Privacy Policy

Your privacy is important to us. We respect your privacy regarding any information we may collect from you across our website.

Person responsible

Summary of Processing Activities

The following summary provides an overview of the types of data processed, the purposes for which they are processed, and identifies the individuals affected.

Types of Data Processed

  • Event Data (Facebook): Event data refers to data that can be transmitted to Facebook via various means, such as Facebook Pixels (through apps or otherwise), and pertains to individuals or their actions. This includes information on website visits, interactions with content, app installations, product purchases, etc. These data are processed for the purpose of developing target audiences for content and advertising information (Custom Audiences). It is important to note that event data do not include actual content (e.g., comments made), login information, or contact information (such as names, email addresses, and phone numbers). Facebook deletes event data after a maximum of two years or upon deletion of our Facebook account, along with the target audiences derived from them.
  • Master Data: This includes basic personal information such as names and addresses.
  • Content Data: This refers to data entered into online forms.
  • Contact Data: This includes contact details such as email addresses and phone numbers.
  • Meta/Communication Data: This refers to data such as device information and IP addresses.
  • Usage Data: This includes information on website visits, interest in content, and access times.
  • Contract Data: This relates to contract details, such as subject matter, duration, and customer category.
  • Payment Data: This includes banking details, invoices, and payment history.

Categories of Affected Individuals

  • Business and Contractual Partners
  • Prospective Clients
  • Communication Partners
  • Customers
  • Users (e.g., website visitors, online service users)

Purposes of Processing

  • Provision of our online offerings and user experience improvement
  • Conversion tracking (measurement of the effectiveness of marketing strategies)
  • Office and organizational procedures
  • Direct marketing (e.g., via email or mail)
  • Audience segmentation
  • Marketing
  • Handling of contact inquiries and communication
  • Creation of user profiles containing personal information
  • Remarketing
  • Security measures
  • Fulfillment of contractual services and customer support
  • Management and response to inquiries
  • Audience segmentation (identification of audiences relevant for marketing purposes or other content dissemination)

Key Legal Bases Overview

This document provides an overview of the key legal bases of the General Data Protection Regulation (GDPR) that we rely on in the processing of personal data. Please be aware that in addition to the provisions of the GDPR, the national data protection regulations of either your country of residence or our country of operation may apply. Should there be more specific legal grounds applicable to individual cases, these will be disclosed in our Privacy Policy.

  • Consent (Article 6(1)(a) of the GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract Performance and Pre-contractual Inquiries (Article 6(1)(b) of the GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.
  • Legal Obligation (Article 6(1)(c) of the GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate Interests (Article 6(1)(f) of the GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National Data Protection Regulations in Austria: In addition to the GDPR, Austria has its own national data protection regulations. Notably, this includes the Data Protection Act (Datenschutzgesetz - DSG), which provides for specific provisions on the right to access, correction or deletion of personal data, the processing of special categories of personal data, processing for purposes other than those for which the personal data have been collected, data transmission, and automated decision-making in individual cases.

Security Measures

In compliance with statutory requirements and taking into account the current state of technology, the costs of implementation, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihoods and extents of threats to the rights and freedoms of natural persons, we have implemented suitable technical and organizational measures. These measures are designed to ensure a level of protection commensurate with the risk.

Particularly, these measures are aimed at safeguarding the confidentiality, integrity, and availability of data by managing the physical and electronic access to the data, as well as access to, input, transmission, availability, and separation of the data. Furthermore, we have established procedures that guarantee the acknowledgement of individuals' rights, data deletion, and responses to data breaches. Additionally, in the development or selection of hardware, software, and procedures, we consider the protection of personal data from the outset, following the principle of "privacy by design" and "privacy by default".

Transmission of Personal Data

In the process of personal data processing, it may be necessary to transmit data to other entities, companies, legally independent organizational units, or individuals, or to disclose it to them. Recipients of these data may include, for example, service providers or vendors tasked with IT responsibilities or those providing services and content embedded in a website. In such cases, we adhere to legal requirements and, in particular, enter into appropriate agreements or contracts with the recipients of your data to ensure its protection.

Data Processing in Third Countries

In instances where we process data in a third country (i.e., outside of the European Union (EU) or the European Economic Area (EEA)), or where such processing is part of utilizing services provided by third parties, or involves the disclosure or transfer of data to other individuals, entities, or companies, we ensure that these activities are in strict compliance with legal requirements.

