imprint

Introduction and Overview

We have prepared this privacy policy (version 11.09.2025-123054147) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as "data") we, as data controllers – and the data processors we have engaged (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important aspects as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible if one provides the briefest, unclear, and overly technical legal explanations that are often standard practice on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps you will find some information that you were not yet aware of.
If you still have questions, please contact the responsible party named below or in the legal notice, follow the provided links, and consult further information on third-party websites. Our contact details can, of course, also be found in the legal notice.

scope

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (contract processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, email address, and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• Social media presence and email communication
• mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas where personal data is processed in a structured manner within the company via the aforementioned channels. Should we enter into a legal relationship with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following privacy statement, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General
Data Protection Regulation (GDPR), that allow us to process personal data. With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679 .

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data from a contact form.
2. Contract (Article 6 paragraph 1 lit. b GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we need personal information beforehand.
3. Legal obligation (Article 6 paragraph 1 lit. c GDPR): We process your data when we are subject to a legal obligation. For example, we are legally required to retain invoices for accounting purposes. These typically contain personal data.
4. Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not infringe your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically. This processing therefore constitutes a legitimate interest.

We generally do not apply other conditions, such as the processing of recordings in the public interest, the exercise of official authority, or the protection of vital interests. Should such a legal basis be applicable, it will be indicated at the appropriate point.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), abbreviated DSG.
• In Germany, applies Federal Data Protection Act( BDSG).

If other regional or national laws apply, we will inform you about them in the following sections.

Storage period

Our general principle is that we only store personal data for as long as it is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally obligated to retain certain data even after the original purpose no longer applies, for example, for accounting purposes.

If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as quickly as possible and unless there is an obligation to store it.

We will inform you below about the specific duration of the respective data processing, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we inform you of the following rights to which you are entitled to ensure fair and transparent data processing:

• According to Article 15 of the GDPR, you have the right to information about whether we process your data. If so, you have the right to receive a copy of the data and the following information:
  • for what purpose we carry out the processing;
  • the categories, i.e. the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data is stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can complain to a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we did not collect it from you;
  • whether profiling is carried out, i.e. whether data is automatically evaluated to create a personal profile of you.
• According to Article 16 of the GDPR, you have the right to rectification of data, which means that we must correct data if you find any errors.
• According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request that your data be deleted.
• According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
• According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
• According to Article 21 GDPR, you have the right to object, which, once enforced, will result in a change in the processing.
  • If the processing of your data is based on Article 6 (1) (e) (public interest, exercise of official authority) or Article 6 (1) (f) (legitimate interest), you may object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.
  • If data is used for direct marketing purposes, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing purposes.
  • If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling after this time.
• According to Article 22 GDPR, you may have the right not to be subjected to a decision based solely on automated processing (e.g. profiling).
• According to Article 77 of the GDPR, you have the right to lodge a complaint. This means you can lodge a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/ . In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) . The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Director: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Telephone number: +43 1 52 152-0
E-mail address: This email address is being protected from spambots. JavaScript must be enabled to view it.
Website: https://www.dsb.gv.at/

Security of data processing

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to derive personal information from our data.

Article 25 of the GDPR refers to "data protection through design and through data protection-friendly default settings," meaning that security must always be considered and appropriate measures implemented, both in software (e.g., forms) and hardware (e.g., access to the server room). Below, we will discuss specific measures where necessary.

TLS encryption with https

TLS, encryption, and HTTPS sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet.
This means that the entire transmission of all data from your browser to our web server is secure – no one can eavesdrop.

This introduces an additional layer of security, allowing us to comply with data protection by design (Article 25 Paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize this secure data transmission by the small padlock icon in the top left corner of your browser, to the left of the web address (e.g., examplepage.com), and the use of the https scheme (instead of http) as part of our web address.
If you would like to learn more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find helpful links to further information.

communication

If you contact us and communicate by phone, email or online form, personal data may be processed.

The data will be processed for the purpose of handling and processing your inquiry and the related business transaction. The data will be stored for as long as required by law.

Affected persons

The above-mentioned processes affect everyone who contacts us via the communication channels we provide.

Phone

When you call us, the call data is stored pseudonymously on the respective device and by the telecommunications provider used. Furthermore, data such as name and telephone number may subsequently be sent via email and stored for the purpose of responding to your inquiry. The data will be deleted as soon as the transaction is completed and legal requirements permit.

