Privacy Policy

Table of Contents

Only German, please use English Translator

• Introduction and Overview
• Scope of Application
• Legal Basis
• Contact Details of the Controller
• Storage Period
• Rights under the GDPR
• Data Transfer to Third Countries
• Security of Data Processing
• Communication
• Data Processing Agreement (DPA)
• Cookies
• Web Hosting Introduction
• Web Analytics Introduction
• Social Media Introduction
• Content Delivery Networks Introduction
• Cookie Consent Management Platform Introduction
• External Online Platforms Introduction
• Audio & Video Introduction
• Web Design Introduction
• Online Map Services Introduction
• Content Search Providers Introduction
• Miscellaneous Introduction
• Explanation of Terms Used
• Closing Words

Introduction and Overview

We have prepared this Privacy Policy (version 26.06.2024-122821163) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (short: data) we as the controller – and the processors commissioned by us (e.g. providers) – process, will process in the future, and what lawful options you have. The terms used are gender-neutral.
In short: We inform you comprehensively about the data we process about you.

Privacy policies usually sound very technical and use legal terminology. However, this Privacy Policy is intended to describe the most important matters as simply and transparently as possible. Where useful for transparency, technical terms are explained in a reader-friendly way, links to additional information are provided, and graphics are used. We thus inform you in clear and simple language that, in the course of our business activities, we only process personal data where there is a corresponding legal basis. That would not be possible if one gave the kind of brief, vague, and legally-technical explanations that are often standard on the internet when it comes to privacy. We hope you find the following explanations interesting and informative – and perhaps there is even some information you didn’t know before.
If you still have questions, please contact the responsible entity mentioned below or in the imprint, follow the provided links, and check further information on third-party sites. Our contact details can of course also be found in the imprint.

Scope of Application

This Privacy Policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data ensures that we can provide and bill for our services and products, whether online or offline. The scope of this Privacy Policy includes:

• all online presences (websites, online shops) operated by us
• social-media presences and email communication
• mobile apps for smartphones and other devices

In short: This Privacy Policy applies to all areas in which personal data are processed in our company through the channels mentioned above. Should we enter into legal relations with you outside these channels, we will inform you separately if necessary.

Legal Basis

In the following Privacy Policy, we provide transparent information on the legal principles and regulations – that is, the legal bases of the General Data Protection Regulation – that allow us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We process your data only when at least one of the following conditions applies:

1. Consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the data you entered in a contact form.
2. Contract (Article 6 paragraph 1 lit. b GDPR): We process your data to fulfil a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we require personal information in advance.
3. Legal Obligation (Article 6 paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes. These usually contain personal data.
4. Legitimate Interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For instance, we must process certain data to operate our website securely and economically. Such processing is therefore a legitimate interest.

Other bases such as the performance of tasks carried out in the public interest or the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. Where such a legal basis should nevertheless be relevant, it will be indicated at the corresponding place.

In addition to the EU Regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with Regard to the Processing of Personal Data (Data Protection Act), short DSG.
• In Germany, the Federal Data Protection Act applies, short BDSG.

Where additional regional or national laws apply, we will inform you in the following sections.

Contact Details of the Controller

If you have questions about data protection or the processing of personal data, you will find the contact details of the responsible person or entity below:
ECS Travel Management GmbH
Am Straßfeld 1/Stiege 1/Top 6
2401 Fischamend

Email: sa@executivecs.at
Phone: 0664 99654860
Imprint: https://www.executivecs.at/impressum/

Storage Period

As a general principle, we store personal data only for as long as is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally required to retain certain data even after the original purpose no longer applies — for example, for accounting purposes.

If you request the deletion of your data or withdraw your consent to data processing, the data will be deleted as quickly as possible, provided that there is no legal obligation to retain it.

We will inform you below about the specific duration of each data processing activity where further information is available.