Subject to explicit consent or the necessity of transferring data due to contractual or legal obligations, we only process or have data processed in third countries that maintain a recognized level of data protection. This adherence to data protection standards is ensured through contractual obligations such as the EU Commission’s standard contractual clauses, certifications, or binding corporate rules on data protection (Articles 44 to 49 of the GDPR, EU Commission information page: International Dimension Data Protection).

Use of Cookies

Cookies are text files that contain data from visited websites or domains, stored by a browser on the user's computer. Primarily, cookies are utilized to retain information about a user during or after their visit to an online service. This information can include, for example, language settings on a website, login status, a shopping cart, or the point at which a video was paused. The term 'cookies' also encompasses other technologies that serve similar functions as cookies (e.g., when users' information is stored using pseudonymous online identifiers, also referred to as "user IDs").

The following types and functionalities of cookies are distinguished:

  • Temporary Cookies (also known as Session or Transient Cookies): Temporary cookies are deleted at the latest once a user leaves an online service and closes their browser.
  • Permanent Cookies: Permanent cookies remain stored even after the browser is closed. For instance, they can save the login status or display preferred content directly when the user revisits a website. Similarly, user interests that are utilized for analytics or marketing purposes can be stored in such a cookie.
  • First-Party Cookies: First-party cookies are those set by the website being visited.
  • Third-Party Cookies (also known as Third-Party Provider Cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also known as Essential or Strictly Necessary) Cookies: Cookies can be absolutely required for the operation of a website (e.g., to save logins or other user inputs or for security reasons).
  • Statistics, Marketing, and Personalization Cookies: In general, cookies are also used for analytics purposes and when a user's interests or behavior (e.g., viewing specific content, using functions, etc.) on individual websites are stored in a user profile. Such profiles aim to display content to users that match their potential interests. This method is also referred to as "tracking," i.e., tracking the potential interests of users. Should we employ cookies or "tracking" technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.

Notes on Legal Basis: The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is your expressed consent. Otherwise, data processed with the help of cookies will be based on our legitimate interests (e.g., in the economic operation of our online service and its enhancement) or, if the use of cookies is necessary to fulfill our contractual obligations.

Storage Duration: Unless we provide you with explicit information on the storage duration of permanent cookies (e.g., within the context of a so-called Cookie Opt-In), please assume that the storage duration can be up to two years.

General Notes on Revocation and Objection (Opt-Out): Depending on whether the processing is based on consent or legal permission, you have the right at any time to revoke any consent given or to object to the processing of your data by cookie technologies (collectively referred to as "Opt-Out"). You can first express your objection through the settings of your browser, for example, by disabling the use of cookies (which could also limit the functionality of our online service). An objection to the use of cookies for online marketing purposes can also be declared through a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info . Additionally, you can receive further objection notices in the context of the information on the service providers and cookies used.

Processing of Cookie Data Based on Consent: We employ a cookie consent management procedure in which users' consents to the use of cookies, or the processing and providers mentioned as part of the cookie consent management process, are obtained and managed by users and can be revoked. Here, the consent declaration is stored to avoid repeating the query and to demonstrate consent in accordance with legal obligations. The storage can occur server-side and/or in a cookie (so-called Opt-In Cookie, or using comparable technologies) to assign the consent to a user or their device. Subject to individual details on the providers of cookie management services, the following applies: The duration of consent storage can be up to two years, forming a pseudonymous user identifier and storing the time of consent, details regarding the scope of consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and end device used.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times), Meta/communication data (e.g., device information, IP addresses).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Professional Services

In the process of conducting business, we manage the data of our contractual and business partners, such as clients and potential clients (hereafter collectively referred to as “contractual partners”), in the context of contractual relationships or relationships of a similar legal nature, as well as associated actions and in the course of communication with the contractual partners (including pre-contractual communications), for instance, to respond to inquiries.

This data is processed in order to fulfill our contractual obligations, safeguard our rights, and for the purposes of the administrative tasks associated with these details, as well as for organizational management. We disclose the data of the contractual partners to third parties within the limits of applicable law only as necessary for the aforementioned purposes, for fulfilling legal obligations, or with the consent of the affected individuals (e.g., to involved telecommunications, transportation, and other support services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Contractual partners are informed about further processing activities, such as for marketing purposes, within this privacy statement.