E-Mail

If you communicate with us via email, data may be stored on your device (computer, laptop, smartphone, etc.) and stored on the email server. The data will be deleted as soon as the transaction is completed and legal requirements permit.

Online forms

If you communicate with us via an online form, data will be stored on our web server and, if applicable, forwarded to an email address provided by us. The data will be deleted as soon as the transaction is completed and legal requirements permit.

Legal basis

The processing of data is based on the following legal bases:

• Art. 6 (1) (a) GDPR (consent): You give us your consent to store your data and to use it further for the purposes related to the business case;
• Art. 6 (1) (b) GDPR (contract): There is a need to fulfil a contract with you or a processor such as the telephone provider or we have to process the data for pre-contractual activities, such as preparing an offer;
• Art. 6 (1) (f) GDPR (Legitimate Interests): We want to handle customer inquiries and business communications in a professional manner. To enable efficient communication, certain technical facilities, such as email programs, Exchange servers, and mobile operators, are necessary.

Cookies

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you surf the internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are truly useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other cookies for other purposes as well. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically stored in the cookie folder, the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal site settings. When you visit our site again, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser, such as Chrome, and the web server. The web browser requests a website and receives a cookie from the server, which the browser reuses whenever another page is requested.

There are both first-party and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies, from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other "malware." Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152123054147-9
Purpose: Differentiation of website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The specific cookies we use depend on the services used and are explained in the following sections of this privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are four types of cookies:

Essential Cookies:
These cookies are necessary to ensure the basic functionality of the website. For example, these cookies are needed when a user adds a product to their shopping cart, then continues browsing other pages, and only later proceeds to checkout. These cookies prevent the shopping cart from being emptied, even if the user closes their browser window.

Functional cookies:
These cookies collect information about user behavior and whether the user receives any error messages. They also measure loading times and the website's performance across different browsers.

Targeted cookies:
These cookies improve user-friendliness. For example, they save entered locations, font sizes, or form data.

Advertising cookies:
These cookies are also called targeting cookies. They are used to deliver customized advertising to the user. This can be very useful, but also very annoying.

Typically, when you first visit a website, you'll be asked which of these cookie types you'd like to allow. And, of course, this decision will also be saved in a cookie.

If you would like to learn more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Internet Engineering Task Force (IETF) Request for Comments entitled “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the cookie in question. You can find more details below or contact the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small helpers for a variety of tasks. Unfortunately, it's not possible to generalize what data is stored in cookies, but we will inform you about the data processed and stored in the following privacy policy.

Storage duration of cookies

The storage period depends on the respective cookie and is further specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage period. You can manually delete all cookies via your browser at any time (see also "Right of Objection" below). Furthermore, cookies based on consent will be deleted at the latest after you revoke your consent, although the legality of their storage remains unaffected until then.

Right of objection – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of the service or website from which the cookies originate, you always have the option to delete, deactivate, or only partially accept cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Delete and manage cookies

If you don't want cookies at all, you can set your browser to always notify you when a cookie is about to be set. This allows you to decide for each individual cookie whether or not to accept it. The process varies depending on your browser. The best way to find instructions is to search for "delete cookies in Chrome" or "disable cookies in Chrome" in the case of a Chrome browser.

Legal basis

Since 2009, the so-called "Cookie Directive" has been in effect. It stipulates that storing cookies consent (Article 6(1)(a) GDPR). However, reactions to this directive vary considerably across EU countries. In Austria, the directive was implemented in Section 165(3) of the Telecommunications Act (2021). In Germany, the Cookie Directive was not transposed into national law. Instead, it was largely implemented in Section 15(3) of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024.

For strictly necessary cookies, even where no consent has been given, there are legitimate interests (Article 6(1)(f) GDPR) which are in most cases of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often essential for this.

If non-essential cookies are used, this only happens with your consent. The legal basis for this is Art. 6 (1) (a) GDPR.

In the following sections you will be informed in more detail about the use of cookies, if the software used uses cookies.

Application data

What are application data?

You can apply for a position at our company via email, online form, or through a recruiting tool. All data we receive and process from you as part of an application counts as application data. In doing so, you always disclose personal information such as your name, date of birth, address, and telephone number.

Why do we process application data?

We process your data so that we can conduct a proper selection process for the advertised position. We are also happy to keep your application documents in our application archive. Often, for a variety of reasons, a collaboration for the advertised position doesn't work out, but we are impressed by you and your application and can very well imagine working together in the future. If you give us your consent, we will archive your documents so that we can easily contact you about future opportunities within our company.

