Privacy Policy

Introduction and Overview

We have prepared this privacy policy (version 05.04.2024-112758748) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as “data”) we as the controller – and the processors commissioned by us (e.g., providers) – process, will process in the future and what legal options you have. The terms used are to be considered gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal terminology. However, this privacy policy is intended to describe the most important things to you as simply and transparently as possible. To the extent that it promotes transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that we only process personal data in the course of our business activities when there is a corresponding legal basis. This is certainly not possible if one gives the shortest possible, unclear and legalistic-technical explanations, as is often standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is one or two pieces of information that you did not already know.
If you still have questions, we would like to ask you to contact the responsible party named below or in the imprint, to follow the existing links and to look at further information on third-party sites. You can of course also find our contact details in the imprint.

Application Area

This privacy policy applies to all personal data processed by us in the company and for all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill for our services and products, be it online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• social media presences and email communication
• mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in a structured manner in the company via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Bases

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course access this EU General Data Protection Regulation online on EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we have to process certain data in order to be able to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions such as the performance of recordings in the public interest and the exercise of official authority as well as the protection of vital interests generally do not occur with us. If such a legal basis should be relevant, it will be shown at the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), abbreviated as DSG.
• In Germany, the Federal Data Protection Act, abbreviated as BDSG, applies.

If additional regional or national laws apply, we will inform you about them in the following sections.

Contact Details of the Controller

If you have any questions about data protection or the processing of personal data, you can find the contact details of the responsible person or entity below:
Dr. Vjara Ilieva
Kaiser Franz Joseph-Ring 26, 2500 Baden, Austria

Email: ordination@radiantbeauty.at
Phone: +43 677 628 906 09
Imprint: https://www.musterfirma.at/impressum/

Storage Duration

It is our general criterion that we only store personal data for as long as it is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and if there is no obligation to store it.

We will inform you about the specific duration of the respective data processing further below, if we have additional information about it.

Rights According to the General Data Protection Regulation

According to Articles 13 and 14 of the GDPR, we inform you about the following rights to which you are entitled to ensure fair and transparent data processing:

• According to Article 15 of the GDPR, you have the right to information about whether we process data about you. If this is the case, you have the right to receive a copy of the data and to be informed about the following:
  • the purpose for which we carry out the processing;
  • the categories, i.e., the types of data that are processed;
  • who receives this data and if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we have not collected it from you;
  • whether profiling is carried out, i.e., whether data is automatically evaluated to arrive at a personal profile of you.
• According to Article 16 of the GDPR, you have the right to rectification of data, which means that we must correct data if you find errors.
• According to Article 17 of the GDPR, you have the right to erasure (‘right to be forgotten’), which specifically means that you can request the deletion of your data.
• According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
• According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
• According to Article 21 of the GDPR, you have a right to object, which, once enforced, brings about a change in processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
  • If data is used to conduct direct advertising, you can object to this type of data processing at any time. We may no longer use your data for direct marketing after that.
  • If data is used to conduct profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling after that.
• According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).
• According to Article 77 of the GDPR, you have the right to lodge a complaint. This means you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – don’t hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Phone number: +43 1 52 152-0
Email address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In doing so, we make it as difficult as possible within our capabilities for third parties to infer personal information from our data.

Art. 25 GDPR refers to “data protection by design and by default” and means that one should always think about security in both software (e.g., forms) and hardware (e.g., access to the server room) and take appropriate measures. If necessary, we will address specific measures below.

TLS Encryption with https

TLS, encryption, and https sound very technical and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet.
This means that the entire transmission of all data from your browser to our web server is secured – no one can “eavesdrop”.

By doing this, we have introduced an additional layer of security and fulfill data protection by design (Article 25 Paragraph 1 GDPR). Through the use of TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small lock symbol in the top left of the browser, to the left of the internet address (e.g., examplesite.com) and the use of the https scheme (instead of http) as part of our internet address.
If you want to know more about encryption, we recommend using Google to search for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.

Communication

Communication Summary 👥 Affected parties: All those who communicate with us by phone, email, or online form 📓 Processed data: e.g., phone number, name, email address, entered form data. More details can be found under the respective contact method used 🤝 Purpose: Handling of communication with customers, business partners, etc. 📅 Storage duration: Duration of the business case and legal requirements ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. b GDPR (Contract), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

When you contact us and communicate via phone, email, or online form, personal data may be processed.

The data is processed for handling and processing your inquiry and the related business transaction. The data is stored for as long as necessary or as long as the law requires.

Affected Individuals

All those who seek contact with us through the communication channels we provide are affected by the mentioned processes.

Phone

If you call us, the call data is pseudonymized and stored on the respective end device and by the telecommunications provider used. Additionally, data such as name and phone number may be sent by email afterwards and stored for answering inquiries. The data is deleted as soon as the business case is finished and legal requirements allow.

Email

If you communicate with us via email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and data is stored on the email server. The data is deleted as soon as the business case is finished and legal requirements allow.

Online Forms

When you communicate with us using online forms, data is stored on our web server and may be forwarded to one of our email addresses. The data is deleted as soon as the business transaction has been completed and legal requirements allow it.

Legal Bases

The processing of data is based on the following legal grounds:

• Art. 6 para. 1 lit. a GDPR (Consent): You give us consent to store your data and continue to use it for purposes related to the business transaction;
• Art. 6 para. 1 lit. b GDPR (Contract): It is necessary for the fulfillment of a contract with you or a processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as the preparation of an offer;
• Art. 6 para. 1 lit. f GDPR (Legitimate Interests): We want to handle customer inquiries and business communication in a professional manner. For this, certain technical facilities such as email programs, Exchange servers, and mobile network operators are necessary to be able to conduct communication efficiently.

Cookies

Cookies Summary 👥 Affected parties: Website visitors 🤝 Purpose: dependent on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie. 📓 Processed data: Dependent on the cookie used. You can find more details below or from the manufacturer of the software that sets the cookie. 📅 Storage duration: dependent on the respective cookie, can vary from hours to years ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit.f GDPR (Legitimate Interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data.
In the following, we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you surf the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, since there are also other cookies for other applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, the ‘brain’ of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must be specified.

Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser sends the ‘user-related’ information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie back from the server, which the browser uses again when another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie is to be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans, or other ‘malware’. Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152112758748-9
Purpose: Differentiation of website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

Four types of cookies can be distinguished:

Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing other pages and only later proceeds to checkout. These cookies ensure that the shopping cart is not deleted even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and behavior of the website with different browsers.

Targeted Cookies
These cookies provide better user-friendliness. For example, entered locations, font sizes, or form data are stored.

Advertising Cookies
These cookies are also called targeting cookies. They serve to deliver individually tailored advertising to the user. This can be very convenient, but also very annoying.

Usually, you are asked which of these types of cookies you want to allow when you first visit a website. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and don’t shy away from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of Processing via Cookies

The purpose ultimately depends on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie.

What Data is Processed?

Cookies are small helpers for many different tasks. Unfortunately, it’s not possible to generalize what data is stored in cookies, but we will inform you about the processed or stored data in the context of the following privacy policy.

