Privacy Policy

Data processing agreement (DPA)

In this section, we would like to explain what a data processing agreement is and why it is necessary. Because the term "data processing agreement" is quite a tongue twister, we will often use the acronym DPA in this text. Like most companies, we do not work alone; we also use the services of other companies or individuals. By involving various companies or service providers, we may pass on personal data for processing. These partners then act as data processors, with whom we conclude a contract, the so-called data processing agreement (DPA). The most important thing for you to know is that the processing of your personal data is carried out exclusively in accordance with our instructions and must be regulated by the DPA.

Who are data processors?

As a company and website owner, we are responsible for all data we process from you. In addition to controllers, there may also be so-called processors. This includes any company or individual that processes personal data on our behalf. More precisely, and according to the GDPR definition: any natural or legal person, public authority, agency, or other body that processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft. To better understand the terminology, here is an overview of the three roles in the GDPR: Affected person (You as a customer or interested party) → Person responsible (we as a company and client) → Processor (Service providers such as web hosts or cloud providers)

Content of a data processing agreement

As mentioned above, we have concluded a Data Processing Agreement (DPA) with our partners who act as data processors. This agreement stipulates, above all, that the data processor will process the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing; however, in this context, electronic contract conclusion is also considered "written." Personal data is only processed on the basis of the contract. The contract must contain the following:

• Commitment to us as responsible parties
• Obligations and rights of the controller
• Categories of data subjects
• Type of personal data
• Type and purpose of data processing
• Subject and duration of data processing
• Place of data processing

Furthermore, the contract contains all obligations of the processor. The most important obligations are:

• To ensure data security measures
• to take possible technical and organizational measures to protect the rights of the data subject
• to maintain a data processing register
• to cooperate with the data protection supervisory authority upon request
• to carry out a risk analysis with regard to the personal data received
• Sub-processors may only be commissioned with the written consent of the controller

You can find out what such an AVV looks like in concrete terms at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html A sample contract is presented here.

Cookies

Cookies Summary 👥 Affected parties: Website visitors 🤝 Purpose: Depends on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie. 📓 Data processed: Depends on the respective cookie used. You can find more details below or from the manufacturer of the software that sets the cookie. 📅 Storage period: Depends on the respective cookie; can vary from hours to years ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used so that you can better understand the following privacy policy. Whenever you surf the internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies. One thing is undeniable: cookies are really useful little helpers. Almost all websites use cookies. To be precise, they are HTTP cookies, as there are other cookies for other purposes too. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically stored in the cookie folder, which is essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more additional attributes must be specified. Cookies store certain user data from you, such as language or personal site settings. When you visit our site again, your browser transmits the “user-related” information back to our site. Cookies allow our website to recognize you and offer you the settings you're used to. In some browsers, each cookie is stored in its own file; in others, such as Firefox, all cookies are stored in a single file. The following graphic shows a possible interaction between a web browser, such as Chrome, and the web server. The web browser requests a website and receives a cookie from the server, which the browser uses again when another page is requested. There are both first-party and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other "malware." Cookies also cannot access information on your PC. For example, cookie data might look like this: Name: _ga Value: GA1.2.1326744211.152123021836-9 Purpose of use: Differentiation of website visitors Expiry date: after 2 years These are the minimum sizes a browser should be able to support:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use specifically depends on the services used and is explained in the following sections of this privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies. There are four types of cookies: Essential cookies These cookies are necessary to ensure basic website functions. For example, these cookies are needed when a user adds a product to their shopping cart, then continues browsing to other pages and only proceeds to checkout later. These cookies ensure that the shopping cart is not deleted even when the user closes their browser window. Purposeful cookies These cookies collect information about user behavior and whether the user receives any error messages. These cookies also measure the loading time and behavior of the website in different browsers. Targeted cookies These cookies improve user experience. For example, entered locations, font sizes, or form data are saved. Advertising cookies These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very useful, but also very annoying. Typically, when you first visit a website, you will be asked which of these cookie types you wish to accept. And, of course, this decision will also be saved in a cookie. If you would like to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments from the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the specific cookie. You can find more details below or contact the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small helpers for a variety of tasks. Unfortunately, it's not possible to generalize what data is stored in cookies, but we will inform you about the data processed and stored in the following privacy policy.

