Privacy Policy

Introduction and Overview

We have prepared this Privacy Policy (version 19.08.2025-113042725) to inform you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, about which personal data (referred to as “data”) we — as the data controller — and our commissioned processors (e.g. hosting providers) process, will process in the future, and the lawful options available to you. All terms used are to be understood as gender-neutral.
In short: we provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and rely heavily on legal terminology. This Privacy Policy, however, aims to describe the most important points as simply and transparently as possible. Wherever it helps with clarity, technical terms are explained in a user-friendly way, links to further information are provided, and graphics may be used. Our goal is to communicate in clear and straightforward language that, within the scope of our business activities, we only process personal data when there is a corresponding legal basis.
This would certainly not be possible with the short, vague, and overly technical explanations that are often standard on the internet when it comes to data protection. We hope you find the following information both interesting and helpful — and perhaps you’ll discover something you didn’t know before.
If you still have questions, please contact the responsible office listed below or in the imprint, follow the links provided, or consult additional sources on third-party sites. You will, of course, also find our contact details in the imprint.

Scope of Application

This Privacy Policy applies to all personal data processed by our company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information as defined in Art. 4(1) GDPR, such as a person’s name, email address, or postal address. The processing of personal data enables us to offer and bill our services and products, whether online or offline.
The scope of this Privacy Policy includes:

• all online platforms
(websites, online shops) that we operate
s
• ocial media presences
and email communication

• mobile apps for smartphones and other devices

In short: this Privacy Policy applies to all areas in which personal data is processed within our company through the channels mentioned above. Should we enter into legal relations with you outside of these channels, we will provide separate information where necessary.

Legal Bases

In the following Privacy Policy, we provide transparent information about the legal principles and regulations — the legal bases of the General Data Protection Regulation — that allow us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, access this General Data Protection Regulation online via EUR-Lex, the gateway to EU law, at
https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

Wir verarbeiten Ihre Daten nur, wenn mindestens eine der folgenden Bedingungen zutrifft:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data you enter into a contact form.
2. Contract (Article 6(1)(b) GDPR): We process your data in order to fulfil a contract or pre-contractual obligations with you. For example, if we enter into a purchase contract with you, we require certain personal information in advance.
3. Legal obligation (Article 6(1)(c) GDPR): We process your data when we are subject to a legal obligation. For example, we are legally required to retain invoices for accounting purposes, and these typically contain personal data.
4. Legitimate interests (Article 6(1)(f) GDPR): Where legitimate interests exist that do not override your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically. This processing therefore constitutes a legitimate interest.

Other legal bases — such as processing carried out in the public interest, the exercise of official authority, or the protection of vital interests — generally do not apply to our operations. Should such a legal basis become relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), abbreviated as DSG.
• In Germany, the Federal Data Protection Act applies, abbreviated as BDSG.

If additional regional or national laws apply, we will inform you about them in the following sections.
Storage Period

As a general principle, we store personal data only for as long as is strictly necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, however, we are legally required to retain certain data even after the original purpose has ceased — for example, for accounting purposes.

If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it.

We will inform you about the specific duration of each type of data processing further below, insofar as we have additional information available.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 GDPR, we inform you of the following rights to ensure fair and transparent processing of your data:

• Under Article 15 GDPR, you have the right to obtain confirmation as to whether we process personal data concerning you. If this is the case, you have the right to receive a copy of the data and to obtain the following information:
  
  • for what purpose we carry out the processing;
  • the categories — that is, the types of data — that are being processed;
  • who receives these data and, if the data are transferred to third countries, how their security can be ensured;
  • how long the data are stored;
  • the existence of the right to rectification, erasure, restriction of processing, and the right to object to the processing;
  • that you have the right to lodge a complaint with a supervisory authority (you will find links to these authorities further below);
  • the source of the data, if we did not collect them from you;
  • whether profiling is carried out — that is, whether data are automatically evaluated to create a personal profile about you.
• Under Article 16 GDPR, you have the right to rectification, meaning that we must correct your data if you identify any inaccuracies.
• Under Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the deletion of your data.
• Under Article 18 GDPR, you have the right to restrict processing, which means that we may store the data but may no longer use it.
• Under Article 20 GDPR, you have the right to data portability, which means that upon request, we must provide your data to you in a commonly used format.
• Under Article 21 GDPR, you have the right to object, which, once exercised, results in a change to the way your data is processed.
  
• If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interests), you may object to the processing. We will then review as quickly as possible whether we are legally able to comply with your objection.
  
• If data is used for direct marketing purposes, you may object to this type of processing at any time. We may then no longer use your data for direct marketing.


• If data is used for profiling, you may object to this type of processing at any time. We may then no longer use your data for profiling.
• Under Article 22 GDPR, you have the right, under certain circumstances, not to be subject to a decision based solely on automated processing (such as profiling).
• Under Article 77 GDPR, you have the right to lodge a complaint. This means you may contact the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: you have rights — so please don’t hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you may lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/.
In Germany, each federal state has its own data protection commissioner. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Leiter: Dr. Matthias Schmidl
Adresse: Barichgasse 40-42, 1030 Wien
Telefonnr.: +43 1 52 152-0
E-Mail-Adresse: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Processing Agreement (DPA)

In this section, we would like to explain what a Data Processing Agreement is and why it is needed. Since the term “Data Processing Agreement” can be quite a mouthful, we will often use the abbreviation DPA throughout this text.
Like most companies, we do not work alone; we also make use of services provided by other companies or individuals. By involving various companies or service providers, it may become necessary to share personal data for processing. These partners then act as processors, with whom we conclude a contract known as a Data Processing Agreement (DPA).
The most important thing for you to know is that your personal data is processed exclusively according to our instructions, and this must be regulated through the DPA.

Who are processors?

We, as a company and website owner, are responsible for all data we process about you. In addition to the data controller, there may also be so-called processors. This includes any company or individual that processes personal data on our behalf.
More precisely, according to the GDPR definition: any natural or legal person, public authority, agency, or other body that processes personal data on our behalf is considered a processor.
Processors can therefore include service providers such as hosting or cloud providers, payment or newsletter services, or large companies like Google or Microsoft.