We communicate the data required for the aforementioned purposes to our contractual partners before or during data collection, for example, in online forms, through specific indications (e.g., colors) or symbols (e.g., asterisks or similar), or in person.

The data is deleted after the expiration of statutory warranty obligations and similar duties, meaning essentially after a period of 4 years, unless the data is stored in a customer account, for example, as long as it is required to be retained for legal archival purposes (e.g., for tax purposes typically 10 years). Data disclosed to us by a contractual partner within the scope of a mandate is deleted according to the terms of the mandate, generally after the conclusion of the mandate.

In cases where we utilize third-party providers or platforms to deliver our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.

Registration, Enrollment, and User Account Management

Users are invited to create a personal account. During the registration process, we communicate the necessary required information to users, which is then processed for the purpose of providing the user account based on the fulfillment of our contractual obligations. The data processed specifically includes login details (username, password, and an email address).

In the course of using our registration and sign-in features, as well as the user account itself, we store the IP address and the time of each user action. This storage is based on both our legitimate interests and those of the users in protection against misuse and other unauthorized use. As a general rule, this data is not shared with third parties unless it is necessary for pursuing our claims or there is a legal obligation to do so.

Users may be informed via email about activities relevant to their user account, such as technical changes.

Registration with Pseudonyms: Users are permitted to use pseudonyms instead of real names as their usernames.

Deletion of Data After Account Termination: Upon the termination of their user account, users’ data related to the user account will be deleted, subject to legal permission, obligation, or user consent.

It is the responsibility of users to secure their data upon termination before the end of the contract. We reserve the right to irreversibly delete all data stored during the duration of the contract pertaining to the user.

Types of Data Processed: Basic data (e.g., names, addresses), contact data (e.g., email, telephone numbers), content data (e.g., entries in online forms), meta/communication data (e.g., device information, IP addresses).

  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Provision of contractual services and customer support, security measures, administration, and responding to inquiries.
  • Legal Basis: Contract performance and pre-contractual inquiries (Article 6(1)(b) GDPR), Legitimate interests (Article 6(1)(f) GDPR).

Newsletter and Electronic Notifications

We distribute newsletters, emails, and other electronic notifications (hereafter referred to as "Newsletters") only with the consent of the recipients or under legal permission. If the content of a newsletter is specifically described during the subscription process, it forms the basis for the user's consent. Additionally, our newsletters provide information about our services and our organization.

To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may request your name for personalized addressing in the newsletter, or additional details if they are necessary for the purposes of the newsletter.

Double Opt-In Process: Subscribing to our newsletter involves a so-called Double Opt-In process. That is, after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from registering with an email address that does not belong to them. The subscription to the newsletter is logged in order to be able to demonstrate the subscription process according to legal requirements. This includes storing the time of subscription and confirmation as well as the IP address. Changes to your data stored with the email service provider are also logged.

Deletion and Restriction of Processing: We may retain unsubscribed email addresses for up to three years based on our legitimate interests before we delete them, in order to demonstrate a previously given consent. The processing of this data is limited to the purpose of potentially defending against claims. An individual deletion request is possible at any time, provided the former existence of consent is confirmed at the same time. In case of obligations to permanently consider objections, we reserve the right to retain the email address solely for this purpose in a blocklist.

The logging of the subscription process is based on our legitimate interests for the purpose of proving its proper execution. When we contract a service provider for sending emails, this is done based on our legitimate interests in an efficient and secure mailing system.

Legal Basis for Sending Newsletters: The dispatch of the newsletters is based on the consent of the recipients or, if consent is not required, based on our legitimate interests in direct marketing, to the extent this is legally permitted, e.g. in the case of advertising existing customers. Where we commission a service provider for sending emails, this is done based on our legitimate interests. The registration process is recorded based on our legitimate interests in demonstrating that it was conducted in accordance with the law.

Contents: Information about us, our services, promotions, and offers.

Measurement of Opening and Click Rates: The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from our server, or from that of our service provider if we use one, when the newsletter is opened. In the course of this retrieval, initially technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is collected.

This information is used for the technical improvement of our newsletters based on the technical data or the target audience and their reading behaviors, using their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. These pieces of information are attributed to individual newsletter recipients and stored in their profiles until they are deleted. The evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The measurement of opening rates and click rates, as well as the storage of the measurement results in the user's profiles and their further processing, are based on the consent of the users.

A separate revocation of the success measurement is unfortunately not possible, in this case, the entire newsletter subscription must be cancelled, or objection must be made. In this case, the stored profile information will be deleted.

  • Types of Processed Data: Inventory data (e.g., names, addresses), contact data (e.g., email, telephone numbers), meta/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times). 
  • Affected Persons: Communication partners, users (e.g., website visitors, users of online services).
  • Purposes of Processing: Direct marketing (e.g., by email or mail), reach measurement (e.g., access statistics, recognition of returning visitors), conversion measurement (measuring the effectiveness of marketing measures), profiles with user-related information (creating user profiles).
  • Legal Bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
    Option to Object (Opt-Out): You may cancel the receipt of our newsletter at any time, i.e., revoke your consents, or object to further receipt. A link to cancel the newsletter can be found at the end of each newsletter, or you can use one of the contact options provided for this purpose, preferably email.

Services Used and Service Providers:

Google Analytics: Used for measuring the success of email campaigns and forming user profiles with a storage duration of up to two years; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: Google Analytics; Privacy Policy; Option to Object (Opt-Out): Opt-Out Plugin: , Settings for the display of advertisements: Google Authenticated.

Promotional Communication via Email, Mail, Fax, or Telephone
We engage in the processing of personal data for promotional communication purposes through various channels such as email, telephone, mail, or fax, in accordance with legal requirements.

Recipients reserve the right to revoke consent at any time or to object to promotional communication at any given moment.

Upon revocation or objection, we may retain the data necessary to prove consent for up to three years based on our legitimate interests before proceeding to delete them. The processing of these data will be limited to the purpose of possibly defending against claims. An individual request for deletion is always possible, provided that the prior existence of consent is simultaneously confirmed.

  • Types of Data Processed: Inventory data (e.g., names, addresses), contact information (e.g., email, telephone numbers).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Direct marketing (e.g., via email or mail).
  • Legal Bases: Consent (Art. 6 (1) sentence 1 lit. a GDPR), Legitimate Interests (Art. 6 (1) sentence 1 lit. f GDPR).

Online Marketing

We process personal data for the purposes of online marketing, which primarily includes the marketing of advertising spaces or the presentation of advertising and other content (collectively referred to as "content") based on potential user interest and the measurement of its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (referred to as a "cookie") or via similar methods, through which information relevant to the display of the aforementioned content is saved. This information can include, for example, viewed content, visited websites, utilized online networks, as well as communication partners and technical details, such as the browser used, the computer system employed, and data regarding usage times. If users have consented to the collection of their location data, these can also be processed.

User IP addresses are also stored; however, we employ available IP masking techniques (i.e., pseudonymization by shortening the IP address) to protect users. Generally, in the context of online marketing activities, no clear data of users (such as email addresses or names) are stored, but rather pseudonyms. This means neither we nor the providers of the online marketing methods possess the actual identity of users, but only the information stored in their profiles.

The information in the profiles is usually saved in cookies or via similar methods. These cookies can later be read on other websites that implement the same online marketing method, analyzed for content presentation purposes, supplemented with further data, and stored on the server of the online marketing method provider.

Exceptionally, clear data can be associated with profiles. This occurs if users, for instance, are members of a social network whose online marketing methods we use and the network connects the profiles of users with the aforementioned information. We ask that users note that they may enter into additional agreements with the providers, such as by giving consent during registration.

We generally only have access to aggregated information about the success of our advertisements. However, through conversion measurement, we can verify which of our online marketing methods have led to a so-called conversion, e.g., to a contract conclusion with us. The conversion measurement is used solely for analyzing the success of our marketing measures.

Unless otherwise stated, please assume that cookies used will be stored for a period of two years.

Legal Basis Information: When we ask users for their consent to use third-party services, the legal basis for processing data is consent. Otherwise, the data of users is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

Facebook Pixel and Audience Targeting (Custom Audiences): With the help of the Facebook Pixel (or similar functions for transmitting event data or contact information through interfaces in apps), Facebook can determine visitors to our online offering as a target audience for the display of ads (known as "Facebook Ads"). Accordingly, we use the Facebook Pixel to show the Facebook Ads we have placed only to those Facebook users who have shown an interest in our online offering or who have certain characteristics (e.g., interest in specific topics or products based on the websites visited) that we transmit to Facebook (known as "Custom Audiences"). With the Facebook Pixel, we also want to ensure our Facebook Ads match the potential interest of users and do not appear intrusive. The Facebook Pixel also enables us to understand the effectiveness of Facebook Ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook Ad (known as "conversion measurement").

We share responsibility with Facebook Ireland Ltd. for the collection or reception of "Event Data" that Facebook collects or receives in the context of a transfer, through the Facebook Pixel and similar functions performed on our online offering, for the following purposes: a) Display of content and advertisements that likely match users' presumed interests; b) Delivery of commercial and transaction-related messages (e.g., contacting users via Facebook Messenger); c) Improvement of ad delivery and personalization of features and content (e.g., improving the recognition of which content or advertising information likely matches users' interests). We have entered into a specific agreement with Facebook ("Controller Addendum", Controller Addendum; , which particularly governs which security measures Facebook must observe (Data Security Terms) and in which Facebook has agreed to satisfy data subject rights (i.e., users can, for example, send information or deletion requests directly to Facebook). Note: When Facebook provides us with measurements, analyses, and reports (that are aggregated, i.e., do not contain information about individual users and are anonymous to us), such processing is not under our shared responsibility but is based on a processing agreement ("Data Processing Terms", Data Processing , the "Data Security Terms" (Data Security Terms) , and, with regard to processing in the USA, on the basis of standard contractual clauses ("Facebook-EU Data Transfer Addendum, EU Data Transfer Addendum ). The rights of users (in particular to information, deletion, objection, and complaint to the competent supervisory authority) are not limited by the agreements with Facebook.

  • Processed Data Types: Usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses), Event data (Facebook) ("Event Data" are data that can be transmitted by us to Facebook via the Facebook Pixel (via apps or in other ways) and relate to persons or their actions; the data includes, for example, information about visits to websites, interactions with content, features, installation of apps, purchases of products, etc.; the Event Data are processed for the purpose of forming target audiences for content and advertising information (Custom Audiences); Event Data do not include the actual content (such as written comments), no login information, and no contact information (thus no names, email addresses, and phone numbers). Event Data are deleted by Facebook after a maximum of two years, and the formed target audiences are deleted with the deletion of our Facebook account).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Marketing, profiles with user-related information (creation of user profiles), conversion measurement (measuring the effectiveness of marketing measures), remarketing, target audience formation, target audience formation (determination of target audiences relevant for marketing purposes or other content delivery).
  • Security Measures: IP Masking (pseudonymization of the IP address).
  • Legal Bases: Consent (Art. 6 para. 1 s. 1 lit. a GDPR), legitimate interests (Art. 6 para. 1 s. 1 lit. f GDPR).
  • Opt-Out Option (Opt-Out): We refer to the privacy policies of the respective providers and the opt-out options provided by the providers (so-called "Opt-Out"). If no explicit opt-out option is mentioned, you have the possibility to disable cookies in the settings of your browser. However, this may limit the functionality of our online offering. We therefore also recommend the following opt-out options, which are summarized for specific regions: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-regional: https://optout.aboutads.info.

Services Used and Service Providers:

- Google Tag Manager: Google Tag Manager is a solution that allows us to manage so-called website tags via an interface and thus integrate other services into our online offering (for more information, see this privacy policy). Therefore, the Tag Manager itself (which implements the tags) does not create user profiles or store cookies. Google only learns the user's IP address, which is necessary to execute the Google Tag Manager. Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy.
- Google Analytics: Online marketing and web analysis; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: Google Analytics ; Privacy Policy: https://policies.google.com/privacy; Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the display of advertisements: https://adssettings.google.com/authenticated.
- Google Ads and Conversion Measurement: We use the online marketing method "Google Ads" to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are shown to users who presumably have an interest in the ads. Moreover, we measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page equipped with a so-called "conversion tracking tag". We ourselves do not receive any information that allows us to identify users. Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy.
- Google Signals: Additional marketing options that only concern users who have activated personalized ads on Google (https://support.google.com/ads/answer/2662856) and include device-based and cross-device data processing; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website Privacy Policy Opt-Out Option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the display of advertisements: https://adssettings.google.com/authenticated.
- Google Adsense with personalized ads: We use the service Google Adsense with personalized ads, which allows ads to be displayed within our online offering and we receive compensation for their display or other use. Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy.
- Facebook Pixel and Audience Targeting (Custom Audiences): Service Provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent Company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Opt-Out Option: https://www.facebook.com/settings?tab=ads.

Social Media Presence

Our organization maintains online presences within social networks and processes user data in this context to communicate with active users or to offer information about us.

We highlight that user data may be processed outside the European Union, which could pose risks for users since, for example, the enforcement of user rights might be complicated.

Additionally, within social networks, user data is commonly processed for market research and advertising purposes. For instance, based on user behavior and resulting interests, user profiles can be created. These profiles may then be used to, for example, place advertisements inside and outside of the networks that presumably match the interests of the users. For these purposes, cookies that store the user behavior and interests are usually stored on the users' computers. Moreover, data in the usage profiles may also be stored regardless of the devices used by the users (especially if users are members of the respective platforms and logged in).

For a detailed description of the respective processing activities and the opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

In the case of information requests and the assertion of data subject rights, we note that these can be most effectively claimed directly from the providers. The providers have access to the user data and can directly take appropriate measures and provide information. Should you still require assistance, you can contact us.

Facebook: We share responsibility with Facebook Ireland Ltd. for the collection (but not the further processing) of data for visitors to our Facebook page (so-called "Fanpage"). This data includes information on the types of content users view or interact with, or actions they take (see under "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by the users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under "Device information" in the Facebook Data Policy Statement: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytical services, referred to as "Page Insights," to page operators to gain insights on how people interact with their pages and the content connected to them. We have entered into a specific agreement with Facebook ("Information about Page Insights", Page Controller Addendum ), which particularly governs the security measures Facebook must adhere to and wherein Facebook agrees to fulfill the data subject rights (i.e., users can, for example, direct inquiries or deletion requests to Facebook directly). The agreements with Facebook do not limit the users' rights (especially concerning access, deletion, objection, and complaints to competent supervisory authorities). More information can be found in the "Information about Page Insights" ( Information about Page Insights Data ).

  • Types of processed data: Contact information (e.g., email, telephone numbers), Content data (e.g., entries in online forms), Usage data (e.g., visited websites, interest in content, access times), Meta/communication data (e.g., device information, IP addresses).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Contact inquiries and communication, feedback (e.g., collecting feedback via online form), marketing.
  • Legal basis: Legitimate interests (Article 6(1) sentence 1 lit. f GDPR).

Services used and service providers:

  • Instagram: Social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.instagram.com; Privacy policy: https://instagram.com/about/legal/privacy.
  • Facebook: Social network; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about/privacy; Opt-out option: Ad settings: https://www.facebook.com/settings?tab=ads.

Plugins, Embedded Features, and Content

Within our digital offerings, we incorporate functional and content elements sourced from the servers of their respective providers (hereafter referred to as "Third-party Providers"). These elements may include graphics, videos, or maps, collectively referred to as "Content."

The integration of these elements necessitates that Third-party Providers process the IP addresses of users since without the IP address, it would not be possible to transmit the Content to their browsers. Therefore, the IP address is essential for the display of these contents or functions. We endeavor to utilize content from providers who use the IP address solely for the purpose of delivering the content. Additionally, Third-party Providers may use so-called pixel tags (invisible graphics, also known as "Web Beacons") for statistical or marketing purposes. These pixel tags can analyze visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and include, among other things, technical information about the browser and operating system, referring websites, the time of visit, and additional data on the use of our online offering, as well as being linked with such information from other sources.

Regarding Legal Bases: When we request consent from users for the use of Third-party Providers, the legal basis for processing data is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

  • Types of Processed Data: Usage data (e.g., visited websites, interest in content, access times), Meta-/Communication data (e.g., device information, IP addresses).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: To provide our online offering and user-friendly experience, delivery of contractual services and customer support.
  • Legal Foundations: Legitimate interests (Article 6(1) sentence 1 lit. f GDPR).

Deployed Services and Service Providers:

Google Fonts: We integrate the fonts ("Google Fonts") provided by Google, wherein the data of users is used solely for the purpose of displaying the fonts in the users' browsers. The integration is based on our legitimate interests in a technically secure, maintenance-free, and efficient use of fonts, their uniform presentation, and considering potential licensing restrictions for their integration. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy.

Google Maps: We integrate the maps service “Google Maps” provided by Google. The processed data may particularly include IP addresses and location data of users, which, however, are not collected without their consent (usually executed within the settings of their mobile devices); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform; Privacy policy: https://policies.google.com/privacy; Option to object (Opt-Out): Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the display of advertisements: Authenticated .