Rights under the General Data Protection Regulation (GDPR)

According to Articles 13 and 14 of the GDPR, we inform you of the following rights to ensure fair and transparent data processing:

• Under Article 15 GDPR, you have the right to obtain confirmation as to whether we process data concerning you. If this is the case, you have the right to access the data and to be informed about:
  • the purpose of processing;
  • the categories of personal data being processed;
  • the recipients of the data and, if data are transferred to third countries, how security is guaranteed;
  • the storage duration;
  • the existence of rights to rectification, erasure, restriction of processing, and the right to object;
  • the right to lodge a complaint with a supervisory authority (links to these authorities are provided below);
  • the source of the data if they were not collected directly from you;
  • whether automated decision-making, including profiling, is used.
• Under Article 16 GDPR, you have the right to rectification, meaning we must correct any inaccurate data concerning you.
• Under Article 17 GDPR, you have the right to erasure (“right to be forgotten”), meaning you can request the deletion of your data.
• Under Article 18 GDPR, you have the right to restrict processing, meaning we may only store the data but not use them further.
• Under Article 20 GDPR, you have the right to data portability, meaning we must provide your data to you in a commonly used format upon request.
• Under Article 21 GDPR, you have the right to object, which, once exercised, results in a change of processing:
  • If the processing of your data is based on Article 6 (1)(e) (public interest or exercise of official authority) or Article 6 (1)(f) (legitimate interests), you may object to the processing. We will then assess as soon as possible whether we can comply with this objection under the law.
  • If data are used for direct marketing, you can object at any time. We will then no longer use your data for direct marketing purposes.
  • If data are used for profiling, you can also object at any time. We will then no longer use your data for profiling.
• Under Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (such as profiling).
• Under Article 77 GDPR, you have the right to lodge a complaint. This means you can contact a supervisory authority at any time if you believe the processing of your personal data violates the GDPR.

In short: You have rights — don’t hesitate to contact our responsible office listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you may lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Head: Dr. Matthias Schmidl
Address: Barichgasse 40–42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Transfer to Third Countries

We only transfer or process data in countries outside the scope of the GDPR (third countries) if you have consented to such processing or if there is another legal basis. This is particularly the case when processing is required by law or necessary for the performance of a contract and, in any event, only to the extent generally permitted. Your consent is, in most cases, the main reason we process data in third countries. The processing of personal data in third countries such as the USA, where many software providers operate and host their servers, can mean that personal data are processed and stored in unexpected ways.

We explicitly point out that, according to the opinion of the European Court of Justice, an adequate level of protection for data transfer to the USA currently only exists if a U.S. company processing personal data of EU citizens participates actively in the EU-U.S. Data Privacy Framework. You can find more information at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by U.S. services that are not active participants in the EU-U.S. Data Privacy Framework may result in non-anonymized processing and storage of data. Furthermore, U.S. government authorities may gain access to certain data. It may also happen that collected data are linked to data from other services of the same provider if you have an account with that provider. Where possible, we aim to use server locations within the EU whenever available.
We will inform you in the relevant sections of this Privacy Policy where data transfers to third countries take place.

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In doing so, we make it as difficult as possible within our means for third parties to draw conclusions about personal information from our data.

Article 25 GDPR refers to “data protection by design and by default,” which means that one must always consider security and implement appropriate measures both when designing software (e.g., forms) and hardware (e.g., server access). Below, we will go into specific measures where necessary.

TLS Encryption with HTTPS

TLS, encryption, and HTTPS sound very technical – and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to securely transmit data over the Internet.
This means that all data transfers between your browser and our web server are encrypted — no one can “listen in.”

This adds an extra layer of security and fulfils data protection by design (Article 25 paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, we can ensure the protection of confidential data.
You can recognize the use of this secure data transmission by the small lock symbol at the top left of your browser, next to the Internet address (e.g., examplesite.com), and the use of “https” instead of “http” as part of our Internet address.
If you would like to learn more about encryption, we recommend searching for “Hypertext Transfer Protocol Secure wiki” on Google for good links to further information.

Communication

Communication Summary 👥 Data subjects: Anyone who communicates with us via phone, email, or online form 📓 Data processed: e.g., phone number, name, email address, entered form data. More details can be found under the respective communication method. 🤝 Purpose: Handling communication with customers, business partners, etc. 📅 Storage duration: Duration of the business transaction and legal requirements ⚖️ Legal bases: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(b) GDPR (contract), Art. 6 (1)(f) GDPR (legitimate interests)

When you contact us by phone, email, or online form, personal data may be processed.

The data are processed to handle and respond to your inquiry and any related business transaction. The data are stored for as long as necessary to complete the transaction or as required by law.

Data Subjects

This applies to anyone who contacts us via the communication channels we provide.

