Privacy Policy

Introduction and Overview

We have written this privacy policy (version 14.07.2025) to explain to you in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (in short: data) we as controllers – and the processors commissioned by us (e.g. providers) – process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.

In short: We inform you comprehensively about data that we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. Insofar as it promotes transparency, technical terms are explained in a user-friendly way, links to further information are offered and graphics are used. We thus inform in clear and simple language that we only process personal data in the course of our business activities when there is a corresponding legal basis. This is certainly not possible if one provides the most concise, unclear and legal-technical explanations that are often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or another piece of information that you did not know yet.

If questions still remain, we would like to ask you to contact the responsible body mentioned below or in the imprint, to follow the existing links and to look at further information on third-party sites. Our contact data can of course also be found in the imprint.

Scope of Application

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data we mean information within the meaning of Art. 4 No. 1 GDPR such as name, email address and postal address of a person. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

all online presences (websites, online shops) that we operate
Social media presences and email communication
mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in the company via the mentioned channels in a structured manner. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Bases

In the following privacy policy, we give you transparent information about the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.

As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online on EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

Consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
Contract (Article 6 paragraph 1 lit. b GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. If we conclude a purchase contract with you, for example, we need personal information in advance.
Legal obligation (Article 6 paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting. These usually contain personal data.
Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. We must, for example, process certain data in order to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Further conditions such as the performance of tasks in the public interest and exercise of public authority as well as the protection of vital interests do not usually occur with us. If such a legal basis should nevertheless be relevant, this will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

In Austria, this is the Federal Act for the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), in short DSG.
In Germany, the Federal Data Protection Act applies, in short BDSG.

If further regional or national laws apply, we will inform you about this in the following sections.

Contact Details of the Controller

Should you have questions about data protection or the processing of personal data, you will find below the contact details of the controller according to Article 4 paragraph 7 EU General Data Protection Regulation (GDPR):

Fractional View GmbH
Dimbach 82
4371 Dimbach,
Austria

E-Mail: office@fractionalview.com
Imprint: https://www.fractionalview.com/imprint/

Storage Duration

That we only store personal data for as long as is absolutely necessary for the provision of our services and products applies as a general criterion with us. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased, for example for accounting purposes.

Should you wish to have your data deleted or revoke consent to data processing, the data will be deleted as quickly as possible and provided there is no obligation to store it.

We inform you about the specific duration of the respective data processing below, provided we have further information about it.

Rights under the General Data Protection Regulation

According to Articles 13, 14 GDPR, we inform you about the following rights that you are entitled to, so that fair and transparent processing of data takes place:

You have the right according to Article 15 GDPR to information about whether we process data from you. Should this be the case, you have the right to receive a copy of the data and to learn the following information:
- for what purpose we carry out the processing;
- the categories, i.e. the types of data that are processed;
- who receives this data and if the data is transmitted to third countries, how security can be guaranteed;
- how long the data is stored;
- the existence of the right to rectification, deletion or restriction of processing and the right to object to processing;
- that you can complain to a supervisory authority (links to these authorities can be found below);
- the origin of the data if we did not collect it from you;
- whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
You have the right according to Article 16 GDPR to rectification of data, which means that we must correct data if you find errors.
You have the right according to Article 17 GDPR to deletion (“right to be forgotten”), which specifically means that you may demand the deletion of your data.
You have the right according to Article 18 GDPR to restriction of processing, which means that we may only store the data but not use it further.
You have the right according to Article 20 GDPR to data portability, which means that we provide you with your data in a common format upon request.
You have the right according to Article 21 GDPR to object, which after enforcement brings about a change in processing.
- If the processing of your data is based on Article 6 para. 1 lit. e (public interest, exercise of public authority) or Article 6 para. 1 lit. f (legitimate interest), you can object to the processing. We then check as quickly as possible whether we can legally comply with this objection.
- If data is used to conduct direct advertising, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
- If data is used to conduct profiling, you can object to this type of data processing at any time. We may then no longer use your data for profiling.
You have the right according to Article 22 GDPR under certain circumstances not to be subject to a decision based solely on automated processing (for example profiling).
You have the right according to Article 77 GDPR to lodge a complaint. This means you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible body listed above with us!

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austria Data Protection Authority
Head: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Transfer to Third Countries

We only transfer or process data to countries outside the scope of the GDPR (third countries) if you consent to this processing or there is other legal permission. This applies in particular if the processing is legally prescribed or necessary for the fulfillment of a contractual relationship and in any case only insofar as this is generally permitted. Your consent is in most cases the most important reason that we have data processed in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, can mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, there is currently only an adequate level of protection for data transfer to the USA if a US company that processes personal data from EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. More information can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being processed and stored anonymously. Furthermore, US government authorities may access individual data. In addition, it may happen that collected data is linked with data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU, provided this is offered.

We inform you more precisely about data transfer to third countries at the appropriate places in this privacy policy, provided this applies.

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible within our means for third parties to infer personal information from our data.

Art. 25 GDPR speaks here of “data protection by design and by data protection-friendly default settings” and means that one should always think of security in both software (e.g. forms) and hardware (e.g. access to the server room) and take appropriate measures. In the following, we will go into specific measures if necessary.

TLS Encryption with https

TLS, encryption and https sound very technical and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) to transfer data securely on the Internet.

This means that the complete transmission of all data from your browser to our web server is secured – no one can “eavesdrop”.

This introduces an additional layer of security and fulfills data protection through technical design (Article 25 paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.

You can recognize the use of this data transmission security by the small lock symbol 🔒 at the top left in the browser, to the left of the Internet address (e.g. example.com) and the use of the scheme https (instead of http) as part of our Internet address.

If you want to know more about encryption, we recommend the Google search for “Hypertext Transfer Protocol Secure wiki” to get good links to further information.

Communication

Communication Summary

👥 Affected: All who communicate with us by phone, email or online form
📓 Processed data: e.g. phone number, name, email address, entered form data. More details can be found with the respective contact type used
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Storage duration: Duration of the business case and legal regulations
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f GDPR (legitimate interests)

When you contact us and communicate by phone, email or online form, personal data may be processed.

The data is processed for the handling and processing of your question and the related business transaction. The data is stored for as long or as long as the law prescribes.

Affected Persons

All those who seek contact with us via the communication channels we provide are affected by the mentioned processes.

Phone

When you call us, the call data is stored pseudonymized on the respective terminal device and with the telecommunications provider used. In addition, data such as name and phone number can be sent by email afterwards and stored for answering inquiries. The data is deleted as soon as the business case has ended and legal requirements permit.

Email

When you communicate with us by email, data may be stored on the respective terminal device (computer, laptop, smartphone, …) and data is stored on the email server. The data is deleted as soon as the business case has ended and legal requirements permit.

Online Forms

When you communicate with us using an online form, data is stored on our web server and possibly forwarded to an email address from us. The data is deleted as soon as the business case has ended and legal requirements permit.

Legal Bases

The processing of the data is based on the following legal bases:

Art. 6 para. 1 lit. a GDPR (consent): You give us consent to store your data and continue to use it for purposes related to the business case;
Art. 6 para. 1 lit. b GDPR (contract): There is a need to fulfill a contract with you or a processor such as the telephone provider or we must process the data for pre-contractual activities, such as preparing an offer;
Art. 6 para. 1 lit. f GDPR (legitimate interests): We want to conduct customer inquiries and business communication in a professional framework. For this, certain technical facilities such as email programs, exchange servers and mobile operators are necessary to operate communication efficiently.

