Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process for what purposes and to what extent within the framework of providing our application.

The terms used are not gender-specific.

Last updated: August 11, 2024

Controller

Adi Hütter, MBA
Bergstraße 20
7082 Donnerskirchen

Authorized Representatives: Adi Hütter, MBA

Email Address: adi@thebeekeeper.at

Phone: +43 670 407 1977

Imprint: https://www.thebeekeeper.at/impressum/

Overview of Processing

The following overview summarizes the types of data processed and the purposes for which they are processed, and refers to the affected persons.

Types of Data Processed

Inventory data.
Payment data.
Location data.
Contact data.
Content data.
Contract data.
Usage data.
Meta, communication, and procedural data.
Log data.

Categories of Affected Persons

Recipients of services and contractors.
Interested parties.
Communication partners.
Users.
Business and contractual partners.

Purposes of Processing

Provision of contractual services and fulfillment of contractual obligations.
Communication.
Security measures.
Direct marketing.
Reach measurement.
Tracking.
Office and organizational procedures.
Audience building.
Organizational and administrative procedures.
Feedback.
Marketing.
Profiles with user-related information.
Provision of our online offering and user-friendliness.
Information technology infrastructure.
Public relations.
Sales promotion.
Business processes and economic procedures.

Relevant Legal Bases

Relevant Legal Bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we base the processing of personal data. Please note that in addition to the regulations of the GDPR, national data protection provisions in your or our country of residence may apply. If specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6(1)(a) GDPR) – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6(1)(c) GDPR) – The processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6(1)(f) GDPR) – The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

National Data Protection Regulations in Austria: In addition to the data protection regulations of the GDPR, national data protection regulations in Austria apply. This includes, in particular, the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains special provisions, in particular, regarding the right to access, the right to rectification or deletion, the processing of special categories of personal data, the processing for other purposes, and the transfer and automated decision-making in individual cases.

Note on the applicability of GDPR and Swiss DSG: These data protection notices serve both to provide information under the Swiss Data Protection Act (DSG) and the General Data Protection Regulation (GDPR). Therefore, please note that due to the broader spatial application and understanding, the terms of the GDPR are used. In particular, instead of the terms “processing” of “personal data”, “overriding interest”, and “special categories of personal data” used in the Swiss DSG, the terms “processing” of “personal data” as well as “legitimate interest” and “special categories of data” used in the GDPR are used. However, the legal meaning of the terms will still be determined according to the Swiss DSG in the context of the applicability of the Swiss DSG.

Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, transfer, securing availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and response to data threats. We also take into account the protection of personal data in the development or selection of hardware, software, and procedures according to the principle of data protection by design and by default.

Transfer of Personal Data

In the course of our processing of personal data, it may happen that the data is transferred to other entities, companies, legally independent organizational units, or persons or disclosed to them. Recipients of this data may include, for example, service providers tasked with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)), or if the processing occurs within the framework of the use of third-party services or disclosure or transfer of data to other persons, entities, or companies, this is done only in accordance with legal requirements. If the data protection level in the third country is recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers occur only if the data protection level is otherwise ensured, particularly through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in the case of contractual or legally required transfers (Art. 49(1) GDPR). Otherwise, we will inform you of the basis for third-country transfers for individual providers from the third country, whereby adequacy decisions take priority. Information on third-country transfers and existing adequacy decisions can be found in the information provided by the EU Commission: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

EU-US Trans-Atlantic Data Privacy Framework: As part of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA as safe within the framework of the adequacy decision of 10.07.2023. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We will inform you as part of the data protection notices which service providers used by us are certified under the Data Privacy Framework.

General Information on Data Retention and Deletion

We delete personal data that we process in accordance with the legal requirements as soon as the underlying consent is revoked or there are no further legal bases for processing. This applies to cases where the original purpose of processing no longer exists or the data is no longer needed. Exceptions to this rule exist when legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax reasons or whose storage is necessary for legal prosecution or the protection of the rights of other natural or legal persons must be archived accordingly.

Our data protection notices contain additional information on the retention and deletion of data that applies specifically to certain processing activities.

If multiple retention periods or deletion deadlines are provided for specific data, the longest period shall always apply.

If a period does not explicitly start on a specific date and is at least one year, it will automatically start at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships within which data is stored, the triggering event is the date on which the termination becomes effective or any other termination of the legal relationship.