Telephone

If you call us, call data are stored pseudonymously on the respective device and by the telecommunications provider. Additionally, data such as name and phone number may be sent via email and stored to process your inquiry. The data will be deleted once the business case is closed and legal requirements permit.

Email

If you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and on the email server. The data will be deleted once the business case is completed and legal obligations allow.

Online Forms

If you communicate with us through an online form, data are stored on our web server and may be forwarded to one of our email addresses. The data are deleted once the business case is completed and legal obligations allow.

Legal Basis

The processing of data is based on the following legal grounds:

• Art. 6 (1)(a) GDPR (Consent): You give us consent to store and use your data for purposes related to the business case;
• Art. 6 (1)(b) GDPR (Contract): The processing is necessary to fulfil a contract with you or a processor (e.g., the telephone provider), or to carry out pre-contractual measures, such as preparing an offer;
• Art. 6 (1)(f) GDPR (Legitimate Interests): We aim to manage customer inquiries and business communication in a professional manner. This requires certain technical tools such as email programs, exchange servers, and mobile operators to ensure efficient communication.

Data Processing Agreement (DPA)

In this section, we would like to explain what a Data Processing Agreement (DPA) is and why it is required. Since the term “Data Processing Agreement” can be quite a tongue-twister, we will refer to it as the abbreviation DPA throughout this text. Like most companies, we do not work alone but also use services provided by other companies or individuals. By involving various companies or service providers, we may share personal data for processing. These partners then act as processors with whom we conclude a contract — the so-called Data Processing Agreement (DPA). The most important thing for you to know is that the processing of your personal data takes place exclusively according to our instructions and is regulated by the DPA.

Who are Processors?

As a company and website owner, we are responsible for all data that we process about you. In addition to the controller, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. More precisely, according to the GDPR definition, any natural or legal person, authority, institution, or other body that processes personal data on our behalf qualifies as a processor. Processors can therefore include service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

To better understand these roles, here is an overview of the three roles under the GDPR:

Data Subject (you as a customer or prospect) → Controller (we as the company and client) → Processor (service providers such as web hosts or cloud providers)

Contents of a Data Processing Agreement

As already mentioned, we have concluded a DPA with our partners acting as processors. The agreement primarily stipulates that the processor processes the personal data solely in accordance with the GDPR. The contract must be concluded in writing, although an electronic contract is also considered “in writing.” Processing of personal data only takes place based on the contract. The agreement must include the following:

• Binding to us as the controller
• Duties and rights of the controller
• Categories of data subjects
• Type of personal data
• Nature and purpose of data processing
• Subject matter and duration of data processing
• Location of data processing

Furthermore, the agreement defines all obligations of the processor. The most important ones are:

• Ensuring data security measures
• Implementing technical and organizational measures to protect the rights of the data subject
• Maintaining a record of processing activities
• Cooperating with supervisory authorities upon request
• Conducting a risk analysis regarding the received personal data
• Sub-processors may only be commissioned with the written consent of the controller

You can see what such a DPA looks like, for example, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html, where a sample contract is presented.

Cookies

Cookies Summary 👥 Data subjects: Website visitors 🤝 Purpose: Depends on the respective cookie. More details can be found below or with the software provider setting the cookie. 📓 Data processed: Depends on the cookie used. More details can be found below or with the software provider setting the cookie. 📅 Storage duration: Depends on the cookie, can range from hours to years ⚖️ Legal bases: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, to help you better understand this Privacy Policy.

Whenever you browse the internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is certain: cookies are very useful little helpers. Almost all websites use cookies — more specifically, HTTP cookies, as there are other types of cookies for different purposes. HTTP cookies are small files stored on your computer by our website. These cookie files are automatically placed in your browser’s cookie folder — essentially the “memory” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data, such as language or personal site settings. When you revisit our site, your browser sends the “user-related” information back to our page. Thanks to cookies, our website knows who you are and provides your preferred settings. In some browsers, each cookie is stored in a separate file, while in others (e.g., Firefox), all cookies are stored together in one file.

The following graphic shows a possible interaction between a web browser such as Chrome and a web server. The browser requests a website, receives a cookie from the server, and then reuses the cookie when another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each stores different data. The lifetime of cookies also varies — from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans, or other “malware.” Cookies also cannot access information on your PC.