Storage Duration of Cookies

The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You also have influence on the storage duration yourself. You can manually delete all cookies at any time via your browser (see also “Right to Object” below). Furthermore, cookies that are based on consent will be deleted at the latest when you withdraw your consent, whereby the lawfulness of the storage until then remains unaffected.

Right to Object – How Can I Delete Cookies?

You decide for yourself whether and how you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to determine which cookies have been stored in your browser, change cookie settings, or delete cookies, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally don’t want cookies, you can set up your browser to always inform you when a cookie is to be set. This way you can decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. It’s best to search for the instructions in Google with the search term “delete cookies Chrome” or “disable cookies Chrome” in the case of a Chrome browser.

Legal Basis

Since 2009, there have been the so-called “Cookie Guidelines”. These stipulate that the storage of cookies requires your consent (Article 6(1)(a) GDPR). However, there are still very different reactions to these guidelines within EU countries. In Austria, however, this directive was implemented in § 165 Para. 3 of the Telecommunications Act (2021). In Germany, the Cookie Guidelines were not implemented as national law. Instead, the implementation of this directive was largely carried out in § 15 Para.3 of the Telemedia Act (TMG).

For absolutely necessary cookies, even if no consent is available, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide website visitors with a pleasant user experience, and certain cookies are often absolutely necessary for this.

Unless strictly necessary cookies are used, this only occurs with your consent. The legal basis for this is Art. 6 Para. 1 lit. a GDPR.

In the following sections, you will be informed in more detail about the use of cookies, provided that the software used employs cookies.

Customer Data

Customer Data Summary 👥 Affected: Customers or business and contractual partners 🤝 Purpose: Provision of contractually or pre-contractually agreed services including related communication 📓 Processed data: Name, address, contact details, email address, phone number, payment information (such as invoices and bank details), contract data (such as duration and subject of the contract), IP address, order data 📅 Storage duration: The data will be deleted as soon as it is no longer necessary for our business purposes and there is no legal retention obligation. ⚖️ Legal bases: Legitimate interest (Art. 6 Para. 1 lit. f GDPR), Contract (Art. 6 Para. 1 lit. b GDPR)

What is Customer Data?

In order to provide our service or our contractual services, we also process data from our customers and business partners. This data always includes personal data. Customer data refers to all information that is processed on the basis of a contractual or pre-contractual collaboration to provide the offered services. Customer data is therefore all collected information that we collect and process about our customers.

Why Do We Process Customer Data?

There are many reasons why we collect and process customer data. The most important is that we simply need various data to provide our services. Sometimes just your email address is sufficient, but if you purchase a product or service, we also need data such as name, address, bank details, or contract data. We subsequently use the data for marketing and sales optimizations to improve our overall service for our customers. Another important point is our customer service, which is always very important to us. We want you to be able to come to us with questions about our offers at any time, and for this we need at least your email address.

What Data is Processed?

Exactly which data is stored can only be described in categories at this point. This always depends on which services you obtain from us. In some cases, you only give us your email address so that we can, for example, contact you or answer your questions. In other cases, you purchase a product or service from us, and for this we need significantly more information, such as your contact details, payment data, and contract data.

Here is a list of possible data that we receive and process from you:

• Name
• Contact address
• Email address
• Phone number
• Date of birth
• Payment data (invoices, bank details, payment history etc.)
• Contract data (duration, content)
• Usage data (visited websites, access data etc.)
• Metadata (IP address, device information)

How Long is the Data Stored?

As soon as we no longer need the customer data to fulfill our contractual obligations and our purposes, and the data is also not necessary for possible warranty and liability obligations, we delete the corresponding customer data. This is the case, for example, when a business contract ends. After that, the limitation period is usually 3 years, with longer periods possible in individual cases. We of course also comply with the legal retention obligations. Your customer data will certainly not be passed on to third parties if you have not explicitly given consent for this.

Legal Basis

The legal bases for processing your data are Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. b GDPR (contract or pre-contractual measures), Art. 6 Para. 1 lit. f GDPR (legitimate interests) and in special cases (e.g., for medical services) Art. 9 Para. 2 lit. a. GDPR (processing of special categories).

In the case of protecting vital interests, data processing is carried out in accordance with Art. 9 Para. 2 lit. c. GDPR. For purposes of health care, occupational medicine, medical diagnostics, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector, personal data is processed in accordance with Art. 9 Para. 2 lit. h. GDPR. If you voluntarily provide data of special categories, processing is carried out on the basis of Art. 9 Para. 2 lit. a. GDPR.

Web Hosting Introduction

Web Hosting Summary 👥 Affected: Website visitors 🤝 Purpose: Professional hosting of the website and securing operations 📓 Processed data: IP address, time of website visit, browser used, and other data. More details can be found below or with the respective web hosting provider. 📅 Storage duration: Depends on the respective provider, but usually 2 weeks ⚖️ Legal basis: Art. 6 para. 1 lit.f GDPR (Legitimate interests)

What is Web Hosting?

When you visit websites today, certain information – including personal data – is automatically generated and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, we mean the entirety of all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By domain, we mean, for example, example.de or sampleexample.com.

When you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply call them browser or web browser.

To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complicated and demanding task, which is why it is usually done by professional providers. These offer web hosting and thus ensure reliable and error-free storage of website data. A lot of technical terms, but please stay with us, it gets better!

When the browser on your computer (desktop, laptop, tablet, or smartphone) connects and during data transfer to and from the web server, personal data may be processed. On one hand, your computer stores data, on the other hand, the web server must also store data for a while to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and securing operations
2. to maintain operational and IT security
3. Anonymous analysis of access behavior to improve our services and, if necessary, for law enforcement or pursuit of claims

What data is processed?

Even as you visit our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as

• the complete internet address (URL) of the accessed web page
• Browser and browser version (e.g., Chrome 87)
• the operating system used (e.g., Windows 10)
• the address (URL) of the previously visited page (Referrer URL) (e.g., https://www.examplesourcesite.com/whereicamefrom/)
• the hostname and IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
• Date and time
• in files, the so-called web server log files

How long is data stored?

As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot exclude that this data may be viewed by authorities in the event of unlawful behavior.

In short: Your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not pass on your data without consent!

Legal Basis

The lawfulness of processing personal data in the context of web hosting results from Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), as the use of professional hosting with a provider is necessary to present the company securely and user-friendly on the internet and to be able to pursue attacks and claims arising from it if necessary.

As a rule, there is a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

Website Building Systems Introduction

Website Building Systems Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Optimization of our service 📓 Processed data: Data such as technical usage information like browser activity, clickstream activities, session heatmaps, as well as contact details, IP address, or your geographical location. More details can be found below in this privacy policy and in the privacy policy of the providers. 📅 Storage duration: depends on the provider ⚖️ Legal basis: Art. 6 para. 1 lit. f GDPR (Legitimate Interests), Art. 6 para. 1 lit. a GDPR (Consent)

What are Website Building Systems?