Data that is no longer needed for the originally intended purpose but is retained due to legal requirements or other reasons is processed exclusively for the reasons that justify its retention.

Further Notes on Processing Activities, Procedures, and Services:

Retention and Deletion of Data: The following general periods apply under Austrian law for retention and archiving:
- 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, booking documents, and invoices, as well as all required work instructions and other organizational documents (Federal Tax Code (BAO §132), Austrian Commercial Code (UGB §§190-212)).
- 6 years – Other business documents: Received commercial or business letters, copies of sent commercial or business letters, and other documents relevant to taxes, such as hourly wage records, operational accounting records, calculation documents, price labels, and wage accounting documents, unless they are already booking documents and cash register strips (Federal Tax Code (BAO §132), Austrian Commercial Code (UGB §§190-212)).
- 3 years – Data required to consider potential warranty and damage compensation claims or similar contractual claims and rights, as well as associated inquiries, based on previous business experiences and common industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB).

Rights of Data Subjects

Rights of Data Subjects under the GDPR: As data subjects under the GDPR, you are entitled to various rights, which are particularly derived from Articles 15 to 21 GDPR:

Right to Object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
Right to Withdraw Consent: You have the right to withdraw consent at any time.
Right of Access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.
Right to Rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
Right to Deletion and Restriction of Processing: You have the right, in accordance with legal requirements, to request the immediate deletion of data concerning you or, alternatively, to request the restriction of processing of the data in accordance with legal requirements.
Right to Data Portability: You have the right to receive the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to request its transmission to another controller, in accordance with legal requirements.
Right to Lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the requirements of the GDPR.

Business Services

We process data from our contractual and business partners, such as customers and interested parties (collectively referred to as “contractual partners”), within the framework of contractual and comparable legal relationships and associated measures, and in relation to communication with the contractual partners (or pre-contractually), for example, to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any obligations to update, and remedies in the event of warranty and other performance disruptions. Furthermore, we use the data to protect our rights and for the purposes of administrative tasks and corporate organization associated with these obligations. We also process the data based on our legitimate interests in proper and economic business management and in security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other support services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Further forms of processing, such as for marketing purposes, will be communicated to the contractual partners within this privacy policy.

We inform the contractual partners of the data required for the aforementioned purposes before or during the data collection process, for example, in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks), or in person.

We delete the data after the expiration of statutory warranty and similar obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal reasons (e.g., for tax purposes, usually ten years). Data that is disclosed to us in the course of an order by the contractual partner will be deleted according to the specifications and generally after the end of the order.

Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or phone numbers); contract data (e.g., contract subject, duration, customer category); usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
Affected Persons: Recipients of services and contractors; interested parties. Business and contractual partners.
Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures. Business processes and economic procedures.
Retention and Deletion: Deletion according to the information provided in the section “General Information on Data Retention and Deletion”.
Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes on Processing Activities, Procedures, and Services:

Online Shop, Order Forms, E-Commerce, and Delivery: We process the data of our customers to enable them to select, purchase, or order the chosen products, goods, and associated services, as well as to pay for them and to deliver, or execute them. If necessary for the execution of an order, we use service providers, in particular postal, freight, and shipping companies, to carry out the delivery or execution of the services to our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required information is marked as such in the context of the order or similar purchase process and includes the information necessary for delivery or provision and billing, as well as contact information to enable any necessary communication; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).
Craft Services: We process the data of our customers and contractors (hereinafter collectively referred to as “customers”) to enable them to select, purchase, or commission the chosen services or works and associated activities as well as to pay for and deliver or execute or provide them.
The required information is marked as such in the context of the order, contract, or similar contract conclusion and includes the information necessary for delivery and billing, as well as contact information to enable any necessary communication; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Payment Procedures

As part of contractual and other legal relationships, due to legal obligations, or otherwise based on our legitimate interests, we offer affected persons efficient and secure payment options and use other service providers in addition to banks and credit institutions (collectively “payment service providers”).

The data processed by the payment service providers include inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs, and checksums, as well as the contractual, total, and recipient-related information. This data is required to carry out the transactions. The data entered is only processed by the payment service providers and stored by them. This means that we do not receive any account or credit card-related information, but only information confirming or denying the payment. In some cases, the data may be transmitted to credit agencies by the payment service providers. This transmission is intended to verify identity and creditworthiness. For this purpose, we refer to the terms and conditions and privacy notices of the payment service providers.

