Privacy Policy
Privacy Policy
Terms for the Processing of Personal Data
Version dated 20 February 2025
Privacy Policy
Preamble
With the following Privacy Policy, we would like to inform you about the types of your personal data, hereinafter also referred to briefly as “data”, that we process, for what purposes and to what extent. This Privacy Policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles, hereinafter collectively referred to as the “Online Offering”.
The terms used are not gender-specific.
Table of Contents
Privacy Policy
Preamble
Table of Contents
Controller
Overview of Processing Activities
Types of Data Processed
Categories of Data Subjects
Purposes of Processing
Automated Individual Decisions
Relevant Legal Bases
Security Measures
Transmission of Personal Data
Data Processing in Third Countries
Deletion of Data
Use of Cookies
Business Services
Providers and Services Used in the Course of Business Activities
Credit Assessment
Provision of the Online Offering and Web Hosting
Registration, Login and User Account
Blogs and Publication Media
Contact and Inquiry Management
Newsletter and Electronic Notifications
Promotional Communication by E-mail, Post, Fax or Telephone
Web Analytics, Monitoring and Optimization
Customer Reviews and Rating Procedures
Presence in Social Networks
Plugins and Embedded Functions and Content
Amendment and Updating of the Privacy Policy
Rights of Data Subjects
Definitions
Controller
Naitec GmbH
Schottengasse 10
1010 Vienna
Company register number: FN 644083g
Company register court: Commercial Court of Vienna
Persons authorized to represent the company:
Ing. Martin Stepan
E-mail address:
Info@naitec.ai
Legal notice:
https://www.naitec.ai/de/datenschutzerklärung
Overview of Processing Activities
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.
Types of Data Processed
Master data
Payment data
Location data
Contact data
Content data
Contract data
Usage data
Meta, communication and procedural data
Event data, Facebook
Categories of Data Subjects
Customers
Prospective customers
Communication partners
Users
Business and contractual partners
Purposes of Processing
Provision of contractual services and customer service
Contact requests and communication
Security measures
Direct marketing
Reach measurement
Tracking
Office and organizational procedures
Conversion measurement
Management and response to inquiries
Feedback
Marketing
Improvement of our offerings
Legal obligations
Fraud prevention
Profiles with user-related information
Provision of our Online Offering and user-friendliness
Assessment of creditworthiness and credit standing
Information technology infrastructure
Automated Individual Decisions
Credit information
Relevant Legal Bases
Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or registered office. If more specific legal bases are relevant in individual cases, we will inform you of these in this Privacy Policy.
Consent, Art. 6 para. 1 sentence 1 lit. a GDPR: the data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes.
Performance of a contract and pre-contractual inquiries, Art. 6 para. 1 sentence 1 lit. b GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take pre-contractual measures at the request of the data subject.
Legal obligation, Art. 6 para. 1 sentence 1 lit. c GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data.
In addition to the data protection provisions of the GDPR, national data protection regulations apply in Austria. These include, in particular, the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data, the Data Protection Act, DSG, as well as the Austrian General Civil Code, ABGB, and the E-Commerce Act, ECG. In particular, the DSG contains the constitutionally protected right to data protection, Section 1 DSG, as well as special provisions on the rights of the data subject, including information, right of access, and the right to rectification, deletion or restriction of processing.
In addition to the data protection provisions of the GDPR, where there are national points of reference, the respective national data protection provisions may also apply, which we also comply with.
Security Measures
In accordance with legal requirements and taking into account the state of the art, implementation costs, and the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access, entry, disclosure, securing availability and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, deletion of data and responses to data risks. We also take the protection of personal data into account already during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default.
TLS encryption, HTTPS: To protect your data transmitted via our Online Offering, we use TLS encryption. You can recognize encrypted connections of this kind by the prefix https:// in the address bar of your browser, “secure connection”.
Naitec GmbH does not process personal data of natural persons under the age of 18 via its website, does not make commercial offers to them and does not attempt to contact them, unless their legal representative has consented to this.
Transmission of Personal Data
In the course of our processing of personal data, data may be transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers entrusted with IT tasks or providers of services and content integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.
Data transmission within the organization: We may transmit personal data to other bodies within our organization or grant them access to this data. If this transfer is made for administrative purposes, the transfer of data is based on our legitimate business and commercial interests or takes place if it is necessary for the fulfillment of our contractual obligations, or if consent from the data subjects or a legal authorization exists.
Data Processing in Third Countries
If we process data in a third country, meaning outside the European Union, EU, or the European Economic Area, EEA, or if processing takes place in the context of using third-party services or disclosing or transmitting data to other persons, bodies or companies, this is done only in accordance with legal requirements.
Subject to explicit consent or transmission required by contract or law, we process or have data processed only in third countries with a recognized level of data protection, contractual obligations through so-called standard contractual clauses of the EU Commission, or where certifications or binding internal data protection regulations exist, Art. 44 to 49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de.
Deletion of Data
The data processed by us will be deleted in accordance with legal requirements as soon as the consents permitting its processing are withdrawn or other permissions cease to apply, for example if the purpose of processing this data no longer applies or the data is no longer required for the purpose. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for asserting, exercising or defending legal claims or for protecting the rights of another natural or legal person.
Our privacy notices may also contain further information on the retention and deletion of data, which takes precedence for the respective processing activities.
Use of Cookies
Cookies are small text files or other storage records that store information on end devices and read information from end devices. For example, they may store the login status in a user account, a shopping cart in an online shop, the content accessed or functions used in an Online Offering. Cookies may also be used for various purposes, such as the functionality, security and convenience of online offerings and the creation of analyses of visitor flows.