To make the terminology easier to understand, here is an overview of the three roles defined in the GDPR:

Data subject (you as a customer or interested party) → Controller (we as the company and contracting entity) → Processor (service providers such as web hosts or cloud providers)

Contents of a Data Processing Agreement

As mentioned above, we have concluded a Data Processing Agreement (DPA) with all partners who act as processors. This agreement specifies, above all, that the processor handles the data strictly in accordance with the GDPR. The contract must be concluded in writing; however, in this context, an electronic agreement is also considered “in writing.” Personal data may only be processed on the basis of this contract.
The contract must include the following:

• commitment to us
as the
• controller
  duties
and rights of the
• controller
  categories
of
• data subjects

type of personal data
nature and purpose of
• data processing


• subject matter
and duration of data processing

• place where the data is processed

The agreement also sets out all obligations of the processor. The most important obligations include:

• ensuring measures for data security


• implementing appropriate technical and organisational measures to protect the ri
ghts of the
• data subject
  maintaining
a record of
• processing activities
  cooperating
with the data protection supervisory authority upon request
conducting a
• risk analysis regarding the personal data received


• engaging sub-processors only with the written approval of the controller

If you’d like to see what such a DPA looks like in practice, you can view an example at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html. This page presents a sample agreement.

Cookies

Cookies – Summary 👥 Data subjects: Visitors of the website 🤝 Purpose: Depends on the specific cookie. More details can be found below or from the software provider that sets the cookie. 📓 Processed data: Depends on the specific cookie. More details can be found below or from the software provider that sets the cookie. 📅 Storage period: Varies depending on the cookie — from a few hours to several years ⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
In the following, we explain what cookies are and why they are used, so that you can better understand the rest of this Privacy Policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser — these files are called cookies.

One thing is undeniable: cookies are genuinely useful little helpers. Almost all websites use them. More precisely, these are HTTP cookies, as there are also other types of cookies used for different purposes. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder — essentially the “brain” of your browser.
A cookie consists of a name and a value. When defining a cookie, one or more additional attributes must also be specified.

Cookies store certain user data such as your language settings or personalized website preferences. When you return to our site, your browser sends these “user-related” details back to us. Thanks to cookies, our website knows who you are and can provide the settings you are used to.
In some browsers, each cookie is stored in its own file; in others, such as Firefox, all cookies are stored together in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as every cookie stores different data. The lifespan of a cookie also varies — from a few minutes to several years.
Cookies are not software programs and do not contain viruses, trojans, or other “malware.” They also cannot access information stored on your computer.

Here is an example of what cookie data may look like:

Name: _ga
Value: GA1.2.1326744211.152113042725-9
Purpose: Distinguishing website visitors
Expiration: after 2 years

A browser should be able to support at least the following minimum sizes:

A browser should be able to support at least
• 4096 bytes per cookie,
• at least 50 cookies per domain
, and at
• least 3000 cookies in total.

Welche Arten von Cookies gibt es?

Die Frage welche Cookies wir im Speziellen verwenden, hängt von den verwendeten Diensten ab und wird in den folgenden Abschnitten der Datenschutzerklärung geklärt. An dieser Stelle möchten wir kurz auf die verschiedenen Arten von HTTP-Cookies eingehen.

What types of cookies are there?

Essential cookies
These cookies are necessary to ensure the basic functions of the website. For example, they are required when a user places a product in the shopping cart, continues browsing other pages, and returns later to complete the purchase. These cookies prevent the shopping cart from being deleted, even if the user closes their browser window.

Functional cookies
These cookies collect information about user behaviour and whether the user encounters any error messages. They also measure loading times and how the website performs in different browsers.

Preference cookies
These cookies improve user experience by storing information such as entered locations, font sizes, or form data.

Advertising cookies
These cookies are also known as targeting cookies. They are used to deliver advertising tailored to the individual user. This can be very practical — but also quite annoying.

Typically, when you visit a website for the first time, you will be asked which types of cookies you would like to allow. And of course, this decision is also stored in a cookie.

If you would like to learn more about cookies and don’t mind technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265 — the Internet Engineering Task Force (IETF) “Request for Comments” titled HTTP State Management Mechanism.

Purpose of processing through cookies

The purpose ultimately depends on the specific cookie. More details can be found further below or from the software provider that sets the cookie.

What data is processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but in the following Privacy Policy, we will inform you about the data that is processed or stored.

Storage duration of cookies

The storage duration depends on the specific cookie and is specified in more detail below. Some cookies are deleted in less than an hour, while others can remain on a computer for several years.

You also have control over the storage duration. You can manually delete all cookies at any time through your browser (see also “Right to object” below). Furthermore, cookies based on consent will be deleted at the latest upon withdrawal of your consent, without affecting the lawfulness of storage up to that point.

Cookie Management

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner.” Details about how Real Cookie Banner works can be found at https://devowl.io/de/rcb/datenverarbeitung.

The legal bases for processing personal data in this context are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used, as well as the related consents.

Providing personal data is neither contractually required nor necessary for concluding a contract. You are not obliged to provide personal data. If you do not provide the personal data, we will not be able to manage your consents.

Right to object – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or allow them only partially. For example, you can block third-party cookies while allowing all other cookies.

If you want to see which cookies are stored in your browser or if you want to change or delete your cookie settings, you can do so in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Managing cookies and website data in Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Löschen und Verwalten von Cookies

Internet Explorer: Deleting and managing cookies

If you do not want cookies in general, you can set up your browser to always notify you when a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. It is best to search for instructions on Google using terms like “delete cookies Chrome” or “disable cookies Chrome” if you are using a Chrome browser.

Legal basis

Since 2009, there have been the so-called “cookie guidelines.” These guidelines stipulate that storing cookies requires your consent (Article 6(1)(a) GDPR). However, responses to these guidelines vary widely among EU countries. In Austria, the guideline was implemented in §165(3) of the Telecommunications Act (2021). In Germany, the cookie guidelines were not enacted as national law. Instead, they were largely implemented through §15(3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024.

For strictly necessary cookies, even if no consent is given, there are legitimate interests (Article 6(1)(f) GDPR), which are in most cases of an economic nature. We want to provide website visitors with a pleasant user experience, and for this purpose, certain cookies are often absolutely necessary.

Non-essential cookies are only used if you have given your consent. The legal basis for this is Article 6(1)(a) GDPR.

In the following sections, you will find detailed information about the use of cookies, if the software used sets cookies.

Web Hosting – Summary 👥 Data subjects: Website visitors 🤝 Purpose: Professional hosting of the website and ensuring operational security 📓 Processed data: IP address, time of website visit, browser used, and other data. More details can be found below or from the respective web hosting provider. 📅 Storage period: Depends on the provider, but usually 2 weeks ⚖️ Legal basis: Art. 6(1)(f) GDPR (legitimate interests)

What is web hosting?