We use a website building system for our website. Building systems are special forms of a Content Management System (CMS). With a building system, website operators can very easily create a website without programming knowledge. In many cases, web hosts also offer building systems. By using a building system, personal data from you can also be collected, stored, and processed. In this privacy text, we provide you with general information about data processing by building systems. You can find more detailed information in the privacy policies of the provider.

Why do we use Website Building Systems for our website?

The biggest advantage of a building system is its ease of use. We want to offer you a clear, simple, and straightforward website that we can easily operate and maintain ourselves – without external support. A building system now offers many helpful functions that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and offer you an informative and pleasant time on our website.

What data is stored by a building system?

What data is exactly stored depends, of course, on the website building system used. Each provider processes and collects different data from website visitors. However, as a rule, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are collected. Furthermore, tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) may also be processed. In addition, personal data can also be collected and stored. This is usually contact data such as email address, phone number (if you have provided it), IP address, and geographic location data. You can find out exactly what data is stored in the privacy policy of the provider.

How long and where is the data stored?

We will inform you about the duration of data processing further below in connection with the website building system used, if we have further information about it. You can find detailed information about this in the provider’s privacy policy. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It may be that the provider stores data from you according to their own policies, over which we have no influence.

Right to Object

You always have the right to information, correction, and deletion of your personal data. If you have any questions, you can also contact those responsible for the website building system used at any time. You can find contact details either in our privacy policy or on the website of the respective provider.

You can delete, deactivate, or manage cookies that providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that then not all functions may work as usual.

Legal Basis

We have a legitimate interest in using a website building system to optimize our online service and present it efficiently and appealingly to you. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). However, we only use the building system if you have given consent.

Insofar as the processing of data is not absolutely necessary for the operation of the website, the data is only processed on the basis of your consent. This applies in particular to tracking activities. The legal basis in this respect is Art. 6 para. 1 lit. a GDPR.

With this privacy policy, we have brought you closer to the most important general information about data processing. If you want to inform yourself more precisely about this, you will find further information – if available – in the following section or in the privacy policy of the provider.

Elementor Privacy Policy

We use the Elementor building system for our website. The service provider is the Israeli company Elementor Ltd., Rehov Tuval 40, 5252247 Ramat Gan, Israel.

Your data may be transferred to Israel. Israel is outside the scope of the GDPR. However, the European Commission has decided, based on Art. 45 Para. 1 GDPR, that Israel offers a level of protection comparable to the GDPR standard. You can view the decision here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32011D0061

To learn more about the data processed through the use of Elementor, please refer to the privacy policy at https://elementor.com/about/privacy/.

WordPress.com Privacy Policy

WordPress.com Privacy Policy Summary 👥 Affected parties: Website visitors 🤝 Purpose: Optimization of our service 📓 Processed data: Data such as technical usage information like browser activity, clickstream activities, session heatmaps, as well as contact details, IP address, or your geographical location. More details can be found below in this privacy policy. 📅 Storage duration: It mainly depends on the type of data stored and the specific settings. ⚖️ Legal basis: Art. 6 Para. 1 lit. a GDPR (Consent), Art. 6 Para. 1 lit. f GDPR (Legitimate Interests)

What is WordPress?

We use the well-known content management system WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

The company was born in 2003 and quickly developed into one of the world’s best-known content management systems (CMS). A CMS is software that helps us design our website and present content in a beautiful and organized manner. The content can be text, audio, and video.
By using WordPress, personal data about you may also be collected, stored, and processed. Typically, mainly technical data such as operating system, browser, screen resolution, or hosting provider are stored. However, personal data such as IP address, geographical data, or contact details may also be processed.

Why do we use WordPress on our website?

We have many strengths, but real programming is not one of our core competencies.

Nevertheless, we want to have a powerful and attractive website that we can manage and maintain ourselves. With a website building system or content management system like WordPress, this is precisely possible. With WordPress, we don’t need to be programming aces to offer you a beautiful website. Thanks to WordPress, we can operate our website quickly and easily even without technical knowledge. If technical problems occur or we have specific wishes for our website, we still have our experts who are at home with HTML, PHP, CSS, and Co.

Due to the ease of use and comprehensive functions of WordPress, we can design our web presence according to our wishes and offer you good user-friendliness.

What data is processed by WordPress?

Non-personal data includes technical usage information such as browser activity, clickstream activities, session heatmaps, and data about your computer, operating system, browser, screen resolution, language and keyboard settings, internet provider, and date of site visit.

In addition, personal data is also collected. This primarily includes contact information (email address or phone number, if you provide them), IP address, or your geographical location.

WordPress can also use cookies to collect data. These often contain data about your behavior on our website. For example, it can record which subpages you particularly like to view, how long you stay on individual pages, when you leave a page (bounce rate), or what preferences (e.g., language selection) you have made. Based on this data, WordPress can also better adapt its own marketing measures to your interests and user behavior. When you next visit our website, it will be displayed to you as you previously set it up.

WordPress can also use technologies such as pixel tags (web beacons) to clearly identify you as a user and possibly offer interest-based advertising.

How long and where is the data stored?

How long the data is stored depends on various factors. It primarily depends on the type of stored data and the specific settings of the website. Generally, the data on WordPress is deleted when it is no longer needed for its own purposes. There are, of course, exceptions, especially when legal obligations require longer retention of data. Web server logs containing your IP address and technical data are deleted by WordPress or Automattic after 30 days. Automattic uses this data to analyze traffic on its own websites (for example, all WordPress pages) and to resolve potential issues. Deleted content on WordPress websites is also kept in the trash for 30 days to allow for recovery, after which it may remain in backups and caches until these are deleted. The data is stored on Automattic’s servers in the United States.

How can I delete my data or prevent data storage?

You have the right and opportunity at any time to access your personal data and to object to its use and processing. You can also file a complaint with a state supervisory authority at any time.

In your browser, you also have the option to manage, delete, or deactivate cookies individually. Please note, however, that deactivated or deleted cookies may have possible negative effects on the functions of our WordPress site. Depending on which browser you use, managing cookies works slightly differently. Under the ‘Cookies’ section, you will find the corresponding links to the respective instructions for the most popular browsers.

Legal Basis

If you have consented to the use of WordPress, this consent forms the legal basis for the corresponding data processing. This consent represents the legal basis for the processing of personal data, as it may occur during collection by WordPress, according to Art. 6 para. 1 lit. a GDPR (consent).

We also have a legitimate interest in using WordPress to optimize our online service and present it attractively to you. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). However, we only use WordPress if you have given your consent.

WordPress or Automattic also processes your data in the USA, among other places. Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Automattic uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template documents provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Automattic commits to comply with European data protection levels when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more details on the privacy policy and what data is processed by WordPress in what way at https://automattic.com/privacy/.

Social Media Introduction

Social Media Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Display and optimization of our service, contact with visitors, interested parties, etc., advertising 📓 Processed data: Data such as phone numbers, email addresses, contact details, user behavior data, information about your device and your IP address. For more details, please refer to the respective social media tool used. 📅 Storage duration: depends on the social media platforms used ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Social Media?

