s website. On the website, click on “Managing Your Account” and then on “Delete Your Account.”

If you delete your account completely, Instagram deletes posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and will therefore not be deleted.

As mentioned above, Instagram primarily stores your data via cookies. You can manage, deactivate, or delete these cookies in your browser. Depending on your browser, management always works a little differently. Under the “Cookies” section, you will find the relevant links to the instructions for the most popular browsers.

You can also generally set up your browser so that you are always informed when a cookie is to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal basis

If you have consented to data from you being processed and stored by embedded social media elements, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the embedded social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and view the privacy policy or cookie guidelines of the respective service provider.

Instagram and Facebook also process data in the USA, among other places. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may entail various risks for the legality and security of data processing.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and in particular in the USA) or for data transfer there, Facebook uses standard contractual clauses approved by the EU Commission (= Art. 46(2) and (3) GDPR). These clauses oblige Facebook to comply with the EU data protection level when processing relevant data outside the EU. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses at: https://germany.representation.ec.europa.eu/index_de.

We have tried to provide you with the most important information about data processing by Instagram. At https://help.instagram.com/519522125107875
you can explore Instagram’s data policies in more detail.

All texts are protected by copyright.

Source: Created with the Privacy Policy Generator from AdSimple