Web Hosting Introduction

Web Hosting Summary 👥 Data subjects: Website visitors 🤝 Purpose: Professional hosting of the website and ensuring operational security 📓 Data processed: IP address, time of website visit, browser used, and other data. More details can be found below or from the respective hosting provider. 📅 Storage duration: Depends on the provider, usually about 2 weeks ⚖️ Legal basis: Art. 6 (1)(f) GDPR (legitimate interests)

When you visit websites today, certain information — including personal data — is automatically created and stored, including on this website. These data should be processed as sparingly as possible and only where justified. By “website,” we mean all web pages on a domain, i.e., everything from the homepage to the last subpage (like this one). A domain means, for example, example.com or samplepage.com.

To view a website on a computer, tablet, or smartphone, you use software called a web browser. You probably know some of them by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply call them browsers or web browsers.

To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Running a web server is a complex and demanding task, which is why it is usually handled by professional providers. These offer web hosting services and ensure reliable and error-free storage of website data. That’s a lot of jargon — but it will make sense soon!

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and maintaining operational security
2. To ensure operational and IT security
3. Anonymous evaluation of access behavior to improve our services and, if necessary, for law enforcement or the assertion of claims

What data are processed?

Even while you are visiting our website right now, our web server (the computer on which this webpage is stored) typically and automatically saves data such as:

• the full Internet address (URL) of the accessed webpage
• browser and browser version (e.g., Chrome 87)
• the operating system used (e.g., Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g., https://www.exampleorigin.com/whereicamefrom/)
• the host name and IP address of the device from which access occurs (e.g., COMPUTERNAME and 194.23.43.121)
• date and time
• in files known as web-server logfiles

How long are data stored?

As a rule, the data mentioned above are stored for two weeks and then automatically deleted. We do not pass on these data, but we cannot exclude that authorities may access them in the event of unlawful behavior.

In short: Your visit is logged by our provider (the company operating our website on special computers — servers), but we do not share your data without consent!

Legal Basis

The lawfulness of processing personal data in connection with web hosting arises from Art. 6 (1)(f) GDPR (legitimate interests), since using professional hosting by a provider is necessary to present the company securely and user-friendly on the Internet and, if required, to trace attacks or claims resulting therefrom.

Between us and the hosting provider, there is generally a Data Processing Agreement in accordance with Art. 28 ff. GDPR, ensuring compliance with data protection and guaranteeing data security.

External Hosting Provider Privacy Policy

Below you will find the contact details of our external hosting provider, where you can also find more information about data processing in addition to what is stated above:

VPS Host Name:
Company Name: CKStudio e.U.
Address: Webgasse 43/3D, 1060 Vienna
Contact: info@ckstudio.at

Actual Hosting Provider:
easyname GmbH
Canettistraße 5/10, 1100 Vienna, Austria
Email: office@easyname.com
Phone: 01 353 2222

More about data processing by this provider can be found in their Privacy Policy.

Web Analytics Introduction

Web Analytics Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Analysis of visitor information to optimize the web offer. 📓 Data processed: Access statistics including location of accesses, device data, duration and time of access, navigation behavior, click behavior, and IP addresses. More details can be found with the respective web analytics tool. 📅 Storage duration: Depends on the analytics tool used ⚖️ Legal bases: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is Web Analytics?

We use software on our website to analyze visitor behavior — commonly known as web analytics or web analysis. Data are collected, stored, managed, and processed by the respective analytics tool provider (also called a tracking tool). Using this data, analyses of user behavior on our website are created and made available to us as the site operator. Most tools also provide testing options. For example, we can test which offers or content are most appealing to our visitors. To do so, we may show you two different versions of content for a limited time (so-called A/B testing). After the test, we can determine which version our visitors preferred. For such testing and other analytics procedures, user profiles may also be created, and data may be stored in cookies.

Why do we use Web Analytics?

Our website has a clear goal: to provide the best online offering in our industry. To achieve this, we want to offer both the best content and ensure that you enjoy using our site. With web analytics tools, we can closely examine visitor behavior and improve our site accordingly. For example, we can determine the average age of our visitors, where they come from, when our site is most frequently visited, and which products or content are most popular. All this information helps us optimize the site to meet your needs, interests, and preferences.

What data are processed?