In addition to our website, we are also active on various social media platforms. User data may be processed so that we can specifically address users who are interested in us through social networks. Furthermore, elements of a social media platform can be directly embedded in our website. This is the case, for example, when you click on a so-called social button on our website and are directly redirected to our social media presence. Social media or social networks refer to websites and apps through which registered members can produce content, share content openly or in specific groups, and network with other members.

Why Do We Use Social Media?

For years, social media platforms have been the place where people communicate and connect online. With our social media presence, we can bring our products and services closer to interested parties. The social media elements integrated into our website help you switch quickly and without complications to our social media content.

The data that is stored and processed through your use of a social media channel primarily serves the purpose of conducting web analyses. The goal of these analyses is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, appropriate conclusions about your interests can be drawn using the evaluated data, and so-called user profiles can be created. This also allows the platforms to present you with tailored advertisements. Usually, cookies are set in your browser for this purpose, which store data about your usage behavior.

We generally assume that we remain responsible under data protection law, even when we use services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform can be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we point it out separately and work on the basis of an agreement in this regard. The essential aspects of the agreement are then reproduced further below for the platform concerned.

Please note that when using social media platforms or our embedded elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may not be able to claim or enforce your rights regarding your personal data as easily.

What Data is Processed?

Exactly what data is stored and processed depends on the respective provider of the social media platform. But usually, it involves data such as phone numbers, email addresses, data you enter into a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have a profile on the visited social media channel yourself and are logged in, data can be linked to your profile.

All data collected through a social media platform is also stored on the providers’ servers. Thus, only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly what data is stored and processed by social media providers and how you can object to data processing, you should carefully read the respective privacy policy of the company. Also, if you have questions about data storage and data processing or want to assert corresponding rights, we recommend contacting the provider directly.

Duration of Data Processing

We will inform you about the duration of data processing further below if we have additional information about it. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. However, customer data that is matched with your own user data is deleted within two days. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is legally required, as in the case of accounting, this storage period can be exceeded.

Right to Object

You also have the right and opportunity at any time to revoke your consent to the use of cookies or third-party providers such as embedded social media elements. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Since cookies may be used with social media tools, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal Basis

If you have consented to data being processed and stored by embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 Para. 1 lit. a GDPR). In principle, if consent is given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy text about cookies and view the privacy policy or cookie policies of the respective service provider.

Information about specific social media platforms can be found – if available – in the following sections.

Instagram Privacy Policy

Instagram Privacy Policy Summary 👥 Affected parties: Website visitors 🤝 Purpose: Optimization of our service 📓 Processed data: Data such as user behavior data, information about your device and your IP address. More details can be found below in the privacy policy. 📅 Storage duration: until Instagram no longer needs the data for its purposes ⚖️ Legal bases: Art. 6 Para. 1 lit. a GDPR (Consent), Art. 6 Para. 1 lit. f GDPR (Legitimate Interests)

What is Instagram?

We have incorporated Instagram features on our website. Instagram is a social media platform of the company Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and belongs to the Facebook products. The embedding of Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos or videos from Instagram directly on our website. When you visit web pages on our website that have an Instagram feature integrated, data is transmitted to Instagram, stored and processed. Instagram uses the same systems and technologies as Facebook. Your data is thus processed across all Facebook companies.

In the following, we want to give you a more detailed insight into why Instagram collects data, what data it is, and how you can largely control the data processing. Since Instagram belongs to Meta Platforms Inc., we obtain our information on the one hand from the Instagram guidelines, but on the other hand also from the Meta privacy policy itself.

Instagram is one of the most well-known social media networks worldwide. Instagram combines the advantages of a blog with the advantages of audiovisual platforms like YouTube or Vimeo. You can upload photos and short videos on ‘Insta’ (as many users casually call the platform), edit them with various filters and also spread them on other social networks. And if you don’t want to be active yourself, you can just follow other interesting users.

Why do we use Instagram on our website?

Instagram is the social media platform that has really gone through the roof in recent years. And of course, we have also reacted to this boom. We want you to feel as comfortable as possible on our website. Therefore, a varied preparation of our content is a matter of course for us. Through the embedded Instagram features, we can enrich our content with helpful, funny or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be useful to us for personalized advertising on Facebook. This way, our advertising ads only reach people who are really interested in our products or services.

Instagram also uses the collected data for measurement and analysis purposes. We receive summarized statistics and thus more insight into your wishes and interests. It is important to mention that these reports do not personally identify you.

What data is stored by Instagram?

If you encounter any of our pages that have Instagram features (such as Instagram images or plugins) built in, your browser automatically connects with Instagram’s servers. In the process, data is sent to Instagram, stored, and processed. This happens regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, advertisements you see, and how you use our service. Additionally, the date and time of your interaction with Instagram are stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook distinguishes between customer data and event data. We assume this is also the case with Instagram. Customer data includes, for example, name, address, phone number, and IP address. This customer data is only transmitted to Instagram after it has been ‘hashed’. Hashing means a data set is converted into a string of characters. This allows contact data to be encrypted. In addition, the aforementioned ‘event data’ is also transmitted. Facebook – and consequently Instagram – understands ‘event data’ as data about your user behavior. It may also happen that contact data is combined with event data. The collected contact data is matched with the data that Instagram already has about you.

The collected data is transmitted to Facebook via small text files (cookies) that are usually set in your browser.

We assume that data processing at Instagram works the same way as at Facebook. This means: if you have an Instagram account or have visited www.instagram.com, Instagram has set at least one cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram feature. At the latest after 90 days (after reconciliation), this data is deleted or anonymized. Although we have dealt intensively with Instagram’s data processing, we cannot say exactly what data Instagram collects and stores.

Below, we show you cookies that are at least set in your browser when you click on an Instagram feature (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged into Instagram, of course, significantly more cookies are set in your browser.

These cookies were used in our test:

Name: csrftoken
Value: “”
Purpose: This cookie is most likely set for security reasons to prevent request forgeries. However, we couldn’t find out more specific details.
Expiration date: after one year

Name: mid
Value: “”
Purpose: Instagram sets this cookie to optimize its own services and offers in and outside of Instagram. The cookie sets a unique user ID.
Expiration date: after end of session

Name: fbsr_112758748124024
Value: no information
Purpose: This cookie stores the login request for users of the Instagram app.
Expiration date: after end of session

Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiration date: after end of session

Name: urlgen
Value: “{“194.96.75.33″: 1901}:1iEtYv:Y833k2_UjKvXgYe112758748”
Purpose: This cookie serves Instagram’s marketing purposes.
Expiration date: after end of session

Note: We cannot claim completeness here. Which cookies are set in individual cases depends on the embedded functions and your use of Instagram.

How long and where is the data stored?

Instagram shares the information received between Facebook companies with external partners and with people you connect with worldwide. Data processing is carried out in compliance with their own data policy. Your data is distributed on Facebook servers around the world for security reasons, among others. Most of these servers are located in the USA.

How can I delete my data or prevent data storage?

Thanks to the General Data Protection Regulation, you have the right to information, portability, correction, and deletion of your data. You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.

Here’s how to delete your Instagram account:

First, open the Instagram app. On your profile page, scroll down and click on ‘Help’. This will take you to the company’s website. On the website, click on ‘Manage Account’ and then on ‘Delete Your Account’.