We guarantee that we will handle your data with the utmost care and always process it within the legal framework. Within our company, your data will only be shared with people who are directly involved with your application. In short: Your data is safe with us!

What data is processed?

For example, if you apply to us by email, we will of course also receive personal data, as mentioned above. Even your email address is considered personal data. However, during the application process, we only process data that is relevant to our decision as to whether or not we want to welcome you to our team.

Exactly which data is processed depends primarily on the job posting. However, this usually includes name, date of birth, contact details, and proof of qualifications. If you submit your application via an online form, the data will be transmitted to us in encrypted form. If you send us your application by email, this encryption will not take place. We therefore cannot accept any responsibility for the method of transmission. However, once the data is on our servers, we are responsible for its lawful handling.

During an application process, in addition to the data listed above, information about your health or ethnic origin may be requested so that we and you can exercise your rights related to employment law, social security, and social protection, while simultaneously fulfilling your corresponding obligations. This data constitutes special category data.

Here is a list of possible data that we receive and process from you:

• name
• Contact address
• E-mail address
• Telephone number
• birth date
• Information provided in the cover letter and CV
• Proof of qualifications (e.g.) certificates
• Special category data (e.g. ethnic origin, health data, religious beliefs)
• Usage data (websites visited, access data, etc.)
• Metadata (IP address, device information)

How long is the data stored?

If we accept you as a team member in our company, your data will be processed for the purposes of the employment relationship and retained by us at least until the employment relationship ends. All application documents will then be added to your employee file.

If we do not offer you the job, you reject our offer, or withdraw your application, we may retain your data for up to 6 months after completion of the application process based on our legitimate interest (Art. 6 (1) (f) GDPR). After that, both your electronic data and all data from physical application documents will be completely deleted or destroyed. We retain your data, for example, so that we can answer any further queries or so that we can provide evidence of your application in the event of a legal dispute. If legal proceedings arise and we may still need the data after the 6 months have expired, we will only delete the data when there is no longer any reason to retain it. If there are statutory retention periods to be fulfilled, we must generally store the data for longer than 6 months.

Furthermore, we can retain your data for longer periods if you have given specific consent. We do this, for example, if we can envision working with you in the future. In this case, it is helpful to have your data archived so that we can easily reach you. In this case, the data will be added to our applicant pool. Of course, you can revoke your consent to retain your data for a longer period at any time. If you do not revoke your consent and do not provide new consent, your data will be deleted after two years at the latest.

Legal basis

The legal basis for the processing of your data is Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (b) GDPR (contract or pre-contractual measures), Art. 6 (1) (f) GDPR (legitimate interests) and Art. 9 (2) (a) GDPR (processing of special categories).

If we include you in our application tool, this is done on the basis of your consent (Art. 6 (1) (a) GDPR). Please note that your consent to our application pool is voluntary, has no influence on the application process, and you have the option to revoke your consent at any time. The legality of the processing up to the time of revocation remains unaffected.

In the case of the protection of vital interests, data processing is carried out in accordance with Art. 9 (2) (c) GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, care or treatment in the healthcare or social sector, or for the administration of healthcare or social systems and services, personal data is processed in accordance with Art. 9 (2) (h) GDPR. If you voluntarily provide special category data, processing is carried out on the basis of Art. 9 (2) (a) GDPR.

Contact form

What is a contact form?

A contact form is a web form that you can fill out on our website to easily get in touch with us. Personal data such as your name, email address, and message are usually transmitted to us. This information helps us process your inquiries specifically and get in touch with you.

Why do we use a contact form?

We offer a contact form so you can communicate with us quickly and easily. Whether you have questions about our services, feedback, or other concerns, you can reach us directly using the contact form. We will use the data you enter exclusively to process your request and to contact you. If the contact results in further steps, such as a quote or a contractual relationship, we will also use the data for this purpose.

What data is processed?

Which data is processed depends on the information you provide in the contact form. Typically, this includes:

• name
• E-mail address
• Telephone number (optional)
• Content of the message
• Date and time of transmission
• IP address and technical metadata (for security and traceability)

This information helps us to better classify and answer your request.

How long is the data stored?

We only store data from the contact form for as long as necessary to process your request. If a business relationship arises, the corresponding retention periods apply as for customer data. In special cases (e.g., legal disputes), longer retention periods may apply. Of course, we will not share your data with third parties without your consent.

Legal basis

The legal basis for processing your data via the contact form is Art. 6 (1) (a) GDPR (consent - by submitting the form), Art. 6 (1) (b) GDPR (pre-contractual measures), and Art. 6 (1) (f) GDPR (legitimate interest - efficient communication and organization of inquiries). If you voluntarily provide special categories of personal data, the processing will be carried out in accordance with Art. 9 (2) (a) GDPR (consent).

Webhosting Introduction

What is web hosting?

When you visit websites these days, certain information—including personal data—is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By "website," we mean the entirety of all web pages on a domain, i.e., everything from the home page to the very last subpage (like this one). By "domain," we mean, for example, example.de or sampleexample.com.

If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply refer to them as "browsers" or "web browsers."

To display the website, the browser must connect to another computer where the website's code is stored: the web server. Operating a web server is a complex and time-consuming task, which is why it's usually handled by professional providers. They offer web hosting and thus ensure reliable and error-free storage of website data. A lot of technical terms, but please stay tuned, it gets even better!

When the browser connects to your computer (desktop, laptop, tablet, or smartphone) and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must also store data for a period of time to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the Internet and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional website hosting and operational security
2. to maintain operational and IT security
3. Anonymous evaluation of access behavior to improve our service and, if necessary, for criminal prosecution or the pursuit of claims

What data is processed?

Even while you are currently visiting our website, our web server, which is the computer on which this website is stored, usually automatically saves data such as

• the complete Internet address (URL) of the website accessed
• Browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/)
• the hostname and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
• Date and time
• in files, the so-called web server log files

How long is data stored?

As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not share this data, but cannot rule out the possibility that it may be viewed by authorities in the event of illegal activity.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we will not share your data without your consent!

Legal basis

The legality of the processing of personal data within the framework of web hosting arises from Art. 6 (1) (f) GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the company securely and user-friendly on the Internet and to be able to pursue attacks and claims arising from this if necessary.

As a rule, there is a contract for order processing between us and the hosting provider in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

Plesk Obsidian Privacy Policy

We use the Plesk Obsidian web server distribution for our website. This is a server administration tool from the Swiss company Plesk International GmbH, Vordergasse 59, 8200 Schaffhausen, Switzerland.

The European Commission has determined, by means of an adequacy decision pursuant to Article 45 of the GDPR, that Switzerland, as a third country, offers an adequate level of data protection compared to the scope of the GDPR. The decision, as well as corresponding decisions for other third countries, can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de.

For more information about the data processed through the use of Plesk Obsidian, please see the privacy policy at https://www.plesk.com/legal/#privacy-policy.

Website Modular Systems Introduction

What are website builders?

We use a website builder system for our website. Builder systems are special forms of content management systems (CMS). With a builder system, website operators can create a website very easily and without any programming knowledge. Many web hosts also offer builder systems. Using a builder system may also collect, store, and process your personal data. This privacy policy provides you with general information about data processing by builder systems. Further information can be found in the provider's privacy policy.

Why do we use website builders for our website?

The biggest advantage of a modular system is its ease of use. We want to offer you a clear, simple, and well-organized website that we can easily operate and maintain ourselves—without external support. A modular system now offers many helpful features that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and offer you an informative and enjoyable experience on our website.

What data is stored by a modular system?

Which data is stored depends, of course, on the website builder system used. Each provider processes and collects different types of website visitor data. However, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are generally collected. Tracking data (e.g., browser activity, clickstream activity, session heatmaps, etc.) may also be processed. Personal data may also be collected and stored. This usually includes contact information such as email address, telephone number (if you have provided one), IP address, and geographic location data. You can find out exactly which data is stored in the provider's privacy policy.

How long and where is the data stored?

We will inform you about the duration of data processing below in connection with the website modular system used, if we have further information about it. You can find detailed information about this in the provider's privacy policy. In general, we only process personal data for as long as it is absolutely necessary to provide our services and products. The provider may store your data according to its own specifications, over which we have no control.

Right of objection

You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the person responsible for the website building block system you use at any time. You can find contact information either in our privacy policy or on the website of the respective provider.

You can delete, deactivate, or manage cookies that providers use for their functions in your browser. Depending on the browser you use, this works differently. Please note, however, that if you do this, not all functions may work as usual.

Legal basis

We have a legitimate interest in using a website builder system to optimize our online service and present it in an efficient and user-friendly manner. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use the builder system if you have given your consent.

If the processing of data is not absolutely necessary for the operation of the website, the data will only be processed with your consent. This particularly applies to tracking activities. The legal basis in this regard is Art. 6 (1) (a) GDPR.

