This Data Privacy Statement explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as "Data") that occurs within the scope of our online presence and its associated websites, functions and content as well as on our external online profiles, e.g. our social media profiles (collectively referred to as "Online Offerings"). In respect of the terminology used, e.g. "personal data" or the "processing" thereof, we refer to the definitions given in Article 4 of the EU General Data Protection Regulation (GDPR).
Contact data (e.g. email addresses, telephone numbers).
Content (e.g. text inputs)
We do not process any special categories of data.
Prospective and current visitors to and users of our Online Offering. Affected persons will hereinafter be collectively referred to as "Users".
Provision of the Online Offering and its content and functions.
Responding to contact requests and communicating with users.
As at: 13.05.2018
Pursuant to the provisions of Art. 13 EU GDPR, we are required to disclose the legal basis underlying our data processing practices. Insofar as this legal basis is not specifically referred to within the privacy statement, the following applies: The legal basis for obtaining permissions is Art. 6 (1) lit. a and Art. 7 GDPR; the legal basis for the processing of data for rendering our services, implementing contractual measures and answering queries is Art. 6 (1) lit. b GDPR; the legal basis for the processing of data for fulfilling our contractual obligations is Art. 6 (1) lit. c GDPR and the legal basis for the processing of data for securing our legitimate interests is Art. 6 (1) lit. f GDPR. In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 (1) lit. d GDPR applies as the legal basis.
We ask you to check back regularly for changes to the content of this Privacy Statement. We will adjust the Privacy Statement whenever changes to our data processing practices require it. We will notify you as soon as your involvement (e.g. your consent) is required as a result of these changes, or when personal notification becomes necessary for other reasons.
In accordance with the provisions of Art. 32 GDPR, we pursue appropriate technical and organisational measures to guarantee a level of protection commensurate to the nature and extent of the risk, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of data processing, as well as the probability and severity of the risk to the rights and freedoms of natural persons. Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling not only physical access to the data, but also the retrieval, input, disclosure, availability and separation of data. Further to this, we have established procedures to protect the exercise of data subject rights, the right to data deletion and the response to data threats. We also take the protection of personal data into account when developing and/or selecting hardware, software and procedures in accordance with the principle of data protection by design and default (Art. 25 GDPR).
Our security measures include the encrypted transfer of data between your browser and our server.
4.1. Insofar as we disclose, transfer or otherwise grant access to data to other persons and companies (contracted data processors or third parties) within the scope of our data processing, this will occur on the basis of legal authorisation (e.g. when a transfer of the data to third parties such as payment providers is required for the performance of a contract pursuant to Art. 6 (1) lit. b GDPR), on the basis of your consent, where we have a legal obligation to do so or on the basis of our legitimate interests (e.g. in the engagement of agents, web hosting providers, etc.) 4.2. Insofar as we engage third parties to process data on the basis of a "data processing agreement", this will occur on the basis of Art. 28 GDPR.
Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or disclose or transmit data to third parties in the context of our engagement of third party services, this will occur only for the purpose of fulfilling (pre-)contractual obligations, on the basis of your consent, where we have a legal obligation to do so or on the basis of our legitimate interests. Subject to legal or contractual authorisation, we will process or have the data processed in a third country only if the special conditions of Art. 44 ff. GDPR are fulfilled. This might, for example, include the processing of data on the basis of special guarantees, such as an established level of data protection that corresponds to that required by the EU (e.g. "Privacy Shield" for the USA) or the observation of officially recognised special contractual obligations (so-called "standard contractual clauses").
6.1. In accordance with Art. 15 GDPR, you have the right to ask for confirmation as to whether particular data is being processed and to receive information about this data; you also have the right to receive further information and a copy of the data.
6.2. In accordance with Art. 16 GDPR, you have the right to have incomplete personal data completed or to obtain rectification of inaccurate personal data about your person.