When you completely delete your account, Instagram deletes posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and will therefore not be deleted.

As mentioned above, Instagram primarily stores your data via cookies. You can manage, deactivate, or delete these cookies in your browser. Depending on your browser, management works a little differently. Under the ‘Cookies’ section, you will find the corresponding links to the instructions for the most well-known browsers.

You can also set up your browser to always inform you when a cookie is about to be set. Then you can always decide individually whether you want to allow the cookie or not.

Legal Basis

If you have consented to data being processed and stored by embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the embedded social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policies of the respective service provider.

Instagram also processes data from you in the USA, among other places. Instagram or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Instagram also uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template documents provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Instagram commits to complying with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

We have tried to provide you with the most important information about data processing by Instagram. At https://privacycenter.instagram.com/policy/ you can learn more about Instagram’s data policies.

Cookie Consent Management Platform Introduction

Cookie Consent Management Platform Summary 👥 Affected parties: Website visitors 🤝 Purpose: Obtaining and managing consent for certain cookies and thus the use of certain tools 📓 Processed data: Data for managing the set cookie settings such as IP address, time of consent, type of consent, individual consents. You can find more details about this with the respective tool used. 📅 Storage duration: Depends on the tool used, you must be prepared for periods of several years ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit.f GDPR (Legitimate Interests)

What is a Cookie Consent Management Platform?

We use a Consent Management Platform (CMP) software on our website that makes it easier for us and you to handle the scripts and cookies used correctly and securely. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides the legally required cookie consent for you, and helps us and you keep track of all cookies. Most Cookie Consent Management Tools identify and categorize all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or do not allow. The following graphic illustrates the relationship between browser, web server, and CMP.

Why do we use a cookie management tool?

Our goal is to offer you the best possible transparency in the area of data protection. We are also legally obligated to do so. We want to inform you as thoroughly as possible about all tools and cookies that can store and process your data. It is also your right to decide for yourself which cookies you accept and which you don’t. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool, which regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information about them. Through the consent system, you can then accept or reject cookies.

What data is processed?

Within our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The declaration of your consent is stored so that we don’t have to ask you again with each new visit to our website, and we can also prove your consent if legally necessary. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent varies. Usually, this data (such as pseudonymous user ID, consent timestamp, details about cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We inform you about the duration of data processing further below, if we have additional information about it. Generally, we process personal data only as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted immediately after leaving the website, others can be stored in your browser for several years. The exact duration of data processing depends on the tool used; usually, you should expect a storage duration of several years. In the respective privacy policies of the individual providers, you will generally receive precise information about the duration of data processing.

Right to Object

You also have the right and the option to revoke your consent to the use of cookies at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Information about specific cookie management tools can be found – if available – in the following sections.

Legal Basis

If you consent to cookies, personal data about you will be processed and stored through these cookies. If we are allowed to use cookies through your consent (Article 6(1)(a) GDPR), this consent is also the legal basis for the use of cookies or the processing of your data. In order to manage cookie consent and enable you to give consent, a cookie consent management platform software is used. The use of this software enables us to operate the website efficiently in a legally compliant manner, which represents a legitimate interest (Article 6(1)(f) GDPR).

CookieYes Privacy Policy

We use the cookie consent management platform CookieYes for our website. The service provider is the British company CookieYes Limited, 3 Warren Yard, Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom.

Due to Britain’s exit from the European Union, the GDPR is no longer applicable to data transfers there. However, the European Commission has decided, based on Article 45 GDPR, that the United Kingdom offers an adequate level of protection compared to the GDPR. Data transfer there is therefore permissible. You can view the decision here (Download): https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D1772

You can find out more about the data processed through the use of CookieYes in the privacy policy at https://www.cookieyes.com/privacy-policy/.

Audio Video Introduction

Audio Video Privacy Policy Summary 👥 Affected parties: Website visitors 🤝 Purpose: Optimization of our service 📓 Processed data: Data such as contact details, user behavior data, information about your device and your IP address may be stored. More details can be found below in the corresponding privacy texts. 📅 Storage duration: Data generally remains stored as long as it is necessary for the service purpose ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are audio and video elements?

We have integrated audio and video elements into our website so that you can watch videos or listen to music/podcasts directly through our website. The content is provided by service providers. All content is therefore also obtained from the corresponding servers of the providers.

These are embedded functional elements from platforms such as YouTube, Vimeo, or Spotify. The use of these portals is generally free, but paid content may also be published. With the help of these embedded elements, you can listen to or view the respective content via our website.

If you use audio or video elements on our website, personal data may also be transmitted to, processed, and stored by the service providers.

Why do we use audio video elements on our website?

Of course, we want to provide you with the best possible offer on our website. And we are aware that content is no longer conveyed merely in text and static images. Instead of simply giving you a link to a video, we offer you audio and video formats directly on our website that are entertaining or informative, and ideally both. This expands our service and makes it easier for you to access interesting content. Thus, in addition to our texts and images, we also offer video and/or audio content.

What data is stored by audio video elements?

When you access a page on our website that has an embedded video, for example, your server connects to the service provider’s server. In the process, data about you is also transferred to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system, and other general information about your device. Furthermore, most providers also collect information about your web activity. This includes session duration, bounce rate, which button you clicked on, or which website you are using the service through. All this information is usually stored via cookies or pixel tags (also called web beacons). Pseudonymized data is usually stored in cookies in your browser. You can always find out exactly which data is stored and processed in the privacy policy of the respective provider.

Duration of data processing

You can find out exactly how long the data is stored on the third-party providers’ servers either further down in the privacy text of the respective tool or in the provider’s privacy policy. In principle, personal data is only processed for as long as is absolutely necessary for the provision of our services or products. This usually applies to third-party providers as well. In most cases, you can assume that certain data will be stored on the third-party providers’ servers for several years. Data can be stored in cookies for different lengths of time. Some cookies are deleted immediately after leaving the website, while others can be stored in your browser for several years.

Right to Object

You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. The lawfulness of the processing up to the revocation remains unaffected.

Since cookies are usually also used by the embedded audio and video functions on our site, you should also read our general privacy policy on cookies. You can find out more about how your data is handled and stored in the privacy policies of the respective third-party providers.

Legal Basis

If you have consented to data being processed and stored by embedded audio and video elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the embedded audio and video elements if you have given your consent.

YouTube Privacy Policy

YouTube Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Optimization of our service 📓 Processed data: Data such as contact information, user behavior data, information about your device and your IP address may be stored. More details can be found below in this privacy policy. 📅 Storage duration: Data generally remains stored as long as necessary for the service purpose ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is YouTube?

We have embedded YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that has a YouTube video embedded, your browser automatically connects to the servers of YouTube or Google. In the process, various data is transferred (depending on settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European area.

In the following, we want to explain in more detail what data is processed, why we have embedded YouTube videos, and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos for free. Over the past few years, YouTube has become one of the most important social media channels worldwide. For us to be able to display videos on our website, YouTube provides a code snippet that we have embedded on our site.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course, interesting videos should not be missing. With the help of our embedded videos, we provide you with additional helpful content in addition to our texts and images. Additionally, our website is easier to find on the Google search engine thanks to the embedded videos. Even when we run advertising campaigns through Google Ads, Google can – thanks to the collected data – really only show these ads to people who are interested in our offers.