Information on consent: We use cookies in accordance with legal provisions. Therefore, we obtain prior consent from users unless this is not required by law. Consent is not necessary, in particular, if the storage and reading of information, including cookies, is strictly necessary in order to provide users with a telemedia service expressly requested by them, meaning our Online Offering. Strictly necessary cookies generally include cookies with functions that serve the display and operability of the Online Offering, load balancing, security, storing user preferences and choices, or similar purposes related to the provision of the main and secondary functions of the Online Offering requested by users. The revocable consent is clearly communicated to users and contains information on the respective cookie use.
Information on data protection legal bases: The data protection legal basis on which we process users’ personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the consent given. Otherwise, data processed with the help of cookies is processed on the basis of our legitimate interests, for example in the business operation of our Online Offering and improvement of its usability, or, if this takes place in the context of fulfilling our contractual obligations, when the use of cookies is necessary to fulfill our contractual obligations. We explain the purposes for which cookies are processed by us in the course of this Privacy Policy or as part of our consent and processing procedures.
Storage period: With regard to the storage period, the following types of cookies are distinguished:
Temporary cookies, also session cookies: Temporary cookies are deleted at the latest after a user has left an Online Offering and closed their end device, for example browser or mobile application.
Permanent cookies: Permanent cookies remain stored even after the end device has been closed. For example, the login status may be stored or preferred content may be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies may be used for reach measurement. Unless we provide users with explicit information on the type and storage period of cookies, for example in the context of obtaining consent, users should assume that cookies are permanent and that the storage period may be up to two years.
General information on withdrawal and objection, opt-out: Users may withdraw consents they have given at any time and may also object to processing in accordance with the legal requirements of Art. 21 GDPR. Users may also declare their objection via the settings of their browser, for example by disabling the use of cookies, although this may also restrict the functionality of our online services. An objection to the use of cookies for online marketing purposes may also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.
Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; consent, Art. 6 para. 1 sentence 1 lit. a GDPR.
Further information on processing operations, procedures and services:
Processing of cookie data on the basis of consent: We use a cookie consent management procedure, within which users’ consents to the use of cookies, or to the processing operations and providers named in the cookie consent management procedure, can be obtained and managed and withdrawn by users. The declaration of consent is stored in order not to have to repeat the consent query and to be able to prove the consent in accordance with the legal obligation. Storage may take place on the server side and/or in a cookie, so-called opt-in cookie, or using comparable technologies, in order to be able to assign the consent to a user or their device. Subject to individual information on the providers of cookie management services, the following information applies: The duration of storage of consent may be up to two years. A pseudonymous user identifier is created and stored together with the time of consent, information on the scope of consent, for example which categories of cookies and/or service providers, as well as the browser, system and end device used. Legal bases: Consent, Art. 6 para. 1 sentence 1 lit. a GDPR.
Business Services
We process data of our contractual and business partners, for example customers and prospective customers, collectively referred to as “contractual partners”, within the framework of contractual and comparable legal relationships, as well as related measures and communication with contractual partners, including pre-contractual communication, for example to answer inquiries.
We process this data in order to fulfill our contractual obligations. These include, in particular, obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purposes of administrative tasks associated with these obligations and business organization. Furthermore, we process the data on the basis of our legitimate interests in proper and business-efficient management and in security measures to protect our contractual partners and our business operations against misuse, threats to their data, secrets, information and rights, for example through the involvement of telecommunications, transport and other auxiliary services, subcontractors, banks, tax and legal advisers, payment service providers or tax authorities. Within the scope of applicable law, we disclose the data of contractual partners to third parties only to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further forms of processing, for example for marketing purposes, within this Privacy Policy.
We inform contractual partners which data is required for the aforementioned purposes before or during data collection, for example in online forms, by special markings, such as colors or symbols, for example asterisks, or personally.
We delete the data after the expiry of statutory warranty and comparable obligations, unless the data is stored in a customer account, for example for as long as it must be retained for statutory archiving reasons. The statutory retention period is seven years for tax-relevant documents as well as for commercial books, inventories, opening balance sheets, annual financial statements, work instructions and other organizational documents necessary for understanding these documents, and accounting vouchers. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, opening balance sheet, annual financial statements or management report was prepared, the commercial or business letter was received or sent, the accounting voucher was created, the record was made, or the other documents were created.
If we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between users and those providers.
Types of data processed: Master data, for example names and addresses; payment data, for example bank details, invoices, payment history; contact data, for example e-mail, telephone numbers; contract data, for example subject matter of contract, term, customer category; usage data, for example websites visited, interest in content, access times; meta, communication and procedural data, for example IP addresses, time information, identification numbers, consent status; audio recordings, telephone calls with our hotline.
Data subjects: Customers; prospective customers; business and contractual partners.
Purposes of processing: Provision of contractual services and customer service; security measures; contact requests and communication; office and organizational procedures; management and response to inquiries; conversion measurement, measurement of the effectiveness of marketing measures; profiles with user-related information, creation of user profiles.
Legal bases: Performance of a contract and pre-contractual inquiries, Art. 6 para. 1 sentence 1 lit. b GDPR; legal obligation, Art. 6 para. 1 sentence 1 lit. c GDPR; legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Further information on processing operations, procedures and services:
Customer account: Contractual partners may create an account within our Online Offering, for example a customer or user account, hereinafter referred to as “customer account”. If registration of a customer account is required, contractual partners will be informed of this as well as of the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration and subsequent logins and use of the customer account, we store the IP addresses of customers together with the times of access in order to prove registration and prevent possible misuse of the customer account. If customers have terminated their customer account, the data relating to the customer account will be deleted, unless its retention is required for legal reasons. Customers are responsible for backing up their data when terminating the customer account. Legal bases: Performance of a contract and pre-contractual inquiries, Art. 6 para. 1 sentence 1 lit. b GDPR.