The exact data stored naturally depends on the analytics tools used. Generally, however, information is stored such as which content you view on our website, which buttons or links you click, when you access a page, which browser you use, what device (PC, tablet, smartphone, etc.) you use, and which operating system you have. If you have consented to location data collection, these may also be processed by the analytics tool provider.

Your IP address is also recorded. According to the GDPR, IP addresses are personal data. However, they are usually pseudonymized (i.e., shortened or obscured) before being stored. For web analytics and testing purposes, personal information such as your name, age, address, or email address is generally not stored. If collected, all such data are stored pseudonymously so that you cannot be personally identified.

The following diagram illustrates, for example, how Google Analytics works as a client-based web tracking system using JavaScript code.

The length of time data are stored depends on the provider. Some cookies retain data only for a few minutes or until you leave the website; others may store data for several years.

Duration of Data Processing

We inform you below about the duration of data processing where more information is available. In general, we process personal data only for as long as is absolutely necessary to provide our services and products. When, as in the case of accounting, a legal requirement exists, this storage period may be exceeded.

Right to Object

You also have the right and opportunity at any time to withdraw your consent to the use of cookies or third-party providers. This can be done either through our cookie-management tool or via other opt-out features. For example, you can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser settings.

Legal Basis

The use of web-analytics tools requires your consent, which we obtained through our cookie popup. This consent constitutes the legal basis under Art. 6 (1)(a) GDPR (consent) for the processing of personal data that may occur when using web-analytics tools.

In addition to consent, we also have a legitimate interest in analyzing visitor behavior to improve our offer technically and economically. Web analytics help us detect website errors, identify attacks, and enhance efficiency. The legal basis for this is Art. 6 (1)(f) GDPR (legitimate interests). We nevertheless use such tools only if you have provided consent.

Because web-analytics tools use cookies, we recommend reading our general Privacy Policy on cookies. To know exactly which of your data are stored and processed, you should consult the privacy policies of the respective tools.

Information on specific web-analytics tools, if any, is provided in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Evaluation of visitor information to optimize the web offering 📓 Data processed: Access statistics including location of accesses, device data, duration and time of access, navigation behavior and click behavior. More details can be found below in this privacy policy. 📅 Storage duration: individually configurable; by default Google Analytics 4 stores data for 14 months ⚖️ Legal bases: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is Google Analytics?

We use the analytics tracking tool Google Analytics, version Google Analytics 4 (GA4), from the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. By combining various technologies such as cookies, device IDs, and login information, you as a user can be identified across devices. This allows your actions to be analyzed across platforms.

For example, when you click on a link, that event is stored in a cookie and sent to Google Analytics. Using the reports we receive from Google Analytics, we can better tailor our website and services to your needs. Below, we explain the tracking tool in more detail and inform you about what data is processed and how you can prevent this.

Google Analytics is a tracking tool used for analyzing the traffic on our website. The basis of these measurements and analyses is a pseudonymous user identification number. This number does not include personal data such as names or addresses but serves to assign events to a device. GA4 uses an event-based model that captures detailed information about user interactions such as page views, clicks, scrolling, and conversion events. GA4 also includes various machine learning features to better understand user behavior and trends. Through modeling based on collected data, GA4 can also estimate missing data to optimize analysis and make forecasts.

For Google Analytics to function properly, a tracking code is embedded into our website code. When you visit our website, this code records various events you perform. With GA4’s event-based data model, we as website operators can define and track specific events to analyze user interactions. In addition to general data such as clicks or page views, specific events relevant to our business can also be tracked. Such events can include submitting a contact form or purchasing a product.

As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data, and we receive reports on user behavior. These reports may include:

• Audience reports: These help us better understand our users and know who is interested in our services.
• Ad reports: These allow us to analyze and improve our online advertising.
• Acquisition reports: These provide insights into how we can attract more people to our services.
• Behavior reports: These show how users interact with our website — which paths they take and which links they click.
• Conversion reports: Conversions occur when you take a desired action, such as becoming a customer or newsletter subscriber. These reports show how our marketing efforts are performing so we can improve our conversion rate.
• Real-time reports: These show what is happening on our website right now, such as how many users are currently reading this text.