What data does YouTube store?

As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually associate your interactions on our website with your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information like browser type, screen resolution, or your Internet provider. Additional data can include contact details, any ratings, sharing content via social media, or adding to your favorites on YouTube.

If you’re not logged into a Google account or a YouTube account, Google stores data with a unique identifier linked to your device, browser, or app. For example, your preferred language setting is retained. But many interaction data cannot be stored because fewer cookies are set.

In the following list, we show cookies that were set in a test in the browser. On one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be exhaustive because user data always depends on the interactions on YouTube.

Name: YSC
Value: b9-CV6ojI5Y112758748-1
Purpose: This cookie registers a unique ID to store statistics of the viewed video.
Expiration date: after end of session

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google gets statistics via PREF on how you use YouTube videos on our website.
Expiration date: after 8 months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track GPS location.
Expiration date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie tries to estimate the user’s bandwidth on our web pages (with embedded YouTube video).
Expiration date: after 8 months

Additional cookies that are set when you are logged into your YouTube account:

Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7112758748-
Purpose: This cookie is used to create a profile of your interests. The data is used for personalized advertisements.
Expiration date: after 2 years

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: This cookie stores the consent status of a user for the use of various Google services. CONSENT also serves security purposes to verify users and protect user data from unauthorized attacks.
Expiration date: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile of your interests. This data helps to display personalized advertising.
Expiration date: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Purpose: This cookie stores information about your login data.
Expiration date: after 2 years

Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie functions by uniquely identifying your browser and device. It is used to create a profile of your interests.
Expiration date: after 2 years

Name: SID
Value: oQfNKjAsI112758748-
Purpose: This cookie stores your Google account ID and your last login time in a digitally signed and encrypted form.
Expiration date: after 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information about how you use the website and what advertising you may have seen before visiting our site.
Expiration date: after 3 months

How long and where is the data stored?

The data that YouTube receives and processes from you is stored on Google servers. Most of these servers are located in America. You can see exactly where Google’s data centers are located at https://www.google.com/about/datacenters/locations/?hl=en. Your data is distributed across the servers. This makes the data retrievable more quickly and better protected against manipulation.

Google stores the collected data for different lengths of time. You can delete some data at any time, other data is automatically deleted after a limited time, and some data is stored by Google for longer periods. Some data (such as elements from “My Activity”, photos or documents, products) that are stored in your Google Account remain stored until you delete them. Even if you are not signed in to a Google Account, you can delete some data associated with your device, browser, or app.

How can I delete my data or prevent data storage?

In principle, you can manually delete data in your Google Account. With the automatic deletion function for location and activity data introduced in 2019, information is stored for either 3 or 18 months depending on your decision and then deleted.

Regardless of whether you have a Google Account or not, you can configure your browser to delete or deactivate Google cookies. Depending on which browser you use, this works in different ways. Under the “Cookies” section, you will find the corresponding links to the instructions for the most popular browsers.

If you generally don’t want cookies, you can set up your browser to always inform you when a cookie is about to be set. This way you can decide for each individual cookie whether you want to allow it or not.

Legal Basis

If you have consented to data being processed and stored by embedded YouTube elements, this consent serves as the legal basis for data processing (Art. 6 Para. 1 lit. a GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the embedded YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policies of the respective service provider.

YouTube processes data from you, including in the USA. YouTube, or Google, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find the Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, at https://business.safety.google/intl/de/adsprocessorterms/.

As YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about how your data is handled, we recommend reading the privacy policy at https://policies.google.com/privacy?hl=de.

Web Design Introduction

Web Design Privacy Policy Summary 👥 Affected parties: Website visitors 🤝 Purpose: Improvement of user experience 📓 Processed data: Which data is processed depends heavily on the services used. Usually, it includes IP address, technical data, language settings, browser version, screen resolution, and browser name. You can find more details about this with the respective web design tools used. 📅 Storage duration: depending on the tools used ⚖️ Legal bases: Art. 6 Para. 1 lit. a GDPR (Consent), Art. 6 Para. 1 lit. f GDPR (Legitimate Interests)

What is Web Design?

We use various tools on our website that serve our web design. Web design is not just about making our website look pretty, as often assumed, but also about functionality and performance. But of course, the appropriate look of a website is also one of the major goals of professional web design. Web design is a subset of media design and deals with both the visual and structural and functional design of a website. The goal is to improve your experience on our website with the help of web design. In web design jargon, this is referred to as User Experience (UX) and Usability. User Experience encompasses all impressions and experiences that the website visitor has on a website. Usability is a subset of User Experience and refers to the user-friendliness of a website. The focus here is primarily on ensuring that content, subpages, or products are clearly structured and that you can easily and quickly find what you are looking for. To offer you the best possible experience on our website, we also use so-called web design tools from third-party providers. In this privacy policy, the category ‘Web Design’ therefore includes all services that improve our website design. This can include fonts, various plugins, or other integrated web design functions.

Why do we use Web Design tools?

How you absorb information on a website depends very much on the structure, functionality, and visual perception of the website. Therefore, good and professional web design has become increasingly important for us as well. We are constantly working on improving our website and see this as an extended service for you as a website visitor. Furthermore, a beautiful and functional website also has economic advantages for us. After all, you will only visit us and use our offers if you feel completely comfortable.

What data is stored by Web Design tools?

When you visit our website, web design elements may be incorporated into our pages that can also process data. The exact data involved depends strongly on the tools used. Further below, you can see exactly which tools we use for our website. For more detailed information about data processing, we also recommend reading the respective privacy policy of the tools used. Usually, you can find out what data is processed, whether cookies are used, and how long the data is stored. Through fonts such as Google Fonts, for example, information such as language settings, IP address, browser version, browser screen resolution, and browser name are automatically transmitted to Google servers.

Duration of Data Processing

How long data is processed varies greatly and depends on the web design elements used. When cookies are used, for example, the retention period can be just a minute or last several years. Please inform yourself about this. We recommend reading our general text section on cookies as well as the privacy policies of the tools used. There you will usually find out which cookies are used exactly and what information is stored in them. Google Font files, for example, are stored for one year. This is to improve the loading time of a website. In principle, data is only stored for as long as necessary to provide the service. In case of legal requirements, data may be stored for longer periods.

Right to Object

You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or through other opt-out functions. You can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. However, for some web design elements (usually fonts), there is data that cannot be deleted quite so easily. This is the case when data is automatically collected and transmitted to a third-party provider (such as Google) when a page is accessed. Please contact the support of the respective provider. In the case of Google, you can reach support at https://support.google.com/?hl=en.

Legal Basis

If you have consented to the use of web design tools, this consent is the legal basis for the corresponding data processing. This consent represents the legal basis for the processing of personal data as it may occur in the collection by web design tools, according to Art. 6 para. 1 lit. a GDPR (consent). On our part, there is also a legitimate interest in improving the web design on our website. After all, we can only provide you with a beautiful and professional web offering. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). We only use web design tools if you have given your consent. We want to emphasize this here once again.

