Privacy Policy

Introduction and Overview

We have drafted this privacy policy (version 15.01.2025-112931923) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws. The terms used are to be understood as gender-neutral.

In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, on the other hand, aims to describe the most important aspects as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We therefore use clear and simple language to inform you that we only process personal data in the course of our business activities if there is a corresponding legal basis for doing so. This is certainly not possible if you provide explanations that are as concise, unclear, and legally technical as possible, as is often the standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information here that you did not know before.
If you still have questions, please contact the responsible body listed below or in the imprint, follow the links provided, and view further information on third-party websites. You will also find our contact details in the imprint.

Scope of application

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy covers:

• all online presences (websites, online shops) that we operate
• social media sites and email communication
• mobile apps for smartphones and other devices

In short, the privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

legal bases

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal basis of the General Data Protection Regulation, which enable us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

• Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your data entered in a contact form.
• Contract (Article 6(1)(b) GDPR): We process your data in order to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase contract with you, we need personal information in advance.
• Legal obligation (Article 6(1)(c) GDPR): We process your data if we are subject to a legal obligation. For example, we are legally obliged to retain invoices for accounting purposes. These usually contain personal data.
• Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions, such as recording in the public interest, exercising public authority, and protecting vital interests, do not generally apply in our case. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
• In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the controller

If you have any questions about data protection or the processing of personal data, please find the contact details of the controller in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR) below:
Verein Kärntner Institut für Archäologie, Geschichte und Kulturvermittlung (Carinthian Institute for Archaeology, History and Cultural Education)
9814 Mölltal, Mühldorf 163

Email: info@kiagk.at
Phone: 0660 2255288

storage period

It is our general policy to store personal data only for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we hereby inform you of the following rights to which you are entitled in order to ensure fair and transparent data processing:

• According to Article 15 of the GDPR, you have the right to obtain information about whether we process your data. If this is the case, you have the right to receive a copy of the data and to obtain the following information:
  • the purpose for which we process the data;
  • the categories, i.e., the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data is stored;
  • the existence of the right to rectification, erasure, or restriction of processing and the right to object to processing;
  • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we have not collected it from you;
  • whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
• According to Article 16 of the GDPR, you have the right to have your data corrected, which means that we must correct any data if you find errors.
• According to Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the erasure of your data.
• According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
• According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
• According to Article 21 GDPR, you have a right to object, which, once enforced, will result in a change in the processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
  • If data is used for direct marketing purposes, you can object to this type of data processing at any time. We will then no longer be allowed to use your data for direct marketing purposes.
  • If data is used for profiling purposes, you can object to this type of data processing at any time. We will then no longer be allowed to use your data for profiling purposes.
• Under Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g., profiling).
• Under Article 77 of the GDPR, you have the right to lodge a complaint. This means that you can lodge a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR

In short: you have rights – don’t hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, please contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company

Austrian Data Protection Authority

Director: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone number: +43 1 52 152-0
Email address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data processing security

We have implemented both technical and organizational measures to protect personal data. Where possible, we encrypt or pseudonymize personal data. In doing so, we make it as difficult as possible for third parties to infer personal information from our data.

Article 25 of the GDPR refers to this as “data protection by design and by default,” meaning that security must always be considered and appropriate measures taken for both software (e.g., forms) and hardware (e.g., access to the server room). In the following, we will discuss specific measures where necessary.

TLS encryption with https

TLS, encryption, and HTTPS sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the Internet.
This means that the entire transmission of all data from your browser to our web server is secure—no one can “eavesdrop.”

This means we have introduced an additional layer of security and comply with data protection through technology design (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small lock symbol in the upper left corner of the browser, to the left of the Internet address (e.g., examplepage.com), and the use of the https scheme (instead of http) as part of our Internet address.
If you would like to know more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find useful links to further information.

Cookies

Cookies Summary 👥 Affected persons: Visitors to the website 🤝 Purpose: Depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie. 📓 Processed data: Depends on the respective cookie used. More details can be found below or from the manufacturer of the software that sets the cookie. 📅 Storage period: depends on the respective cookie, can vary from hours to years ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. More specifically, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, which is essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie from the server, which the browser reuses as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other “malware.” Cookies also cannot access information on your PC.

Cookie data may look like this, for example:

Name: _ga
Value: GA1.2.1326744211.152112931923-9
Purpose: Distinguishing website visitors
Expiration date: After 2 years

A browser should be able to support these minimum sizes:

At least 4096 bytes per cookie
At least 50 cookies per domain
At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use specifically depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are four types of cookies:

Essential cookies
These cookies are necessary to ensure the basic functionality of the website. For example, these cookies are needed when a user adds a product to their shopping cart, then continues browsing other pages and only proceeds to checkout later. These cookies ensure that the shopping cart is not deleted even if the user closes their browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and behavior of the website in different browsers.

Targeted cookies
These cookies improve user-friendliness. For example, they store locations, font sizes, or form data that have been entered.

Advertising cookies
These cookies are also known as targeting cookies. They are used to deliver personalized advertising to the user. This can be very practical, but also very annoying.

When you visit a website for the first time, you are usually asked which types of cookies you want to allow. And, of course, this decision is also stored in a cookie.

If you would like to learn more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism.”

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize what data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.

Cookie storage period

The storage period depends on the respective cookie and is specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage period. You can manually delete all cookies at any time via your browser (see also “Right to object” below). Furthermore, cookies that are based on consent will be deleted at the latest after you revoke your consent, whereby the legality of the storage remains unaffected until then.

Right to object – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you do not want cookies at all, you can set your browser to always inform you when a cookie is about to be set. This allows you to decide whether to accept or reject each individual cookie. The procedure varies depending on the browser. The best way to find the instructions is to search Google using the search term “delete cookies Chrome” or “disable cookies Chrome” if you are using the Chrome browser.

legal basis

The so-called “cookie guidelines” have been in place since 2009. These stipulate that the storage of cookies requires your consent (Article 6(1)(a) GDPR). However, there are still very different responses to these guidelines within EU countries. In Austria, however, this directive was implemented in Section 165(3) of the Telecommunications Act (2021). In Germany, the cookie guidelines have not been implemented as national law. Instead, this directive has been largely implemented in Section 15 (3) of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024.

For cookies that are absolutely necessary, even if no consent has been given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often absolutely necessary for this.

If cookies that are not absolutely necessary are used, this will only happen with your consent. The legal basis for this is Article 6(1)(a) GDPR.

The following sections provide more detailed information about the use of cookies, if the software used employs cookies.

Web Hosting Introduction

Web hosting summary 👥 Affected persons: Website visitors 🤝 Purpose: Professional hosting of the website and securing its operation 📓 Processed data: IP address, time of website visit, browser used, and other data. More details can be found below or from the respective web hosting provider. 📅 Storage period: Depends on the respective provider, but usually 2 weeks ⚖️ Legal basis: Art. 6 (1) (f) GDPR (legitimate interests)

What is web hosting?

When you visit websites today, certain information—including personal data—is automatically generated and stored, and this website is no exception. This data should be processed as sparingly as possible and only when justified. By website, we mean all of the web pages on a domain, i.e., everything from the home page to the very last subpage (like this one). By domain, we mean, for example, example.com or sampleexample.com.

If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We refer to them as browsers or web browsers for short.

To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why it is usually handled by professional providers. These providers offer web hosting and thus ensure reliable and error-free storage of website data. That’s a lot of technical terms, but please stay with us, it gets even better!

When your browser on your computer (desktop, laptop, tablet, or smartphone) connects to the web server and during the transfer of data to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must also store data for a period of time to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and securing its operation
2. Maintaining operational and IT security
3. Anonymous evaluation of access behavior to improve our offering and, if necessary, for criminal prosecution or the pursuit of claims

What data is processed?

Even as you visit our website right now, our web server, which is the computer on which this website is stored, automatically stores data such as

• The complete Internet address (URL) of the website accessed
• Browser and browser version (e.g., Chrome 87)
• The operating system used (e.g., Windows 10)
• The address (URL) of the previously visited page (referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen/)
• The host name and IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
• Date and time
• In files, known as web server log files

How long is data stored?

As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass on this data, but cannot rule out the possibility that it may be accessed by authorities in the event of illegal behavior.

In short: your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not pass on your data without your consent!

legal basis

The lawfulness of the processing of personal data in the context of web hosting is based on Art. 6 (1) lit. f GDPR (safeguarding legitimate interests), as the use of professional hosting by a provider is necessary in order to present the company on the Internet in a secure and user-friendly manner and to be able to pursue any attacks and claims arising from this.

As a rule, there is a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

Web hosting provider External Privacy policy

Below you will find the contact details of our external hosting provider, where you can find out more about data processing in addition to the information above:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

You can find out more about data processing at this provider in the privacy policy.

Social Media Introduction

Social media privacy policy summary 👥 Data subjects: Website visitors 🤝 Purpose: Presentation and optimization of our services, contact with visitors, interested parties, etc., advertising 📓 Processed data: Data such as telephone numbers, email addresses, contact details, user behavior data, information about your device, and your IP address. You can find more details on this in the respective social media tool used. 📅 Storage period: Depends on the social media platforms used. ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests).

What is social media?

In addition to our website, we are also active on various social media platforms. User data may be processed so that we can specifically target users who are interested in us via social networks. Furthermore, elements of a social media platform may also be embedded directly into our website. This is the case, for example, when you click on a social button on our website and are redirected directly to our social media presence. Social media refers to websites and apps through which registered members can produce content, exchange content openly or in specific groups, and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. Our social media presence allows us to bring our products and services closer to interested parties. The social media elements integrated into our website help you to quickly and easily access our social media content.

The data stored and processed through your use of a social media channel is primarily used for the purpose of performing web analytics. The aim of these analyses is to develop more accurate and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the evaluated data can be used to draw appropriate conclusions about your interests and create so-called user profiles. This also enables the platforms to present you with customized advertisements. In most cases, cookies are set in your browser for this purpose, which store data about your usage behavior.

We generally assume that we remain responsible for data protection, even when using the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. Where this is the case, we will indicate this separately and work on the basis of a relevant agreement. The essence of the agreement is then reproduced below for the platform concerned.

Please note that when using social media platforms or our built-in elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may not be able to assert or enforce your rights with regard to your personal data as easily.

What data is processed?

The exact data that is stored and processed depends on the respective provider of the social media platform. However, it usually includes data such as telephone numbers, email addresses, data that you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have a profile on the social media channel you are visiting and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers’ servers. This means that only the providers have access to the data and can provide you with the relevant information or make changes.

If you want to know exactly what data is stored and processed by social media providers and how you can object to data processing, you should carefully read the company’s privacy policy. If you have any questions about data storage and data processing or want to assert your rights, we recommend that you contact the provider directly.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is matched with your own user data is deleted within two days. In general, we only process personal data for as long as is absolutely necessary to provide our services and products. If required by law, as in the case of accounting, for example, this storage period may be exceeded.

right of objection

You also have the right and option to revoke your consent to the use of cookies or third-party providers such as embedded social media elements at any time. You can do this either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

legal basis

If you have consented to your data being processed and stored by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 (1) (a) GDPR). In principle, if you have given your consent, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 (1) (f) GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you read our privacy policy on cookies carefully and review the privacy policy or cookie policy of the respective service provider.

Web Design Introduction

Web design privacy policy summary 👥 Data subjects: Website visitors 🤝 Purpose: Improving the user experience 📓 Processed data: The data processed depends heavily on the services used. In most cases, this includes the IP address, technical data, language settings, browser version, screen resolution, and browser name. You can find more details on this in the respective web design tools used. 📅 Storage period: Depends on the tools used ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is web design?

We use various tools on our website that serve our web design purposes. Contrary to popular belief, web design is not just about making our website look pretty, but also about functionality and performance. But of course, the right look for a website is also one of the main goals of professional web design. Web design is a subfield of media design and deals with the visual as well as the structural and functional design of a website. The aim of web design is to improve your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all the impressions and experiences that a website visitor has on a website. One sub-item of user experience is usability. This refers to the user-friendliness of a website. The main focus here is on ensuring that content, subpages, or products are clearly structured and that you can find what you are looking for quickly and easily. In order to offer you the best possible experience on our website, we also use third-party web design tools. In this privacy policy, the category “web design” therefore includes all services that improve the design of our website. These can be, for example, fonts, various plugins, or other integrated web design functions.