In addition to the reports mentioned above, Google Analytics 4 also offers the following features:

• Event-based data model: This model captures specific events that occur on our website, such as playing a video, purchasing a product, or subscribing to our newsletter.
• Advanced analytics: These functions help us better understand your behavior on our site and general trends. We can segment user groups, run comparative analyses, and track user journeys on our website.
• Predictive modeling: Machine learning can use collected data to predict future trends or events, helping us develop better marketing strategies.
• Cross-platform analysis: Data can be collected and analyzed across websites and apps, allowing for cross-platform analysis if you have consented to such data processing.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to offer you the best possible service. The statistics and data provided by Google Analytics help us achieve that goal.

The analyzed data shows us both the strengths and weaknesses of our website. On one hand, we can optimize our site to make it easier for interested users to find us on Google. On the other, it helps us better understand you as a visitor. This lets us improve our site to provide the best experience possible. The data also helps us conduct more personalized and cost-effective marketing campaigns — it only makes sense to show our products and services to people who are actually interested.

What data does Google Analytics store?

Google Analytics generates a random, unique ID associated with your browser cookie. This way, Google Analytics recognizes you as a new user and assigns you a user ID. When you revisit our site, you are recognized as a "returning" user. All collected data is stored together with this user ID, enabling pseudonymous user profile analysis.

To analyze our website with Google Analytics, a property ID must be included in the tracking code. The data is then stored in the corresponding property. Each new property created uses Google Analytics 4 by default. Depending on the property, data may be stored for different durations.

Identifiers such as cookies, app instance IDs, user IDs, or custom event parameters are used to measure your interactions across platforms (if you’ve consented). Interactions include any actions you take on our website. If you use other Google systems (e.g., a Google Account), Google Analytics data may be linked with third-party cookies. Google does not share Analytics data with third parties unless we authorize it, except where legally required.

According to Google, GA4 does not log or store IP addresses. IP data is used only to determine location information and then deleted immediately. All IP addresses collected from users in the EU are deleted before being stored in a data center or on a server.

Since GA4 focuses on event-based data, it uses fewer cookies than previous versions (such as Universal Analytics). However, a few specific cookies are still used, including:

Name: _ga
Value: 2.1326744211.152122821163-5
Purpose: Used to distinguish users.
Expiration: 2 years

Name: _gid
Value: 2.1687193234.152122821163-1
Purpose: Used to distinguish users.
Expiration: 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to throttle request rate. If Analytics is deployed via Google Tag Manager, this cookie is named _dc_gtm_<property-id>.
Expiration: 1 minute

Note: This list is not exhaustive, as Google may change the cookies it uses at any time. GA4 also offers more privacy controls — for example, we can define retention periods and control what data is collected.

Here is an overview of key data types collected through Google Analytics:

Heatmaps: These show where users click most often, helping us understand how you navigate our site.

Session duration: The time spent on our website without leaving. A session ends automatically after 20 minutes of inactivity.

Bounce rate: The percentage of users who view only one page before leaving our website.

Account creation: When you create an account or place an order, this data is collected by Google Analytics.

Location: While IP addresses are not logged, they are used briefly to determine approximate location before being deleted.

Technical information: Includes browser type, internet provider, and screen resolution.

Source: Shows which website or advertisement brought you to us.

Other data may include contact information, ratings, media playback (e.g., playing a video), sharing content on social media, or adding items to favorites. This list is not exhaustive but provides an overview of the types of data Google Analytics may store.

Google Optimize Privacy Policy

Google Optimize Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: To analyze visitor behavior and run A/B tests to optimize our website. 📓 Data processed: User ID, cookie information, device information, and interaction data (such as clicks or scroll depth). More details are available below and in Google’s privacy policy. 📅 Storage period: Data is generally stored for 14 months or for the duration of the test period. ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is Google Optimize?

We use the tool Google Optimize to improve our website by testing different versions of pages and content to find out which performs best for our visitors. Google Optimize is a tool developed by Google LLC and is integrated into Google Analytics. It helps us carry out A/B testing and personalization of our content.

Why do we use Google Optimize on our website?

We want to offer you the best possible online experience. Google Optimize enables us to analyze how different versions of our pages perform with visitors so we can make data-driven improvements. For example, we can test whether a different button color or a changed text layout leads to better interaction with our services.

What data does Google Optimize store?

When you visit our website, Google Optimize uses cookies to record how you interact with our website. The following data can be collected:

• Cookies to identify returning users and assign them to test groups
• Device information (such as browser type and version, screen resolution)
• IP address (shortened and anonymized)
• Interaction data (e.g. clicks, time spent on page, scroll depth)

These data are transmitted to Google servers and analyzed together with Google Analytics data to evaluate the performance of different website versions. Your IP address is anonymized before being stored so that it cannot be personally linked to you.

How long and where are the data stored?

The data are stored on Google’s servers worldwide. The primary storage location for European users is in the EU. Anonymized data are kept for up to 14 months and then deleted automatically.

Legal basis

We use Google Optimize based on your consent in accordance with Art. 6 (1)(a) GDPR (consent). You can withdraw this consent at any time via our cookie management tool or browser settings. We also have a legitimate interest under Art. 6 (1)(f) GDPR to test and improve our website for efficiency and user friendliness.

More information is available in Google’s privacy policy: https://policies.google.com/privacy

Google Site Kit Privacy Policy

Google Site Kit Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Integration and management of Google services such as Analytics and Search Console via WordPress. 📓 Data processed: Depends on the connected Google services (usually Analytics, Search Console, AdSense data). 📅 Storage duration: depends on the Google service used. ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is Google Site Kit?

Google Site Kit is a WordPress plugin developed by Google that enables us to integrate and manage various Google tools directly on our website. This includes services like Google Analytics, Search Console, AdSense, PageSpeed Insights, and Tag Manager. Site Kit provides a centralized dashboard in WordPress for viewing and analyzing data from these services.

Why do we use Google Site Kit on our website?

Google Site Kit makes it much easier to use Google tools within WordPress and gives us an overview of how well our website is performing. We can see important metrics such as page views, click-through rates, and search queries directly in our WordPress dashboard and optimize our site accordingly.

What data does Google Site Kit store?

Google Site Kit itself does not store personal data from visitors. It acts as an interface for the connected Google services. Depending on which services are enabled, data such as your IP address, user interactions (e.g. page views or clicks), technical information about your browser and device, and referrer URLs can be collected and transmitted to Google servers. Please refer to the respective Google service’s privacy policy for details.

How long and where are the data stored?

The storage period depends on the Google services used through Site Kit. For example, Google Analytics data is stored for up to 14 months, while Search Console data is kept for 16 months. Data are stored on Google servers worldwide, primarily in the United States and Europe.

Legal basis

The use of Google Site Kit is based on your consent under Art. 6 (1)(a) GDPR as well as our legitimate interest under Art. 6 (1)(f) GDPR to manage our website more efficiently and analyze its performance. You can withdraw your consent at any time via our cookie settings or browser options.

More information about Google Site Kit can be found at https://sitekit.withgoogle.com/ and in Google’s privacy policy: https://policies.google.com/privacy

Social Media Introduction

Social Media Privacy Policy Summary 👥 Data subjects: Website visitors and users of social media platforms 🤝 Purpose: To display and interact with our online presence on social media platforms and to communicate with users. 📓 Data processed: Contact data, user behavior, information about your device, IP address, and other data processed by the respective social media platform. 📅 Storage duration: Depends on the social media platform used. ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is Social Media?

In addition to our website, we are also active on various social media platforms. User data may be processed to communicate with users or to present information about our company and services. We also use elements embedded from social networks directly on our website to display content such as posts or videos.

Why do we use social media?

Social media allows us to communicate directly with interested parties, customers, and users and to provide fast updates about our services. Integrating social media elements also helps us expand the reach of our content and increase brand awareness. We use these networks to stay in contact with our audience and receive feedback that helps us improve our services.

What data is processed?

Depending on the platform, different types of data are collected and processed. These typically include user profile data, communication content, and information collected through cookies and similar technologies. If you are logged into a social network, it can associate your visit to our website with your user account. Even if you are not logged in, data may be collected through cookies or other identifiers and stored by the platform.

How long and where is the data stored?

The duration and location of storage depend on the respective social media company’s privacy policy. Data may also be stored and processed in third countries such as the USA. Please refer to the privacy statements of the respective providers for details.

Legal basis

We use social media based on our legitimate interests under Art. 6 (1)(f) GDPR to maintain an online presence and communicate with users. If you are asked for consent to data processing (e.g., via a checkbox), the legal basis is Art. 6 (1)(a) GDPR. You can withdraw your consent at any time.