When you visit websites today, certain information — including personal data — is automatically generated and stored, including on this website. This data should be processed as sparingly as possible and only for justified purposes. By “website,” we mean the entirety of all web pages on a domain, from the homepage to the very last subpage (such as this one). By “domain,” we mean, for example, beispiel.de or musterbeispiel.com.

When you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We will simply refer to them as “browser” or “web browser.”

To display the website, your browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complex and demanding task, which is why it is usually handled by professional providers. They offer web hosting and ensure reliable and error-free storage of website data. Quite a lot of technical terms — but stay with us, it gets even better!

When your browser on your computer (desktop, laptop, tablet, or smartphone) connects to the web server and during the data transfer to and from the server, personal data may be processed. On one hand, your computer stores data; on the other hand, the web server must also store data for a certain period to ensure proper operation.

Warum verarbeiten wir personenbezogene Daten?

Why do we process personal data?

1. Professional hosting of the website
and ensuring operational stability,
2. maintaining operational and IT security,
and
3. anonymous analysis of access behavior to improve our services and, if necessary, for law enforcement or assertion of claims.

What data is processed?

Even while you are visiting our website right now, our web server — the computer on which this website is stored — typically automatically records data such as

• the full internet address (URL) of the web page visited
• Browser and browser version (e.g., Chrome 87)
• the operating system used (e.g., Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g.,) https://www.beispielquellsite.de/vondabinichgekommen/)
• the hostname and IP address of the device used to access the site (e.g., COMPUTERNAME and 194.23.43.121)
• Date and Time
• in files, so-called web server log files

How long is data stored?

As a rule, the data mentioned above are stored for two weeks and then automatically deleted. We do not share this data; however, we cannot rule out the possibility that authorities may access it in the event of unlawful activity.

In short: your visit is logged by our provider (the company that runs our website on specialized computers — servers), but we do not share your data without your consent!

Legal basis

The lawfulness of processing personal data in the context of web hosting is based on Art. 6(1)(f) GDPR (protection of legitimate interests), as the use of professional hosting by a provider is necessary to present the company securely and user-friendly on the internet and, if necessary, to track attacks and claims arising from it.

There is usually a Data Processing Agreement (DPA) under Art. 28 GDPR between us and the hosting provider, which ensures compliance with data protection regulations and guarantees data security.

HostEurope Privacy Policy

For our website, we use HostEurope, among other services, as a web hosting provider. The service provider is the German company Host Europe GmbH, Hansestrasse 111, 51149 Cologne, Germany.

You can find more information about the data processed through the use of HostEurope in their privacy policy at https://www.hosteurope.de/AGB/Datenschutzerklaerung/.

Data Processing Agreement (DPA) HostEurope

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a Data Processing Agreement (DPA) with HostEurope. You can read more about what a DPA is and, in particular, what it must include in our general section “Data Processing Agreement (DPA).”

This agreement is legally required because HostEurope processes personal data on our behalf. It specifies that HostEurope may only process the data it receives from us according to our instructions and must comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) at https://www.hosteurope.de/Dokumente/.

Web Analytics – Introduction

Web Analytics – Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Analysis of visitor information to optimize the website offering 📓 Processed data: Access statistics containing data such as access locations, device information, duration and time of access, navigation behavior, click behavior, and IP addresses. More details can be found in the documentation of the respective web analytics tool used. 📅 Storage period: Depends on the web analytics tool used ⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is web analytics?

On our website, we use software to analyze the behavior of website visitors, commonly referred to as web analytics. In this process, data is collected, stored, managed, and processed by the respective analytics tool provider (also called a tracking tool). The data is used to generate analyses of user behavior on our website and is made available to us as the website operator. Additionally, most tools offer various testing options. For example, we can test which offers or content are most engaging for our visitors. To do this, we may show two different versions of an offer for a limited period. After the test (so-called A/B test), we know which product or content is more interesting to our website visitors. For such testing procedures, as well as for other analytics processes, user profiles may be created and the data stored in cookies.

Why do we use web analytics?

We have a clear goal with our website: we want to offer the best web experience in our industry. To achieve this, we aim to provide the most appealing and interesting content while ensuring that you feel completely comfortable on our site.
Web analytics tools allow us to examine the behavior of our website visitors in detail and improve our website offering accordingly. For example, we can determine the average age of our visitors, where they come from, when our website is most frequently visited, or which content or products are particularly popular. All of this information helps us optimize the website and tailor it perfectly to your needs, interests, and preferences.

What data is processed?

Which data is stored depends, of course, on the analytics tools used. In general, however, the following information is typically recorded: which content you view on our website, which buttons or links you click, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website, and which operating system you use. If you have consented to the collection of location data, this may also be processed by the web analytics tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is generally pseudonymized (i.e., stored in an anonymized and shortened form). For the purposes of testing, web analytics, and website optimization, no direct data such as your name, age, address, or email address are generally stored. Any such data that is collected is stored in pseudonymized form, so that you cannot be identified as an individual.

The length of time that each type of data is stored depends on the provider. Some cookies store data for only a few minutes or until you leave the website, while others can store data for several years.

Duration of data processing

We will inform you about the duration of data processing further below, if additional information is available. In general, we process personal data only for as long as it is strictly necessary to provide our services and products. If legally required, as in the case of accounting, this storage period may be extended.

Right to object

Sie haben auch jederzeit das Recht und die Möglichkeit Ihre Einwilligung zur Verwendung von Cookies bzw. Drittanbietern zu widerrufen. Das funktioniert entweder über unser Cookie-Management-Tool oder über andere Opt-Out-Funktionen. Zum Beispiel können Sie auch die Datenerfassung durch Cookies verhindern, indem Sie in Ihrem Browser die Cookies verwalten, deaktivieren oder löschen.

Legal basis

You also have the right and the option to withdraw your consent for the use of cookies or third-party services at any time. This can be done either via our cookie management tool or through other opt-out functions. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors to technically and economically improve our offering. Web analytics allows us to identify website errors, detect attacks, and improve efficiency. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). Nevertheless, we only use these tools if you have given your consent.

Da bei Web-Analytics-Tools Cookies zum Einsatz kommen, empfehlen wir Ihnen auch das Lesen unserer allgemeinen Datenschutzerklärung zu Cookies. Um zu erfahren, welche Daten von Ihnen genau gespeichert und verarbeitet werden, sollten Sie die Datenschutzerklärungen der jeweiligen Tools durchlesen.

Information about specific web analytics tools, if available, can be found in the following sections.