Data Processing Agreement (DPA)

In this section we would like to explain to you what a data processing agreement is and why it is needed. Because the word “data processing agreement” is quite a tongue twister, we will often use just the acronym DPA here in the text. Like most companies, we do not work alone, but also use services from other companies or individuals ourselves. Through the involvement of various companies or service providers, it may be that we pass on personal data for processing. These partners then act as processors, with whom we conclude a contract, the so-called data processing agreement (DPA). Most important for you to know is that the processing of your personal data takes place exclusively according to our instructions and must be regulated by the DPA.

Who are Processors?

We as a company and website owner are responsible for all data that we process from you. In addition to those responsible, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal person, authority, institution or other body that processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.

For better understanding of the terminology, here is an overview of the three roles in the GDPR:

Data subject (you as customer or interested party) → Controller (we as company and client) → Processor (service providers such as web hosts or cloud providers)

Content of a Data Processing Agreement

As already mentioned above, we have concluded a DPA with our partners who act as processors. Above all, it is stipulated that the processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, although electronic conclusion of contract also counts as “written” in this context. The processing of personal data only takes place on the basis of the contract. The contract must contain the following:

Binding to us as controller
Duties and rights of the controller
Categories of data subjects
Type of personal data
Type and purpose of data processing
Subject matter and duration of data processing
Location of data processing

Furthermore, the contract contains all obligations of the processor. The most important obligations are:

to ensure measures for data security
to take possible technical and organizational measures to protect the rights of the data subject
to keep a data processing record
to cooperate with the data protection supervisory authority upon request
to carry out a risk analysis with regard to the received personal data
Sub-processors may only be commissioned with written approval of the controller

You can see what such a DPA looks like specifically, for example, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html. Here a model contract is presented.

Cookies

Cookies Summary

👥 Affected: Visitors to the website
🤝 Purpose: depending on the respective cookie. More details can be found below or with the manufacturer of the software that sets the cookie.
📓 Processed data: Depending on the cookie used. More details can be found below or with the manufacturer of the software that sets the cookie.
📅 Storage duration: depending on the respective cookie, can vary from hours to years
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used so that you better understand the following privacy policy.

Whenever you surf through the Internet, you use a browser. Well-known browsers are, for example, Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, since there are also other cookies for other application areas. HTTP cookies are small files that are stored by our website on your computer. These cookie files are automatically placed in the cookie folder, which is like the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you visit our site again, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the setting you are used to. In some browsers, each cookie has its own file, in others like Firefox, all cookies are stored in a single file.

Cookie Interaction Process:

When you visit a website, a specific interaction takes place between your browser (such as Chrome or Firefox) and the website’s server. Initially, your browser requests a website from the server. The web server then responds by delivering both the requested website content and a cookie to your browser. This cookie is stored in your browser alongside the website content.

When you subsequently request another page from the same website, your browser automatically includes the previously received cookie with the new request. This process allows the web server to recognize that you are the same visitor who was there before, enabling the website to remember your preferences, login status, or other information from your previous interactions.

This back-and-forth exchange – where the server initially sends a cookie with the website content, and the browser then returns that cookie with future requests – forms the foundation of how cookies work to enhance your browsing experience by maintaining continuity across different pages and visits to the same website.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie is individual to evaluate, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and contain no viruses, Trojans or other “harmful” programs. Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152113025420-9
Purpose: Distinction of website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

At least 4096 bytes per cookie
At least 50 cookies per domain
At least 3000 cookies in total

What Types of Cookies are There?

The question of which cookies we use specifically depends on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies:

Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues surfing on other pages and only goes to checkout later. These cookies do not delete the shopping cart, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies also measure the loading time and behavior of the website with different browsers.

Targeting Cookies
These cookies provide better user-friendliness. For example, entered locations, font sizes or form data are saved.

Advertising Cookies
These cookies are also called targeting cookies. They serve to deliver individually adapted advertising to the user. This can be very practical, but also very annoying.

Usually, when you visit a website for the first time, you are asked which of these cookie types you want to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and do not shy away from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of Processing via Cookies

The purpose ultimately depends on the respective cookie. More details can be found below or with the manufacturer of the software that sets the cookie.

What Data is Processed?

Cookies are small helpers for many different tasks. Which data is stored in cookies cannot be generalized, but we will inform you about the processed or stored data in the context of the following privacy policy.

Storage Duration of Cookies

The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, others can be stored on a computer for several years.

You also have influence on the storage duration yourself. You can manually delete all cookies at any time via your browser (see also “Right of objection” below). Furthermore, cookies that are based on consent will be deleted at the latest after you revoke your consent, whereby the legality of storage until then remains unaffected.

Right of Objection – How Can I Delete Cookies?

How and whether you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate or only partially allow cookies. For example, you can block cookies from third parties but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. This way you can decide for each individual cookie whether you allow the cookie or not. The procedure differs depending on the browser. It is best to search for the instructions in Google with the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser.

Legal Basis

Since 2009, the so-called “Cookie Guidelines” exist. It states that the storage of cookies requires consent (Article 6 para. 1 lit. a GDPR) from you. Within the EU countries, however, there are still very different reactions to these guidelines. In Austria, however, the implementation of this directive took place in § 165 para. 3 of the Telecommunications Act (2021). In Germany, the cookie guidelines were not implemented as national law. Instead, the implementation of this directive took place largely in § 15 para. 3 of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024.

For absolutely necessary cookies, even if no consent is given, there are legitimate interests (Article 6 para. 1 lit. f GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and for this certain cookies are often absolutely necessary.

Insofar as non-essential cookies are used, this only happens with your consent. The legal basis in this respect is Art. 6 para. 1 lit. a GDPR.

In the following sections, you will be informed in more detail about the use of cookies, provided the software used uses cookies.

Webhosting Introduction

Webhosting Summary

👥 Affected: Visitors to the website
🤝 Purpose: professional hosting of the website and security of operations
📓 Processed data: IP address, time of website visit, browser used and other data. More details can be found below or with the respective webhosting provider used.
📅 Storage duration: dependent on the respective provider, but usually 2 weeks
⚖️ Legal bases: Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Webhosting?

When you visit websites nowadays, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, we mean the entirety of all web pages on a domain, i.e. everything from the start page (homepage) to the very last subpage (like this one here). By domain we mean, for example, example.de or sample-example.com.

When you want to view a website on a computer, tablet or smartphone, you use a program called a web browser for this. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We say browser or web browser for short.

To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complicated and expensive task, which is why this is usually taken over by professional providers, the providers. These offer webhosting and thus ensure reliable and error-free storage of website data. A whole lot of technical terms, but please stay tuned, it gets even better!

When the browser on your computer (desktop, laptop, tablet or smartphone) connects and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data, on the other hand, the web server must also store data for a while to ensure proper operation.

When you visit our website, a three-part interaction takes place that involves your personal device, the global internet infrastructure, and our hosting services. On your end, you use a browser (such as Chrome) on your computer to access our website via the internet. This browser serves as your gateway to requesting and viewing web content.