Information on specific web design tools can be found – if available – in the following sections.

Adobe Fonts Privacy Policy

We use Adobe Fonts, a web font hosting service, on our website. The service provider is the American company Adobe Inc. For the European area, Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland, is responsible.

Adobe processes data from you, among other things, also in the USA. Adobe is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Adobe uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard contractual clauses (Standard Contractual Clauses – SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Adobe commits to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

You can find more information about the standard contractual clauses at Adobe at https://www.adobe.com/privacy/eudatatransfers.html.

For more information about the data processed through the use of Adobe Fonts, please refer to the Privacy Policy at https://www.adobe.com/at/privacy.html.

Google Fonts Privacy Policy

Google Fonts Privacy Policy Summary 👥 Affected parties: Website visitors 🤝 Purpose: Optimization of our service 📓 Processed data: Data such as IP address and CSS and font requests More details can be found below in this privacy policy. 📅 Storage duration: Font files are stored by Google for one year ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are Google Fonts?

We use Google Fonts on our website. These are the “Google fonts” from Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

You do not need to log in or provide a password to use Google fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don’t need to worry that your Google account details are being transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and securely stores this data. We will take a detailed look at how exactly the data storage looks.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google provides to its users free of charge.

Many of these fonts are published under the SIL Open Font License, while others are published under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our own website without having to upload them to our own server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web and this saves data volume and is a great advantage especially for use on mobile devices. When you visit our site, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure Web Fonts. Different image synthesis systems (rendering) in various browsers, operating systems, and mobile devices can lead to errors. Such errors can partially distort texts or entire web pages visually. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts so that we can present our entire online service as beautifully and consistently as possible.

What data is stored by Google?

When you visit our website, the fonts are reloaded via a Google server. Through this external call, data is transmitted to Google’s servers. This way, Google also recognizes that you or your IP address is visiting our website. The Google Fonts API was designed to reduce the use, storage, and collection of end user data to what is necessary for the proper delivery of fonts. API, by the way, stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software field.

Google Fonts securely stores CSS and font requests with Google and is thus protected. Through the collected usage numbers, Google can determine how well the individual fonts are received. Google publishes the results on internal analytics pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in Google Fonts’ BigQuery database. Entrepreneurs and developers use Google’s BigQuery web service to examine and move large amounts of data.

However, it should be noted that each Google Font request also automatically transmits information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google servers. Whether this data is also stored is not clearly determinable or is not clearly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets on its servers, which are mainly located outside the EU, for one day. This allows us to use the fonts using a Google stylesheet. A stylesheet is a format template that can be used to quickly and easily change the design or font of a website, for example.

The font files are stored by Google for one year. Google aims to improve the loading time of web pages in general. When millions of web pages refer to the same fonts, they are cached after the first visit and appear immediately on all other web pages visited later. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for a day or a year cannot be easily deleted. The data is automatically transmitted to Google when the page is accessed. To delete this data prematurely, you must contact Google support at https://support.google.com/?hl=detid=112758748. You can only prevent data storage in this case if you do not visit our site.

Unlike other web fonts, Google allows us unrestricted access to all fonts. We can therefore access an unlimited sea of fonts and thus get the optimum for our website. You can find more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=112758748. While Google addresses privacy-related matters there, it doesn’t contain really detailed information about data storage. It’s relatively difficult to get truly precise information about stored data from Google.

Legal Basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. This consent, according to Art. 6 para. 1 lit. a GDPR (Consent) represents the legal basis for the processing of personal data, as may occur in the collection by Google Fonts.

On our part, there is also a legitimate interest in using Google Font to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests) . However, we only use Google Font if you have given your consent.

Google also processes data from you in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard contractual clauses (Standard Contractual Clauses – SCC) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google commits to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can also read about what data Google generally collects and how this data is used at https://www.google.com/intl/en/policies/privacy/.

Online Map Services Introduction

Online Map Services Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Improvement of user experience 📓 Processed data: What data is processed depends heavily on the services used. Usually, it involves IP address, location data, search objects and/or technical data. You can find more details about this with the respective tools used. 📅 Storage duration: depending on the tools used ⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What are Online Map Services?

We use online map services on our website as an extended service. Google Maps is probably the service you are most familiar with, but there are other providers who have specialized in creating digital maps. Such services allow locations, route plans, or other geographic information to be displayed directly on our website. Through an embedded map service, you no longer need to leave our website to view, for example, the route to a location. For the online map to function on our website, map sections are embedded using HTML code. The services can then display street maps, the earth’s surface, or aerial/satellite images. If you use the built-in map offer, data is also transferred to the tool used and stored there. This data may also include personal data.

Why do we use Online Map Services on our website?

Generally speaking, our aim is to provide you with a pleasant experience on our website. And your time is only pleasant, of course, if you can easily navigate our website and quickly find all the information you need. Therefore, we thought an online map system could be a significant optimization of our service on the website. Without leaving our website, you can easily view directions, locations, or even attractions using the map system. It’s also super practical that you can see at a glance where our company headquarters are located, so you can find us quickly and safely. As you can see, there are simply many advantages, and we clearly consider online map services on our website as part of our customer service.

What Data is Stored by Online Map Services?

When you open a page on our website that has an integrated online map function, personal data may be transmitted to the respective service and stored there. Usually, this involves your IP address, through which your approximate location can also be determined. In addition to the IP address, data such as entered search terms and latitude and longitude coordinates are also stored. For example, if you enter an address for route planning, this data will also be stored. The data is not stored with us, but on the servers of the integrated tools. You can imagine it like this: You are on our website, but when you interact with a map service, this interaction actually happens on their website. For the service to function properly, at least one cookie is usually placed in your browser. For example, Google Maps also uses cookies to record user behavior and thus optimize its own service and display personalized advertising. You can learn more about cookies in our ‘Cookies’ section.

How long and where is the data stored?

Each online map service processes different user data. If we have further information available, we will inform you about the duration of data processing below in the corresponding sections for the individual tools. In principle, personal data is always only stored for as long as necessary for the provision of the service. Google Maps, for example, stores certain data for a fixed period, while other data you must delete yourself. For instance, Mapbox retains the IP address for 30 days and then deletes it. As you can see, each tool stores data for different lengths of time. Therefore, we recommend that you carefully review the privacy policies of the tools used.

The providers also use cookies to store data about your user behavior with the map service. You can find more general information about cookies in our ‘Cookies’ section, but you can also learn about which cookies may be used in the privacy texts of the individual providers. However, this is usually only an example list and is not complete.

Right to Object

You always have the option and the right to access your personal data and to object to its use and processing. You can also revoke your consent that you have given us at any time. Usually, this works most easily via the cookie consent tool. However, there are also other opt-out tools that you can use. You can also manage, delete, or deactivate possible cookies set by the providers used with just a few mouse clicks. However, it may then happen that some functions of the service no longer work as usual. How you manage cookies in your browser also depends on the browser you use. In the ‘Cookies’ section, you will also find links to the instructions for the most important browsers.