6.3. In accordance with Art. 17 GDPR, you have the right to request that data about you is deleted immediately or, alternatively, to request that the processing of this data is restricted in accordance with Art. 18 GDPR.
6.4. You have the right to request to receive, in a structured, commonly-used and machine-readable format, the data which concerns you and has been provided by you to us, and to request that this data be transmitted to another data controller.
6.5. Pursuant to Art. 77 GDPR, you also have the right submit a complain to the relevant supervisory authority.
In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent for the processing of data at any time with future effect.
In accordance with Art. 21 GDPR, you can object to the future processing of your data at any time. This objection may, in particular, be made against processing for direct advertising purposes.
The data processed by us is deleted or its processing restricted according to the provisions of Art. 17 und 18 GDPR. Insofar as nothing to the contrary has been explicitly specified in this Data Privacy Statement, data stored by us is deleted as soon as it is no longer needed for its intended purpose and if its deletion does not contravene statutory retention requirements. Insofar as the the data is not deleted on account of being needed for other, legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for any other purposes. Among other things, this applies to data that is required to be retained for reasons under commercial and tax law.
10.1. Germany: In accordance with statutory requirements, data falling under § 257 (1) of the German Commercial Code (trading books, inventories, opening balance sheets, annual accounts, business correspondence, accounting records, etc.) will be stored for 6 years, while data falling under § 147 (1) of the German Fiscal Code (accounts, records, management reports, accounting records, commercial and business correspondence, documents relevant for taxation, etc.) will be stored for 10 years.
10.2. Austria: In accordance with statutory requirements, data falling under § 132 (1) of the Austrian Federal Fiscal Code (accounting documents, receipts and invoices, accounts, supporting documents, commercial documents, statements of income and expenditure) will be stored for 7 years, while data pertaining to real property will be stored for 22 years. Data pertaining to the provision of electronically rendered, telecommunication, radio and TV services to non-commercial entities in EU countries for which the EU VAT Mini One Stop Shop (MOSS) scheme has been invoked will be stored for 10 years.
11.1. When a user establishes contact with us (via contact form or email), the user's details are processed in accordance with Art. 6 (1) lit. b GDPR for the purpose of handling the contact request.
11.2. The user's details may be stored in our customer relationship management system ("CRM System") or in a similar system for the management of inquiries.
12.1. On the basis of our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR, we collect data about every instance of access to the server on which this service is located ("server log files"). Access data includes the name of the webpage being accessed, the file, the date and time of access, the volume of data transmitted, the notification of successful access, the browser type and version, the user's operating system, the referring URL (previously visited webpage), the IP address and the provider issuing the request.
12.2. Log file information is stored for a maximum of seven days for security purposes (e.g. to clarify any issues relating to misuse or fraud prevention) and will then be deleted. Data whose further storage is required for evidentiary purposes will be exempt from deletion until such time as the respective incident has been brought to a conclusion.
13.1. Cookies are information that is transmitted to the web browsers of users by our web server or by the web servers of third parties and stored there in order to be accessed at a later date. Cookies can take the form of small files or means of storing information.
13.3. If a user does not wish cookies to be stored on their computer, they are requested to deactivate the corresponding option in the system settings of their browser. Previously stored cookies can also be deleted in the browser settings. Please note that the blocking of cookies can lead to limitations in the functions of our Online Offerings.
14.1. The "Facebook pixel" is used within our Online Offerings on the basis of and for the purpose of our legitimate interest in the analysis, optimisation and commercial operation of our Online Offerings. The Facebook pixel is provided by the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
14.2. Facebook is certified under the Privacy Shield agreement, which means that it offers a guarantee of adherence to European data privacy law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
14.3. The Facebook pixel enables Facebook to identify visitors to our Online Offerings as a target audience for displaying ads (known as "Facebook ads"). Accordingly, we use the Facebook pixel to enable us to display our Facebook ads only to those Facebook users who have demonstrated an interest in our Online Offerings or exhibit the specific characteristics (e.g interests in specific topics or products, as determined by the websites they visit) that we have transmitted to Facebook ("custom audiences"). In addition, we use the Facebook pixel to ensure that our Facebook ads correspond to the potential interests of the respective user and are not perceived as bothersome or annoying. Finally, we use the Facebook pixel to review the effectiveness of Facebook ads for statistical and market research purposes, which we do by monitoring whether users have been referred to our website by clicking on a Facebook ad ("conversion").