This privacy policy provides you with the most important general information regarding data processing. If you would like more detailed information, you can find further information – if available – in the following section or in the provider's privacy policy.

YOOtheme Privacy Policy

We use YOOtheme, a Joomla!/WordPress theme and website builder, for our website. The service provider is the German company YOOtheme GmbH, Hongkongstraße 8, 20457 Hamburg, Germany. You can find more information about the data processed through the use of YOOtheme in the privacy policy at https://yootheme.com/privacy.

Web Analytics Introduction

What is web analytics?

We use software on our website to evaluate the behavior of website visitors, known as web analytics or web analysis for short. This data is collected and stored, managed and processed by the respective analytics tool provider (also known as a tracking tool). This data is used to create analyses of user behavior on our website and make them available to us as the website operator. In addition, most tools offer various testing options. For example, we can test which offers or content are most popular with our visitors. To do this, we show you two different offers for a limited period of time. After the test (a so-called A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as for other analytics procedures, user profiles can be created and the data stored in cookies.

Why do we use web analytics?

We have a clear goal in mind with our website: to provide the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting offering on the market, while also ensuring that you feel completely at home on our website. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our website accordingly for you and us. For example, we can determine the average age of our visitors, where they come from, when our website is most frequently visited, or which content or products are particularly popular. All of this information helps us optimize the website and thus adapt it to your needs, interests, and wishes.

What data is processed?

Exactly which data is stored depends, of course, on the analysis tools used. However, as a general rule, we store information such as the content you view on our website, the buttons or links you click, the time you access a page, the browser you use, the device (PC, tablet, smartphone, etc.) you use to visit the website, and the computer system you use. If you have consented to the collection of location data, this may also be processed by the web analysis tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is generally stored pseudonymously (i.e., in an unrecognizable and abbreviated form). For the purposes of testing, web analysis, and web optimization, no direct data such as your name, age, address, or email address is stored. All of this data, if collected, is stored pseudonymously. This means that you cannot be identified as an individual.

The following example shows schematically how Google Analytics works as an example of client-based web tracking with JavaScript code.

How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website again; other cookies can store data for several years.

Duration of data processing

We will inform you below about the duration of data processing, as soon as we have further information. Generally, we only process personal data for as long as it is absolutely necessary to provide our services and products. If required by law, such as in the case of accounting, this retention period may be exceeded.

Right of objection

You also have the right and option to revoke your consent to the use of cookies or third-party services at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we obtained via our cookie popup. According to Article 6(1)(a) GDPR (consent), constitutes the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to obtaining your consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. Web analytics helps us identify website errors, detect attacks, and improve efficiency. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). However, we only use these tools if you have given your consent.

Since web analytics tools use cookies, we also recommend reading our general privacy policy on cookies. To learn exactly which of your data is stored and processed, you should read the privacy policies of the respective tools.

Information on specific web analytics tools, if available, can be found in the following sections.

GoSquared Analytics Privacy Policy

What is GoSquared Analytics?

We use GoSquared Analytics, a website analytics software, on our website. The service provider is the British company Go Squared Ltd, 3 Barn Hawe, High Street, Edenbridge, Kent, United Kingdom.

GoSquared Analytics was founded in 2006 with the goal of offering a simpler alternative to Google Analytics. GoSquared Analytics is also a software that collects and evaluates data about your actions on our website. At GoSquared, data collection occurs in real time. We receive direct analysis reports on how you use our website, allowing us to continually tailor our offerings to your needs. In this privacy policy, we go into more detail about the analytics tool and, above all, show you what data is stored, when, how, and where.

Why do we use GoSquared Analytics?

We use this software tool to improve the quality of our website and our offerings. Our goal is to provide you with the best possible service. We want you to feel comfortable on our website and get exactly what you expect. To achieve this, we naturally need to tailor our offerings to your wishes and requirements as closely as possible. The data also helps us implement our online marketing and advertising measures more cost-effectively and individually. After all, we only want to show our offerings to people who are truly interested.

What data does GoSquared Analytics store?

GoSquared Analytics is an analytics tool that can measure and analyze the performance of our website and online campaigns. Among other things, the software uses cookies to collect data about how long you spend on our website, how many users visit our website, and where you came from. We also receive detailed evaluations of visitor behavior on our website. For example, we can find out which buttons you like to click or which subpages you like and which you tend to avoid. In addition, your IP address, location data, device type, and operating system are stored and processed. Through real-time analysis, the software provides current information about visitor behavior. Exactly which data is processed also depends on the individual settings in the tool.

How long and where is the data stored?

The data may also be transferred to servers in the USA, i.e., outside the European Economic Area (EEA). However, GoSquared maintains that appropriate security procedures are in place to protect your personal data. Generally, GoSquared stores data for as long as required for business purposes and as long as GoSquared is contractually and legally obligated to do so. Unfortunately, we cannot provide precise retention periods at this point, as these also depend on individual configurations.

How can I delete my data or prevent data storage?

You have the right to access, correct, or delete your personal data, and to restrict the processing of your personal data at any time. You can also revoke your consent to the processing of your data at any time.

If you generally want to deactivate, delete or manage cookies, you will find the relevant links to the instructions for the most popular browsers in the “Cookies” section.

Legal basis

The use of GoSquared requires your consent, which we obtained via our cookie popup. According to Article 6(1)(a) GDPR (consent), constitutes the legal basis for the processing of personal data, such as that which may occur when collected by web analytics tools.

In addition to your consent, we have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. GoSquared helps us identify website optimization potential, detect possible attacks, and improve efficiency. The legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). However, we only use GoSquared if you have given your consent.

With the UK's withdrawal from the European Union, the GDPR no longer applies to data transfers to the UK. However, the European Commission has decided, based on Article 45 of the GDPR, that the UK offers an adequate level of protection compared to the GDPR. Data transfers to the UK are therefore permissible. You can view the decision here (download): https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D1772

You can find out more about the data processed through the use of GoSquared Analytics in the Privacy Policy at https://www.gosquared.com/legal/privacy/.

Audio & Video Introduction

What are audio and video elements?

We have integrated audio and video elements into our website so that you can watch videos or listen to music/podcasts directly through our website. The content is provided by service providers. All content is therefore also retrieved from the providers' respective servers.

These are integrated functional elements from platforms such as YouTube, Vimeo, or Spotify. Using these portals is generally free, but paid content may also be published. Using these integrated elements, you can listen to or watch the respective content on our website.

If you use audio or video elements on our website, your personal data may also be transmitted, processed and stored by the service providers.

Why do we use audio and video elements on our website?

Naturally, we want to provide you with the best possible service on our website. And we're aware that content is no longer conveyed solely through text and static images. Instead of simply providing you with a link to a video, we offer audio and video formats directly on our website that are entertaining or informative, or ideally even both. This expands our service and makes it easier for you to access interesting content. Therefore, in addition to our text and images, we also offer video and/or audio content.

What data is stored by audio and video elements?

When you visit a page on our website that, for example, has an embedded video, your server connects to the service provider's server. In the process, your data is also transferred to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system, and other general information about your device. Furthermore, most providers also collect information about your web activity. This includes session duration, bounce rate, which button you clicked on or which website you used to access the service. All of this information is usually stored via cookies or pixel tags (also called web beacons). Pseudonymized data is usually stored in cookies in your browser. You can always find out exactly which data is stored and processed in the privacy policy of the respective provider.

Duration of data processing

You can find out exactly how long the data is stored on the third-party providers' servers either further down in the privacy policy of the respective tool or in the provider's privacy policy. As a general rule, personal data is only processed for as long as is absolutely necessary to provide our services or products. This generally also applies to third-party providers. You can usually assume that certain data will be stored on third-party servers for several years. Data can be stored for different lengths of time, especially in cookies. Some cookies are deleted as soon as you leave the website, while others can remain stored in your browser for several years.

Right of objection

You also have the right and option to revoke your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser. The legality of the processing up to the point of revocation remains unaffected.

Since the integrated audio and video features on our site usually also use cookies, you should also read our general privacy policy regarding cookies. The privacy policies of the respective third-party providers provide detailed information about how your data is handled and stored.

Legal basis

If you have consented to the processing and storage of your data through embedded audio and video elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the embedded audio and video elements if you have given your consent.

Vimeo Privacy Policy

What is Vimeo?

We also use videos from Vimeo on our website. This video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. Using a plug-in, we can display interesting video material directly on our website. Certain data may be transferred to Vimeo. This privacy policy explains what data is involved, why we use Vimeo, and how you can manage or prevent your data and data transfer.

Vimeo is a video platform founded in 2004 and offering HD video streaming since 2007. 4K Ultra HD streaming has been available since 2015. The portal is free to use, but content can also be published for a fee. Unlike market leader YouTube, Vimeo prioritizes high-quality content. The portal offers a wealth of artistic content, such as music videos and short films, as well as informative documentaries on a wide variety of topics.