Google Analytics – Summary

👥 Data subjects: Website visitors 🤝 Purpose: Analysis of visitor information to optimize the website offering 📓 Processed data: Access statistics containing data such as access locations, device information, duration and time of access, navigation behavior, and click behavior. More details can be found below in this Privacy Policy. 📅 Storage period: Individually configurable; by default, Google Analytics 4 stores data for 14 months ⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is Google Analytics?Was ist Google Analytics?

On our website, we use the analytics tracking tool Google Analytics 4 (GA4) from the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your interactions on our website. By combining various technologies such as cookies, device IDs, and login information, users can be identified across different devices. This enables cross-platform analysis of your actions.

For example, when you click a link, this event is stored in a cookie and sent to Google Analytics. Using the reports we receive from Google Analytics, we can better tailor our website and services to your needs. In the following, we will provide more details about the tracking tool, particularly which data is processed and how you can prevent this.

Google Analytics is a tracking tool used to analyze traffic on our website. The basis of these measurements and analyses is a pseudonymous user identification number. This number does not include personal data such as your name or address but serves to assign events to a specific device.
GA4 uses an event-based model that captures detailed information about user interactions, such as page views, clicks, scrolling, and conversion events. Additionally, GA4 incorporates various machine learning features to better understand user behavior and certain trends. Using these machine learning features, GA4 can model missing data based on the collected information to optimize analysis and make predictions.

For Google Analytics to function, a tracking code is embedded in the code of our website. When you visit our website, this code records various events that you perform on the site. With GA4’s event-based data model, we as website operators can define and track specific events to analyze user interactions. In addition to general information such as clicks or page views, special events that are important for our business can also be tracked. These special events might include, for example, submitting a contact form or purchasing a product.

Sobald Sie unsere Website verlassen, werden diese Daten an die Google-Analytics-Server gesendet und dort gespeichert.

Google verarbeitet die Daten und wir bekommen Berichte über Ihr Userverhalten. Dabei kann es sich unter anderem um folgende Berichte handeln:

• Audience reports: Audience reports help us better understand our users and provide insights into who is interested in our services.
• Ad reports: Ad reports allow us to analyze and improve our online advertising more effectively.
• Acquisition reports: Acquisition reports provide us with valuable information on how to attract more people to our services.
• Behavior reports: These reports show us how you interact with our website. We can track the paths you take on our site and which links you click.
• Conversion reports: A conversion refers to an action you take as a result of a marketing message. For example, when you go from being a website visitor to a purchaser or newsletter subscriber. These reports help us understand how our marketing efforts are received by users and enable us to improve our conversion rates.
• Real-time reports: These reports show us what is happening on our website at any given moment. For example, we can see how many users are currently reading this text.

In addition to the analysis reports mentioned above, Google Analytics 4 also offers the following features:

• Event-based data model: This model captures very specific events that can occur on our website, such as playing a video, purchasing a product, or signing up for our newsletter.
• Advanced analysis features: These features allow us to better understand your behavior on our website and identify general trends. For example, we can segment user groups, perform comparative analyses of target audiences, or track the path you take through our website.
• Predictive modeling: Based on the data collected, machine learning can estimate missing data to predict future events and trends. This helps us develop better marketing strategies.
• Cross-platform analysis: Data collection and analysis are possible from both websites and apps. This allows us to analyze user behavior across platforms, provided you have given your consent for data processing.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically analyzed data provide us with a clear picture of the strengths and weaknesses of our website. On one hand, we can optimize our site so that it is more easily found by interested users on Google. On the other hand, the data help us better understand you as a visitor. This allows us to know exactly what we need to improve on our website to provide you with the best possible service. The data also help us carry out our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are genuinely interested.

What data is collected by Google Analytics?

Google Analytics generates a random, unique ID using a tracking code, which is linked to your browser cookie. This allows Google Analytics to recognize you as a new user and assign you a user ID. The next time you visit our site, you will be identified as a “returning” user. All collected data is stored together with this user ID, enabling the analysis of pseudonymous user profiles.

To analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. By default, each newly created property uses Google Analytics 4. Depending on the property used, data is stored for varying lengths of time.

ChatGPT:
Through identifiers such as cookies, app instance IDs, user IDs, or custom event parameters, your interactions are measured across platforms, provided you have given your consent. Interactions include all actions you perform on our website. If you also use other Google systems (e.g., a Google account), data generated by Google Analytics may be linked with third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may occur if legally required.

According to Google, IP addresses are neither logged nor stored in Google Analytics 4. However, Google uses the IP address data to derive location information and deletes it immediately afterward. All IP addresses collected from users in the EU are therefore deleted before the data is stored in a data center or on a server.

Since Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies compared to previous versions (such as Google Universal Analytics). Nevertheless, there are some specific cookies used by GA4, including:

Name: _ga
Wert: 2.1326744211.152113042725-5
Purpose: By default, analytics.js uses the cookie _ga to store the user ID. It primarily serves to distinguish website visitors.
Expiration: after 2 years

Name: _gid
Value: 2.1687193234.152113042725-1
Purpose: This cookie is also used to distinguish website visitors
Expiration: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to limit the request rate. If Google Analytics is deployed via Google Tag Manager, this cookie is named dc_gtm.<>
Expiration: after 1 minute

Note: This list is not exhaustive, as Google may change the cookies used over time. GA4 also aims to improve data protection. Therefore, the tool provides options to control data collection. For example, we can set the storage duration ourselves and manage data collection.

Here we provide an overview of the main types of data collected with Google Analytics:
Heatmaps: Google creates so-called heatmaps. Heatmaps show exactly which areas you click on, giving us information about where you navigate on our site.

Session duration: Session duration refers to the time you spend on our site without leaving the page. If you are inactive for 20 minutes, the session ends automatically.

Bounce rate: A bounce occurs when you view only one page on our website and then leave the site.

Account creation: When you create an account or place an order on our website, Google Analytics collects this data.

Standort: IP-Adressen werden in Google Analytics nicht protokolliert oder gespeichert. Allerdings werden kurz vor der Löschung der IP-Adresse Ableitungen für Standortdaten genutzt.

Location: IP addresses are not logged or stored in Google Analytics. However, they are used to derive location data briefly before the IP address is deleted.

Referral source: Google Analytics, and we as website operators, are also interested in which website or advertisement brought you to our site.

Other data include contact information, any reviews, media playback (e.g., if you play a video on our site), sharing content via social media, or adding items to your favorites. This list is not exhaustive and serves only as a general guide to the types of data stored by Google Analytics.

How long and where is the data stored?

oogle has servers distributed all over the world. You can find detailed information about the locations of Google’s data centers here: https://datacenters.google/

Your data is distributed across multiple physical storage devices. This provides the advantage of faster access and better protection against tampering. Each Google data center has corresponding contingency measures for your data. For example, if Google’s hardware fails or natural disasters disable servers, the risk of a service interruption at Google remains low.