The internet acts as the connecting medium, facilitating the communication between your device and our web services. Through this network, your requests for website content are transmitted to our hosting infrastructure.

At the destination end of this chain is the web server operated by our hosting provider. This server not only makes our website available and accessible to you but also temporarily stores data related to your visit. This data storage is necessary for the server to function properly, deliver content efficiently, and maintain operational records.

This interconnected system demonstrates how your browser, the internet, and our hosting provider work together to enable your website experience, while also showing where and how data about your visit may be processed and temporarily stored during this interaction.

Why Do We Process Personal Data?

The purposes of data processing are:

Professional hosting of the website and security of operations
to maintain operational and IT security
Anonymous evaluation of access behavior to improve our offer and possibly for prosecution or pursuit of claims

What Data is Processed?

Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as

the complete internet address (URL) of the accessed website
browser and browser version (e.g. Chrome 87)
the operating system used (e.g. Windows 10)
the address (URL) of the previously visited page (referrer URL) (e.g. https://www.examplesourcesite.de/fromwhereicame/)
the hostname and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
date and time
in files, the so-called web server log files

How Long is Data Stored?

As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not pass on this data, but cannot exclude that this data may be viewed by authorities in the event of unlawful behavior.

In short: Your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not pass on your data without consent!

Legal Basis

The lawfulness of processing personal data in the context of webhosting results from Art. 6 para. 1 lit. f GDPR (safeguarding legitimate interests), because the use of professional hosting with a provider is necessary to present the company safely and user-friendly on the Internet and to be able to pursue attacks and claims from this if necessary.

There is usually a contract on commissioned processing according to Art. 28 f. GDPR between us and the hosting provider, which ensures compliance with data protection and guarantees data security.

World4You Privacy Policy

World4You Privacy Policy Summary

👥 Affected: Visitors to the website
🤝 Purpose: Website storage and accessibility on the Internet
📓 Processed data: IP address, but mainly also technical data
📅 Storage duration: Log files are deleted after 14 days
⚖️ Legal bases: Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is World4You?

It is quite possible that you have already heard of the webhosting provider World4You. Especially in Austria, the web hoster enjoys great popularity. The service provider is the Austrian company World4You Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria.

Since 1998, the company from the Upper Austrian state capital has been active in the field of webhosting. World4You operates several own data centers in Austria and relies on in-house technology. This ensures fail-safe operation and a fast server connection. As you may have already read in our introduction to webhosting, data from you is also transmitted to World4You’s servers and processed there. Primarily, this involves technical data such as browser version or operating system, but additionally, personal data is also processed with your IP address.

Why Do We Use World4You?

With a website, we value reliability, speed and security, probably similar to you. Even if you visit our website in the middle of the night or we already have many visitors, it must function flawlessly. When you click on subpages, it must not take half an eternity until the page is fully loaded. And if problems do occur, there should be a good backup system that secures our content and protects all data. For all this to work to our satisfaction, we naturally need a reliable web host. With World4You, we believe we have found a partner here that meets our requirements. World4You has its own data centers and thus a fixed bandwidth, which makes a website quickly accessible. We also appreciate the personal support of the company.

What Data is Processed by World4You?

World4You can also process personal data from you. Our web server automatically stores data while you visit our website. This includes personal data such as your IP address, but mainly also technical data such as the internet address of the accessed website, device information such as browser version, operating system and the URL of the previously visited website. Furthermore, it is also recorded when you accessed our website and possibly also location data. The IP address can be used to increase the security of the website, detect possible errors and also to carry out anonymous statistical analyses. Cookies may also be used for data storage.

How Long and Where is Data Stored?

Data is stored on World4You’s own servers. The exact retention period of the data depends very much on the type of data and the individual configurations. Basically, World4You stores the data for as long as necessary to fulfill their obligations. The data that is only collected to provide the website is deleted after the end of the respective session. For data stored in so-called log files, deletion takes place at the latest after 14 days. However, it may also happen that data is stored longer, for example to have evidence for possible legal disputes.

How Can I Delete My Data or Prevent Data Storage?

You have the right to information, correction or deletion and restriction of processing of your personal data at any time. You can also revoke consent to data processing at any time.

If you do not want these cookies to be set and data to be stored, you can also prevent the setting of cookies in your browser. Because in your browser you can manage, deactivate or delete cookies. Depending on your browser, this always works a little differently.

Under the section “Cookies” you will find the corresponding links to the respective instructions of the most well-known browsers.

Legal Basis

From our side, there is a legitimate interest in using World4You to be able to offer our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests).

You can of course also use this support if you have specific questions about data protection at World4You. The privacy policy of the website, which you can find at https://www.world4you.com/de/unternehmen/datenschutzerklaerung.html, is also recommended. The FAQs at https://www.world4you.com/faq/de/dsgvo.html have their own GDPR section, under which you can also find a lot of useful information.

Data Processing Agreement (DPA) World4You

We have concluded a data processing agreement (DPA) with World4You (World4You Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria) within the meaning of Article 28 of the General Data Protection Regulation (GDPR). What a DPA is exactly and above all what must be included in a DPA, you can read in our general section “Data Processing Agreement (DPA)”.

This contract is legally required because World4You processes personal data on our behalf. It clarifies that World4You may only process data it receives from us according to our instructions and must comply with the GDPR. You can find the link to the data processing agreement (DPA) at https://www.world4you.com/unternehmen/datenschutzerklaerung

Web Analytics Introduction

Web Analytics Privacy Policy Summary

👥 Affected: Visitors to the website
🤝 Purpose: Evaluation of visitor information for optimization of the web offer.
📓 Processed data: Access statistics that contain data such as locations of access, device data, access duration and time, navigation behavior, click behavior and IP addresses. More details can be found with the respective Web Analytics tool used.
📅 Storage duration: dependent on the Web Analytics tool used
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Web Analytics?

We use software on our website to evaluate the behavior of website visitors, called Web Analytics or web analysis for short. Data is collected that the respective analytic tool provider (also called tracking tool) stores, manages and processes. With the help of the data, analyses about user behavior on our website are created and made available to us as website operators. In addition, most tools offer various testing options. For example, we can test which offers or content are best received by our visitors. For this we show you two different offers for a limited period of time. After the test (so-called A/B test) we know which product or content our website visitors find more interesting. For such test procedures, as well as for other analytics procedures, user profiles can also be created and the data stored in cookies.

Why Do We Operate Web Analytics?

With our website we have a clear goal in mind: we want to deliver the best web offer on the market for our industry. To achieve this goal, we want to offer the best and most interesting offer on the one hand and on the other hand make sure that you feel completely comfortable on our website. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our web offer for you and us accordingly. For example, we can see how old our visitors are on average, where they come from, when our website is visited most, or which content or products are particularly popular. All this information helps us to optimize the website and thus adapt it best to your needs, interests and wishes.

What Data is Processed?

Which data is stored exactly depends of course on the analysis tools used. But as a rule, for example, what content you view on our website, which buttons or links you click, when you call up a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website or which computer system you use is stored. If you agreed that location data may also be collected, these can also be processed by the web analysis tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored pseudonymized (i.e. in an unrecognizable and shortened form). For the purpose of tests, web analysis and web optimization, no direct data such as your name, your age, your address or your email address are stored in principle. All this data, if collected, is stored pseudonymized. This way you cannot be identified as a person.