Storage period of cookies

The storage period depends on the respective cookie and is further specified below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years. You also have control over the storage period. You can manually delete all cookies via your browser at any time (see also "Right of objection" below). Furthermore, cookies based on consent will be deleted at the latest after you revoke your consent, although the legality of their storage remains unaffected until then.

Right of objection – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of the service or website from which the cookies originate, you always have the option to delete, disable, or only partially accept cookies. For example, you can block third-party cookies but allow all other cookies. If you want to find out which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can do so in your browser settings: Chrome: Delete, enable, and manage cookies in Chrome Safari: Managing cookies and website data with Safari Firefox: Clear cookies to remove data that websites have stored on your computer Internet Explorer: Deleting and managing cookies Microsoft Edge: Delete and manage cookies If you don't want cookies at all, you can set your browser to always notify you when a cookie is about to be set. This allows you to decide for each individual cookie whether or not to accept it. The process varies depending on your browser. The best way to find instructions is to search for "delete cookies in Chrome" or "disable cookies in Chrome" in the case of a Chrome browser.

Legal basis

The so-called “Cookie Guidelines” have been in existence since 2009. They state that the storage of cookies is a consent (Article 6 (1) (a) GDPR). However, reactions to these guidelines vary considerably across EU countries. In Austria, however, this directive was implemented in Section 165 (3) of the Telecommunications Act (2021). In Germany, the cookie guidelines were not implemented as national law. Instead, this directive was largely implemented in Section 15 (3) of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024. For absolutely necessary cookies, even if no consent has been given, legitimate interests (Article 6 (1) (f) GDPR), which in most cases are of an economic nature. We want to give website visitors a pleasant user experience and for this, certain cookies are often absolutely necessary. If non-essential cookies are used, this only happens with your consent. The legal basis in this respect is Article 6 (1) (a) GDPR. In the following sections, you will be informed in more detail about the use of cookies, provided that the software used uses cookies.

Application data

Application data summary 👥 Data subjects: Users who apply for a job with us 🤝 Purpose: Processing an application process 📓 Data processed: Name, address, contact details, email address, telephone number, proof of qualifications (certificates), possibly special category data. 📅 Storage period: If the application is successful, until the end of the employment relationship. Otherwise, the data will be deleted after the application process or stored for a certain period with your consent. ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), legitimate interest (Art. 6 (1) (f) GDPR), Art. 6 (1) (b) GDPR (contract), Art. 9 (2) (a) GDPR (processing of special categories)

What are application data?

You can apply for a position with us via email, online form, or through a recruiting tool. All data we receive and process from you as part of an application counts as application data. In doing so, you always provide personal information such as your name, date of birth, address, and telephone number.

Why do we process application data?

We process your data so that we can conduct a proper selection process for the advertised position. We are also happy to keep your application documents in our application archive. Often, for a variety of reasons, a collaboration for the advertised position doesn't work out, but we are impressed by you and your application and can very well imagine working together in the future. If you give us your consent, we will archive your documents so that we can easily contact you for future tasks within our company. We guarantee that we will handle your data with the utmost care and always process it only within the legal framework. Even within our company, your data will only be passed on to people who are directly involved with your application. In short: Your data is safe with us!

What data is processed?