Why do we use Vimeo on our website?

The goal of our website is to provide you with the best possible content, as easily accessible as possible. We are only satisfied with our service once we have achieved this. The video service Vimeo helps us achieve this goal. Vimeo offers us the opportunity to present you with high-quality content directly on our website. Instead of just providing you with a link to an interesting video, you can watch the video directly on our website. This expands our service and makes it easier for you to access interesting content. Thus, in addition to our text and images, we also offer video content.

What data is stored on Vimeo?

When you visit a page on our website that has an embedded Vimeo video, your browser connects to Vimeo's servers. This results in data being transferred. This data is collected, stored and processed on Vimeo's servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical information about your browser type, your operating system and very basic device information. Vimeo also stores information about which website you use the Vimeo service on and which actions (web activities) you perform on our website. These web activities include, for example, session duration, bounce rate or which button you clicked on our website with the built-in Vimeo function. Vimeo can track and store these actions using cookies and similar technologies.

If you are logged in as a registered Vimeo member, more data can usually be collected, as more cookies may already be set in your browser. Furthermore, your actions on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while browsing our website.

Below we show you the cookies that Vimeo sets when you visit a website with integrated Vimeo functionality. This list is not exhaustive and assumes that you do not have a Vimeo account.

Name: player
Value: “”
Purpose: This cookie saves your settings before you play an embedded Vimeo video. This ensures that your preferred settings are applied the next time you watch a Vimeo video.
Expiry date: after one year

Name: vuid
Value: pl1046149876.614422590123054147-4
Purpose:  This cookie collects information about your actions on websites that have embedded a Vimeo video.
Expiry date:  after 2 years

Note: These two cookies are always set as soon as you are on a website with an embedded Vimeo video. If you watch the video and click the button to, for example, "share" or "like" the video, further cookies are set. These include third-party cookies such as _ga or _gat_UA-76641-8 from Google Analytics or _fbp from Facebook. The specific cookies set depend on your interaction with the video.

The following list shows a selection of possible cookies that are set when you interact with the Vimeo video:

Name: _abexps
Value: %5B%5D
Purpose: This Vimeo cookie helps Vimeo remember your preferences. These might include a preferred language, region, or username. Generally, the cookie stores data about how you use Vimeo.
Expiration date: after one year

Name: continuous_play_v3
Value: 1
Purpose: This cookie is a first-party cookie from Vimeo. The cookie collects information about how you use the Vimeo service. For example, the cookie stores when you pause or play a video.
Expiry date: after one year

Name: _ga
Value: GA1.2.1522249635.1578401280123054147-7
Purpose: This cookie is a third-party cookie from Google. By default, analytics.js uses the _ga cookie to store the user ID. It is primarily used to distinguish website visitors.
Expiration date: after 2 years

Name: _gcl_au
Value: 1.1.770887836.1578401279123054147-3
Purpose: This third-party cookie from Google AdSense is used to improve the efficiency of advertisements on websites.
Expiry date: after 3 months

Name: _fbp
Value: fb.1.1578401280585.310434968
Purpose: This is a Facebook cookie. This cookie is used to display ads or advertising products from Facebook or other advertisers.
Expiry date: after 3 months

Vimeo uses this data, among other things, to improve its own service, to communicate with you, and to implement its own targeted advertising measures. Vimeo emphasizes on its website that only first-party cookies (i.e., cookies from Vimeo itself) are used for embedded videos as long as you do not interact with the video.

How long and where is the data stored?

Vimeo is headquartered in White Plains, New York (USA). However, its services are offered worldwide. The company uses computer systems, databases, and servers in the USA and other countries. Your data may therefore also be stored and processed on servers in America. Vimeo stores the data until the company no longer has a commercial reason to store it. At that time, the data is deleted or anonymized.

How can I delete my data or prevent data storage?

You always have the option to manage cookies in your browser according to your preferences. For example, if you do not want Vimeo to set cookies and thus collect information about you, you can delete or deactivate cookies at any time in your browser settings. This works slightly differently depending on the browser. Please note that after deactivating/deleting cookies, certain functions may no longer be fully available. You will find the relevant links to the respective instructions for the most popular browsers under the "Cookies" section.

If you are a registered Vimeo member, you can also manage the cookies used in the Vimeo settings.

Legal basis

If you have consented to the processing and storage of your data through embedded Vimeo elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the embedded Vimeo elements if you have given your consent. Vimeo also uses cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy policy regarding cookies and review the privacy statement or cookie policy of the respective service provider.

Vimeo processes your data, among other places, in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks to the legality and security of data processing.

Vimeo uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR) as the basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular the USA) or for data transfers to such countries. Standard Contractual Clauses (SCCs) are template agreements provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). These clauses oblige Vimeo to maintain the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More information about Vimeo’s standard contractual clauses can be found at https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights.

You can learn more about Vimeo's use of cookies at https://vimeo.com/cookie_policy, and information about Vimeo's privacy policy can be found at https://vimeo.com/privacy .

YouTube IFrame Player Privacy Policy

We also use the YouTube IFrame Player to embed videos on our website. This service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.

Google also processes your data in the USA. YouTube and Google are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Furthermore, Google uses so-called Standard Contractual Clauses (Article 46, paragraphs 2 and 3 of the GDPR). Standard Contractual Clauses (SCCs) are model clauses provided by the European Commission and are designed to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Google commits to maintaining European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

You can find out more about the data processed through the use of the YouTube IFrame Player in the Privacy Policy at https://policies.google.com/privacy?hl=de.

Web design introduction

What is web design?

We use various tools on our website to support our web design. Web design is not, as is often assumed, just about making our website look pretty, but also about functionality and performance. But of course, the right look and feel for a website is also one of the major goals of professional web design. Web design is a sub-area of ​​media design and deals with the visual, structural, and functional design of a website. The goal is to use web design to improve your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all the impressions and experiences that website visitors have on a website. A sub-section of user experience is usability. This refers to the user-friendliness of a website. We place particular emphasis on ensuring that content, subpages, and products are clearly structured and that you can find what you're looking for quickly and easily. To offer you the best possible experience on our website, we also use so-called third-party web design tools. In this privacy policy, the category "web design" includes all services that enhance the design of our website. These could include, for example, fonts, various plugins, or other integrated web design features.

Why do we use web design tools?

How you absorb information on a website depends heavily on its structure, functionality, and visual perception. Therefore, good and professional web design has become increasingly important to us. We are constantly working on improving our website and see this as an extended service for you as a website visitor. Furthermore, a beautiful and functional website also has financial advantages for us. After all, you will only visit us and take advantage of our services if you feel completely comfortable.

What data are stored by web design tools?

When you visit our website, web design elements may be integrated into our pages that can also process data. The exact nature of this data depends largely on the tools used. Below you can see exactly which tools we use for our website. For more detailed information about data processing, we recommend reading the privacy policy of the tools used. This usually tells you which data is processed, whether cookies are used, and how long the data is stored. Fonts such as Google Fonts, for example, also automatically transmit information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google's servers.

Duration of data processing

How long data is processed varies greatly from person to person and depends on the web design elements used. If cookies are used, for example, the retention period can be as little as one minute or as long as several years. Please inform yourself about this. We recommend that you read our general section on cookies as well as the privacy policies of the tools used. There you will usually find out which cookies are used and what information is stored in them. Google Font files, for example, are stored for one year. This is intended to improve the loading time of a website. As a general rule, data is only stored for as long as necessary to provide the service. If required by law, data can be stored for longer.

Right of objection

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or via other opt-out functions. You can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. However, some web design elements (mostly fonts) contain data that cannot be deleted quite so easily. This is the case when data is automatically collected and transmitted to a third-party provider (such as Google) directly upon page request. In this case, please contact the support of the respective provider. For Google, you can reach their support at https://support.google.com/?hl=de.

Legal basis

If you have consented to the use of web design tools, this consent forms the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by web design tools. We also have a legitimate interest in improving the web design on our website. After all, only then can we provide you with an attractive and professional website. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use web design tools if you have given your consent. We would like to emphasize this again here.

Information on specific web design tools – where available – can be found in the following sections.

Google Fonts Local Privacy Policy

We use Google Fonts from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for the European region. We have embedded the Google Fonts locally, i.e., on our web server – not on Google's servers. This means there is no connection to Google servers and therefore no data is transferred or stored.

What are Google Fonts?

Google Fonts, formerly known as Google Web Fonts, is an interactive directory of over 800 fonts by Google . Google Fonts allows users to utilize fonts without uploading them to their own servers. However, to prevent any data transfer to Google servers, we have downloaded the fonts to our own server. This ensures our compliance with data protection regulations and prevents us from sending any data to Google Fonts.

All texts are protected by copyright.

Source: Privacy policy created with the privacy policy generator for Austria by AdSimple