The payment transactions are subject to the terms and conditions and privacy notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and to assert withdrawal, information, and other data subject rights.

Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contract data (e.g., contract subject, duration, customer category); usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). Contact data (e.g., postal and email addresses or phone numbers).
Affected Persons: Recipients of services and contractors; business and contractual partners. Interested parties.
Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations. Business processes and economic procedures.
Retention and Deletion: Deletion according to the information provided in the section “General Information on Data Retention and Deletion”.
Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes on Processing Activities, Procedures, and Services:

Amazon Payments: Payment services (technical connection of online payment methods); Service Provider: Amazon Payments Europe S.C.A. 38 avenue J.F. Kennedy, L-1855 Luxembourg; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website: https://pay.amazon.de/. Privacy Policy: https://pay.amazon.de/help/201212490.
American Express: Payment services (technical connection of online payment methods); Service Provider: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website: https://www.americanexpress.com/de/. Privacy Policy: https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.
Apple Pay: Payment services (technical connection of online payment methods); Service Provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website: https://www.apple.com/de/apple-pay/. Privacy Policy: https://www.apple.com/legal/privacy/de-ww/.
Mastercard: Payment services (technical connection of online payment methods); Service Provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website: https://www.mastercard.de/de-de.html. Privacy Policy: https://www.mastercard.de/de-de/datenschutz.html.
PayPal: Payment services (technical connection of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website: https://www.paypal.com/de. Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Visa: Payment services (technical connection of online payment methods); Service Provider: Visa Europe Services Inc., Zweigniederlassung London, 1 Sheldon Square, London W2 6TT, GB; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR); Website: https://www.visa.de; Privacy Policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html. Basis for Third-Country Transfers: Adequacy Decision (GB).

Provision of Online Services and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

Types of Data Processed: Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). Log data (e.g., log files regarding logins or data retrieval or access times).
Affected Persons: Users (e.g., website visitors, users of online services).
Purposes of Processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).). Security measures.
Retention and Deletion: Deletion according to the information provided in the section “General Information on Data Retention and Deletion”.
Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes on Processing Activities, Procedures, and Services:

Collection of Access Data and Log Files: Access to our online offering is logged in the form of so-called “server log files”. Server log files may include the address and name of the accessed websites and files, date and time of access, transferred data volumes, message about successful access, browser type and version, the operating system of the user, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. The server log files may be used for security purposes, e.g., to avoid server overload (especially in case of abusive attacks, so-called DDoS attacks), and to ensure the server’s stability and load balancing; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR). Deletion of Data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident is finally resolved.

Use of Cookies

Cookies are small text files or other memory markers that store and retrieve information on end devices. For example, to save the login status in a user account, a shopping cart content in an e-shop, the accessed content, or used functions of an online offering. Cookies can also be used for different purposes, such as ensuring the functionality, security, and comfort of online offerings, as well as for creating analyses of visitor flows.

Information on Consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not required by law. Permission is not required, particularly if the storage and retrieval of information, including cookies, is strictly necessary to provide the users with a telemedia service (i.e., our online offering) that they have expressly requested. The revocable consent is clearly communicated to them and includes information about the respective cookie usage.

Information on Data Protection Legal Bases: The legal basis on which we process the personal data of users using cookies depends on whether we ask for their consent. If the users agree, the legal basis for the use of their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the economic operation of our online offering and the improvement of its usability) or, if this is necessary for the fulfillment of our contractual obligations, when the use of cookies is required to fulfill our contractual obligations. We provide information about the purposes for which the cookies are used in the course of this privacy policy or within our consent and processing processes.

Storage Duration: In terms of storage duration, the following types of cookies are distinguished:

Temporary Cookies (also known as Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).
Permanent Cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved and preferred content displayed directly when the user revisits a website. Likewise, user data collected using cookies may be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., within the framework of obtaining consent), they should assume that these are permanent cookies and the storage duration may last up to two years.

General Information on Withdrawal and Objection (Opt-Out): Users can withdraw the consents they have given at any time and also object to the processing according to legal requirements, including via the privacy settings of their browser.