Why do we use web design tools?

How you absorb information on a website depends heavily on the structure, functionality, and visual perception of the website. That is why good, professional web design has become increasingly important to us. We are constantly working to improve our website and see this as an extended service for you as a website visitor. Furthermore, an attractive and functional website also has economic advantages for us. After all, you will only visit us and take advantage of our offers if you feel completely at ease.

What data is stored by web design tools?

When you visit our website, web design elements may be integrated into our pages that can also process data. The exact nature of this data depends heavily on the tools used. Below, you can see exactly which tools we use for our website. For more detailed information about data processing, we recommend that you also read the respective privacy policy of the tools used. In most cases, you will find out what data is processed, whether cookies are used, and how long the data is stored. Fonts such as Google Fonts, for example, also automatically transmit information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google servers.

Duration of data processing

How long data is processed is very individual and depends on the web design elements used. If cookies are used, for example, the storage period can be as short as one minute or as long as a few years. Please inform yourself about this. We recommend reading our general section on cookies and the privacy policies of the tools used. There you will usually find out exactly which cookies are used and what information is stored in them. Google font files, for example, are stored for one year. This is to improve the loading time of a website. As a rule, data is only stored for as long as is necessary to provide the service. Data may also be stored for longer periods if required by law.

Widerspruchsrecht

You also have the right and option to revoke your consent to the use of cookies or third-party providers at any time. You can do this either via our cookie management tool or via other opt-out functions. You can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. However, some web design elements (usually fonts) contain data that cannot be deleted so easily. This is the case when data is automatically collected when a page is accessed and transmitted to a third-party provider (such as Google). In this case, please contact the support team of the relevant provider. In the case of Google, you can reach support at https://support.google.com/?hl=de.

legal basis

If you have consented to the use of web design tools, this consent forms the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (consent), this consent forms the legal basis for the processing of personal data, as may occur when collected by web design tools. We also have a legitimate interest in improving the web design of our website. After all, this is the only way we can provide you with an attractive and professional website. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use web design tools if you have given your consent. We would like to emphasize this again here.

Information on specific web design tools can be found in the following sections, if available.

Google Fonts Local Privacy Policy

We use Google Fonts from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for the European region. We have integrated Google fonts locally, i.e. on our web server, not on Google’s servers. This means that there is no connection to Google servers and therefore no data transfer or storage.

What are Google Fonts?

Google Fonts used to be called Google Web Fonts. It is an interactive directory with over 800 fonts that Google provides free of charge. With Google Fonts, you could use fonts without uploading them to your own server. However, in order to prevent any transfer of information to Google servers, we have downloaded the fonts to our server. This way, we comply with data protection regulations and do not send any data to Google Fonts.

Online map services Introduction

Online map services Privacy policy summary 👥 Data subjects: Website visitors 🤝 Purpose: Improving the user experience 📓 Processed data: The data processed depends largely on the services used. In most cases, this includes IP address, location data, search items, and/or technical data. More details can be found in the respective tools used. 📅 Storage period: Depends on the tools used ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What are online map services?

We also use online map services as an extended service for our website. Google Maps is probably the service you are most familiar with, but there are also other providers that specialize in creating digital maps. Such services make it possible to display locations, route plans, or other geographical information directly on our website. With an integrated map service, you no longer have to leave our website to view the route to a location, for example. To ensure that the online map works on our website, map sections are integrated using HTML code. The services can then display road maps, the earth’s surface, or aerial or satellite images. When you use the built-in map service, data is also transferred to the tool used and stored there. This data may also include personal data.

Why do we use online map services on our website?

Generally speaking, our aim is to ensure that you have an enjoyable experience on our website. And of course, your experience will only be enjoyable if you can easily navigate our website and find all the information you need quickly and easily. That’s why we thought that an online map system could significantly optimize our website service. Without leaving our website, you can easily view route descriptions, locations, and even points of interest with the help of the map system. It is also very convenient that you can see at a glance where our company is located, so you can find us quickly and easily. As you can see, there are many advantages, and we clearly consider online map services on our website to be part of our customer service.

What data is stored by online map services?

When you open a page on our website that has an online map function, personal data may be transmitted to the respective service and stored there. In most cases, this is your IP address, which can also be used to determine your approximate location. In addition to your IP address, data such as search terms entered and longitude and latitude coordinates are also stored. If you enter an address for route planning, for example, this data is also stored. The data is not stored by us, but on the servers of the integrated tools. You can think of it like this: you are on our website, but when you interact with a map service, this interaction actually takes place on their website. To ensure that the service works properly, at least one cookie is usually set in your browser. Google Maps, for example, also uses cookies to record user behavior in order to optimize its own service and display personalized advertising. You can find out more about cookies in our “Cookies” section.

How long and where is the data stored?

Each online map service processes different user data. If we have further information, we will inform you about the duration of data processing below in the relevant sections on the individual tools. As a rule, personal data is only stored for as long as is necessary to provide the service. Google Maps, for example, stores certain data for a specified period of time, while other data must be deleted by you. Mapbox, for example, stores your IP address for 30 days and then deletes it. As you can see, each tool stores data for different lengths of time. We therefore recommend that you carefully review the privacy policies of the tools used.

The providers also use cookies to store data about your user behavior with the map service. You can find more general information about cookies in our “Cookies” section, but you can also find out which cookies may be used in the privacy policies of the individual providers. In most cases, however, this is only an illustrative list and is not exhaustive.

right of objection

You always have the option and the right to access your personal data and to object to its use and processing. You can also revoke your consent at any time. The easiest way to do this is usually via the cookie consent tool. However, there are also other opt-out tools that you can use. You can also manage, delete, or deactivate cookies set by the providers used with just a few clicks of the mouse. However, this may mean that some functions of the service no longer work as usual. How you manage cookies in your browser depends on the browser you use. In the “Cookies” section, you will also find links to instructions for the most important browsers.

legal basis

If you have consented to the use of an online map service, this consent forms the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (consent), this consent forms the legal basis for the processing of personal data, as may occur when data is collected by an online map service.

We also have a legitimate interest in using an online map service to optimize our service on our website. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use an online map service if you have given your consent. We would like to emphasize this point once again at this juncture.

Information on specific online map services can be found in the following sections, if available.

OpenStreetMap Privacy Policy

OpenStreetMap Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of our services 📓 Processed data: Data such as IP address, browser information, your operating system, content of the request, limited location and usage data More details can be found further down in this privacy policy. 📅 Storage period: the IP address is deleted after 180 days ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is OpenStreetMap?

We have integrated map sections from the online map tool “OpenStreetMap” into our website. This is a so-called open source mapping tool, which we can access via an API (interface). This function is offered by OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. When you use this map function, your IP address is forwarded to OpenStreetMap. In this privacy policy, you can find out why we use functions of the OpenStreetMap tool, where which data is stored, and how you can prevent this data storage.

The OpenStreetMap project was launched in 2004. The aim of the project is and always has been to create a free world map. Users worldwide collect data on buildings, forests, rivers, and roads, for example. Over the years, this has resulted in a comprehensive digital world map created by the users themselves. Of course, the map is not complete, but it contains a wealth of data for most regions.

Why do we use OpenStreetMap on our website?

Our website is primarily intended to be helpful to you. And in our view, it is always helpful when you can find information quickly and easily. On the one hand, this naturally concerns our services and products, but on the other hand, we also want to provide you with other helpful information. That is why we use the OpenStreetMap service. This allows us to show you exactly how to find our company, for example. The map shows you the best way to get here, making your journey a breeze.

What data is stored by OpenStreetMap?

When you visit one of our websites that offers OpenStreetMap, user data is transmitted to the service and stored there. OpenStreetMap collects information about your interactions with the digital map, your IP address, data about your browser, device type, operating system, and the date and time you used the service. Tracking software is also used to record user interactions. The company specifies the analysis tool “Piwik” in its own privacy policy.

The collected data is then made available to the relevant working groups of the OpenStreetMap Foundation. According to the company, personal data is not passed on to other persons or companies unless this is legally necessary. The third-party provider Piwik stores your IP address, but in truncated form.

The following cookie may be set in your browser when you interact with OpenStreetMap on our website:

Name: _osm_location
Value: 9.63312%7C52.41500%7C17%7CM
Purpose: This cookie is required to unlock the content of OpenStreetMap.
Expiration date: after 10 years

If you want to view the full screen map, you will be linked to the OpenStreetMap website. Among other things, the following cookies may be stored in your browser there:

Name: _osm_totp_token
Value: 148253112931923-2
Purpose: This cookie is used to ensure the map section functions properly.
Expiration date: after one hour

Name: _osm_session
Value: 1d9bfa122e0259d5f6db4cb8ef653a1c
Purpose: This cookie can be used to store session information (i.e., user behavior).
Expiration date: after the end of the session

Name: _pk_id.1.cf09
Value: 4a5.1593684142.2.1593688396.1593688396112931923-9
Purpose: This cookie is set by Piwik to store and measure user data such as click behavior.
Expiration date: after one year

How long and where is the data stored?

The API servers, databases, and auxiliary service servers are currently located in the United Kingdom (Great Britain and Northern Ireland) and the Netherlands. Your IP address and user information, which are stored in abbreviated form by the Piwik web analytics tool, are deleted after 180 days.

How can I delete my data or prevent data storage?

You have the right to access your personal data at any time and to object to its use and processing. You can manage, delete, or deactivate cookies that may be set by OpenStreetMap in your browser at any time. However, this will prevent the service from functioning to its full extent. The management, deletion, or deactivation of cookies works slightly differently in each browser. Under the “Cookies” section, you will find the corresponding links to the respective instructions for the most popular browsers.

legal basis

If you have consented to the use of OpenStreetMap, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur during collection by OpenStreetMap.

We also have a legitimate interest in using OpenStreetMap to optimize our online service. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use OpenStreetMap if you have given your consent.

If you would like to learn more about data processing by OpenStreetMap, we recommend that you read the company’s privacy policy at https://wiki.osmfoundation.org/wiki/Privacy_Policy.

Explanation of terms used

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal issues. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). However, we do not want to use them without explanation. Below you will find an alphabetical list of important terms used that we may not have covered sufficiently in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also cite the GDPR texts here and add our own explanations where necessary.

processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

“Processor” means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data that we process from you. In addition to the controllers, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. Processors can therefore be service providers such as tax advisors, but also hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: On websites, such consent is usually given via a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to or consent to data processing. In most cases, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data relating to you may be processed. In principle, consent can of course also be given in writing, i.e., not via a tool.

Personal data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is therefore all data that can identify you as a person. This usually includes data such as:

• Name
• Address
• Email address
• Postal address
• Telephone number
• Date of birth
• Identification numbers such as social security number, tax identification number, identity card number, or student ID number
• Bank details such as account number, credit information, account balances, and much more.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and, subsequently, identify you as the connection owner. Therefore, storing an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called “special categories” of personal data that are particularly sensitive. These include:

• racial and ethnic origin
• political opinions
• religious or philosophical beliefs
• trade union membership
• genetic data, such as data taken from blood or saliva samples
• biometric data (i.e., information about psychological, physical, or behavioral characteristics that can identify a person).
• Health data
• Data on sexual orientation or sex life

profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

“Profiling” means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

Explanation: Profiling involves gathering various pieces of information about a person in order to learn more about that person. In the web sector, profiling is often used for advertising purposes or for credit checks. Web and advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile that can be used to target advertising to a specific audience.

person in charge

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the following definitions apply:

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for the processing of your personal data and are therefore the “controller.” If we pass on collected data to other service providers for processing, they are “processors.” For this purpose, a “processing agreement (PA)” must be signed.

processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Note: In our privacy policy, we use the term “processing” to refer to any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. distribution, or otherwise making available, alignment or combination, restriction, erasure, or destruction;

Note: When we refer to processing in our privacy policy, we mean any type of data processing. As mentioned above in the original GDPR declaration, this includes not only the collection but also the storage and processing of data.

All texts are protected by copyright.

Source: Privacy policy created with the privacy policy generator for Austria by AdSimple