Business analyses and market research: For business management reasons and in order to identify market trends and the wishes of contractual partners and users, we analyze the data available to us concerning business transactions, contracts, inquiries, configuration drafts for our products, garages, garden sheds, etc., and other matters. The group of data subjects may include contractual partners, prospective customers, customers, visitors and users of our Online Offering. The analyses are carried out for the purposes of business evaluations, marketing and market research, for example to determine customer groups with different characteristics. If available, we may take into account the profiles of registered users together with their information, for example regarding services used. The analyses serve only us and are not disclosed externally unless they are anonymous analyses with aggregated, anonymized values. Furthermore, we respect the privacy of users and process the data for analysis purposes as pseudonymously as possible and, where feasible, anonymously, for example as aggregated data. Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Shop and e-commerce: We process the data of our customers in order to enable them to select, configure, purchase or order the selected products, goods and related services, as well as to make payment and receive delivery or performance. If necessary for the execution of an order, we use service providers, in particular postal, freight forwarding and shipping companies, to carry out delivery or performance to our customers. We use the services of banks and payment service providers for the processing of payment transactions. The required information is marked as such during the order or comparable purchase process and includes the information needed for delivery or provision and billing, as well as contact information in order to be able to make any necessary inquiries. Legal bases: Performance of a contract and pre-contractual inquiries, Art. 6 para. 1 sentence 1 lit. b GDPR.
Craft services: We process the data of our customers and clients, hereinafter collectively referred to as “customers”, in order to enable them to select, purchase or commission the chosen services or works and related activities, as well as to make payment and receive delivery, execution or performance. The required information is marked as such during the order, booking or comparable conclusion of a contract and includes the information needed for delivery and billing, as well as contact information in order to be able to make any necessary inquiries.
Legal bases: Performance of a contract and pre-contractual inquiries, Art. 6 para. 1 sentence 1 lit. b GDPR.
Providers and Services Used in the Course of Business Activities
In the course of our business activities, we use additional services, platforms, interfaces or plugins from third-party providers, hereinafter referred to briefly as “services”, in compliance with legal requirements. Their use is based on our interests in proper, lawful and continuous control.
Types of data processed: Master data, for example names and addresses; payment data, for example bank details, invoices, payment history; contact data, for example e-mail, telephone numbers; content data, for example entries in online forms; contract data, for example subject matter of contract, term, customer category; audio recordings, telephone calls with our hotline.
Data subjects: Customers; prospective customers; users, for example website visitors and users; business and contractual partners.
Purposes of processing: Provision of contractual services and customer service; office and organizational procedures.
Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Credit Assessment
If we make advance performance or assume comparable economic risks, for example in the case of an order on account, we reserve the right, in order to protect our legitimate interests, to obtain identity and credit information for the purpose of assessing credit risk on the basis of mathematical-statistical procedures from specialized service providers, credit agencies.
We process the information received from credit agencies regarding the statistical probability of payment default as part of an appropriate discretionary decision on the establishment, implementation and termination of the contractual relationship. In the event of a negative result of the credit assessment, we reserve the right to refuse payment on account or other advance performance.
The decision as to whether we make advance performance is made in accordance with Art. 22 GDPR solely on the basis of an automated individual decision made by our software using the information from the credit agency.
Types of data processed: Master data, for example names and addresses; payment data, for example bank details, invoices, payment history; contact data, for example e-mail, telephone numbers; contract data, for example subject matter of contract, term, customer category; audio recordings, telephone calls with our hotline.
Data subjects: Customers.
Purposes of processing: Assessment of creditworthiness and credit standing.
Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Automated individual decisions: Credit information.
Provision of the Online Offering and Web Hosting
We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary in order to transmit the content and functions of our online services to the user’s browser or end device.
Types of data processed: Usage data, for example websites visited, interest in content, access times; meta, communication and procedural data, for example IP addresses, time information, identification numbers, consent status; content data, for example entries in online forms.
Data subjects: Users, for example website visitors and users of online services.
Purposes of processing: Provision of our Online Offering and user-friendliness, including our product configuration tools; information technology infrastructure, operation and provision of information systems and technical devices, computers, servers, etc.; security measures.
Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Further information on processing operations, procedures and services:
Provision of the Online Offering on rented storage space: For the provision of our Online Offering, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider, also called a web host. Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Collection of access data and log files: Access to our Online Offering is logged in the form of so-called server log files. Server log files may include the address and name of the accessed websites and files, date and time of access, amounts of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL, the previously visited page, and, as a rule, IP addresses and the requesting provider. Server log files may be used for security purposes, for example to prevent server overload, in particular in the event of abusive attacks, so-called DDoS attacks, and also to ensure server utilization and stability. Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR. Deletion of data: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is excluded from deletion until final clarification of the respective incident.