14.5. You have the right to object to the collection of data by the Facebook pixel and the use of your data for displaying Facebook ads. To choose which types of ads are displayed to you on Facebook, you can adjust your ad settings by following the advice on Facebook's Settings page: https://www.facebook.com/settings?tab=ads. These settings are platform-independent, which means that they are applied for all devices, including desktop computers and mobile devices.
15.1. On the basis of our legitimate interests (e.g. in the interest of the analysis, optimisation and commercial operation of our Online Offerings within the meaning of Art. 6 (1) lit. f GDPR), we use social plugins ("Plugins") from the social network facebook.com, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). These plugins may take the form of interactive elements or content (e.g. videos, graphics or texts) and can be identified by means of the Facebook logo (white "f" on a blue tile), the terms "Like" or a "thumbs-up" symbol or with the supplementary text "Facebook Social Plugin". A list of Facebook social plugins and their appearance can be viewed here: https://developers.facebook.com/docs/plugins/.
15.2. Facebook is certified under the Privacy Shield agreement, which means that it offers a guarantee of adherence to European data privacy law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
15.3. When a user accesses a function of these Online Offerings containing such a plugin, their device establishes a direct connection to Facebook's servers. The content of the plugin is transmitted directly from Facebook to the user's device and is integrated into the respective Online Offering by the device. As part of this process, the processed data can then be used to create a user profile for the user. As such, we have no influence on the scope of the data collected by Facebook using the plugin and can only provide information to our users according to the best of our knowledge.
15.4. As a result of the plugin, Facebook receives the information that a user has accessed that particular page of the Online Offering. If the user is logged into Facebook at the time, Facebook can assign their visit to their user account. If a user interacts with the plugins - for example, by pressing the Like button or leaving a comment - the information is transmitted directly from their device to Facebook and stored there. If the user is not a member of Facebook, there is still the possibility that Facebook will discover and store their IP address. According to information provided by Facebook, IP addresses are only stored in Germany in a pseudonymised form.
15.6. If a user is a member of Facebook and does not wish Facebook to collect data about them via our Online Offerings and link it to their user data on Facebook, they must log out of Facebook and delete their cookies before visiting our Online Offerings. Other settings and objections in respect of the use of data for advertising purposes can adjusted within the Facebook profile settings: https://www.facebook.com/settings?tab=ads. Alternatively, it can be done via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. These settings are platform-independent, which means that they are applied across all devices, including desktop computers and mobile devices.
16.1. On the basis of our legitimate interests (e.g. in the interest of the analysis, optimisation and commercial operation of our Online Offerings within the meaning of Art. 6 (1) lit. f GDPR), we integrate the content and service offerings of third party providers (e.g. videos and fonts, hereinafter collectively referred to as "Content") into our Online Offerings. This requires that the third-party providers of this Content have access to the IP addresses of our users, since otherwise, they would not be able to send this Content to their browsers. We endeavour only to use Content whereby the respective provider uses the IP address solely for the delivery of the Content. Third parties may also use so-called "pixel tags" (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. These pixel tags can be used to evaluate information such as visitor traffic on this website. The pseudonymous information may also be stored in cookies on the user's device and may contain information including but not limited to technical information about the browser and operating system, referring web page, time of visit and other information regarding the use of our Online Offerings, as well as to link this information with similar information from other sources.
16.2. The following provides an overview of third-party providers, their content and links to their data privacy policies. These policies contain further information on the processing of data and ways in which the user can object to this processing ("opt-out"), some of which have already been covered here: