Privacy Policy

Privacy Policy
 

Introduction and overview

 

We provide you with comprehensive information about the data we process about you.

 

Privacy policies often sound overly technical and are filled with legal jargon. This Privacy Policy, however, is designed to explain the most important aspects to you as simply and transparently as possible. Where helpful, we explain technical terms in a reader-friendly way, provide links to additional resources, and may even include illustrations.

We aim to clearly and understandably inform you that we only process personal data in the course of our business activities when a valid legal basis exists. We believe transparency is not achieved through brief, vague, and overly legalistic language – the kind you often find in standard online privacy notices.

I hope you find the following explanations both helpful and informative — and perhaps you’ll even learn something new.

​

If you still have questions, please feel free to contact the responsible person listed below or in our imprint. You can also follow the links provided or consult third-party sources for more information. Our full contact details can be found in the imprint / legal notice.

​

Scope of this privacy policy

​

This Privacy Policy applies to all personal data processed by our company and to all personal data processed by companies commissioned by us (processors).
By personal data, we mean information as defined in Article 4(1) of the GDPR, such as a person’s name, email address, or postal address.

The processing of personal data enables us to offer and bill for our services and products – both online and offline.

This Privacy Policy covers the following:

​

• all online platforms we operate (such as websites and online shops)

• our social media profiles and email communications

• mobile apps for smartphones and other devices

In short: This Privacy Policy applies to all areas in which personal data is processed in a structured manner within our company via the channels mentioned above.
If we enter into legal relationships with you outside of these channels, we will inform you separately where necessary.

​

Legal Bases for Data Processing

In the following Privacy Policy, we provide transparent information about the legal principles and provisions – that is, the legal bases under the General Data Protection Regulation (GDPR) – which allow us to process personal data.

Regulation - 2016/679 - EN - gdpr - EUR-Lex

 

We only process your data if at least one of the following conditions is met:

1. Consent (Article 6(1)(a) GDPR):
   You have given us your consent to process data for a specific purpose.
   Example: the storage of data you enter into a contact form.

2. Contract (Article 6(1)(b) GDPR):
   We process your data in order to fulfill a contract or pre-contractual obligations with you.
   Example: if you enter into a purchase agreement with us, we require personal data in advance.

3. Legal Obligation (Article 6(1)(c) GDPR):
   We process your data if we are subject to a legal obligation.
   Example: we are legally required to retain invoices for accounting purposes, which usually contain personal data.

4. Legitimate Interests (Article 6(1)(f) GDPR):
   In cases where we have legitimate interests that do not override your fundamental rights and freedoms, we reserve the right to process personal data.
   Example: we may need to process certain data to operate our website securely and efficiently — this constitutes a legitimate interest.

Other conditions such as the recording in the public interest, the exercise of official authority, or the protection of vital interests generally do not apply to us. Should such a legal basis nevertheless be relevant in individual cases, it will be indicated at the appropriate point.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act concerning the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act), abbreviated as DSG.

• In Germany, the Federal Data Protection Act (BDSG) applies.

If additional regional or national laws are applicable, we will inform you about them in the following sections.

​

Contact Details of the Data Controller

If you have any questions regarding data protection or the processing of personal data, you will find the contact details of the data controller below, in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR):
Steinböck Consulting
Robert Steinböck, MBA
Moosweg 13, 5321 Koppl/Salzburg, Österreich

Imprint: https://www.steinboeck-consulting.com/impressum/

​

Storage Duration

We only retain personal data for as long as is absolutely necessary for the provision of our services and products. This is a general principle we adhere to. This means that we delete personal data as soon as the purpose for processing no longer exists. In some cases, we are legally required to retain certain data even after the original purpose has ceased to apply — for example, for accounting purposes.

If you request the deletion of your data or withdraw your consent to data processing, the data will be deleted as soon as possible, provided there is no legal obligation to retain it.If you request the deletion of your data or withdraw your consent to data processing, the data will be deleted as soon as possible, provided there is no legal obligation to retain it.

You will find information below on the specific duration of individual data processing operations, if we have further details on this.

​

​

Rights under the General Data Protection Regulation (GDPR)

​

In accordance with Articles 13 and 14 of the GDPR, we inform you of the following rights to ensure fair and transparent processing of your data:

• According to Article 15 of the GDPR, you have the right to obtain confirmation as to whether we are processing your personal data. If this is the case, you have the right to receive a copy of the data and to be informed of the following details:

  • the purposes for which we process the data;

  • the categories, i.e., types of personal data being processed;

  • the recipients of the data and, if data is transferred to third countries, how the security of this transfer is ensured;

  • the duration for which the data will be stored;

  • the existence of the right to rectification, erasure, restriction of processing, and the right to object to the processing;

  • that you have the right to lodge a complaint with a supervisory authority (you will find links to these authorities further below);

  • the source of the data, if it was not collected directly from you;

  • whether profiling is carried out — that is, whether data is automatically analyzed to create a personal profile about you.

• According to Article 16 of the GDPR, you have the right to rectification, which means we must correct any inaccurate personal data concerning you.

• According to Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which means you may request the deletion of your personal data.

• According to Article 18 of the GDPR, you have the right to restriction of processing, which means we may only store your data but not use it further.

• According to Article 20 of the GDPR, you have the right to data portability, which means we must provide you with your data in a commonly used format upon request.

• According to Article 21 of the GDPR, you have the right to object to processing, which, if exercised, may lead to changes in how your data is processed.

  • If the processing of your data is based on Article 6(1)(e) (public interest or exercise of official authority) or Article 6(1)(f) (legitimate interests), you may object to such processing. We will then evaluate as quickly as possible whether we are legally permitted or obliged to comply with your objection.

  • If data is being used for direct marketing purposes, you may object to this form of processing at any time. In that case, we may no longer use your data for direct marketing.

  • If data is used for profiling purposes, you may object to this type of data processing at any time. We may then no longer use your data for profiling.

• According to Article 22 of the GDPR, you also have the right, under certain circumstances, not to be subject to a decision based solely on automated processing (such as profiling).

• According to Article 77 of the GDPR, you have the right to lodge a complaint. This means you may contact a data protection authority at any time if you believe the processing of your personal data violates the GDPR.

In short: You have rights — don’t hesitate to contact the data controller listed above!

If you believe that the processing of your data violates data protection laws or that your data protection rights have been infringed in any other way, you may lodge a complaint with a supervisory authority. In Austria, this is the Data Protection Authority (Datenschutzbehörde), whose website you can find at https://data-protection-authority.gv.at/.
In Germany, each federal state has its own data protection officer. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
The following local data protection authority is responsible for our company:

​

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Wherever possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible — within our means — for third parties to infer personal information from our data.

Article 25 of the GDPR refers to “data protection by design and by default,” meaning that security should always be considered and implemented — whether in software (e.g. forms) or hardware (e.g. access to the server room). Below, we may provide further details on specific measures, if necessary.

TLS Encryption with HTTPS

TLS, encryption, and HTTPS may sound very technical — and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to securely transmit data over the internet. You can recognize the use of this data transmission security by the small lock icon at the top left of the browser, to the left of the internet address (e.g., examplepage.com), and the use of the https scheme (instead of http) as part of our web address. If you want to learn more about encryption, we recommend searching on Google for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.

​

Communication

Communication Summary
👥 affected parties: Everyone who communicates with us via phone, email, or online form
📓 VProcessed data: For example, phone number, name, email address, data entered in forms. More details can be found for each respective contact method
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Storage duration: Duration of the business case and according to legal requirements
⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Contract), Art. 6(1)(f) GDPR (Legitimate interests)

When you contact us and communicate via phone, email, or online form, personal data may be processed.

The data is processed for handling and processing your inquiry and the related business transaction. The data is stored only as long as necessary or as required by law.

 

Affected persons

All individuals who contact us via the communication channels we provide are affected by these processes.

 

Telephone

When you call us, call data is pseudonymously stored on the respective device and by the telecommunications provider used. Additionally, data such as name and phone number may be sent via email afterward and stored to respond to your inquiry. The data will be deleted once the business case is completed and legal requirements allow it.

​

Email

If you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data will be stored on the email server. The data will be deleted once the business case is completed and legal requirements allow it.

 

Online Forms

If you communicate with us using an online form, data will be stored on our web server and, if applicable, forwarded to one of our email addresses. The data will be deleted once the business case is completed and legal requirements allow it.

 

Legal Basis

The processing of data is based on the following legal grounds:

• Art. 6(1)(a) GDPR (Consent): You give us consent to store your data and further use it for purposes related to the business case;

• Art. 6(1)(b) GDPR (Contract): Processing is necessary for the performance of a contract with you or a processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;

• Art. 6(1)(f) GDPR (Legitimate interests): We aim to handle customer inquiries and business communication professionally. This requires certain technical facilities, such as email programs, Exchange servers, and mobile network operators, to efficiently manage communication.

 

Cookies

Cookies Summary
👥 Affected parties: Visitors to the website
🤝 Purpose: Depends on the specific cookie. More details can be found below or from the software provider setting the cookie.
📓 Processed data: Depends on the specific cookie. More details can be found below or from the software provider setting the cookie.
📅 Storage duration: Depends on the specific cookie, can range from hours to years
⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests)

 

What are Cookies?

Our website uses HTTP cookies to store user-specific data.Below, we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are really useful helpers. Almost all websites use cookies. More specifically, these are HTTP cookies, since there are other types of cookies for different applications. HTTP cookies are small files stored by our website on your computer. These cookie files are automatically placed in the cookie folder, which is basically the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

​

Cookies store certain user data from you, such as language or personal site settings. When you revisit our site, your browser sends the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are accustomed to. In some browsers, each cookie is stored in its own file; in others, like Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be assessed individually, as each cookie stores different data. The expiration time of a cookie also varies—from a few minutes up to several years. Cookies are not software programs and do not contain viruses, trojans, or other “malware.” Cookies also cannot access information on your PC.

​

For example, cookie data might look like this::

name: _ga
value: GA1.2.1326744211.152112997512-9
purpose: Distinguishing website visitors

Expiration date: after 2 years

A browser should support at least the following minimum sizes:

• At least 4096 bytes per cookie

• At least 50 cookies per domain

• At least 3000 cookies in total

​

What types of cookies are there?

The question of which specific cookies we use depends on the services employed and will be clarified in the following sections of the privacy policy. At this point, we want to briefly explain the different types of HTTP cookies.

There are 4 types of cookies:

Essential cookies

These cookies are necessary to ensure the basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing other pages and only later proceeds to checkout. Thanks to these cookies, the shopping cart is not deleted, even if the user closes their browser window.

Functional cookies

These cookies collect information about user behavior and whether the user encounters any error messages. Additionally, these cookies are used to measure loading times and the website’s behavior across different browsers.

Targeting cookies

These cookies collect information about user behavior and whether the user encounters any error messages. Additionally, these cookies are used to measure loading times and the website’s behavior across different browsers.

Advertising Cookies

These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very useful but also quite annoying.

Usually, when you visit a website for the first time, you are asked which types of cookies you want to allow. And of course, this decision is also stored in a cookie.

If you want to learn more about cookies and don’t shy away from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments by the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism.

​

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. More details can be found below or from the software provider that sets the cookie.

​

What data is processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but within the scope of the following privacy policy, we will inform you about the data processed or stored.

​

Storage duration of cookies

The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.​

You also have control over the storage duration. You can manually delete all cookies at any time via your browser (see also below under “Right to Object”). Furthermore, cookies based on consent will be deleted at the latest after you revoke your consent, although the lawfulness of the storage until that time remains unaffected.

​

Right to object – how can I delete cookies?

Whether and how you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or partially allow cookies. For example, you can block third-party cookies while allowing all other cookies.

If you want to find out which cookies are stored in your browser or want to change or delete cookie settings, you can find this in your browser settings:

​

If you want to find out which cookies are stored in your browser or want to change or delete cookie settings, you can find this in your browser settings:

​

Delete, allow and manage cookies in Chrome - Computer - Google Chrome Help

Löschen von Cookies in Safari auf dem Mac - Apple Support (AT)

Clear cookies and site data in Firefox | Firefox Help

Manage cookies in Microsoft Edge: View, allow, block, delete and use - Microsoft Support

​

If you generally do not want any cookies, you can set your browser to always notify you whenever a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. It’s best to search on Google for instructions using terms like “delete cookies Chrome” or “disable cookies Chrome” if you are using the Chrome browser.

​

​

Legal Basis

Since 2009, there have been the so-called “Cookie Directives.” These state that storing cookies requires your consent (Article 6(1)(a) GDPR). However, within the EU countries, reactions to these directives vary significantly. In Austria, this directive was implemented in § 165(3) of the Telecommunications Act (2021). In Germany, the Cookie Directives were not implemented as national law. Instead, they were largely implemented in § 15(3) of the Telemedia Act (TMG), which was replaced in May 2024 by the Digital Services Act (DDG).

​

For strictly necessary cookies, even if no consent is given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide website visitors with a pleasant user experience, and certain cookies are often absolutely necessary for this.

​

SIf cookies that are not strictly necessary are used, this only happens with your consent. The legal basis for this is Article 6(1)(a) GDPR.

​

In the following sections, you will be informed in more detail about the use of cookies, provided that the software used sets cookies.

​

Web Hosting Introduction

Web Hosting Summary
👥 Affected parties: Visitors to the website
🤝 Purpose: Professional hosting of the website and ensuring operational security
📓 Processed data: IP address, time of website visit, browser used, and other data. More details can be found below or from the respective web hosting provider.
📅 Storage duration: Depends on the respective provider, but usually around 2 weeks
⚖️ Legal basis: Art. 6(1)(f) GDPR (Legitimate interests)

​

What is Web Hosting?

When you visit websites nowadays, certain information—including personal data—is automatically generated and stored, including on this website. This data should be processed as sparingly as possible and only for justified reasons.

By “website,” we mean the entirety of all web pages under one domain—that is, everything from the homepage to the very last subpage (like this one). By “domain,” we mean, for example, beispiel.de or musterbeispiel.com.

When you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably recognize some browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We will simply call them browsers or web browsers here.

To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complicated and demanding task, which is why it is usually handled by professional providers. These providers offer web hosting and ensure reliable and error-free storage of website data.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.

​

Why do we process personal data?

The purposes of data processing are:

​

1. Professional hosting of the website and ensuring operational security

2. Maintaining operational and IT security

3. Anonymous analysis of access behavior to improve our offerings and, if necessary, for law enforcement or assertion of claims

​

Which data is processed?

Even while you are visiting our website right now, our web server — the computer where this website is stored — usually automatically saves data such as:

• The full internet address (URL) of the accessed webpage

• Browser and browser version (e.g., Chrome 87)

• The operating system used (e.g., Windows 10)

• The address (URL) of the previously visited page (referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen/

• The hostname and IP address of the device from which the access is made (e.g., COMPUTERNAME and 194.23.43.121)

• Date and time

• All this data is stored in files called web server log files.

​

How long is data stored?

As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not share this data; however, we cannot exclude that authorities may access this data in cases of unlawful behavior. In short: Your visit is logged by our provider (the company that runs our website on special computers—servers), but we do not share your data without your consent!

​

Legal basis

The lawfulness of processing personal data in the context of web hosting is based on Article 6(1)(f) GDPR (legitimate interests), since using professional hosting with a provider is necessary to present the company securely and user-friendly on the internet, and to be able to pursue potential attacks and claims.

Usually, there is a contract between us and the hosting provider for commissioned data processing according to Article 28 GDPR, which ensures compliance with data protection and guarantees data security.

​

​

Website Builder Systems Introduction

Website Builder Systems Privacy Policy Summary

👥 Affected parties: Visitors to the website

🤝 Purpose: Optimization of our service offering
📓 Processed data: Data such as technical usage information including browser activity, clickstream activities, session heatmaps, as well as contact data, IP address, or your geographic location. More details can be found below in this privacy policy and in the providers’ privacy policies.
📅 Storage duration: Depends on the provider
⚖️ Legal basis: Art. 6(1)(f) GDPR (Legitimate interests), Art. 6(1)(a) GDPR (Consent)

​

What are Website Builder Systems?

We use a website builder system for our website. Website builders are a specific type of content management system (CMS). With a website builder, website operators can easily create a website without any programming knowledge. In many cases, web hosting providers also offer such systems. By using a website builder, personal data may also be collected, stored, and processed. In this privacy notice, we provide you with general information about data processing by website builders. For more detailed information, please refer to the provider’s privacy policy.

​

Why Do We Use Website Builder Systems for Our Website?

The biggest advantage of a website builder system is its ease of use. We want to offer you a clear, simple, and well-structured website that we can manage and maintain ourselves—without the need for external support. A website builder provides many helpful features that we can use even without programming knowledge. This allows us to design our web presence according to our preferences and provide you with an informative and enjoyable experience on our website.

​

What data is stored by a Website Builder System?

Exactly which data is stored depends, of course, on the website builder system used. Each provider processes and collects different data from the website visitor. As a rule, however, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider and the date of your website visit are collected. Tracking data (e.g. browser activity, clickstream activity, session heatmaps, etc.) may also be processed. Personal data may also be collected and stored. This usually involves contact data such as email address, telephone number (if you have provided this), IP address and geographical location data. You can find out exactly which data is stored in the provider's privacy policy.

​

How long and where is the data stored?

We will inform you further below about the duration of data processing in connection with the website builder system used, provided we have further information on this. You can find detailed information about this in the provider's privacy policy. In general, we only process personal data for as long as it is absolutely necessary for the provision of our services and products. It is possible that the provider stores your data according to their own policies, over which we have no influence.

​

Right to Object

You always have the right to access, rectify, and delete your personal data. If you have any questions, you can also contact the responsible parties of the website builder system used at any time. You can find the contact details either in our privacy policy or on the website of the respective provider.Cookies that providers use for their functions can be deleted, deactivated, or managed in your browser. Depending on which browser you use, this works in different ways. However, please note that certain functions may no longer work as usual afterward.

​

Legal Basis

WWe have a legitimate interest in using a website builder system in order to optimize our online service and present it to you efficiently and in a user-friendly manner. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). However, we only use the builder system if you have given your consent.

Insofar as data processing is not absolutely necessary for the operation of the website, the data is processed solely on the basis of your consent. This particularly concerns tracking activities. The legal basis in this case is Art. 6 para. 1 lit. a GDPR.

With this privacy policy, we have provided you with the most important general information about data processing. If you would like more detailed information, you can find further details – if available – in the following section or in the provider's privacy policy.

​

Chatbots Introduction

Chatbots Privacy Policy Summary

 

👥 Data Subjects: Visitors of the website
🤝 Purpose: Responding to contact inquiries and general communication between us and you
📓 Processed Data: Data such as name, address, email address, phone number, general content data, and, if applicable, IP address. More details can be found in the respective tools used.
📅 Storage Duration: Depends on the chatbots & chat functions used
⚖️ Legal Bases: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests), Art. 6 para. 1 sentence 1 lit. b GDPR (Contractual or pre-contractual obligations)

​

What are Chatbots?

You can also communicate with us via chatbots or similar chat functions. A chat offers the possibility to write or speak with only minimal delay. A chatbot is software that tries to answer your questions and, if applicable, informs you about news. By using these communication tools, personal data about you may also be processed and stored.

​

Why do we use Chatbots?

Communication options with you are important to us. After all, we want to talk to you and answer all possible questions about our service as best as possible. Well-functioning communication is an important part of our service. Chatbots have the great advantage that we can automatically answer frequently asked questions with the help of this software. This saves us time, and you still receive detailed and helpful answers. If the chatbot cannot help further, you naturally always have the option to contact us personally.

Please note that when using our integrated elements, data about you may also be processed outside the European Union, as many providers are American companies. As a result, you may find it more difficult to assert or enforce your rights regarding your personal data.

​

Which data is processed?

It may happen that you also use the chat services on other websites/platforms. In this case, your user ID will also be stored on the servers of these websites. We may also be informed about which user used the chat at which time. The chat contents are also stored. Which data exactly is stored depends on the respective service. Usually, this includes contact data such as email address or phone number, IP address, and various usage data.

If you have consented to the use of the chat function, this consent along with any possible registration will also be stored or logged. We do this to be able to provide proof of the registration or consent if legally required.

The provider of a chat platform may also learn when you chat and receive technical information about your device. Which information is stored and processed also depends on your PC settings. In many cases, data about your approximate location may be collected. This is done partly to optimize the chat services and partly to ensure greater security. Furthermore, the information may also be used to implement personalized advertising and marketing measures.

If you have consented to receive messages from a chatbot, you can of course deactivate this activation at any time. The chatbot also serves as a helper and will show you how to unsubscribe from this function. All your related data will then be deleted from the recipient directory.

The data mentioned above are used, for example, to personally address you via chat, to answer your questions and inquiries, or to send you possible content. Additionally, we can use this data to generally improve our chat services.

​​

How long are data stored?

The duration of data processing and storage primarily depends on the tools we use. Further below, you will find more information about the data processing of each tool. The privacy policies of the providers usually specify exactly which data is stored and processed and for how long. Basically, personal data is only processed as long as necessary to provide our services. When data is stored in cookies, the storage duration varies greatly. Data can be deleted immediately after leaving a website but can also remain stored for several years. Therefore, you should review each cookie in detail if you want to know more about data storage. Usually, the privacy policies of the individual providers contain informative details about each cookie.

​

Right to Object

You have the right and the possibility at any time to withdraw your consent to the use of cookies or third-party services. This can be done either via our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Since cookies may be used by chat services, we also recommend reading our general privacy policy regarding cookies. To learn exactly which data about you is stored and processed, you should read the privacy policies of the respective tools.

​

Legal Basis

We request your permission via a popup window to process data within the scope of the chat services. If you consent, this consent also serves as the legal basis (Art. 6 para. 1 lit. a GDPR) for data processing. Additionally, we process your inquiries and manage your data within the framework of contractual or pre-contractual relationships to fulfill our contractual and pre-contractual obligations or to answer requests. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR. In general, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in quick and good communication with you or other customers and business partners. However, we only use these tools if you have given consent.

​

Explanation of Terms Used

We always strive to write our privacy policy as clearly and understandably as possible. However, this is not always easy, especially when dealing with technical and legal topics. It often makes sense to use legal terms (such as personal data) or specific technical expressions (such as cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used that we may not have sufficiently addressed in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also provide the relevant GDPR texts here and, if necessary, add our own explanations.

​

Processor (Data Processor)

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: We, as a company and website owner, are responsible for all data we process from you. Besides the controllers, there can also be so-called processors. This includes any company or person who processes personal data on our behalf. Processors can therefore be, in addition to service providers like tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

​

Consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: On websites, such consent is usually obtained via a cookie consent tool. You’re probably familiar with it. Whenever you visit a website for the first time, you are typically asked via a banner whether you agree to the data processing or give your consent. Usually, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not give consent, no personal data may be processed. In principle, consent can also be given in writing, i.e., not only via a tool.

​

Personal Data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data are therefore all those data by which you as a person can be identified. These are usually data such as:

• name

• adress

• Email adress

• postal adress

• telephone number 

• date of birth

• Bank details such as account number, credit information, account balances, and much more.

According to the European Court of Justice (CJEU), your IP address also counts as personal data. IT experts can determine at least the approximate location of your device and, subsequently, you as the subscriber based on your IP address. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called “special categories” of personal data that are particularly sensitive and deserve extra protection. These include:

• racial and ethnic origin

• political opinions

• religious or philosophical beliefs

• trade union membership

• genetic data, such as data derived from blood or saliva samples

• biometric data (information about psychological, physical, or behavioral characteristics that can identify a person)

• health data

• data concerning sexual orientation or sexual life

​

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

Explanation: Profiling involves collecting various pieces of information about a person to learn more about them. In the web context, profiling is often used for advertising purposes or credit checks. Web and advertising analytics programs, for example, collect data about your behavior and interests on a website. From this, a specific user profile is created that helps deliver targeted advertising to a specific audience.

 

Controller

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for processing your personal data and are therefore the “controller.” If we pass collected data to other service providers for processing, these are “processors.” A data processing agreement (DPA) must be signed with them.

 

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we refer to processing in our privacy policy, we mean any kind of data processing. As mentioned above in the original GDPR definition, this includes not only the collection but also the storage and processing of data.

​

All texts are copyright protected.

​

Source: Privacy Policy created with the Data Protection Generator for Austria by AdSimple