Types of Data Processed: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
Affected Persons: Users (e.g., website visitors, users of online services).
Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR). Consent (Art. 6(1)(a) GDPR).

Further Notes on Processing Activities, Procedures, and Services:

Processing of Cookie Data Based on Consent: We use a consent management solution where users’ consent for the use of cookies or the procedures and providers mentioned in the consent management solution is obtained. This procedure serves to obtain, log, manage, and withdraw consents, particularly concerning the use of cookies and similar technologies used to store, retrieve, and process information on users’ end devices. In the course of this procedure, the users’ consents for the use of cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management procedure, are obtained. Users also have the opportunity to manage and withdraw their consents. The consent declarations are stored to avoid asking again and to provide proof of consent as required by law. Storage is done server-side and/or in a cookie (so-called opt-in cookie) or by similar technologies to assign the consent to a specific user or their device. If no specific information about the providers of consent management services is provided, the following general information applies: The storage duration of consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, the scope of the consent (e.g., concerning categories of cookies and/or service providers), as well as information about the browser, the system, and the device used; Legal Bases: Consent (Art. 6(1)(a) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, email, phone, or via social media) and within existing user and business relationships, the information provided by the inquiring persons is processed to the extent necessary to respond to the contact inquiries and any requested actions.

Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and contributions as well as information related to them, such as author information or creation time); usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
Affected Persons: Communication partners.
Purposes of Processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online forms). Provision of our online offering and user-friendliness.
Retention and Deletion: Deletion according to the information provided in the section “General Information on Data Retention and Deletion”.
Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR). Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further Notes on Processing Activities, Procedures, and Services:

Contact Form: When contacting us via our contact form, by email, or through other communication channels, we process the personal data provided to us to respond and handle the respective request. This typically includes information such as name, contact information, and any additional information provided to us that is necessary for appropriate handling. We use this data exclusively for the stated purpose of contact and communication; Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter “newsletters”) only with the consent of the recipients or based on a legal basis. If the contents of the newsletter are specifically described in the context of a registration, they are decisive for the users’ consent. Normally, providing your email address is sufficient for signing up for our newsletter. However, to offer you a personalized service, we may request your name for a personal address in the newsletter or additional information if necessary for the newsletter’s purpose.

Deletion and Restriction of Processing: We may retain the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, to be able to provide proof of previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist (so-called “blocklist”).

The logging of the registration process is carried out based on our legitimate interests to ensure proper execution. If we engage a service provider to send emails, this is done based on our legitimate interests in an efficient and secure delivery system.

Content:

Information about us, our services, promotions, and offers.

Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
Affected Persons: Communication partners.
Purposes of Processing: Direct marketing (e.g., via email or post).
Retention and Deletion: 3 years – contractual claims (AT) (Data required to consider potential warranty and damage compensation claims or similar contractual claims and rights, as well as associated inquiries, are stored for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB).). 10 years – contractual claims (CH) (Data required to consider potential damage compensation claims or similar contractual claims and rights, as well as for handling associated inquiries, based on previous business experiences and common industry practices, are stored for the duration of the statutory limitation period of ten years, unless a shorter period of 5 years is applicable, which may be relevant in certain cases (Art. 127, 130 OR)).
Legal Bases: Consent (Art. 6(1)(a) GDPR).
Opt-Out: You can unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to unsubscribe from the newsletter can be found either at the end of each newsletter or by using one of the contact options provided above, preferably email.

Further Notes on Processing Activities, Procedures, and Services:

Measurement of Opening and Click Rates: The newsletters contain a so-called “web beacon”, i.e., a pixel-sized file that is retrieved from our or the server of our email service provider when the newsletter is opened. As part of this retrieval, technical information, such as browser and system information, as well as your IP address and the time of retrieval, is initially collected. This information is used to technically improve our newsletter based on the technical data or the target groups and their reading habits based on their access locations (which can be determined using the IP address) or the access times. This analysis also includes determining whether and when the newsletters are opened and which links are clicked. The information is assigned to individual newsletter recipients and stored in their profiles until deletion. The evaluations are used to recognize the reading habits of our users and to tailor our content to them or to send different content according to the interests of our users. The measurement of opening and click rates and the storage of the measurement results in the users’ profiles – This text area must be unlocked with a premium license. – premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text premium text ; Legal Bases: Consent (Art. 6(1)(a) GDPR).