ChatGPT:
The retention period of the data depends on the properties used. The storage duration is always set individually for each property. Google Analytics offers us four options to control the retention period:

• 2 months
: this is the shortest retention period.

• 14 months: by default, GA4 stores data for 14 months.


• 26 months: data can also be stored for 26 months.

Manual deletion:
• data is only deleted when we manually remove it.

Additionally, there is an option for data to be deleted only if you do not visit our website within the selected time period. In this case, the retention period is reset each time you revisit our website within the specified timeframe.

Once the specified period has expired, the data is deleted once a month. This retention period applies to your data linked to cookies, user identification, and advertising IDs (e.g., DoubleClick cookies). Report results are based on aggregated data and are stored independently of individual user data. Aggregated data is a combination of individual data into a larger unit.

How can I delete my data or prevent data collection?

Under European Union data protection law, you have the right to access, update, delete, or restrict your data. By using the browser add-on to deactivate Google Analytics JavaScript (analytics.js, gtag.js), you can prevent Google Analytics 4 from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only disables data collection by Google Analytics.

If you want to deactivate, delete, or manage cookies in general, you can find the corresponding links to the instructions for the most common browsers in the “Cookies” section.

Legal basis

The use of Google Analytics requires your consent, which we have obtained through our cookie popup. According to Art. 6(1)(a) GDPR (consent), this consent provides the legal basis for processing personal data as may occur when using web analytics tools.

In addition to consent, we also have a legitimate interest in analyzing website visitor behavior to technically and economically improve our offerings. With the help of Google Analytics, we can identify website errors, detect attacks, and enhance efficiency. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). Nevertheless, we only use Google Analytics if you have given your consent.

Google processes data from you, among other locations, in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Google also uses so-called Standard Contractual Clauses (SCCs) (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses are template agreements provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA).
Through the EU–US Data Privacy Framework and the Standard Contractual Clauses, Google commits to upholding the European level of data protection when processing your relevant data — even if the data is stored, processed, and managed in the United States. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which reference the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

We hope we were able to provide you with the most important information regarding data processing with Google Analytics. If you would like to learn more about this tracking service, we recommend the following two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

If you would like to learn more about data processing, please refer to Google’s Privacy Policy at https://policies.google.com/privacy?hl=de.

Data Processing Agreement (DPA) Google Analytics

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a Data Processing Agreement (DPA) with Google. You can read more about what a DPA is and what it must include in our general section titled “Data Processing Agreement (DPA).

This agreement is legally required because Google processes personal data on our behalf. It specifies that Google may only process the data it receives from us according to our instructions and must comply with the GDPR. You can find the link to the Data Processing Terms at https://business.safety.google/intl/de/adsprocessorterms/

Google Analytics reports on demographic characteristics and interests

We have enabled the advertising reporting features in Google Analytics. The demographic and interest reports include information about age, gender, and interests. This allows us to gain a better understanding of our users — without being able to associate this data with individual persons. You can learn more about the advertising features at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can disable the use of activities and information from your Google account under “Ad Settings” at https://adssettings.google.com/authenticated by unchecking the appropriate box.

Google Analytics E-commerce measurement

We also use the e-commerce measurement features of the Google Analytics web analytics tool on our website. This allows us to analyze in detail how you and all our other customers interact with our website. E-commerce measurement focuses primarily on purchasing behavior. Based on the data collected, we can tailor and optimize our services to better meet your needs and expectations.
It also enables us to target our online advertising more effectively, ensuring that our ads are shown only to people who are actually interested in our products or services.
E-commerce measurement records, for example, which orders were placed, how long it took you to purchase a product, what the average order value is, and what the shipping costs are. All of this data can be collected and stored under a specific ID.

Google Analytics Google-Signale Datenschutzerklärung

Wir haben in Google Analytics die Google-Signale aktiviert. So werden die bestehenden Google-Analytics-Funktionen (Werbeberichte, Remarketing, gerätübergreifende Berichte und Berichte zu Interessen und demografische Merkmale) aktualisiert, um zusammengefasste und anonymisierte Daten von Ihnen zu erhalten, sofern Sie personalisierte Anzeigen in Ihrem Google-Konto erlaubt haben.

Das besondere daran ist, dass es sich dabei um ein Cross-Device-Tracking handelt. Das heißt Ihre Daten können geräteübergreifend analysiert werden. Durch die Aktivierung von Google-Signale werden Daten erfasst und mit dem Google-Konto verknüpft. Google kann dadurch zum Beispiel erkennen, wenn Sie auf unsere Webseite über ein Smartphone ein Produkt ansehen und erst später über einen Laptop das Produkt kaufen. Dank der Aktivierung von Google-Signale können wir gerätübergreifende Remarketing-Kampagnen starten, die sonst in dieser Form nicht möglich wären. Remarketing bedeutet, dass wir Ihnen auch auf anderen Webseiten unser Angebot zeigen können.

In Google Analytics werden zudem durch die Google-Signale weitere Besucherdaten wie Standort, Suchverlauf, YouTube-Verlauf und Daten über Ihre Handlungen auf unserer Webseite, erfasst. Wir erhalten dadurch von Google bessere Werbeberichte und nützlichere Angaben zu Ihren Interessen und demografischen Merkmalen. Dazu gehören Ihr Alter, welche Sprache sie sprechen, wo Sie wohnen oder welchem Geschlecht Sie angehören. Weiters kommen auch noch soziale Kriterien wie Ihr Beruf, Ihr Familienstand oder Ihr Einkommen hinzu. All diese Merkmal helfen Google Analytics Personengruppen bzw. Zielgruppen zu definieren.

These reports also help us better understand your behavior, preferences, and interests. This enables us to optimize and tailor our products and services for you. This data expires by default after 26 months. Please note that this data is collected only if you have enabled personalized advertising in your Google account. The data is always aggregated and anonymous — never tied to individual persons. You can manage or delete this data in your Google account.

Google Analytics in Consent Mode

Depending on your consent, personal data may be processed by Google Analytics in what is known as Consent Mode. You can choose whether or not to allow Google Analytics cookies. This also determines which data Google Analytics is permitted to process about you. The collected data is primarily used to measure user behaviour on the website, deliver targeted advertising, and provide us with web analytics reports.
As a rule, you give your consent to data processing by Google via a cookie consent tool. If you do not consent to data processing, only aggregated data will be collected and processed. This means that the data cannot be assigned to individual users, and therefore no user profile is created about you.
You may also choose to consent only to statistical measurement. In this case, no personal data is processed and therefore not used for advertising or for measuring advertising performance.

Google Analytics IP Anonymization

We have implemented IP address anonymization for Google Analytics on this website. This feature was developed by Google to help websites comply with applicable data protection regulations and the recommendations of local data protection authorities when full IP address storage is not permitted.
The anonymization or masking of IP addresses takes place as soon as the IP addresses enter the Google Analytics data collection network and before any storage or processing of the data occurs.

You can find more information on IP anonymization at https://support.google.com/analytics/answer/2763052?hl=de.

Google Analytics without Cookies

We do use Google Analytics (GA) on our website, but without placing any cookies in your browser. What cookies are has already been explained above, so hopefully that information is still fresh in your mind. To keep it short and specific to GA: normally, cookies store useful data in your browser that help GA analyse user behaviour.
By not using cookies, no personal data is stored in such files and no user profiles are created. Google Analytics can still perform various measurements and analyses, but the data collected for this purpose is stored exclusively on Google’s servers — meaning your privacy is respected and protected to a much greater extent.

Social Media Introduction

Social Media Privacy Policy Summary 👥 Data subjects: Visitors of the website 🤝 Purpose: Presentation and optimisation of our services, contact with visitors, interested parties etc., advertising 📓 Processed data: Data such as phone numbers, email addresses, contact details, user behaviour data, information about your device and your IP address. More details can be found in the respective social media tool used. 📅 Storage period: Depends on the social media platforms used ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Social Media?

In addition to our website, we are also active on various social media platforms. In this context, user data may be processed so that we can specifically reach users who are interested in us through social networks. Furthermore, elements of a social media platform may also be embedded directly into our website. This is the case, for example, when you click on a so-called social button on our website and are redirected directly to our social media presence.
Social media refers to websites and apps through which registered members can create content, exchange content publicly or within specific groups, and connect with other members.

Warum nutzen wir Social Media?

Seit Jahren sind Social-Media-Plattformen der Ort, wo Menschen online kommunizieren und in Kontakt treten. Mit unseren Social-Media-Auftritten können wir unsere Produkte und Dienstleistungen Interessenten näherbringen. Die auf unserer Website eingebundenen Social-Media-Elemente helfen Ihnen, schnell und ohne Komplikationen zu unseren Social-Media-Inhalten wechseln können.

Die Daten, die durch Ihre Nutzung eines Social-Media-Kanals gespeichert und verarbeitet werden, haben in erster Linie den Zweck, Webanalysen durchführen zu können. Ziel dieser Analysen ist es, genauere und personenbezogene Marketing- und Werbestrategien entwickeln zu können. Abhängig von Ihrem Verhalten auf einer Social-Media-Plattform, können mit Hilfe der ausgewerteten Daten, passende Rückschlüsse auf Ihre Interessen getroffen werden und sogenannte Userprofile erstellt werden. So ist es den Plattformen auch möglich, Ihnen maßgeschneiderte Werbeanzeigen zu präsentieren. Meistens werden für diesen Zweck Cookies in Ihrem Browser gesetzt, die Daten zu Ihrem Nutzungsverhalten speichern.

We generally assume that we remain responsible under data protection law, even when we use services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. Where this is the case, we point it out separately and work on the basis of a corresponding agreement. The essential parts of the agreement are then presented further below for the platform concerned.

Please note that when using social media platforms or our embedded elements, data about you may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may no longer be able to assert or enforce your rights regarding your personal data as easily.

What data is processed?

Which data is stored and processed depends on the respective provider of the social media platform. However, it usually includes data such as phone numbers, email addresses, data you enter into a contact form, user data such as which buttons you click, whom you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have your own profile on the social media channel you are visiting and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers’ servers. Therefore, only the providers have access to the data and can give you the appropriate information or make changes.

If you want to know exactly which data is stored and processed by the social media providers and how you can object to the data processing, you should carefully read the respective company’s privacy policy. Even if you have questions regarding data storage and data processing or wish to assert your corresponding rights, we recommend that you contact the provider directly.

Duration of data processing

We will inform you about the duration of data processing further below, provided we have additional information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is matched with its own user data is deleted within two days. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If it is legally required, as in the case of accounting, this storage period may be exceeded.

Right to object

You also have the right and the option at any time to withdraw your consent to the use of cookies or third-party providers such as embedded social media elements. This works either via our cookie management tool or through other opt-out functions. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend reading our general privacy policy on cookies. To find out exactly which data about you is stored and processed, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to data relating to you being processed and stored by embedded social media elements, this consent constitutes the legal basis for data processing (Art. 6 (1) lit. a GDPR). As a rule, your data is also stored and processed on the basis of our legitimate interest (Art. 6 (1) lit. f GDPR) in fast and effective communication with you or other customers and business partners, provided that consent has been given. We only use these tools if you have granted consent. Most social media platforms also place cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.

Information on specific social media platforms can be found — where available — in the following sections.

Facebook Privacy Policy

acebook Privacy Policy Summary 👥 Data subjects: Visitors of the website 🤝 Purpose: Optimization of our service offering 📓 Processed data: Data such as customer data, user behavior data, information about your device, and your IP address. More details can be found further below in the privacy policy. 📅 Storage period: until the data is no longer useful for Facebook’s purposes ⚖️ Legal bases: Art. 6 (1) lit. a GDPR (consent), Art. 6 (1) lit. f GDPR (legitimate interests)

What are Facebook tools?

We use selected tools from Facebook on our website. Facebook is a social media network operated by Meta Platforms Inc., or for the European region by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can offer you and people interested in our products and services the best possible experience.

If data relating to you is collected and transferred via our embedded Facebook elements or via our Facebook page (Fanpage), both we and Facebook Ireland Ltd. are responsible for this. Facebook alone is responsible for the further processing of this data. Our joint responsibilities are also laid out in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum. This agreement specifies, for example, that we must clearly inform you about the use of Facebook tools on our website. Furthermore, we are responsible for ensuring that the tools are integrated into our website in a manner compliant with data protection requirements. Facebook, on the other hand, is responsible for the data security of its Facebook products. If you have any questions regarding the collection or processing of data by Facebook, you may contact the company directly. If you address your question to us, we are obliged to forward it to Facebook.

Below, we provide an overview of the different Facebook tools, which data is sent to Facebook, and how you can delete this data.

n addition to many other products, Facebook also offers the so-called “Facebook Business Tools.” This is Facebook’s official designation. Since the term is hardly known, we have decided to simply refer to them as Facebook Tools. These include, among others:

• Facebook Pixel


• Social plug-ins (such as the “Like” or “Share” button)


• Facebook Login


• Account Kit


• APIs (Application Programming Interfaces)


• SDKs (collections of development tools)


• Platform integrations


• Plugins


• Codes


• Specifications


• Documentation

Technologies and services

These tools extend Facebook’s services and give Facebook the ability to receive information about user activities outside of Facebook.

We want to present our services and products only to people who are genuinely interested in them. With advertising (Facebook Ads), we can reach exactly these individuals. To display relevant ads to users, Facebook requires information about the wishes and needs of those users. This means that Facebook receives information about user behavior (and contact data) on our website. As a result, Facebook can collect better user data and display suitable ads about our products or services to interested people. These tools therefore enable tailored advertising campaigns on Facebook.

Facebook refers to data about your behavior on our website as “event data.” This data is also used for measurement and analytics services. In this way, Facebook can create “campaign reports” on the effectiveness of our advertising campaigns on our behalf. Furthermore, through analytics we gain better insights into how you use our services, website, or products. This allows us to optimize your user experience on our website using some of these tools. For example, social plug-ins allow you to share content from our site directly on Facebook.

What data is stored by Facebook tools?

By using individual Facebook tools, personal data (customer data) may be sent to Facebook. Depending on the tools used, customer data such as name, address, telephone number, and IP address may be transmitted.

Facebook uses this information to match the data with the data it already holds about you (provided you are a Facebook member). Before customer data is transmitted to Facebook, a process called “hashing” takes place. This means that a data set of any size is transformed into a string of characters. This also serves to encrypt the data.

In addition to contact data, “event data” is also transmitted. “Event data” refers to the information we receive about you on our website — for example, which subpages you visit or which products you purchase from us. Facebook does not share the information it receives with third parties (such as advertisers), unless the company has explicit permission or is legally required to do so. “Event data” can also be combined with contact data. This enables Facebook to provide better personalized advertising. After the matching process described above, Facebook deletes the contact data again.

To deliver advertisements in an optimized way, Facebook uses event data only when it has been combined with other data (collected by Facebook through other means). Facebook also uses this event data for security, protection, development, and research purposes. Many of this data is transmitted to Facebook via cookies. Cookies are small text files used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, varying numbers of cookies are placed in your browser. In the descriptions of the individual Facebook tools, we go into more detail about specific Facebook cookies. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.

How long and where is the data stored?

In principle, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers distributed all over the world where its data is stored. However, customer data is deleted within 48 hours after it has been matched with its own user data.

How can I delete my data or prevent data collection?

In accordance with the General Data Protection Regulation, you have the right to access, rectify, transfer, and delete your data. A complete deletion of the data only occurs if you fully delete your Facebook account. Here is how to delete your Facebook account:

1) Click on Settings on the right-hand side of Facebook.

2) Then click on “Your Facebook Information” in the left column.

3) Now click on “Deactiation and Deletion”

4) Select “Delete Account” and then click “Continue to Account Deletion”

5) Geben Sie nun Ihr Passwort ein, klicken Sie auf „Weiter“ und dann auf „Konto löschen“

The storage of data that Facebook receives through our page takes place, among other things, via cookies (e.g., through social plugins). In your browser, you can deactivate, delete, or manage individual or all cookies. Depending on which browser you use, this works differently. Under the section “Cookies,” you will find the corresponding links to the instructions for the most commonly used browsers.

If you generally do not want to have cookies, you can configure your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether you want to allow it or not.

Legal basis

If you have consented to your data being processed and stored through embedded Facebook tools, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In general, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use these tools insofar as you have provided your consent. Most social media platforms also place cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and review Facebook’s privacy policy or cookie guidelines.

Facebook processes data about you, among other things, in the United States. Facebook, or Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the United States. You can find more information at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Facebook also uses what are known as Standard Contractual Clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and through the Standard Contractual Clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

We hope we have provided you with the most important information about the use of and data processing through Facebook tools. If you would like to learn more about how Facebook uses your data, we recommend the data policy at https://www.facebook.com/privacy/policy/.

Instagram Data protection

Instagram Datenschutzerklärung Zusammenfassung 👥 Betroffene: Besucher der Website 🤝 Zweck: Optimierung unserer Serviceleistung 📓 Verarbeitete Daten: Daten wie etwa Daten zum Nutzerverhalten, Informationen zu Ihrem Gerät und Ihre IP-Adresse. Mehr Details dazu finden Sie weiter unten in der Datenschutzerklärung. 📅 Speicherdauer: bis Instagram die Daten für ihre Zwecke nicht mehr benötigt ⚖️ Rechtsgrundlagen: Art. 6 Abs. 1 lit. a DSGVO (Einwilligung), Art. 6 Abs. 1 lit. f DSGVO (Berechtigte Interessen)

What’s Instagram?

We have integrated functions of Instagram on our website. Instagram is a social media platform operated by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Since 2012, Instagram has been a subsidiary of Meta Platforms Inc. and is part of the Facebook products. Embedding Instagram content on our website is called embedding. This allows us to display content such as buttons, photos or videos from Instagram directly on our website. When you access pages of our web presence that have an integrated Instagram function, data is transmitted to Instagram, stored, and processed. Instagram uses the same systems and technologies as Facebook. Therefore, your data is processed across all Facebook companies.

In the following, we would like to give you a more detailed insight into why Instagram collects data, what types of data are involved, and how you can largely control the data processing. Since Instagram belongs to Meta Platforms Inc., we obtain our information partly from the Instagram policies and partly from the Meta privacy policies themselves.

Instagram is one of the most well-known social media networks worldwide. Instagram combines the advantages of a blog with the advantages of audiovisual platforms like YouTube or Vimeo. On “Insta” (as many users casually call the platform) you can upload photos and short videos, edit them with various filters, and also share them on other social networks. And if you don’t want to be active yourself, you can simply follow other interesting users.

Why do we use Instagram on our website?

Instagram is one of the social media platforms that has really taken off in recent years. And of course, we have responded to this boom. We want you to feel as comfortable as possible on our website. That’s why a varied presentation of our content is essential for us. By embedding Instagram functions, we can enrich our content with helpful, entertaining, or exciting posts from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be useful for personalised advertising on Facebook. This allows our ads to reach only those people who are genuinely interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive aggregated statistics, giving us deeper insight into your interests and preferences. It is important to note that these reports do not personally identify you.

What data is stored by Instagram?