Legal Basis

If you have consented to the use of an online map service, the legal basis for the corresponding data processing is this consent. This consent represents the legal basis according to Art. 6 para. 1 lit. a GDPR (consent) for the processing of personal data, as it may occur during the collection by an online map service.

We also have a legitimate interest in using an online map service to optimize our service on our website. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). However, we only use an online map service if you have given your consent. We want to emphasize this again at this point.

Information about specific online map services can be found – if available – in the following sections.

Google Maps Privacy Policy

Google Maps Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Optimization of our service 📓 Processed data: Data such as entered search terms, your IP address, and latitude/longitude coordinates. More details can be found below in this privacy policy. 📅 Storage duration: dependent on the stored data ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (Legitimate interests)

What is Google Maps?

We use Google Maps from Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Maps, we can better show you locations and thus adapt our service to your needs. By using Google Maps, data is transferred to Google and stored on Google servers. Here we want to go into more detail about what Google Maps is, why we use this Google service, what data is stored, and how you can prevent this.

Google Maps is an internet map service from Google. With Google Maps, you can search online via a PC, tablet, or app for exact locations of cities, sights, accommodations, or businesses. If businesses are represented on Google My Business, additional information about the company is displayed in addition to the location. To show the route options, map sections of a location can be embedded into a website using HTML code. Google Maps displays the Earth’s surface as a street map or as an aerial or satellite image. Thanks to the Street View images and the high-quality satellite images, very precise representations are possible.

Why do we use Google Maps on our website?

All our efforts on this page aim to provide you with a useful and meaningful time on our website. By integrating Google Maps, we can provide you with the most important information about various locations. You can see at a glance where we have our company headquarters. The directions always show you the best or fastest way to us. You can access the route for routes by car, public transport, on foot, or by bike. For us, providing Google Maps is part of our customer service.

What data is stored by Google Maps?

In order for Google Maps to fully offer its service, the company must collect and store data from you. This includes, among other things, the entered search terms, your IP address, and the latitude and longitude coordinates. If you use the route planner function, the entered start address is also stored. However, this data storage happens on the websites of Google Maps. We can only inform you about it, but we have no influence. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google uses this data primarily to optimize its own services and to provide you with individualized, personalized advertising.

The following cookie is set in your browser due to the integration of Google Maps:

Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ112758748-5
Purpose: NID is used by Google to adapt advertisements to your Google search. With the help of the cookie, Google ‘remembers’ your most frequently entered search queries or your previous interaction with ads. This way, you always get customized advertisements. The cookie contains a unique ID that Google uses to collect your personal preferences for advertising purposes.
Expiration date: after 6 months

Note: We cannot guarantee completeness in the information about stored data. Changes are never excluded, especially when using cookies. To identify the NID cookie, a separate test page was created where only Google Maps was integrated.

How long and where is the data stored?

Google’s servers are located in data centers around the world. However, most servers are located in America. For this reason, your data is also increasingly stored in the USA. Here you can read exactly where Google’s data centers are located: https://www.google.com/about/datacenters/locations/?hl=en

Google distributes the data across various data carriers. This makes the data retrievable more quickly and better protected against any manipulation attempts. Each data center also has special emergency programs. If, for example, there are problems with Google hardware or a natural disaster paralyzes the servers, the data remains quite secure nevertheless.

Google stores some data for a fixed period. For other data, Google only offers the option to delete it manually. Furthermore, the company also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months.

How can I delete my data or prevent data storage?

With the automatic deletion function for location and activity data introduced in 2019, information for location determination and web/app activity is stored for either 3 or 18 months – depending on your decision – and then deleted. In addition, you can manually delete this data from the history via your Google Account at any time. If you want to completely prevent your location tracking, you must pause the ‘Web App Activity’ section in your Google Account. Click on ‘Data Personalization’ and then on the ‘Activity controls’ option. Here you can turn activities on or off.

In your browser, you can also deactivate, delete, or manage individual cookies. Depending on which browser you use, this works slightly differently. Under the ‘Cookies’ section, you will find the corresponding links to the instructions for the most popular browsers.

If you generally don’t want any cookies, you can set your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether you allow it or not.

Legal Basis

If you have consented to the use of Google Maps, the legal basis for the corresponding data processing is this consent. This consent represents Art. 6 para. 1 lit. a GDPR (Consent) the legal basis for the processing of personal data, as may occur during the collection by Google Maps.

We also have a legitimate interest in using Google Maps to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests) . However, we only use Google Maps if you have given your consent.

Google also processes your data in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

If you want to learn more about Google’s data processing, we recommend the company’s own privacy policy at https://policies.google.com/privacy?hl=de.

Explanation of Terms Used

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we don’t want to use these without explanation. Below you will find an alphabetical list of important terms used, which we may not have sufficiently addressed in the previous privacy policy. If these terms were taken from the GDPR and are definitions, we will also include the GDPR texts here and add our own explanations if necessary.

Data Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to those responsible, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. Processors can therefore be, in addition to service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: Usually, such consent is given on websites via a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to or consent to data processing. Often, you can also make individual settings and thus decide for yourself which data processing you allow and which you don’t. If you do not consent, no personal data about you may be processed. In principle, consent can of course also be given in writing, i.e., not via a tool.

Health Data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

‘Health data’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;

Explanation: Health data therefore includes all stored information that concerns your own health. Often, these are data that are also noted in a patient file. This includes, for example, which medications you use, X-ray images, the entire medical history, or usually also the vaccination status.

Personal Data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is therefore all data that can identify you as a person. This usually includes data such as:

• Name
• Address
• Email address
• Postal address
• Phone number
• Date of birth
• Identification numbers such as social security number, tax identification number, ID card number or matriculation number
• Bank details such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can determine at least the approximate location of your device and subsequently you as the connection owner using your IP address. Therefore, storing an IP address also requires a legal basis in the sense of the GDPR. There are also so-called ‘special categories’ of personal data, which are also particularly worthy of protection. These include:

• Racial and ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data such as data taken from blood or saliva samples
• Biometric data (this is information on psychological, physical or behavioral characteristics that can identify a person).
  Health data
• Data concerning a person’s sex life or sexual orientation

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

Explanation: Profiling involves gathering various information about a person to learn more about them. In the web sector, profiling is often used for advertising purposes or credit checks. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a special user profile that can be used to target advertising to a specific audience.

Controller

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for processing your personal data and consequently the “controller”. If we pass on collected data for processing to other service providers, they are “processors”. For this, a “data processing agreement (DPA)” must be signed.

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we talk about processing in our privacy policy, we mean any kind of data processing. This includes, as mentioned above in the original GDPR explanation, not only the collection but also the storage and processing of data.

Conclusion

Congratulations! If you are reading these lines, you have really “fought” your way through our entire privacy policy or at least scrolled this far. As you can see from the extent of our privacy policy, we take the protection of your personal data anything but lightly.
It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. In doing so, we not only want to tell you which data is processed, but also to explain the reasons for using various software programs. As a rule, privacy policies sound very technical and legal. However, since most of you are not web developers or lawyers, we wanted to take a different approach linguistically and explain the facts in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible authority. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are protected by copyright.