Promotional Communication via Email, Mail, Fax or Phone

We process personal data for the purposes of promotional communication, which can be carried out through various channels, such as email, phone, mail, or fax, in accordance with legal requirements.

Recipients have the right to withdraw consent or object to promotional communication at any time.

After withdrawal or objection, we store the data required to prove previous authorization to contact or send for up to three years after the end of the year in which the withdrawal or objection was made based on our legitimate interests. The processing of this data is limited to the purpose of potential defense against claims. Based on the legitimate interest in permanently considering the withdrawal or objection of users, we also store the data necessary to prevent further contact (e.g., depending on the communication channel, the email address, phone number, name).

Types of Data Processed: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or phone numbers). Content data (e.g., textual or visual messages and contributions as well as information related to them, such as author information or creation time).
Affected Persons: Communication partners.
Purposes of Processing: Direct marketing (e.g., via email or post); marketing. Sales promotion.
Retention and Deletion: Deletion according to the information provided in the section “General Information on Data Retention and Deletion”.
Legal Bases: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Web Analytics, Monitoring, and Optimization

Web analytics (also referred to as “reach measurement”) is used to evaluate the visitor flows of our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach measurement, we can, for example, recognize when our online offering or its functions or content are most frequently used or invite reuse. We can also use this information to determine which areas need optimization.

In addition to web analytics, we may use testing procedures, such as A/B testing, to test and optimize different versions of our online offering or its components.

Unless otherwise stated, profiles (i.e., summarized data for a usage process) can be created and information can be stored in a browser or a device and then retrieved. The information collected includes, in particular, visited websites and used elements, as well as technical information, such as the used browser, the used computer system, and information about usage times. If users have agreed to the collection of their location data with us or with the providers of the services we use, it is also possible to process location data.

In addition, users’ IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, the data collected as part of web analytics, A/B testing, and optimization does not store clear data of users (such as email addresses or names) but pseudonyms. This means that neither we nor the providers of the used software know the actual identity of the users, but only the data stored in their profiles for the purposes of the respective procedures.

Information on Legal Bases: If we ask users for their consent to use third-party services, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Types of Data Processed: Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
Affected Persons: Users (e.g., website visitors, users of online services).
Purposes of Processing: Reach measurement (e.g., access statistics, recognition of returning visitors); profiles with user-related information (creating user profiles). Provision of our online offering and user-friendliness.
Retention and Deletion: Deletion according to the information provided in the section “General Information on Data Retention and Deletion”. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on users’ devices for up to two years.).
Security Measures: IP masking (pseudonymization of the IP address).
Legal Bases: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes on Processing Activities, Procedures, and Services:

Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any clear data, such as names or email addresses. It is used to associate analytical information with a device to recognize which content users have accessed within one or more usage processes, which search terms they have used, or how they have interacted with our online offering. The time of use and its duration, as well as the sources of users who refer to our online offering, and the technical aspects of their devices and browsers, are also stored.
Pseudonymous profiles of users are created using cookies, which may be used for various devices. Google Analytics does not log or store individual IP addresses for EU users. Analytics provides broad geolocation data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU data traffic, IP address data is used solely for deriving geolocation data and is immediately deleted afterward. It is not logged, accessible, or used for other purposes. When Google Analytics collects measurement data, all IP queries are conducted on EU-based servers before traffic is forwarded to Analytics servers for processing; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security Measures: IP masking (pseudonymization of the IP address); Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis for Third-Country Transfers: Data Privacy Framework (DPF); Opt-Out: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertisements: https://myadcenter.google.com/personalizationoff. Further Information: https://business.safety.google/adsservices/ (Types of processing as well as processed data).

Online Marketing

We process personal data for the purpose of online marketing, which may include, in particular, the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on potential user interests and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called “cookie”) or similar procedures are used, by means of which the relevant user information for the presentation of the aforementioned content is stored. This information may include, for example, viewed content, visited websites, used online networks, as well as communication partners and technical information, such as the used browser, the used computer system, and information about usage times and used functions. If users have consented to the collection of their location data, this may also be processed.

Furthermore, users’ IP addresses are stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored within the framework of online marketing procedures but pseudonyms. This means that neither we nor the providers of the online marketing procedures know the actual identity of the users, only the data stored in their profiles for the purposes of the respective procedures.

The information in the profiles is usually stored in the cookies or by similar methods. These cookies may later be generally read on other websites that use the same online marketing procedure, analyzed for the purpose of displaying content, and supplemented with additional data and stored on the server of the online marketing procedure provider.

In exceptional cases, clear data may be assigned to the profiles, particularly if users are members of a social network that we use and the network connects the profiles with the aforementioned information. We ask you to note that users may enter into additional agreements with the providers, e.g., by consenting during registration.

We generally only receive access to aggregated information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., to the conclusion of a contract with us. Conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, please assume that the cookies used are stored for a period of two years.

Information on Legal Bases: If we ask users for their consent to use third-party services, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economic, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Information on Withdrawal and Objection:

We refer to the data protection notices of the respective providers and the opt-out options provided by the providers (so-called “opt-out”). If no explicit opt-out option has been specified, there is the option to disable cookies in the settings of your browser. However, this may limit the functions of our online offering. Therefore, we additionally recommend the following opt-out options, which are offered regionally aggregated:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://www.youradchoices.ca/choices.

c) USA: https://www.aboutads.info/choices.

d) Cross-regional: https://optout.aboutads.info.

Types of Data Processed: Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
Affected Persons: Users (e.g., website visitors, users of online services).
Purposes of Processing: Reach measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest/behavior-based profiling, use of cookies); audience building; marketing. Profiles with user-related information (creating user profiles).
Retention and Deletion: Deletion according to the information provided in the section “General Information on Data Retention and Deletion”. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on users’ devices for up to two years.).
Security Measures: IP masking (pseudonymization of the IP address).

Customer Reviews and Evaluation Procedures

We participate in review and evaluation procedures to evaluate, optimize, and advertise our services. When users review us on the participating review platforms or provide feedback in other ways, the terms and conditions or usage and privacy policies of the providers apply. As a rule, a review also requires registration with the respective providers.

To ensure that the reviewers are actual customers of our services, we transmit the data necessary for this purpose regarding the customer and the service used to the respective review platform (including name, email address, and order or item number) with the customer’s consent. This data is used solely for verifying the authenticity of the user.

Types of Data Processed: Contract data (e.g., contract subject, duration, customer category); usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
Affected Persons: Recipients of services and contractors. Users (e.g., website visitors, users of online services).
Purposes of Processing: Feedback (e.g., collecting feedback via online forms). Marketing.
Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Social Media Presences

We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about us.

We point out that user data may be processed outside the territory of the European Union. This can result in risks for the users, for example, because it could make it more difficult to enforce the users’ rights.

Furthermore, the data of the users within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can, in turn, be used to display advertisements inside and outside the networks that presumably correspond to the users’ interests. For these purposes, cookies are usually stored on the users’ devices, in which the usage behavior and interests of the users are stored. Furthermore, data can also be stored in the usage profiles independently of the devices used by the users (especially if they are members of the respective platforms and are logged in there).

For a detailed description of the respective processing forms and the opt-out options, we refer to the privacy statements and information provided by the operators of the respective networks.

Also, in the case of requests for information and the assertion of data subject rights, we point out that these can most effectively be asserted with the providers. Only the providers have access to the user data and can take appropriate measures directly and provide information. Should you still need assistance, you can contact us.

Types of Data Processed: Contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and contributions as well as information related to them, such as author information or creation time). Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
Affected Persons: Users (e.g., website visitors, users of online services).
Purposes of Processing: Communication; feedback (e.g., collecting feedback via online forms). Public relations.
Retention and Deletion: Deletion according to the information provided in the section “General Information on Data Retention and Deletion”.
Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes on Processing Activities, Procedures, and Services:

Instagram: Social network, enables the sharing of photos and videos, commenting on and favoriting posts, messaging, subscribing to profiles and pages; Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for Third-Country Transfers: Data Privacy Framework (DPF).
Facebook Pages: Profiles within the social network Facebook – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content that users view or interact with, or the actions they take (see “Things done and provided by you and others” in Facebook’s Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device information” in Facebook’s Data Policy: https://www.facebook.com/privacy/policy/). As explained in Facebook’s Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, called “Page Insights,” to page operators so that they can gain insights into how people interact with their pages and the associated content. We have entered into a special agreement with Facebook (“Page Insights Information,” https://www.facebook.com/legal/terms/page_controller_addendum), which regulates, in particular, what security measures Facebook must observe and in which Facebook has agreed to fulfill data subject rights (i.e., users can, for example, request information or deletion directly from Facebook). The rights of users (in particular, the right to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Page Insights Information” (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint responsibility is limited to the collection by and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which, in particular, concerns the transfer of data to the parent company Meta Platforms, Inc. in the USA; Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for Third-Country Transfers: Data Privacy Framework (DPF).
LinkedIn: Social network – We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not further processing) of data from visitors, created for the purposes of generating “Page Insights” (statistics) for our LinkedIn profiles.
This data includes information about the types of content that users view or interact with, or the actions they take, as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data) and information from users’ profiles, such as job function, country, industry, hierarchy level, company size, and employment status. Privacy information on the processing of user data by LinkedIn can be found in LinkedIn’s privacy notices: https://www.linkedin.com/legal/privacy-policy
We have entered into a special agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum (the ‘Addendum’)”, https://legal.linkedin.com/pages-joint-controller-addendum), which regulates, in particular, what security measures LinkedIn must observe and in which LinkedIn has agreed to fulfill data subject rights (i.e., users can, for example, request information or deletion directly from LinkedIn). The rights of users (in particular, the right to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection of data by and transmission to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of Ireland Unlimited Company, which, in particular, concerns the transfer of data to the parent company LinkedIn Corporation in the USA; Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for Third-Country Transfers: Data Privacy Framework (DPF). Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Plug-ins and Embedded Functions and Content

We integrate functional and content elements into our online offering that are retrieved from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include graphics, videos, or city maps (hereinafter referred to as “content”).

Integration always requires that the third-party providers of this content process the IP address of the users, as they would not be able to send the content to their browser without the IP address. The IP address is, therefore, necessary for displaying this content or functions. We make every effort to use only those contents whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through the “pixel tags”, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit times, and other information about the use of our online offering, as well as being combined with such information from other sources.

Types of Data Processed: Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons). Location data (information about the geographical position of a device or person).
Affected Persons: Users (e.g., website visitors, users of online services).
Purposes of Processing: Provision of our online offering and user-friendliness.
Retention and Deletion: Deletion according to the information provided in the section “General Information on Data Retention and Deletion”. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods can be stored on users’ devices for up to two years.).
Legal Bases: Consent (Art. 6(1)(a) GDPR). Legitimate interests (Art. 6(1)(f) GDPR).

Further Notes on Processing Activities, Procedures, and Services:

Google Fonts (Retrieved from Google Server): Retrieval of fonts (and symbols) for a technically secure, maintenance-free, and efficient use of fonts and symbols regarding timeliness and loading times, their uniform display, and consideration of possible licensing restrictions. The IP address of the user is communicated to the provider of the fonts so that the fonts can be made available to the user’s browser. In addition, technical data (language settings, screen resolution, operating system, used hardware) is transmitted, which is necessary for providing the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA – When visiting our online offering, users’ browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with the cascading style sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent that describes the browser and operating system versions of the website visitors, as well as the referrer URL (i.e., the website on which the Google font is to be displayed). IP addresses are not logged or stored on Google servers, nor are they analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families the user wants to load fonts for. This data is logged so that Google can determine how often a particular font family is requested. With the Google Fonts Web API, the user agent must adjust the font generated for the respective browser type. The user agent is logged primarily for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the “Analytics” page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations based on the number of font requests can be generated. According to its own information, Google does not use any of the information collected by Google Fonts to create profiles of end users or to display targeted advertisements; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Basis for Third-Country Transfers: Data Privacy Framework (DPF). Further Information: https://developers.google.com/fonts/faq/privacy?hl=de.
Google Maps: We integrate maps from the “Google Maps” service provided by Google. The data processed may include, in particular, IP addresses and location data of the users; Service Provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Bases: Consent (Art. 6(1)(a) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basis for Third-Country Transfers: Data Privacy Framework (DPF).

Modification and Update

We ask you to regularly inform yourself about the content of our privacy policy. We adjust the privacy policy as soon as changes in our data processing make this necessary. We will inform you as soon as changes require your cooperation (e.g., consent) or other individual notifications.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time, and please check the information before contacting us.