Data Deletion

The data processed by us will be deleted in accordance with legal requirements once the consents authorized for their processing are revoked or if other permissions cease to apply (e.g., if the purpose of the data processing is no longer applicable or if the data are no longer necessary for that purpose).

If the data are not deleted because they are required for other legally permissible purposes, their processing will be limited to these purposes. This means that the data will be locked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for asserting, exercising, or defending legal claims, or for protecting the rights of another natural or legal person.

Within our Privacy Notice, we may provide users with additional information regarding the deletion and retention of data that specifically applies to the respective processing processes.

Changes and Updates to the Privacy Policy

We request that you regularly inform yourself about the contents of our Privacy Policy. We will adjust the Privacy Policy as necessary to reflect changes in our data processing activities. We will inform you as soon as changes require an action on your part (e.g., consent) or any other form of individual notification.

Should we provide addresses and contact information of companies and organizations within this Privacy Policy, please note that addresses may change over time, and we advise verifying the information before making contact.

Rights of the Data Subjects

As a data subject, you are entitled to various rights under the General Data Protection Regulation (GDPR), particularly emanating from Articles 15 to 21 of the GDPR:

  • Right to Object: You possess the right to object, at any time, to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f) of the GDPR, due to reasons pertaining to your specific situation; this also applies to profiling based on these provisions. Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw your consent at any time.
  • Right of Access: You have the right to request confirmation on whether your data is being processed and to receive information about this data, along with additional information and a copy of the data in accordance with legal requirements.
  • Right to Rectification: In accordance with legal requirements, you have the right to request the completion of your data or the correction of your inaccurate data.
  • Right to Erasure and Restriction of Processing: In accordance with legal provisions, you have the right to request that your data be promptly deleted or, alternatively, to request a restriction of the processing of your data in accordance with legal stipulations.
  • Right to Data Portability: You are entitled to receive your data, which you have provided to us, in a structured, commonly used, and machine-readable format or to request its transmission to another controller, in accordance with legal stipulations.
  • Right to Lodge a Complaint with a Supervisory Authority: In accordance with legal provisions and without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, especially in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data relating to you infringes the GDPR.

Definitions of Terms

This section provides an overview of the terminology used in this Privacy Policy. Many of the terms are derived from legislation and are primarily defined in Article 4 of the GDPR. The legal definitions are binding. The following explanations are intended primarily to aid understanding. The terms are arranged alphabetically.

IP Masking: IP Masking refers to a method in which the last octet, i.e., the last two numbers of an IP address, are deleted. This prevents the IP address from uniquely identifying an individual, thus making IP Masking a means of pseudonymizing processing methods, especially in online marketing.

Conversion Tracking: Conversion tracking, also known as "visit action evaluation", is a technique used to determine the effectiveness of marketing efforts. Typically, a cookie is stored on the user's device within the websites where the marketing activities occur and then retrieved again on the target website. For instance, this allows us to understand whether the advertisements we placed on other websites were successful.

Personal Data: "Personal data" refers to any information relating to an identified or identifiable natural person (hereafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

User-Related Profiles: The processing of "user-related profiles", or simply "profiles", includes any form of automated processing of personal data that is used to analyze, evaluate, or predict certain personal aspects relating to a natural person. Depending on the type of profiling, this may include different information concerning demographics, behavior, and interests, such as interaction with websites and their content. Cookies and web beacons are often used for profiling purposes.

Remarketing: Remarketing or "Retargeting" refers to the practice of noting which products a user has shown interest in on a website, in order to remind the user of these products on other websites, for example, through advertisements.

Controller: The "Controller" refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data.

Processing: "Processing" refers to any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means. The term encompasses practically any handling of data, be it collecting, evaluating, storing, transmitting, or deleting.

Audience Targeting: Audience targeting, also known as "Custom Audiences", involves determining audiences for advertising purposes, e.g., the display of advertisements. For instance, based on a user's interest in certain products or topics online, it may be inferred that the user would be interested in advertisements for similar products or the online store where the products were viewed. "Lookalike Audiences" refers to when content deemed suitable is displayed to users whose profiles or interests presumably match those of the users for whom the profiles were created. Cookies and web beacons are typically used for the creation of Custom Audiences and Lookalike Audiences.


©marveltime. All rights reserved.