If, for example, you apply to us by email, we will of course also receive personal data, as mentioned above. Even the email address counts as personal data. However, during the application process, only the data relevant to our decision as to whether or not we want to welcome you to our team is processed. The exact data processed depends primarily on the job advertisement. However, this usually includes your name, date of birth, contact details, and proof of qualifications. If you submit your application via an online form, the data will be sent to us in encrypted form. If you send us your application by email, this encryption does not take place. We cannot therefore accept any responsibility for the transmission method. However, once the data is on our servers, we are responsible for its lawful handling. During the application process, in addition to the data mentioned above, information about your health or ethnic origin may be requested so that we and you can exercise your rights with regard to labor law, social security, and social protection, while also fulfilling the corresponding obligations. This data is considered special category data. Here is a list of possible data we receive and process from you:

• name
• Contact address
• E-mail address
• Telephone number
• birth date
• Information provided in the cover letter and CV
• Proof of qualifications (e.g.) certificates
• Special category data (e.g. ethnic origin, health data, religious beliefs)
• Usage data (websites visited, access data, etc.)
• Metadata (IP address, device information)

How long is the data stored?

If we take you on as a team member in our company, your data will be further processed for the purpose of the employment relationship and stored with us at least until the employment relationship ends. All application documents will then be added to your employee file. If we do not offer you the position, you reject our offer, or withdraw your application, we can retain your data for up to 6 months after the end of the application process based on our legitimate interest (Art. 6 (1) (f) GDPR). After that, both your electronic data and all data from physical application documents will be completely deleted or destroyed. We retain your data, for example, so that we can answer any further queries or so that we can provide evidence of your application in the event of a legal dispute. If legal proceedings arise and we still need the data after the 6 months have expired, we will only delete the data when there is no longer any reason to retain it. If there are statutory retention periods to be met, we must generally store the data for longer than 6 months. Furthermore, we can retain your data for longer periods if you have given specific consent. We do this, for example, if we can envision working with you in the future. In this case, it is helpful to have your data archived so that we can easily reach you. In this case, the data will be added to our applicant pool. Of course, you can revoke your consent to retain your data for a longer period at any time. If you do not revoke your consent and do not provide new consent, your data will be deleted after two years at the latest.

Legal basis

The legal basis for the processing of your data is Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (b) GDPR (contract or pre-contractual measures), Art. 6 (1) (f) GDPR (legitimate interests) and Art. 9 (2) (a) GDPR (processing of special categories of data). If we include you in our applicant tool, this is done on the basis of your consent (Art. 6 (1) (a) GDPR). We would like to point out that your consent to our application pool is voluntary, has no influence on the application process and you have the option of revoking your consent at any time. The legality of the processing up to the time of revocation remains unaffected. In the event of the protection of vital interests, data processing is carried out in accordance with Art. 9 (2) (c) GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, healthcare or social care, or the administration of healthcare or social systems and services, personal data is processed in accordance with Article 9 (2) (h) GDPR. If you voluntarily provide special category data, processing is based on Article 9 (2) (a) GDPR.

Web hosting introduction

Web hosting summary 👥 Affected parties: Website visitors 🤝 Purpose: Professional website hosting and operational security 📓 Data processed: IP address, time of website visit, browser used, and other data. Further details can be found below or from the respective web hosting provider. 📅 Storage period: Depends on the respective provider, but usually 2 weeks ⚖️ Legal basis: Art. 6 (1) (f) GDPR (Legitimate interests)

What is web hosting?

When you visit websites these days, certain information – including personal data – is automatically created and stored, and this website is no exception. This data should be processed as sparingly as possible and only with justification. By website, we mean the totality of all web pages on a domain, i.e. everything from the start page (homepage) to the very last subpage (like this one). By domain, we mean example.de or musterbeispiel.com, for example. If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply call them browsers or web browsers. To display the website, the browser must connect to another computer where the website code is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why it is usually handled by professional providers. They offer web hosting and thus ensure reliable and error-free storage of website data. A lot of technical terms, but please stay tuned, it gets better! When the browser connects to your computer (desktop, laptop, tablet, or smartphone) and during data transfer to and from the web server, personal data may be processed. While your computer stores data, the web server also needs to store data for a while to ensure proper operation. A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional website hosting and operational security
2. to maintain operational and IT security
3. Anonymous evaluation of access behavior to improve our service and, if necessary, for criminal prosecution or the pursuit of claims

What data is processed?

Even while you are currently visiting our website, our web server, which is the computer on which this website is stored, usually automatically saves data such as

• the complete Internet address (URL) of the website accessed
• Browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/)
• the hostname and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
• Date and time
• in files, the so-called web server log files

How long is data stored?

As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not share this data, but we cannot rule out the possibility that it may be viewed by authorities in the event of illegal behavior. In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we will not share your data without your consent!

Legal basis

The legality of the processing of personal data within the framework of web hosting arises from Art. 6 (1) (f) GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary to present the company securely and user-friendly on the Internet and to be able to pursue attacks and claims arising from this if necessary. A contract for order processing in accordance with Art. 28 f. GDPR generally exists between us and the hosting provider, which ensures compliance with data protection and guarantees data security.

Hetzner Privacy Policy

We use Hetzner, among other web hosting providers, for our website. The service provider is the German company Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. You can learn more about the data processed through the use of Hetzner in the privacy policy on https://www.hetzner.com/de/legal/privacy-policy.

Data processing agreement (DPA) Hetzner

We have entered into a data processing agreement (DPA) with Hetzner pursuant to Article 28 of the General Data Protection Regulation (GDPR). You can find out exactly what a DPA is and, above all, what must be included in a DPA in our general section "DPA". This agreement is required by law because Hetzner processes personal data on our behalf. It clarifies that Hetzner may only process data it receives from us in accordance with our instructions and must comply with the GDPR. The link to the data processing agreement (DPA) can be found at https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.

Web Analytics Introduction

Web Analytics Privacy Policy Summary 👥 Affected parties: Website visitors 🤝 Purpose: Evaluation of visitor information to optimize the website. 📓 Data processed: Access statistics, which contain data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. You can find more details in the respective web analytics tool used. 📅 Storage period: Depends on the web analytics tool used ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is web analytics?

We use software on our website to evaluate the behavior of website visitors, known as web analytics or web analysis for short. This data is collected and stored, managed and processed by the respective analytics tool provider (also known as a tracking tool). This data is used to create analyses of user behavior on our website and make it available to us as the website operator. In addition, most tools offer various testing options. For example, we can test which offers or content are most popular with our visitors. To do this, we show you two different offers for a limited period of time. After the test (a so-called A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as for other analytics procedures, user profiles can be created and the data stored in cookies.

Why do we use web analytics?

We have a clear goal in mind with our website: to provide the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting offering on the market, while also ensuring that you feel completely at home on our website. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our web offering for you and us. For example, we can determine the average age of our visitors, where they come from, when our website is most visited, or which content or products are particularly popular. All of this information helps us optimize the website and thus adapt it to your needs, interests, and wishes.

What data is processed?

Which data is stored depends, of course, on the analysis tools used. However, as a rule, information such as the content you view on our website, the buttons or links you click, when you access a page, the browser you use, the device (PC, tablet, smartphone, etc.) you use to visit the website, and the computer system you use is stored. If you have agreed to the collection of location data, this can also be processed by the web analysis tool provider. Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored pseudonymously (i.e., in an unrecognizable and shortened form). For the purposes of testing, web analysis, and web optimization, no direct data such as your name, age, address, or email address is stored. All of this data, if collected, is stored pseudonymously. This means that you cannot be identified as an individual. The following example shows schematically how Google Analytics works as an example of client-based web tracking with JavaScript code. How long the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website again; other cookies can store data for several years.

Duration of data processing

We will inform you below about the duration of data processing, as soon as we have further information. Generally, we only process personal data for as long as it is absolutely necessary to provide our services and products. If required by law, such as in the case of accounting, this retention period may be exceeded.

Right of objection

You also have the right and option to revoke your consent to the use of cookies or third-party services at any time. This can be done either via our cookie management tool or through other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained with our cookie popup. This consent is, according to Art. 6 (1) (a) GDPR (consent) The legal basis for the processing of personal data, as may occur when collected through web analytics tools, is: In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. With the help of web analytics, we can detect errors on the website, identify attacks, and improve efficiency. The legal basis for this is Art. 6 (1) (f) GDPR (Legitimate Interests)However, we only use these tools if you have given your consent. Since web analytics tools use cookies, we recommend that you also read our general privacy policy regarding cookies. To learn exactly which of your data is stored and processed, you should read the privacy policies of the respective tools. Information on specific web analytics tools, where available, can be found in the following sections.

Matomo On-Premise Privacy Policy

Matomo On-Premise Privacy Policy Summary 👥 Affected parties: Website visitors 🤝 Purpose: Evaluation of visitor information to optimize the website. 📓 Data processed: Data such as the number of visitors to the website, page views, length of stay, or search terms used. More details can be found below and in the Matomo On-Premise privacy policy. 📅 Storage period: We generally store data for as long as required for business purposes. ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is Matomo On-Premise?

We use the privacy-friendly analysis program Matomo On-Premise on our website. With the on-premise version, Matomo is installed on our own server. This means that we act as the operator of the software, and any data we may collect from you is stored directly by us. Data processing therefore remains entirely in our hands. The tool is manufactured by the New Zealand company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. Matomo On-Premise is a web analysis platform that takes data protection very seriously and yet provides us, as the website operator, with precise statistics about your behavior on our website. A major difference from other analysis programs is the option of storing data on our own server. Matomo On-Premise also offers various options for anonymizing the IP addresses of our website visitors and deactivating cookies.

Why do we use Matomo On-Premise?

Many of the common analytics tools collect vast amounts of personal data and can also share it with third parties. This makes it very difficult to maintain control over your data. Data protection is very important to us, which is why we chose Matomo On-Premise, a significantly more privacy-friendly alternative. However, we don't want to forgo web analytics entirely. After all, with the help of statistics on website behavior, we can optimize our service and adapt it to your individual needs.

What data is stored by Matomo On-Premise?

In addition to personal data such as your IP address or personal information (e.g., name, address, date of birth) that you actively transmit to us, information about your visitor behavior is primarily stored. This is usually not personal data, but rather information such as the number of visitors to the website, page views, length of stay, or search terms used. Furthermore, technical data such as browser type, your operating system, and your screen resolution may also be stored. Matomo On-Premise can also collect information about the website you came to us from. The data collected is stored by us and is not shared or sold to third parties.

How long and where is the data stored?

Matomo On-Premise is a self-hosted analytics platform, meaning we store all collected data directly on our own servers. Our server is located in Europe, so no data is processed in third countries, i.e., countries outside the scope of the GDPR. We generally store data for as long as necessary for our business purposes. Unfortunately, we cannot provide exact retention periods at this point, as these depend heavily on our individual configurations. If you would like to learn more about our data retention periods and configurations, please do not hesitate to contact us.

How can I delete my data or prevent data storage?

You have the right and opportunity to access your personal data at any time and to object to the use and processing of this data. You can also lodge a complaint with a government supervisory authority or simply with us at any time. You also have the option to individually manage, delete or deactivate cookies in your browser. However, please be aware that deactivated or deleted cookies may have a negative impact on the functionality of our website. Managing cookies works slightly differently depending on the browser you use. Under the "Cookies" section you will find the relevant links to the respective instructions for the most popular browsers. If you would like to request that your data be deleted, you are also welcome to contact us.

Legal basis

The use of Matomo On-Premise requires your consent, which we have obtained using our consent management tool (pop-up). According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when data is collected using web analytics tools. In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. With the help of Matomo On-Premise, we identify optimization potential for our website and can improve its economic efficiency. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use Matomo On-Premise if you have given your consent. If you would like to know more about data processing by Matomo On-Premise, please feel free to contact us. We also recommend reading Matomo's privacy policy on https://matomo.org/privacy-policy/.

Matomo On-Premise (without cookies)

What is Matomo On-Premise (without cookies)?

We use the privacy-friendly analysis program Matomo On-Premise on our website without the use of cookies. With the on-premise variant, Matomo is installed on our own server. This means that we act as the operator of the software, and any data we may collect from you is stored directly by us. Data processing therefore remains entirely in our hands. The tool is manufactured by the New Zealand company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. Matomo On-Premise is a web analysis platform that takes data protection very seriously and yet provides us, as the website operator, with precise statistics about your behavior on our website. A major difference to other analysis programs is the option of storing data on our own server. Matomo On-Premise also offers various options for anonymizing the IP addresses of our website visitors and deactivating cookies. We have also made use of the deactivation of cookies. This means that we use Matomo On-Premise for our website without the use of cookies.

Why do we use Matomo On-Premise?

Many of the common analytics tools collect vast amounts of personal data and can also share it with third parties. This makes it very difficult to maintain control over your data. Data protection is very important to us, which is why we opted for Matomo On-Premise without the use of cookies. However, we don't want to forgo web analytics entirely. After all, with the help of statistics on website behavior, we can optimize our service and adapt it to your individual needs.

What data is stored by Matomo On-Premise?

Primarily, information about your visitor behavior is stored. This is not personal data, but rather information such as the number of visitors to the website, page views, length of stay, or search terms used. Furthermore, technical data such as browser type, your operating system, and your screen resolution may also be stored. Matomo On-Premise can also collect information about the website you came to us from. The collected data is stored by us and is not shared or sold to third parties.

How long and where is the data stored?

Matomo On-Premise is a self-hosted analytics platform, meaning we store all collected data directly on our own servers. Our server is located in Europe, so no data is processed in third countries, i.e., countries outside the scope of the GDPR. We generally store data for as long as necessary for our business purposes. Unfortunately, we cannot provide exact retention periods at this point, as these depend heavily on our individual configurations. If you would like to learn more about our data retention periods and configurations, please do not hesitate to contact us.

How can I delete my data or prevent data storage?

You have the right and opportunity to access your personal data at any time and to object to the use and processing of it. You can also file a complaint with a government supervisory authority or simply with us at any time.

Legal basis

We have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. With the help of Matomo On-Premise, we identify optimization potential for our website and can improve its economic efficiency. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). If you would like to know more about data processing by Matomo On-Premise without cookies, please feel free to contact us. We also recommend reading Matomo's privacy policy on https://matomo.org/privacy-policy/.
Cookie Consent Management Platform Introduction

Cookie Consent Management Platform Summary 👥 Affected parties: Website visitors 🤝 Purpose: Obtaining and managing consent to certain cookies and thus the use of certain tools 📓 Data processed: Data for managing the configured cookie settings, such as IP address, time of consent, type of consent, and individual consents. You can find more details on this in the respective tool used. 📅 Storage period: Depends on the tool used; you should be prepared for periods of several years ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is a Cookie Consent Management Platform?

We use Consent Management Platform (CMP) software on our website to make it easier for us and you to handle scripts and cookies correctly and securely. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides you with the cookie consent required by data protection law, and helps us and you keep track of all cookies. Most Cookie Consent Management tools identify and categorize all existing cookies. You, as the website visitor, then decide for yourself whether and which scripts and cookies you allow or deny. The following graphic illustrates the relationship between browser, web server, and CMP.

Why do we use a cookie management tool?

Our goal is to offer you the greatest possible transparency in the area of data protection. We are also legally obligated to do so. We want to inform you as fully as possible about all tools and all cookies that can store and process your data. It is also your right to decide for yourself which cookies you accept and which you do not. In order to grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information. You can then accept or reject cookies using the consent system.

What data is processed?

Using our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. Your consent will be saved so that we don't have to ask you each time you visit our website, and so that we can verify your consent if required by law. This consent is saved either in an opt-in cookie or on a server. The storage period for your cookie consent varies depending on the provider of the cookie management tool. This data (such as pseudonymous user ID, time of consent, details on cookie categories or tools, browser, device information) is usually stored for up to two years.

Duration of data processing

We will inform you below about the duration of data processing, if we have further information. In general, we only process personal data for as long as it is absolutely necessary to provide our services and products. Data stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, while others can remain stored in your browser for several years. The exact duration of data processing depends on the tool used; in most cases, you should expect a storage period of several years. The respective privacy policies of the individual providers usually provide precise information about the duration of data processing.

Right of objection

You also have the right and option to revoke your consent to the use of cookies at any time. This can be done either via our cookie management tool or through other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser. Information on specific cookie management tools – where available – can be found in the following sections.

Legal basis

If you agree to cookies, your personal data will be processed and stored via these cookies. If we consent (Article 6 (1) (a) GDPR) may use cookies, this consent is also the legal basis for the use of cookies and the processing of your data. In order to manage the consent to cookies and to enable you to give your consent, a cookie consent management platform software is used. The use of this software enables us to operate the website efficiently and in compliance with the law, which legitimate interest (Article 6 (1) (f) GDPR).

BorlabsCookie Privacy Policy

We use BorlabsCookie on our website, which, among other things, is a tool for storing your cookie consent. The service provider is the German company Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany. You can learn more about the data processed through the use of BorlabsCookie in the Privacy Policy on https://de.borlabs.io/datenschutz/.

Web design introduction

Web design privacy policy summary 👥 Affected parties: Website visitors 🤝 Purpose: Improving the user experience 📓 Data processed: Which data is processed depends heavily on the services used. Typically, this includes IP address, technical data, language settings, browser version, screen resolution, and browser name. You can find more details in the respective web design tools used. 📅 Storage period: Depends on the tools used ⚖️ Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

What is web design?

We use various tools on our website to support our web design. Web design is not, as is often assumed, just about making our website look pretty, but also about functionality and performance. But of course, the right look and feel for a website is also one of the main goals of professional web design. Web design is a sub-area of media design and deals with the visual, structural, and functional design of a website. The goal is to use web design to improve your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all the impressions and experiences that website visitors have on a website. A sub-section of user experience is usability. This refers to the user-friendliness of a website. The main emphasis here is on ensuring that content, subpages, or products are clearly structured and that you can find what you are looking for quickly and easily. In order to offer you the best possible experience on our website, we also use so-called third-party web design tools. In this privacy policy, the category "web design" includes all services that enhance the design of our website. These can include, for example, fonts, various plugins, or other integrated web design functions.

Why do we use web design tools?

How you absorb information on a website depends heavily on its structure, functionality, and visual perception. Therefore, good, professional web design has become increasingly important to us. We are constantly working on improving our website and see this as an extended service for you, the website visitor. Furthermore, a beautiful and functional website also has financial advantages for us. After all, you will only visit us and take advantage of our services if you feel completely comfortable.

What data are stored by web design tools?

When you visit our website, web design elements may be integrated into our pages that can also process data. The exact data involved depends, of course, heavily on the tools used. Further down you can see exactly which tools we use for our website. For more detailed information about data processing, we recommend that you also read the respective privacy policy of the tools used. This will usually tell you which data is processed, whether cookies are used, and how long the data is stored. Fonts such as Google Fonts, for example, also automatically transmit information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google's servers.

Duration of data processing

How long data is processed varies greatly from person to person and depends on the web design elements used. If cookies are used, for example, the retention period can be as little as one minute or as long as several years. Please inform yourself about this. We recommend that you read our general section on cookies and the privacy policies of the tools used. There you will usually find out which cookies are used and what information is stored in them. Google Font files, for example, are stored for one year. This is intended to improve the loading time of a website. In principle, data is only stored for as long as it is necessary to provide the service. If legally required, data can be stored for longer.

Right of objection

You also have the right and option to revoke your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or via other opt-out functions. You can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser. However, some web design elements (mostly fonts) contain data that cannot be deleted quite so easily. This is the case when data is automatically collected when a page is accessed and transmitted to a third-party provider (such as Google). In this case, please contact the support of the respective provider. In the case of Google, you can reach support at https://support.google.com/?hl=de.

Legal basis

If you have consented to the use of web design tools, this consent forms the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by web design tools. We also have a legitimate interest in improving the web design on our website. After all, only then can we provide you with an attractive and professional website. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use web design tools if you have given your consent. We would like to emphasize this again here. Information on specific web design tools can be found – where available – in the following sections.

Google Fonts Local Privacy Policy

We use Google Fonts from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for the European region. We have embedded the Google fonts locally, i.e., on our web server – not on Google's servers. This means there is no connection to Google servers and therefore no data is transferred or stored.

What are Google Fonts?

Formerly known as Google Web Fonts, Google Fonts is an interactive directory of over 800 fonts that Google provided free of charge. With Google Fonts, you could use fonts without uploading them to your own server. However, to prevent any information from being transferred to Google servers, we have downloaded the fonts to our server. This way, we comply with data protection regulations and do not send any data to Google Fonts.

Explanation of terms used

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used that we may not have sufficiently addressed in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also cite the GDPR texts here and add our own explanations if necessary.

Processor

Definition according to Article 4 of the GDPR For the purposes of this Regulation, the following definitions shall apply:

“Processor” a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the controllers, there may also be so-called processors. This includes any company or individual that processes personal data on our behalf. Processors can therefore include, in addition to service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

consent

Definition according to Article 4 of the GDPR For the purposes of this Regulation, the following definitions shall apply:

"Consent" any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: Typically, such consent is obtained on websites via a cookie consent tool. You're probably familiar with this. Whenever you visit a website for the first time, you'll usually be asked via a banner whether you agree to data processing. You can usually also configure individual settings and decide for yourself which data processing you allow and which you don't. If you do not consent, no personal data may be processed. In principle, consent can of course also be given in writing, i.e., not via a tool.

Health data

Definition according to Article 4 of the GDPR For the purposes of this Regulation, the following definitions shall apply:

“Health data” personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, which reveal information about that person’s health status;

Explanation: Health data includes all stored information relating to your personal health. This is often data that is also recorded in a patient file. This includes, for example, the medications you take, X-rays, your entire medical history, and usually your vaccination status.

Personal data

Definition according to Article 4 of the GDPR For the purposes of this Regulation, the following definitions shall apply:

“personal data” any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is all data that can identify you as an individual. This is usually data such as:

• name
• address
• E-mail address
• Postal address
• Telephone number
• birth date
• Identification numbers such as social security number, tax identification number, identity card number or registration number
• Bank details such as account number, credit information, account balances and much more.

According to the European Court of Justice (ECJ), your IP address for personal data. IT experts can use your IP address to determine at least the approximate location of your device and subsequently you as the connection owner. Therefore, storing an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called “special categories” of personal data that are also particularly worthy of protection. These include:

• racial and ethnic origin
• political opinions
• religious or ideological beliefs
• union membership
• genetic data such as data obtained from blood or saliva samples
• biometric data (information about mental, physical, or behavioral characteristics that can identify a person). Health data
• Data on sexual orientation or sex life

Profiling

Definition according to Article 4 of the GDPR For the purposes of this Regulation, the following definitions shall apply:

“Profiling” any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Explanation: Profiling involves compiling various information about a person in order to learn more about them. Profiling is often used online for advertising purposes or for credit checks. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile that can be used to target advertising to a specific audience.

Person responsible

Definition according to Article 4 of the GDPR For the purposes of this Regulation, the following definitions shall apply:

“person responsible” the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for the processing of your personal data and are therefore the "controller." If we pass on collected data to other service providers for processing, these are "processors." A "processing agreement (DPA)" must be signed for this purpose.

processing

Definition according to Article 4 of the GDPR For the purposes of this Regulation, the following definitions shall apply:

"Processing" any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we refer to processing in our privacy policy, we mean any type of data processing. As mentioned above in the original GDPR statement, this includes not only the collection but also the storage and processing of data. All texts are protected by copyright.