E-mail sending and hosting: The web hosting services we use also include the sending, receiving and storage of e-mails. For these purposes, the addresses of recipients and senders, as well as further information relating to e-mail transmission, for example the providers involved, and the content of the respective e-mails are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that e-mails on the internet are generally not sent in encrypted form. As a rule, e-mails are encrypted during transmission, but, unless end-to-end encryption is used, not on the servers from which they are sent and received. We therefore cannot assume responsibility for the transmission route of e-mails between the sender and receipt on our server. Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Registration, Login and User Account
Users can create a user account. During registration, users are informed of the required mandatory information and this information is processed for the purpose of providing the user account on the basis of contractual performance. The processed data includes, in particular, login information, username, password and an e-mail address.
When using our registration and login functions and the user account, we store the IP address and the time of the respective user action. This storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. As a general rule, this data is not passed on to third parties unless this is necessary to pursue our claims or there is a legal obligation to do so.
Users may be informed by e-mail about processes relevant to their user account, such as technical changes.
Types of data processed: Master data, for example names and addresses; contact data, for example e-mail, telephone numbers; content data, for example entries in online forms; meta, communication and procedural data, for example IP addresses, time information, identification numbers, consent status; audio recordings, telephone calls with our hotline.
Data subjects: Users, for example website visitors and users of online services.
Purposes of processing: Provision of contractual services and customer service; security measures; management and response to inquiries; provision of our Online Offering and user-friendliness.
Legal bases: Performance of a contract and pre-contractual inquiries, Art. 6 para. 1 sentence 1 lit. b GDPR; legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Further information on processing operations, procedures and services:
Registration with real names: Due to the nature of our community, we ask users to use our offering only under their real names. This means the use of pseudonyms is not permitted. Legal bases: Performance of a contract and pre-contractual inquiries, Art. 6 para. 1 sentence 1 lit. b GDPR.
User profiles are not public: User profiles are not publicly visible and are not accessible.
Setting the visibility of profiles: Users can determine by means of settings the extent to which their profiles are visible or accessible to the public or only to certain groups of persons. Legal bases: Performance of a contract and pre-contractual inquiries, Art. 6 para. 1 sentence 1 lit. b GDPR.
Blogs and Publication Media
We use blogs or comparable means of online communication and publication, hereinafter referred to as “publication medium”. Readers’ data is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. In all other respects, we refer to the information on the processing of visitors to our publication medium within this Privacy Policy.
Types of data processed: Master data, for example names and addresses; contact data, for example e-mail, telephone numbers; content data, for example entries in online forms; usage data, for example websites visited, interest in content, access times; meta, communication and procedural data, for example IP addresses, time information, identification numbers, consent status; audio recordings, telephone calls with our hotline.
Data subjects: Users, for example website visitors and users of online services.
Purposes of processing: Provision of contractual services and customer service; feedback, for example collecting feedback via online form; provision of our Online Offering and user-friendliness; security measures; management and response to inquiries.
Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Further information on processing operations, procedures and services:
Comments and posts: If users leave comments or other posts, their IP addresses may be stored on the basis of our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and posts, such as insults, prohibited political propaganda, etc. In such a case, we ourselves may be held liable for the comment or post and therefore have an interest in the identity of the author. Furthermore, we reserve the right, on the basis of our legitimate interests, to process users’ information for the purpose of spam detection. On the same legal basis, in the case of surveys, we reserve the right to store users’ IP addresses for the duration of the survey and to use cookies in order to avoid multiple votes. The personal information provided in the context of comments and posts, any contact and website information, as well as the content information, will be stored by us permanently until users object. Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Contact and Inquiry Management
When contacting us, for example by post, contact form, e-mail, telephone or via social media, as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to answer the contact inquiries and any requested measures.
Types of data processed: Contact data, for example e-mail, telephone numbers; content data, for example entries in online forms; usage data, for example websites visited, interest in content, access times; meta, communication and procedural data, for example IP addresses, time information, identification numbers, consent status.
Data subjects:
Purposes of processing: Contact requests and communication; management and response to inquiries; feedback, for example collecting feedback via online form; provision of our Online Offering and user-friendliness.
Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; performance of a contract and pre-contractual inquiries, Art. 6 para. 1 sentence 1 lit. b GDPR.
Further information on processing operations, procedures and services:
Contact form: If users contact us via our contact form, e-mail or other communication channels, we process the data provided to us in this context in order to handle the communicated matter. Legal bases: Performance of a contract and pre-contractual inquiries, Art. 6 para. 1 sentence 1 lit. b GDPR; legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Newsletter and Electronic Notifications
We send newsletters, e-mails and other electronic notifications, hereinafter referred to as “newsletters”, only with the consent of recipients or on the basis of legal permission. If the content of the newsletter is specifically described during registration for the newsletter, it is decisive for the users’ consent. Otherwise, our newsletters contain information about our services and about us.
To register for our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name for the purpose of personal address in the newsletter or further information if this is necessary for the purposes of the newsletter.
Double opt-in procedure: Registration for our newsletter generally takes place using a so-called double opt-in procedure. This means that, after registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register using third-party e-mail addresses. Newsletter registrations are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the registration and confirmation time as well as the IP address. Changes to your data stored with the mailing service provider are also logged.
Deletion and restriction of processing: We may store unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove previously given consent. Processing of this data is restricted to the purpose of possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the e-mail address solely for this purpose in a suppression list, so-called blocklist.
The logging of the registration process is carried out on the basis of our legitimate interests for the purpose of proving its proper execution. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.
Content:
Information about us, our services, promotions and offers.
Types of data processed: Master data, for example names and addresses; contact data, for example e-mail, telephone numbers; meta, communication and procedural data, for example IP addresses, time information, identification numbers, consent status; usage data, for example websites visited, interest in content, access times; audio recordings, telephone calls with our hotline.
Data subjects: Communication partners; users, for example website visitors and users of online services.
Purposes of processing: Direct marketing, for example by e-mail or post; provision of contractual services and customer service.
Legal bases: Consent, Art. 6 para. 1 sentence 1 lit. a GDPR.
Objection option, opt-out: You may unsubscribe from our newsletter at any time, meaning you may withdraw your consent or object to further receipt. You will find a link to unsubscribe from the newsletter either at the end of each newsletter or you may otherwise use one of the contact options stated above, preferably e-mail, for this purpose.
Further information on processing operations, procedures and services:
Measurement of opening and click rates: The newsletters contain a so-called web beacon, meaning a pixel-sized file that is retrieved from our server, or, if we use a mailing service provider, from that provider’s server, when the newsletter is opened. As part of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, is first collected. This information is used for the technical improvement of our newsletter on the basis of the technical data or the target groups and their reading behavior based on their retrieval locations, which can be determined using the IP address, or access times. This analysis also includes determining whether newsletters are opened, when they are opened and which links are clicked. This information is assigned to individual newsletter recipients and stored in their profiles until deletion. The evaluations help us recognize the reading habits of our users and adapt our content to them or send different content according to the interests of our users. Legal bases: Consent, Art. 6 para. 1 sentence 1 lit. a GDPR.
Requirement for using free services: Consent to the sending of mailings may be made a prerequisite for using free services, for example access to certain content or participation in certain promotions. If users wish to use the free service without registering for the newsletter, we ask them to contact us.
Promotional Communication by E-mail, Post, Fax or Telephone
We process personal data for the purposes of promotional communication, which may take place via various channels such as e-mail, telephone, post or fax, in accordance with legal requirements.
Recipients have the right to withdraw consents given at any time or to object to promotional communication at any time.
After withdrawal or objection, we store the data required to prove previous authorization for contact or sending for up to three years after the end of the year of withdrawal or objection on the basis of our legitimate interests. Processing of this data is restricted to the purpose of possible defense against claims. On the basis of the legitimate interest in permanently observing users’ withdrawal or objection, we also store the data necessary to prevent renewed contact, for example, depending on the communication channel, the e-mail address, telephone number, name.
Types of data processed: Master data, for example names and addresses; contact data, for example e-mail, telephone numbers; audio recordings, telephone calls with our hotline.
Data subjects: Communication partners.
Purposes of processing: Direct marketing, for example by e-mail or post.
Legal bases: Consent, Art. 6 para. 1 sentence 1 lit. a GDPR; legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Web Analytics, Monitoring and Optimization
Web analytics, also referred to as reach measurement, serves to evaluate visitor flows to our Online Offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our Online Offering, its functions or content are used most frequently or invite reuse. We can also determine which areas require optimization.
In addition to web analytics, we may also use testing procedures, for example to test and optimize different versions of our Online Offering or its components.
Unless otherwise stated below, profiles, meaning data summarized into one usage process, may be created for these purposes and information may be stored in a browser or on an end device and read from it. The collected information includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data vis-à-vis us or the providers of the services we use, location data may also be processed.
Users’ IP addresses are also stored. However, we use an IP masking procedure, meaning pseudonymization by shortening the IP address, to protect users. In general, no clear data of users, such as e-mail addresses or names, is stored in the context of web analytics, A/B testing and optimization, but rather pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.
Types of data processed: Usage data, for example websites visited, interest in content, access times; meta, communication and procedural data, for example IP addresses, time information, identification numbers, consent status.
Data subjects: Users, for example website visitors and users of online services.
Purposes of processing: Reach measurement, for example access statistics, recognition of returning visitors; profiles with user-related information, creation of user profiles; tracking, for example interest-based or behavior-based profiling, use of cookies; provision of our Online Offering and user-friendliness.
Security measures: IP masking, pseudonymization of the IP address.
Legal bases: Consent, Art. 6 para. 1 sentence 1 lit. a GDPR.
Further information on processing operations, procedures and services:
Google Analytics: Web analytics, reach measurement and measurement of user flows; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: Consent, Art. 6 para. 1 sentence 1 lit. a GDPR; website: https://marketingplatform.google.com/intl/de/about/analytics/; privacy policy: https://policies.google.com/privacy; data processing agreement: https://business.safety.google/adsprocessorterms; standard contractual clauses, safeguarding data protection level when processing in third countries: https://business.safety.google/adsprocessorterms; opt-out option: opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for display of advertisements: https://adssettings.google.com/authenticated; further information: https://privacy.google.com/businesses/adsservices, types of processing and processed data.
Customer Reviews and Rating Procedures
We participate in review and rating procedures in order to evaluate, optimize and promote our services. If users rate us or otherwise provide feedback via the participating rating platforms or procedures, the general terms and conditions or terms of use and privacy notices of the providers also apply. As a rule, a rating also requires registration with the respective providers.
In order to ensure that the persons providing ratings have actually used our services, we transmit, with the consent of customers, the data required for this purpose with regard to the customer and the service used to the respective rating platform, including name, e-mail address and order number or item number. This data is used solely to verify the authenticity of the user.
Types of data processed: Contract data, for example subject matter of contract, term, customer category; usage data, for example websites visited, interest in content, access times; meta, communication and procedural data, for example IP addresses, time information, identification numbers, consent status.
Data subjects: Customers; users, for example website visitors and users of online services.
Purposes of processing: Feedback, for example collecting feedback via online form; marketing.
Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Further information on processing operations, procedures and services:
Rating widget: We integrate so-called “rating widgets” into our Online Offering. A widget is a functional and content element integrated into our Online Offering that displays changing information. It may be displayed, for example, in the form of a seal or comparable element, sometimes also called a badge. The corresponding content of the widget is displayed within our Online Offering, but at that moment it is retrieved from the servers of the respective widget provider. This is the only way to always display the current content, especially the current rating. For this purpose, a data connection must be established from the website accessed within our Online Offering to the server of the widget provider, and the widget provider receives certain technical data, access data including IP address, that is necessary to deliver the content of the widget to the user’s browser. Furthermore, the widget provider receives information that users have visited our Online Offering. This information may be stored in a cookie and used by the widget provider to recognize which online offerings participating in the rating procedure have been visited by the user. The information may be stored in a user profile and used for advertising or market research purposes. Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Presence in Social Networks, Social Media
We maintain online presences within social networks and process users’ data in this context in order to communicate with users active there or to offer information about us.
We point out that users’ data may be processed outside the European Union. This may give rise to risks for users because, for example, the enforcement of users’ rights may be made more difficult.
Furthermore, users’ data within social networks is generally processed for market research and advertising purposes. For example, usage profiles may be created based on the usage behavior and resulting interests of users. The usage profiles may in turn be used, for example, to place advertisements inside and outside the networks that presumably correspond to users’ interests. For these purposes, cookies are generally stored on users’ computers, in which users’ usage behavior and interests are stored. Furthermore, data may also be stored in the usage profiles independently of the devices used by users, in particular if users are members of the respective platforms and are logged in to them.
For a detailed description of the respective forms of processing and the objection options, opt-out, we refer to the privacy policies and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we also point out that these can be most effectively asserted with the providers. Only the providers have access to users’ data and can directly take appropriate measures and provide information. If you nevertheless need assistance, you may contact us.
Types of data processed: Contact data, for example e-mail, telephone numbers; content data, for example entries in online forms; usage data, for example websites visited, interest in content, access times; meta, communication and procedural data, for example IP addresses, time information, identification numbers, consent status.
Data subjects: Users, for example website visitors and users of online services.
Purposes of processing: Contact requests and communication; feedback, for example collecting feedback via online form; marketing.
Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR.
Further information on processing operations, procedures and services:
Instagram: Social network; service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; website: https://www.instagram.com; privacy policy: https://instagram.com/about/legal/privacy.
Facebook pages: Profiles within the Facebook social network. We are jointly responsible with Meta Platforms Ireland Limited for the collection, but not the further processing, of data from visitors to our Facebook page, so-called fan page. This data includes information about the types of content users view or interact with, or the actions they take, see “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy, as well as information about the devices used by users, for example IP addresses, operating system, browser type, language settings, cookie data; see “Device information” in the Facebook Data Policy: https://www.facebook.com/policy. As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, so-called Page Insights, to page operators so that they can obtain insights into how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook, “Information about Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum, which regulates, in particular, which security measures Facebook must observe and in which Facebook has agreed to fulfill data subject rights, meaning that users may, for example, address requests for information or deletion directly to Facebook. Users’ rights, in particular to access, deletion, objection and complaint to the competent supervisory authority, are not restricted by the agreements with Facebook. Further information can be found in the “Information about Page Insights”, https://www.facebook.com/legal/terms/information_about_page_insights_data; service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy; standard contractual clauses, safeguarding data protection level when processing in third countries: https://www.facebook.com/legal/EU_data_transfer_addendum; further information: agreement on joint controllership: https://www.facebook.com/legal/terms/information_about_page_insights_data. Joint responsibility is limited to collection by and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which particularly concerns the transmission of data to the parent company Meta Platforms, Inc. in the USA, on the basis of standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.
LinkedIn: Social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; website: https://www.linkedin.com; privacy policy: https://www.linkedin.com/legal/privacy-policy; data processing agreement: https://legal.linkedin.com/dpa; standard contractual clauses, safeguarding data protection level when processing in third countries: https://legal.linkedin.com/dpa; opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Pinterest: Social network; service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; website: https://www.pinterest.com; privacy policy: https://policy.pinterest.com/de/privacy-policy; further information: Pinterest Data Sharing Addendum, Appendix A: https://business.pinterest.com/de/pinterest-advertising-services-agreement/.
X, formerly “Twitter”: Social network; service provider: European branch: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; parent company: X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; privacy policy: https://x.com/en/privacy; settings: https://x.com/personalization.
YouTube: Social network and video platform; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; privacy policy: https://policies.google.com/privacy; opt-out option: https://adssettings.google.com/authenticated.
Xing: Social network; service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; website: https://www.xing.de; privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
Plugins and Embedded Functions and Content
We integrate functional and content elements into our Online Offering that are obtained from the servers of their respective providers, hereinafter referred to as “third-party providers”. These may include, for example, graphics, videos or city maps, hereinafter collectively referred to as “content”.
Integration always requires that the third-party providers of this content process users’ IP addresses, because without the IP address they would not be able to send the content to the users’ browsers. The IP address is therefore required for displaying this content or these functions. We endeavor to use only content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags, invisible graphics also referred to as web beacons, for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on users’ devices and may include, among other things, technical information about the browser and operating system, referring websites, visit time and further information on the use of our Online Offering, and may also be linked with such information from other sources.
Types of data processed: Usage data, for example websites visited, interest in content, access times; meta, communication and procedural data, for example IP addresses, time information, identification numbers, consent status; master data, for example names and addresses; contact data, for example e-mail, telephone numbers; content data, for example entries in online forms; location data, information about the geographical position of a device or person; event data, Facebook. “Event data” is data that may be transmitted by us to Facebook, for example via Facebook Pixel, via apps or by other means, and relates to persons or their actions. The data includes, for example, information about visits to websites, interactions with content, functions, app installations, purchases of products, etc. Event data is processed for the purpose of creating target groups for content and advertising information, custom audiences. Event data does not include the actual content, such as comments written, no login information and no contact information, meaning no names, e-mail addresses or telephone numbers. Event data is deleted by Facebook after a maximum of two years; the target groups formed from it are deleted when our Facebook account is deleted.
Data subjects: Users, for example website visitors and users of online services.
Purposes of processing: Provision of our Online Offering and user-friendliness; marketing; profiles with user-related information, creation of user profiles.
Legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; consent, Art. 6 para. 1 sentence 1 lit. a GDPR.
Further information on processing operations, procedures and services:
Facebook plugins and content: Facebook social plugins and content. These may include, for example, content such as images, videos or texts and buttons with which users can share content from this Online Offering within Facebook. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/. We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt, in the context of a transmission, but not the further processing, of event data that Facebook collects or receives in the context of a transmission via Facebook social plugins and embedding functions for content executed on our Online Offering, for the following purposes: a) displaying content and advertising information that corresponds to users’ presumed interests; b) delivering commercial and transactional messages, for example addressing users via Facebook Messenger; c) improving ad delivery and personalization of functions and content, for example improving recognition of which content or advertising information presumably corresponds to users’ interests. We have concluded a special agreement with Facebook, “Controller Addendum”, https://www.facebook.com/legal/controller_addendum, which regulates, in particular, which security measures Facebook must observe, https://www.facebook.com/legal/terms/data_security_terms, and in which Facebook has agreed to fulfill data subject rights, meaning that users may, for example, address requests for information or deletion directly to Facebook. Note: If Facebook provides us with measurements, analyses and reports, which are aggregated, meaning they contain no information about individual users and are anonymous to us, this processing does not take place within the framework of joint responsibility, but on the basis of a data processing agreement, “Data Processing Terms”, https://www.facebook.com/legal/terms/dataprocessing, the “Data Security Terms”, https://www.facebook.com/legal/terms/data_security_terms, and, with regard to processing in the USA, on the basis of standard contractual clauses, “Facebook EU Data Transfer Addendum”, https://www.facebook.com/legal/EU_data_transfer_addendum. Users’ rights, in particular to access, deletion, objection and complaint to the competent supervisory authority, are not restricted by the agreements with Facebook. Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; legal bases: Consent, Art. 6 para. 1 sentence 1 lit. a GDPR; website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy.
Google Fonts, obtained from Google servers: Provision of fonts and symbols for the purpose of technically secure, maintenance-free and efficient use of fonts and symbols with regard to up-to-dateness and loading times, uniform display and consideration of possible licensing restrictions. The provider of the fonts receives the user’s IP address so that the fonts can be made available in the user’s browser. In addition, technical data, language settings, screen resolution, operating system, hardware used, is transmitted, which is necessary for the provision of the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA. When visiting our Online Offering, users’ browsers send their browser HTTP requests to the Google Fonts Web API, meaning a software interface for retrieving fonts. The Google Fonts Web API provides users with the cascading style sheets, CSS, of Google Fonts and then the fonts specified in the CSS. These HTTP requests include: 1. the IP address used by the respective user for internet access; 2. the requested URL on the Google server; and 3. the HTTP headers, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referrer URL, meaning the web page on which the Google font is to be displayed. IP addresses are neither logged nor stored on Google servers and are not analyzed. The Google Fonts Web API logs details of the HTTP requests, requested URL, user agent and referrer URL. Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wishes to load fonts. This data is logged so that Google can determine how often a particular font family is requested. For the Google Fonts Web API, the user agent must adapt the font generated for the respective browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts “Analytics” page. Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations based on the number of font requests can be generated. According to Google, Google does not use any of the information collected by Google Fonts to create profiles of end users or to display targeted advertisements. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; website: https://fonts.google.com/; privacy policy: https://policies.google.com/privacy; further information: https://developers.google.com/fonts/faq/privacy?hl=de.
Google Maps: We integrate the maps of the “Google Maps” service provided by Google. The processed data may include, in particular, users’ IP addresses and location data. Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; website: https://mapsplatform.google.com/; privacy policy: https://policies.google.com/privacy.
Instagram plugins and content: Instagram plugins and content. These may include, for example, content such as images, videos or texts and buttons with which users can share content from this Online Offering within Instagram. We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt, in the context of a transmission, but not the further processing, of event data that Facebook collects or receives in the context of a transmission via Instagram functions, for example embedding functions for content, executed on our Online Offering, for the following purposes: a) displaying content and advertising information that corresponds to users’ presumed interests; b) delivering commercial and transactional messages, for example addressing users via Facebook Messenger; c) improving ad delivery and personalization of functions and content, for example improving recognition of which content or advertising information presumably corresponds to users’ interests. We have concluded a special agreement with Facebook, “Controller Addendum”, https://www.facebook.com/legal/controller_addendum, which regulates, in particular, which security measures Facebook must observe, https://www.facebook.com/legal/terms/data_security_terms, and in which Facebook has agreed to fulfill data subject rights, meaning that users may, for example, address requests for information or deletion directly to Facebook. Note: If Facebook provides us with measurements, analyses and reports, which are aggregated, meaning they contain no information about individual users and are anonymous to us, this processing does not take place within the framework of joint responsibility, but on the basis of a data processing agreement, “Data Processing Terms”, https://www.facebook.com/legal/terms/dataprocessing, the “Data Security Terms”, https://www.facebook.com/legal/terms/data_security_terms, and, with regard to processing in the USA, on the basis of standard contractual clauses, “Facebook EU Data Transfer Addendum”, https://www.facebook.com/legal/EU_data_transfer_addendum. Users’ rights, in particular to access, deletion, objection and complaint to the competent supervisory authority, are not restricted by the agreements with Facebook. Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; website: https://www.instagram.com; privacy policy: https://instagram.com/about/legal/privacy.
LinkedIn plugins and content: LinkedIn plugins and content. These may include, for example, content such as images, videos or texts and buttons with which users can share content from this Online Offering within LinkedIn. Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; website: https://www.linkedin.com; privacy policy: https://www.linkedin.com/legal/privacy-policy; data processing agreement: https://legal.linkedin.com/dpa; standard contractual clauses, safeguarding data protection level when processing in third countries: https://legal.linkedin.com/dpa; opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Pinterest plugins and content: Pinterest plugins and content. These may include, for example, content such as images, videos or texts and buttons with which users can share content from this Online Offering within Pinterest. Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; website: https://www.pinterest.com; privacy policy: https://policy.pinterest.com/de/privacy-policy.
X plugins and content: X plugins and buttons. These may include, for example, content such as images, videos or texts and buttons with which users can share content from this Online Offering within X. Service provider: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; parent company: X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; website: https://x.com/de; privacy policy: https://x.com/privacy; settings: https://x.com/personalization.
YouTube videos: Video content; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; website: https://www.youtube.com; privacy policy: https://policies.google.com/privacy; opt-out option: opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for display of advertisements: https://adssettings.google.com/authenticated.
YouTube videos: Video content. YouTube videos are embedded via a special domain, recognizable by the component “youtube-nocookie”, in the so-called “extended data protection mode”, whereby no cookies relating to user activities are collected in order to personalize video playback. Nevertheless, information about user interaction with the video, for example remembering playback progress, may be stored. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: Legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR; website: https://www.youtube.com; privacy policy: https://policies.google.com/privacy.
Amendment and Updating of the Privacy Policy
We ask you to inform yourself regularly about the content of our Privacy Policy. We adapt the Privacy Policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part, for example consent, or other individual notification.
Where we provide addresses and contact information of companies and organizations in this Privacy Policy, please note that addresses may change over time and we ask you to check the information before contacting them.
Rights of Data Subjects
As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
Right to object: You have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you that is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions. If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing purposes, including profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw consents given at any time.
Right of access: You have the right to request confirmation as to whether data concerning you is being processed, to obtain information about this data, and to receive further information and a copy of the data in accordance with legal requirements.
Right to rectification: In accordance with legal requirements, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
Right to deletion and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be deleted without undue delay, or alternatively, in accordance with legal requirements, to request restriction of processing of the data.
Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with legal requirements, or to request its transmission to another controller.
Complaint to supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the provisions of the GDPR.
Supervisory authority responsible for us:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Tel: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
www.dsb.gv.at
Definitions
In this section you will find an overview of the terms used in this Privacy Policy. Many of the terms are taken from the law and are defined primarily in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are sorted alphabetically.
Credit information: Automated decisions are based on automatic data processing without human intervention, for example in the case of an automatic rejection of a purchase on account, an online loan application or an online application process without any human involvement. Under Art. 22 GDPR, such automated decisions are permissible only if data subjects consent, if they are necessary for the performance of a contract, or if national laws allow these decisions.
Conversion measurement: Conversion measurement, also referred to as visit action analysis, is a procedure used to determine the effectiveness of marketing measures. As a rule, a cookie is stored on users’ devices within the websites on which marketing measures take place and then retrieved again on the target website. For example, this allows us to determine whether the advertisements we placed on other websites were successful.
Personal data: “Personal data” means any information relating to an identified or identifiable natural person, hereinafter “data subject”. A natural person is considered identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, for example cookie, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiles with user-related information: The processing of “profiles with user-related information”, or “profiles” for short, includes any type of automated processing of personal data that consists of using this personal data to analyze, evaluate or predict certain personal aspects relating to a natural person, for example interests in certain content or products, click behavior on a website or location. Cookies and web beacons are frequently used for profiling purposes.
Reach measurement: Reach measurement, also referred to as web analytics, serves to evaluate visitor flows to an Online Offering and may include visitors’ behavior or interests in certain information, such as website content. With the help of reach analysis, website owners can, for example, recognize at what time users visit their website and what content they are interested in. This enables them, for example, to better adapt the content of the website to visitors’ needs. For reach analysis purposes, pseudonymous cookies and web beacons are frequently used in order to recognize returning visitors and thus obtain more accurate analyses of the use of an Online Offering.
Location data: Location data is generated when a mobile device or another device with the technical requirements for location determination connects to a radio cell, Wi-Fi or similar technical intermediaries and location-determining functions. Location data is used to indicate the geographically determinable position on earth at which the respective device is located. Location data may be used, for example, to display map functions or other location-dependent information.
Tracking: “Tracking” refers to the ability to trace users’ behavior across multiple online offerings. As a rule, behavioral and interest information with regard to the online offerings used is stored in cookies or on the servers of the providers of tracking technologies, so-called profiling. This information can then be used, for example, to display advertisements to users that are likely to correspond to their interests.
Controller: “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
Processing: “Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data, whether collection, evaluation, storage, transmission or deletion.