The functioning of Google Analytics as an example of client-based web tracking with JavaScript code involves a multi-step process connecting website visitors, our website, and Google’s analytics infrastructure.

When a website visitor loads our website in their browser on their device, cookies are automatically stored on their device. The website then triggers JavaScript code that communicates with both Google’s servers and the cookies stored on the visitor’s device. This JavaScript communication occurs through the internet, transmitting data about the user’s interaction with our website.

On the receiving end, Google Analytics servers collect and store this data for further use within the Google Analytics account. This stored data is then processed and made available as comprehensive statistics and reports.

As website operators, we can access these statistics through the Google Analytics interface, allowing us to analyze visitor behavior, understand how our website is being used, and use these insights to optimize our web offering. This creates a complete cycle where visitor interactions are tracked, analyzed, and used to improve the overall website experience.

This process demonstrates how modern web analytics tools collect user data through embedded JavaScript code and cookies, process it remotely, and provide actionable insights back to website administrators.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website again, other cookies can store data for several years.

Duration of Data Processing

We inform you about the duration of data processing below, provided we have further information about it. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is legally required, as for example in the case of accounting, this storage period can also be exceeded.

Right of Objection

Legal Basis

The use of web analytics requires your consent, which we have obtained with our cookie popup. This consent represents according to Art. 6 para. 1 lit. a GDPR (consent) the legal basis for the processing of personal data, as can occur when collected by web analytics tools.

In addition to consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus improve our offer technically and economically. With the help of web analytics, we recognize errors of the website, can identify attacks and improve profitability. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use the tools if you have given consent.

Since cookies are used in web analytics tools, we also recommend reading our general privacy policy on cookies. To find out exactly which data from you is stored and processed, you should read through the privacy policies of the respective tools.

Information on specific web analytics tools, if available, can be found in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary

👥 Affected: Visitors to the website
🤝 Purpose: Evaluation of visitor information for optimization of the web offer.
📓 Processed data: Access statistics that contain data such as locations of access, device data, access duration and time, navigation behavior and click behavior. More details can be found below in this privacy policy.
📅 Storage duration: individually adjustable, by default Google Analytics 4 stores data for 14 months
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Analytics?

We use the analysis tracking tool Google Analytics in the version Google Analytics 4 (GA4) of the American company Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. Through the combination of different technologies such as cookies, device IDs and login information, you as a user can be identified across different devices. This allows your actions to be analyzed across platforms.

When you click a link, for example, this event is stored in a cookie and sent to Google Analytics. With the help of the reports we receive from Google Analytics, we can better adapt our website and our service to your wishes. In the following, we will go into more detail about the tracking tool and inform you above all about which data is processed and how you can prevent this.

Google Analytics is a tracking tool that is used for traffic analysis of our website. The basis of these measurements and analyses is a pseudonymous user identification number. This number does not contain personal data such as name or address, but serves to assign events to a terminal device. GA4 uses an event-based model that captures detailed information about user interactions such as page views, clicks, scrolling, conversion events. In addition, various machine learning functions have also been built into GA4 to better understand user behavior and certain trends. GA4 uses modeling with the help of machine learning functions. This means that missing data can also be extrapolated on the basis of the collected data in order to optimize the analysis and also to be able to give forecasts.

For Google Analytics to work in principle, a tracking code is built into the code of our website. When you visit our website, this code records various events that you perform on our website. With the event-based data model of GA4, we as website operators can define and track specific events to get analyses of user interactions. Thus, in addition to general information such as clicks or page views, specific events that are important for our business can also be tracked. Such special events can be, for example, the sending of a contact form or the purchase of a product.

As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports about your user behavior. These may include the following reports:

Target group reports: Through target group reports we get to know our users better and know more precisely who is interested in our service.
Display reports: Display reports make it easier for us to analyze and improve our online advertising.
Acquisition reports: Acquisition reports give us helpful information about how we can inspire more people for our service.
Behavior reports: Here we learn how you interact with our website. We can track which path you take on our site and which links you click.
Conversion reports: Conversion is a process where you perform a desired action based on a marketing message. For example, when you go from being just a website visitor to a buyer or newsletter subscriber. With the help of these reports, we learn more about how our marketing measures are received by you. This is how we want to increase our conversion rate.
Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are currently reading this text.

In addition to the analysis reports mentioned above, Google Analytics 4 also offers the following functions, among others:

Event-based data model: This model captures very specific events that can take place on our website. For example, playing a video, purchasing a product or signing up for our newsletter.
Advanced analysis functions: With these functions we can better understand your behavior on our website or certain general trends. For example, we can segment user groups, make comparative analyses of target groups or track your path on our website.
Predictive modeling: Based on collected data, missing data can be extrapolated through machine learning, which predicts future events and trends. This can help us develop better marketing strategies.
Cross-platform analysis: Data collection and analysis is possible from both websites and apps. This offers us the opportunity to analyze user behavior across platforms, provided you have naturally consented to data processing.

Why Do We Use Google Analytics on Our Website?

Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data shows us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it can be found more easily by interested people on Google. On the other hand, the data helps us to better understand you as a visitor. We therefore know exactly what we need to improve on our website to offer you the best possible service. The data also serves us to carry out our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.

What Data is Stored by Google Analytics?

Google Analytics creates a random, unique ID that is linked to your browser cookie using a tracking code. This is how Google Analytics recognizes you as a new user and you are assigned a user ID. The next time you visit our site, you will be recognized as a “returning” user. All collected data is stored together with this user ID. This is the only way to evaluate pseudonymous user profiles.

To be able to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is the default. Depending on the property used, data is stored for different lengths of time.

Through identifiers such as cookies, app instance IDs, user IDs or custom event parameters, your interactions are measured across platforms, provided you have consented. Interactions are all types of actions that you perform on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics can be linked with third-party cookies. Google does not pass on Google Analytics data unless we as website operators approve this. Exceptions may occur if it is legally required.

According to Google, no IP addresses are logged or stored in Google Analytics 4. However, Google uses the IP address data for deriving location data and deletes it immediately afterwards. All IP addresses collected from users in the EU are therefore deleted before the data is stored in a data center or on a server.

Since Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies compared to previous versions (such as Google Universal Analytics). Nevertheless, there are some specific cookies that are used by GA4. These include, for example:

Name: _ga
Value: 2.1326744211.152113025420-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it serves to distinguish website visitors.
Expiry date: after 2 years

Name: _gid
Value: 2.1687193234.152113025420-1
Purpose: The cookie also serves to distinguish website visitors
Expiry date: after 24 hours

Name: gat_gtag_UA<property-id>
Value: 1
Purpose: Used to lower the request rate. If Google Analytics is provided via Google Tag Manager, this cookie gets the name dc_gtm<property-id>.
Expiry date: after 1 minute

Note: This list cannot claim to be complete, as Google also changes their choice of cookies from time to time. The aim of GA4 is also to improve data protection. Therefore, the tool offers some options for controlling data collection. For example, we can set the storage duration ourselves and also control data collection.

Here we show you an overview of the most important types of data collected with Google Analytics:

Heatmaps: Google creates so-called heatmaps. Heatmaps show exactly those areas that you click on. This gives us information about where you are “on the move” on our site.

Session duration: Google refers to the time you spend on our site without leaving the site as session duration. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate: We speak of a bounce if you only view one page on our website and then leave our website again.

Account creation: If you create an account on our website or place an order, Google Analytics collects this data.

Location: IP addresses are not logged or stored in Google Analytics. However, shortly before the IP address is deleted, derivations for location data are used.

Technical information: Technical information includes, among other things, your browser type, your internet provider or your screen resolution.

Source of origin: Google Analytics or we are naturally also interested in which website or which advertisement brought you to our site.

Further data are contact data, any ratings, the playing of media (e.g., if you play a video via our site), the sharing of content via social media or adding to your favorites. The enumeration makes no claim to completeness and serves only for a general orientation of data storage by Google Analytics.

How Long and Where is Data Stored?

Google has distributed its servers around the world. Here you can read exactly where the Google data centers are located: https://datacenters.google/

Your data is distributed on various physical data carriers. This has the advantage that the data can be accessed more quickly and is better protected against manipulation. In every Google data center there are appropriate emergency programs for your data. If, for example, the hardware at Google fails or natural disasters paralyze servers, the risk of a service interruption at Google still remains low.

The retention period of the data depends on the properties used. The storage duration is always set individually for each individual property. Google Analytics offers us four options to control the storage duration:

2 months: this is the shortest storage duration.
14 months: by default, data remains stored at GA4 for 14 months.
26 months: you can also store the data for 26 months.
Data is only deleted when we manually delete it

In addition, there is also the option that data is only deleted when you no longer visit our website within the period of time we have chosen. In this case, the retention period is reset each time you visit our website again within the specified period.

When the specified period has expired, the data is deleted once a month. This retention period applies to your data that is linked to cookies, user recognition and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a fusion of individual data into a larger unit.

How Can I Delete My Data or Prevent Data Storage?

Under European Union data protection law, you have the right to obtain information about your data, to update, delete or restrict it. Using the browser add-on to disable Google Analytics JavaScript (analytics.js, gtag.js), you prevent Google Analytics 4 from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only deactivates data collection by Google Analytics.

If you generally want to deactivate, delete or manage cookies, you can find the corresponding links to the respective instructions of the most well-known browsers under the “Cookies” section.

Legal Basis

The use of Google Analytics requires your consent, which we have obtained with our cookie popup. This consent represents according to Art. 6 para. 1 lit. a GDPR (consent) the legal basis for the processing of personal data, as can occur when collected by web analytics tools.

In addition to consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus improve our offer technically and economically. With the help of Google Analytics, we recognize errors of the website, can identify attacks and improve profitability. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use Google Analytics if you have given consent.

Google also processes data from you in the USA, among other places. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure data transfer of personal data from EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Google uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

We hope we have been able to bring you closer to the most important information about Google Analytics data processing. If you want to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

If you want to learn more about data processing, use the Google privacy policy at https://policies.google.com/privacy?hl=de.

Data Processing Agreement (DPA) Google Analytics

We have concluded a data processing agreement (DPA) with Google within the meaning of Article 28 of the General Data Protection Regulation (GDPR). What a DPA is exactly and above all what must be included in a DPA, you can read in our general section “Data Processing Agreement (DPA)”.

This contract is legally required because Google processes personal data on our behalf. It clarifies that Google may only process data it receives from us according to our instructions and must comply with the GDPR. You can find the link to the commissioned data processing conditions at https://business.safety.google/intl/de/adsprocessorterms/

Google Analytics Reports on Demographics and Interests

We have turned on the functions for advertising reports in Google Analytics. The reports on demographics and interests contain information about age, gender and interests. This allows us – without being able to assign this data to individual persons – to get a better picture of our users. You can learn more about the advertising functions at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can end the use of the activities and information of your Google account under “Advertising Settings” at https://adssettings.google.com/authenticated by checkbox.

Google Analytics in Consent Mode

Depending on your consent, personal data from you is processed by Google Analytics in the so-called consent mode. You can choose whether you agree to Google Analytics cookies or not. This also allows you to choose which data Google Analytics may process from you. This collected data is mainly used to conduct measurements about user behavior on the website, to deliver targeted advertising and to provide us with web analysis reports. Usually you consent to data processing by Google via a cookie consent tool. If you do not consent to data processing, only aggregated data is collected and processed. This means that data cannot be assigned to individual users and thus no user profile of you is created. You can also only consent to statistical measurement. No personal data is processed and consequently not used for advertising or advertising measurement success.

Google Analytics IP Anonymization

We have implemented IP address anonymization from Google Analytics on this website. This function was developed by Google so that this website can comply with applicable data protection regulations and recommendations of local data protection authorities when they prohibit the storage of the complete IP address. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before storage or processing of the data takes place.

More information about IP anonymization can be found at https://support.google.com/analytics/answer/2763052?hl=de.

Google Site Kit Privacy Policy

Google Site Kit Privacy Policy Summary

👥 Affected: Visitors to the website
🤝 Purpose: Evaluation of visitor information for optimization of the web offer.
📓 Processed data: Access statistics that contain data such as locations of access, device data, access duration and time, navigation behavior, click behavior and IP addresses. More details can be found below and in the Google Analytics privacy policy.
📅 Storage duration: dependent on the properties used
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Google Site Kit?

We have integrated the WordPress plugin Google Site Kit from the American company Google Inc. into our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Site Kit, we can quickly and easily view statistics from various Google products such as Google Analytics directly in our WordPress dashboard. The tool or the tools integrated in Google Site Kit also collect personal data from you, among other things. In this privacy policy, we explain why we use Google Site Kit, how long and where data is stored and which other privacy texts are relevant for you in this context.

Google Site Kit is a plugin for the content management system WordPress. With this plugin, we can view important statistics for website analysis directly in our dashboard. These are statistics that are collected by other Google products. Above all by Google Analytics. In addition to Google Analytics, the services Google Search Console, Page Speed Insight, Google AdSense, Google Optimize and Google Tag Manager can also be linked with Google Site Kit.

Why Do We Use Google Site Kit on Our Website?

As a service provider, it is our task to offer you the best possible experience on our website. You should feel comfortable on our website and quickly and easily find exactly what you are looking for. Statistical evaluations help us to get to know you better and adapt our offer to your wishes and interests. For these evaluations, we use various Google tools. Site Kit makes our work much easier in this regard, because we can view and analyze the statistics of Google products directly in the dashboard. We therefore no longer have to register separately for the respective tool. Site Kit thus always provides a good overview of the most important analysis data.

What Data is Stored by Google Site Kit?

If you have actively consented to tracking tools in the cookie notice (also called script or banner), cookies are set by Google products such as Google Analytics and data from you, such as about your user behavior, is sent to Google, stored and processed there. Among other things, personal data such as your IP address is also stored.

For more detailed information about the individual services, we have separate text sections in this privacy policy. See, for example, our privacy policy on Google Analytics. Here we go into great detail about the data collected. You will learn how long Google Analytics stores, manages and processes data, which cookies can be used and how you can prevent data storage. Likewise, we also have separate privacy policies for other Google services such as Google Tag Manager or Google AdSense with comprehensive information.

Below we show you exemplary Google Analytics cookies that can be set in your browser, provided you have basically consented to data processing by Google. Please note that these cookies are only a selection:

Name: _ga
Value: 2.1326744211.152113025420-2
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. Basically, it serves to distinguish website visitors.
Expiry date: after 2 years

Name: _gid
Value: 2.1687193234.152113025420-7
Purpose: This cookie also serves to distinguish website visitors.
Expiry date: after 24 hours

Name: gat_gtag_UA<property-id>
Value: 1
Purpose: This cookie is used to lower the request rate.
Expiry date: after 1 minute

How Long and Where is Data Stored?

Google stores collected data on its own Google servers, which are distributed worldwide. Most servers are located in the United States and therefore it is easily possible that your data is also stored there. At https://datacenters.google/ you can see exactly where the company provides servers.

Data collected by Google Analytics is stored standardized for 26 months. After that, your user data is deleted. The retention period applies to all data that is linked to cookies, user recognition and advertising IDs.

How Can I Delete My Data or Prevent Data Storage?

You always have the right to receive information about your data, to delete, correct or restrict your data. In addition, you can also deactivate, delete or manage cookies in your browser at any time.

If you generally want to deactivate, delete or manage cookies, you can find the corresponding links to the respective instructions of the most well-known browsers under the “Cookies” section.

Legal Basis

The use of Google Site Kit requires your consent, which we have obtained with our cookie popup. This consent represents according to Art. 6 para. 1 lit. a GDPR (consent) the legal basis for the processing of personal data, as can occur when collected by web analytics tools.

In addition to consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus improve our offer technically and economically. With the help of Google Site Kit, we recognize errors of the website, can identify attacks and improve profitability. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use Google Site Kit if you have given consent.

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

To learn more about data processing by Google, we recommend the comprehensive privacy policy of Google at https://policies.google.com/privacy?hl=de.

E-Mail Marketing Introduction

E-Mail Marketing Summary

👥 Affected: Newsletter subscribers
🤝 Purpose: Direct advertising via email, notification of system-relevant events
📓 Processed data: Data entered during registration but at least the email address. More details can be found with the respective email marketing tool used.
📅 Storage duration: Duration of subscription
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is E-Mail Marketing?

To always keep you up to date, we also use the possibility of email marketing. If you have agreed to receive our emails or newsletters, your data will also be processed and stored. Email marketing is part of online marketing. It involves sending news or general information about a company, products or services by email to a specific group of people who are interested in it.

If you want to participate in our email marketing (usually via newsletter), you normally just have to register with your email address. To do this, you fill out an online form and send it off. However, it may also happen that we ask you for your salutation and your name, for example, so that we can also address you personally.

Basically, signing up for newsletters works with the help of the so-called “double opt-in procedure”. After you have signed up for our newsletter on our website, you will receive an email through which you confirm the newsletter registration. This ensures that the email address belongs to you and that no one has signed up with a foreign email address. We or a notification tool used by us logs every single registration. This is necessary so that we can also prove the legally correct registration process. As a rule, the time of registration, the time of registration confirmation and your IP address are stored. In addition, it is also logged when you make changes to your stored data.

Why Do We Use E-Mail Marketing?

We naturally want to stay in touch with you and present you with the most important news about our company. For this we use email marketing – often just referred to as “newsletter” – as an essential part of our online marketing. Provided you agree to this or it is legally permitted, we send you newsletters, system emails or other notifications by email. When we use the term “newsletter” in the following text, we mainly mean regularly sent emails. Of course, we do not want to bother you with our newsletter in any way. That is why we are really always striving to offer only relevant and interesting content. So you learn more about our company, our services or products, for example. Since we are also always improving our offers, you will always find out via our newsletter when there is news or we are currently offering special, lucrative promotions. If we commission a service provider who offers a professional shipping tool for our email marketing, we do this to be able to offer you fast and secure newsletters. The purpose of our email marketing is basically to inform you about new offers and also to get closer to our entrepreneurial goals.

What Data is Processed?

When you become a subscriber to our newsletter via our website, you confirm membership in an email list by email. In addition to IP address and email address, your salutation, your name, your address and your telephone number can also be stored. However, only if you agree to this data storage. The data marked as such is necessary for you to be able to participate in the offered service. The information is voluntary, but failure to provide it will result in you not being able to use the service. In addition, information about your device or your preferred content on our website may also be stored. You can find more about the storage of data when you visit a website in the “Automatic data storage” section. We record your declaration of consent so that we can always prove that this complies with our laws.

Duration of Data Processing

If you unsubscribe your email address from our email/newsletter distribution list, we may store your address for up to three years based on our legitimate interests so that we can still prove your former consent. We may only process this data if we have to defend ourselves against any claims.

However, if you confirm that you have given us consent to newsletter registration, you can submit an individual deletion request at any time. If you permanently object to the consent, we reserve the right to store your email address in a blocking list. As long as you have voluntarily subscribed to our newsletter, we will of course also keep your email address.

Right of Objection

You have the possibility to cancel your newsletter registration at any time. All you have to do is revoke your consent to newsletter registration. This normally takes only a few seconds or one or two clicks. Most of the time you will find a link at the very end of each email to cancel the newsletter subscription. If the link really cannot be found in the newsletter, please contact us by mail and we will cancel your newsletter subscription immediately.

Legal Basis

Our newsletter is sent based on your consent (Article 6 para. 1 lit. a GDPR). This means we may only send you a newsletter if you have actively registered for it beforehand. If applicable, we may also send you advertising messages if you have become our customer and have not objected to the use of your email address for direct advertising.

Information about specific email marketing services and how they process personal data can be found – if available – in the following sections.

Cookie Consent Management Platform Introduction

Cookie Consent Management Platform Summary

👥 Affected: Website visitors
🤝 Purpose: Obtaining and managing consent to certain cookies and thus the use of certain tools
📓 Processed data: Data for managing the set cookie settings such as IP address, time of consent, type of consent, individual consents. More details can be found with the respective tool used.
📅 Storage duration: Depends on the tool used, one must prepare for periods of several years
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is a Cookie Consent Management Platform?

We use Consent Management Platform (CMP) software on our website that makes it easier for us and you to handle scripts and cookies correctly and safely. The software automatically creates a cookie popup, scans and controls all scripts and cookies, offers you a data protection-legally necessary cookie consent and helps us and you keep track of all cookies. With most cookie consent management tools, all existing cookies are identified and categorized. You as a website visitor then decide yourself whether and which scripts and cookies you allow or do not allow.

The relationship between browser, web server, and Cookie Consent Management Platform demonstrates how modern cookie consent systems operate. When you visit a website, your browser requests the website content from the web server. Along with delivering the requested website content, the system also displays the cookie popup provided by the Cookie Consent Management Platform (CMP).

The CMP operates through its own dedicated server infrastructure, which regularly monitors and checks the website to ensure compliance with cookie consent requirements. This server continuously scans the website for any scripts or cookies that may be present, maintaining an up-to-date inventory of all tracking technologies in use.

Through the internet, these three components – your browser, our website’s server, and the CMP server – work together to provide you with transparent information about cookie usage. The CMP server communicates with both your browser and our web server to present you with accurate, current information about which scripts and cookies are active on the website.

This system ensures that you, as a website visitor, can make informed decisions about which scripts and cookies you want to allow or block, while the CMP continuously monitors the website to maintain compliance with data protection regulations.

Why Do We Use a Cookie Management Tool?

Our goal is to offer you the best possible transparency in the area of data protection. In addition, we are also legally obliged to do so. We want to inform you as well as possible about all tools and all cookies that can store and process data from you. It is also your right to decide for yourself which cookies you accept and which you do not. To grant you this right, we must first know exactly which cookies have landed on our website at all. Thanks to a cookie management tool, which regularly scans the website for all existing cookies, we know about all cookies and can give you GDPR-compliant information about them. Via the consent system, you can then accept or reject cookies.

What Data is Processed?

As part of our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to ask you every time you visit our website and we can also prove your consent when legally necessary. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent varies. Usually, this data (such as pseudonymous user ID, consent time, detailed information about the cookie categories or tools, browser, device information) is stored for up to two years.

Duration of Data Processing

We inform you about the duration of data processing below, provided we have further information about it. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted after leaving the website, others may be stored in your browser for several years. The exact duration of data processing depends on the tool used, mostly you should prepare for a storage period of several years. In the respective privacy policies of the individual providers, you usually receive precise information about the duration of data processing.

Right of Objection

You also have the right and the possibility to revoke your consent to the use of cookies at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.

Information about specific cookie management tools can be found – if available – in the following sections.

Legal Basis

If you consent to cookies, personal data from you is processed and stored via these cookies. If we may use cookies through your consent (Article 6 para. 1 lit. a GDPR), this consent is also the legal basis for the use of cookies or the processing of your data. To be able to manage consent to cookies and to enable you to give consent, cookie consent management platform software is used. The use of this software enables us to operate the website in an efficient way in compliance with the law, which represents a legitimate interest (Article 6 para. 1 lit. f GDPR).

Webdesign Introduction

Webdesign Privacy Policy Summary

👥 Affected: Visitors to the website
🤝 Purpose: Improvement of user experience
📓 Processed data: What data is processed depends heavily on the services used. Usually it is IP address, technical data, language settings, browser version, screen resolution and name of the browser. More details can be found with the respective webdesign tools used.
📅 Storage duration: dependent on the tools used
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is Webdesign?

We use various tools on our website that serve our webdesign. In webdesign, contrary to what is often assumed, it is not just about making our website look pretty, but also about functionality and performance. But of course, the appropriate appearance of a website is also one of the big goals of professional webdesign. Webdesign is a sub-area of media design and deals with both the visual and the structural and functional design of a website. The goal is to improve your experience on our website with the help of webdesign. In webdesign jargon, this is referred to as user experience (UX) and usability. User experience refers to all impressions and experiences that the website visitor experiences on a website. A sub-point of user experience is usability. This is about the user-friendliness of a website. Value is placed here above all on the fact that content, subpages or products are clearly structured and you can easily and quickly find what you are looking for. To offer you the best possible experience on our website, we also use so-called webdesign tools from third-party providers. The category “Webdesign” in this privacy policy therefore includes all services that improve our website design. These can be, for example, fonts, various plugins or other integrated webdesign functions.

Why Do We Use Webdesign Tools?

How you absorb information on a website depends very much on the structure, functionality and visual perception of the website. Therefore, good and professional webdesign has also become increasingly important for us. We are constantly working on improving our website and also see this as an extended service for you as a website visitor. Furthermore, a beautiful and functioning website also has economic advantages for us. After all, you will only visit us and use our offers if you feel completely comfortable.

What Data is Stored by Webdesign Tools?

When you visit our website, webdesign elements may be embedded in our pages that can also process data. What data this is exactly depends of course on the tools used. Below you can see exactly which tools we use for our website. We recommend that you also read through the respective privacy policy of the tools used for more detailed information about data processing. Most of the time you will find out there what data is processed, whether cookies are used and how long the data is kept. For example, fonts such as Google Fonts automatically also transmit information such as language settings, IP address, version of the browser, screen resolution of the browser and name of the browser to the Google servers.

Duration of Data Processing

How long data is processed is very individual and depends on the webdesign elements used. If cookies are used, for example, the retention period can be only a minute, but can also last a few years. Please inform yourself about this. For this we recommend on the one hand our general text section about cookies as well as the privacy policies of the tools used. There you will usually find out which cookies are used exactly and which information is stored in them. Google font files, for example, are stored for one year. This is to improve the loading time of a website. Basically, data is only kept for as long as is necessary for the provision of the service. In the case of legal requirements, data may also be stored longer.

Right of Objection

You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. You can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser. Among webdesign elements (mostly with fonts), however, there is also data that cannot be deleted quite so easily. This is the case when data is automatically collected directly when a page is called up and transmitted to a third-party provider (such as Google). Please then contact the support of the respective provider. In the case of Google, you can reach the support at https://support.google.com/?hl=de.

Legal Basis

If you have consented to webdesign tools being used, the legal basis for the corresponding data processing is this consent. This consent represents according to Art. 6 para. 1 lit. a GDPR (consent) the legal basis for the processing of personal data, as can occur when collected by webdesign tools.

On our part, there is also a legitimate interest in improving the webdesign on our website. After all, we can only provide you with a beautiful and professional web offer if we do so. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use webdesign tools if you have given consent. We definitely want to emphasize this here again.

Information about specific webdesign tools can be found – if available – in the following sections.

Google Fonts Local Privacy Policy

On our website we use Google Fonts from the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible. We have integrated the Google fonts locally, i.e. on our web server – not on Google’s servers. This means there is no connection to Google servers and therefore no data transmission or storage.

What are Google Fonts?

In the past, Google Fonts was also called Google Web Fonts. This is an interactive directory with over 800 fonts that Google provides free of charge. With Google Fonts, one could use fonts without uploading them to one’s own server. But to prevent any information transfer to Google servers in this regard, we have downloaded the fonts to our server. In this way we act in accordance with data protection and do not send any data to Google Fonts.

Online Booking Systems Introduction

Online Booking Systems Privacy Policy Summary

👥 Affected: Visitors to the website
🤝 Purpose: Improvement of user experience and organization
📓 Processed data: What data is processed depends heavily on the services used. Usually it is IP address, contact and payment data and/or technical data. More details can be found with the respective tools used.
📅 Storage duration: dependent on the tools used
⚖️ Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is an Online Booking System?

So that you can make bookings via our website, we use one or more booking systems. Appointments, for example, can be created online very easily. A booking system is a software application integrated into our website that displays available resources (such as free appointments) and through which you can book directly online and usually also pay. You probably already know such booking systems from gastronomy or the hotel industry. Meanwhile, such systems are used in the most diverse industries. Booking systems can be used both internally for us and for customers like you, depending on the tool and settings. Personal data from you is usually also collected and stored in the process.

Usually the booking works as follows: You find the booking system on our website, in which you can book an appointment for a service directly by mouse click and providing your data and usually also pay for it immediately. It may be that you can enter various information about your person via a form. Please be aware that all data you enter can be stored and managed in a database.

Why Do We Use an Online Booking System?

We understand our website in a certain way also as a free service for you. You should receive helpful information and feel completely comfortable on our site. This also includes an online service that makes booking appointments or services as easy as possible for you. Gone are the days when you had to wait for days for a booking confirmation via telephone or email in a cumbersome way. With an online booking system, you have everything done after a few clicks and can take care of other things again. The system also makes it easier for us to manage all bookings and appointments. Therefore, we consider such a booking system to be absolutely sensible for both you and us.

What Data is Processed?

What data exactly is processed, we cannot tell you in this general information text about booking systems, of course. This always depends on the tool used and the functions and possibilities contained therein. Many booking systems offer not only the conventional booking function but also a range of other features. For example, many systems also have an external online payment system (e.g. from Stripe, Klarna or Paypal) and a calendar synchronization function integrated. Accordingly, different and different amounts of data can be processed depending on the functions. Usually, data such as IP address, name and contact data, technical information about your device and time of booking are processed. If you also make a payment in the system, bank data such as account number, credit card number, passwords, TANs etc. are also stored and passed on to the respective payment provider. We recommend that you read through the respective privacy policy of the tool used carefully so that you know which data is specifically processed from you.

Duration of Data Processing

Each booking system stores data for different lengths of time. Therefore, we cannot yet give concrete information about the duration of data processing here. Basically, however, personal data is always only stored for as long as is absolutely necessary for the provision of services. Booking systems usually also use cookies, which store information for different lengths of time. Some cookies are deleted immediately after leaving the site, others can be stored for several years. You can learn more about this in our “Cookies” section. Please also look at the respective privacy policies of the providers. This should explain how long your data is stored in the specific case.

Right of Objection

If you have consented to data processing by a booking system, you naturally also always have the possibility and the right to revoke this consent. So please always be aware that you have rights regarding your personal data and you can also exercise these rights at any time. If you do not want personal data to be processed, then no personal data may be processed. It’s that simple. The easiest way to revoke data processing is via a cookie consent tool or via other opt-out functions offered. You can also manage data storage through cookies directly in your browser, for example. The legality of data management remains unaffected until your revocation.

Legal Basis

If you have consented to booking systems being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent), it represents the legal basis for the processing of personal data, as can occur through booking systems.

Furthermore, we also have a legitimate interest in using booking systems because on the one hand we expand our customer service and on the other hand we optimize our internal booking organization. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use the tools if you have given consent. We definitely want to have this recorded here again.

Information about specific booking systems can be found – if available – in the following sections.

Use of Third-Party Tools and Services

Microsoft Bookings

We use Microsoft Bookings, a service provided as part of Microsoft 365 by Microsoft Ireland Operations Limited, to allow website visitors to schedule appointments directly online.

When you book an appointment via the embedded booking form, we process personal data such as your name, email address, and any information you provide during the booking process for the sole purpose of managing and confirming the appointment.

Legal basis: Article 6(1)(b) GDPR – performance of a contract or pre-contractual measures.

Data processing: The data is processed under a Data Processing Agreement (DPA) with Microsoft in accordance with Article 28 GDPR.

International data transfers: Data may be transferred to third countries (e.g., the United States). Microsoft ensures GDPR compliance through EU Standard Contractual Clauses (SCCs).

More information:

https://privacy.microsoft.com/en-us/privacystatement

Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, to better understand how visitors use our website and improve the user experience.

Google Analytics uses cookies to collect information such as your IP address, device information, browser type, and interactions with our website. IP anonymization is enabled, meaning that your IP address is shortened before being transmitted to Google.

Cookies are small text files stored on your device when you visit a website. Some cookies might be essential for the site to function properly, while others are used for marketing or tracking purposes.

Legal basis: Article 6(1)(a) GDPR – consent (via cookie banner)

Data processing: We have entered into a Data Processing Agreement with Google.

International data transfers: Google uses Standard Contractual Clauses to ensure GDPR-compliant transfers of personal data to the United States.

You can withdraw your consent at any time via our cookie settings.

More information:

https://policies.google.com/privacy

ActiveCampaign

We use ActiveCampaign, an email marketing and automation platform provided by ActiveCampaign LLC (USA), to manage newsletter subscriptions and marketing communications.

When you subscribe to our newsletter, we process your email address and any further optional data you provide. This data is stored and processed on ActiveCampaign’s servers. You may withdraw your consent to use your provided data at any time.

Legal basis: Article 6(1)(a) GDPR – consent

Data processing: A Data Processing Agreement has been concluded with ActiveCampaign in accordance with Article 28 GDPR.

International data transfers: Data may be processed in the USA under EU Standard Contractual Clauses.

More information:

https://www.activecampaign.com/legal/privacy-policy

Server Log Files

To optimize this website in terms of system performance, user-friendliness, and the provision of useful information about our services, the website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes your Internet Protocol address (IP address), browser and language settings, operating system, referrer URL, your internet service provider, and date/time. This data is not merged with other personal data sources. The log files are automatically deleted by our provider after 2 weeks.

Explanation of Terms Used

We are always striving to make our privacy policy as clear and understandable as possible. Especially with technical and legal topics, this is not always quite easy, however. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). We do not want to use these without explanation, however. Below you will find an alphabetical list of important terms used that we may not have sufficiently addressed in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also cite the GDPR texts here and add our own explanations if necessary.

Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: We as a company and website owner are responsible for all data that we process from you. In addition to those responsible, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. Processors can therefore be service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft, in addition to service providers.

Consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

“consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: Usually such consent on websites takes place via a cookie consent tool. You certainly know this. Whenever you first visit a website, you are usually asked via a banner whether you agree or consent to data processing. Usually you can also make individual settings and thus decide for yourself which data processing you allow and which not. If you do not consent, no personal data from you may be processed. Basically, consent can of course also be given in writing, i.e. not via a tool.

Personal Data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

“personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is therefore all data that can identify you as a person. These are usually data such as:

Name
Address
Email address
Postal address
Telephone number
Date of birth
Identification numbers such as social security number, tax identification number, identity card number or matriculation number
Bank data such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address also counts as personal data. IT experts can determine at least the approximate location of your device and subsequently you as the connection holder based on your IP address. Therefore, storing an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called “special categories” of personal data, which are also particularly worthy of protection. These include:

racial and ethnic origin
political opinions
religious or philosophical beliefs
trade union membership
genetic data such as data taken from blood or saliva samples
biometric data (this is information about psychological, physical or behavioral characteristics that can identify a person).
Health data
Data on sexual orientation or sex life

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Explanation: In profiling, various information about a person is collected in order to learn more about this person. In the web area, profiling is often used for advertising purposes or also for credit checks. Web or advertising analysis programs collect data about your behavior and your interests on a website, for example. This results in a special user profile with the help of which advertising can be played out specifically to a target group.

Controller

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for the processing of your personal data and consequently the “controller”. If we pass on collected data to other service providers for processing, these are “processors”. For this, a “data processing agreement (DPA)” must be signed.

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we speak of processing in our privacy policy, we mean any kind of data processing. This includes, as mentioned in the original GDPR explanation above, not only the collection but also the storage and processing of data.

All texts are protected by copyright.

Source: Privacy policy created with the Privacy Generator for Austria by AdSimple