When you access one of our pages that includes Instagram functions (such as Instagram images or plug-ins), your browser automatically connects to Instagram’s servers. In doing so, data is transmitted to Instagram, stored, and processed—regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases you have made, advertisements you see, and how you use our services. In addition, the date and time of your interaction with Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume this is handled in the same way by Instagram. Customer data includes, for example, name, address, phone number, and IP address. These customer data are only transmitted to Instagram after they have been “hashed.” Hashing means that a data set is converted into a string of characters to encrypt the contact data. In addition, the above-mentioned “event data” are transmitted. According to Facebook—and therefore also Instagram—“event data” refers to information about your user behaviour. It may also occur that contact data are combined with event data. The collected contact data are matched with the data Instagram already holds about you.

Through small text files (cookies), which are usually placed in your browser, the collected data are transmitted to Facebook. Depending on the Instagram features used and whether you have an Instagram account, different amounts of data are stored.

We assume that Instagram processes data in the same way as Facebook. This means: if you have an Instagram account or have visited www.instagram.com, Instagram has already placed at least one cookie. If that is the case, your browser sends information to Instagram via this cookie as soon as you interact with an Instagram feature. After 90 days at the latest (after matching), these data are deleted or anonymised. Although we have examined Instagram’s data processing thoroughly, we cannot state exactly which data Instagram collects and stores in detail.

Below, we show you the cookies that are set in your browser at a minimum when you click on an Instagram feature (such as a button or an Insta image). For our test, we assume that you do not have an Instagram account. If you are logged in to Instagram, significantly more cookies will be set in your browser.

These cookies were used in our test:
Valule: “”
Purpose: This cookie is most likely set for security reasons to prevent forged requests. However, we were unable to determine this in full detail.
Expiration: after one year

Name: mid
Value: “”
Purpose: Instagram sets this cookie to optimise its own services and offerings both inside and outside of Instagram. The cookie assigns a unique user ID.
Expiration: at the end of the session

Name: fbsr_113042725124024
Value: no information
Purpose: This cookie stores the login request for users of the Instagram app.
Expiration: at the end of the session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiration date: at the end of the session

Name: urlgen
Value: “{”194.96.75.33”: 1901}:1iEtYv:Y833k2_UjKvXgYe113042725”
Purpose: This cookie is used for Instagram’s marketing purposes.
Expiration date: at the end of the session

Note: This list is not exhaustive. Which cookies are set in each individual case depends on the embedded functions and your use of Instagram.

How long and where is the data stored?

Instagram shares the information it receives between Facebook companies, external partners, and people you connect with worldwide. Data processing is carried out in accordance with its own data policy. Your data is distributed across Facebook servers around the world, partly for security reasons. Most of these servers are located in the USA.

How can I delete my data or prevent data collection?

Thanks to the General Data Protection Regulation (GDPR), you have the right to access, transfer, rectify, and erase your data. You can manage your data in your Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

Here’s how to delete your Instagram account: First, open the Instagram app. On your profile page, scroll down and tap “Help Center.” This will take you to the company’s website. On the website, tap “Manage your account” and then “Delete your account.”

If you delete your account entirely, Instagram will delete posts such as your photos and status updates. Information that other people have shared about you is not part of your account and will therefore not be deleted.

As mentioned above, Instagram primarily stores your data using cookies. You can manage, disable, or delete these cookies in your browser. The process varies slightly depending on your browser. In the “Cookies” section, you’ll find links to instructions for the most popular browsers.

You can also configure your browser to always notify you when a cookie is about to be set. This allows you to decide individually whether or not to allow the cookie.

Legal basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the embedded social media elements if you have given your consent. Most social media platforms also use cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

Instagram processes your data in the USA, among other locations. Instagram, or rather Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Furthermore, Instagram uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are model clauses provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Instagram commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

We have tried to provide you with the most important information about data processing by Instagram. You can find more detailed information about Instagram’s data policy at https://privacycenter.instagram.com/policy/.

Explanation of terms used

We always strive to make our privacy policy as clear and understandable as possible. However, this isn’t always easy, especially when dealing with technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we don’t want to use these without explanation. Below you will find an alphabetical list of important terms used that we may not have adequately addressed in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also include the GDPR texts here and, where necessary, add our own explanations.

Processor

Definition of terms according to Article 4 of the GDPR: For the purposes of this Regulation, the term means:

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the data controller, there may also be so-called data processors. This includes any company or individual who processes personal data on our behalf. Data processors can therefore include, besides service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

consent

Definition of terms according to Article 4 of the GDPR: For the purposes of this Regulation, the term means:

‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: Websites typically obtain such consent via a cookie consent tool. You’re probably familiar with this. Whenever you visit a website for the first time, you’re usually asked via a banner whether you agree to or consent to data processing. In most cases, you can also adjust your settings and thus decide for yourself which data processing you allow and which you don’t. If you don’t consent, no personal data may be processed. Of course, consent can also be given in writing, i.e., not via a tool.

Personal Data

Definition of terms according to Article 4 of the GDPR: For the purposes of this Regulation, the term means:

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is therefore all data that can identify you as an individual. This is usually data such as:

• Name
,
• Address
,
• Email Address,
• Postal Address
, Telephone Number,
• Date of Birth
,
• Identification Numbers such as Social Security Number,
Tax Identification Number, Personal ID Number or Matriculation Number,
• Bank Details such as Account Number, Credit Information, Account Balances, etc.

According to the European Court of Justice (ECJ), your IP address also counts as personal data. IT experts can use your IP address to determine at least the approximate location of your device and, consequently, you as the internet connection owner. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called “special categories” of personal data that are particularly worthy of protection. These include:

• Racial and ethnic origin,
• political opinions,
r
• eligious or philosophical beliefs
, trade union membership,
• genetic data such as data obtained from blood or saliva samples
,
• biometric data (information on psychological, physical, or behavioral characteristics that can identify a person).

Health data,
• data on sexual orientation or sex life

Profiling

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

Explanation: Profiling involves collecting various pieces of information about a person to learn more about them. In the online world, profiling is frequently used for advertising purposes or credit checks. Web analytics programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile, which can then be used to target advertising to a specific audience.

Responsible person

Definition of terms according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for processing your personal data and are therefore the “controller”. If we transfer collected data to other service providers for processing, these are “processors”. A “data processing agreement (DPA)” must be signed for this.

processing

Definition of terms according to Article 4 of the GDPR: For the purposes of this Regulation, the term means:

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we refer to processing in our privacy policy, we mean any type of data processing. As mentioned above in the original GDPR statement, this includes not only the collection but also the storage and processing of data.

All texts are protected by copyright.