Facebook Privacy Policy

Facebook Privacy Policy Summary 👥 Data subjects: Website visitors and Facebook users 🤝 Purpose: Displaying our Facebook content, maintaining contact with visitors, and running marketing campaigns 📓 Data processed: Data such as IP address, information about your device, user behavior, contact data, and other information collected by Facebook 📅 Storage duration: Data are generally stored for as long as necessary for Facebook’s business purposes ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is Facebook?

We use Facebook to present our company and services and to interact with users. Facebook is a social network operated by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The company also uses servers in the United States and other countries.

Why do we use Facebook on our website?

Facebook enables us to stay in touch with interested users, communicate quickly, and promote our business through advertising tools such as Facebook Ads. Embedding Facebook elements (such as Like or Share buttons) also allows users to interact directly with our content and share it with others.

What data does Facebook process?

When you visit our Facebook page or interact with Facebook elements on our website, Facebook collects data such as:

• Information you provide (e.g., messages, comments, posts, likes)
• Data about your device and IP address
• Information about your interactions with our content and advertisements
• Location data, if enabled
• Data from partners that work with Facebook

If you have a Facebook account, the data may be linked to your profile. Even if you are not logged in, cookies or similar identifiers can be stored on your device.

How long and where is the data stored?

Data collected through Facebook are stored on servers in the EU and the United States. According to Facebook, data are kept for as long as necessary to provide services or as required by law. Facebook anonymizes or deletes data when they are no longer needed.

How can I delete my data or prevent storage?

If you have a Facebook account, you can manage or delete your data directly in your account settings. You can also adjust your ad preferences and restrict data collection for advertising purposes. You can find settings under: https://www.facebook.com/settings?tab=ads

You can also manage, block, or delete cookies in your browser to prevent Facebook from collecting data about you when visiting external websites.

Legal basis

We use Facebook based on your consent under Art. 6 (1)(a) GDPR and on our legitimate interest in maintaining an online presence and communicating with customers under Art. 6 (1)(f) GDPR. You can withdraw your consent at any time.

More details about Facebook’s data processing can be found in Facebook’s Data Policy: https://www.facebook.com/about/privacy

Instagram Privacy Policy

Instagram Privacy Policy Summary 👥 Data subjects: Website visitors and Instagram users 🤝 Purpose: Displaying and promoting our services, communicating with users 📓 Data processed: Data such as IP address, user behavior, device information, contact details, and information you provide to Instagram 📅 Storage duration: As long as necessary for business purposes or as required by law ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is Instagram?

We maintain an Instagram profile to communicate with users and showcase our services. Instagram is operated by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The parent company is Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

Why do we use Instagram on our website?

Instagram enables us to visually present our company, products, and services and engage directly with our audience. Embedded Instagram content also enhances our site’s appearance and user experience.

What data does Instagram process?

If you visit our Instagram page or interact with Instagram content on our website, Instagram collects and processes various data, including:

• Data you share (comments, likes, messages, photos)
• Technical data such as IP address, browser information, and device type
• Usage data such as interactions with posts and the time spent on pages
• Cookies and similar identifiers to track activity

If you are logged into your Instagram account, this data may be associated with your profile. Even if you are not logged in, Instagram can store cookies or identifiers on your device.

How long and where is the data stored?

Instagram stores data on servers in the EU and the United States. Data are generally kept as long as necessary to provide services or as required by law. Meta deletes or anonymizes data when they are no longer needed.

Legal basis

We use Instagram based on our legitimate interest in maintaining an online presence under Art. 6 (1)(f) GDPR and, where applicable, based on your consent under Art. 6 (1)(a) GDPR. You can withdraw your consent at any time.

Further details are available in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/

Snapchat Privacy Policy

Snapchat Privacy Policy Summary 👥 Data subjects: Website visitors and Snapchat users 🤝 Purpose: Communication and promotion of our services on the Snapchat platform 📓 Data processed: Data such as IP address, device information, user behavior, and communication content 📅 Storage duration: As long as necessary for business purposes or as required by law ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is Snapchat?

We use Snapchat to communicate directly with our customers and to share visual content such as images and short videos. Snapchat is operated by Snap Inc., 2772 Donald Douglas Loop North, Santa Monica, CA 90405, USA.

What data does Snapchat process?

Snapchat collects and processes various types of data, including:

• Content you create and share (photos, messages, videos)
• Device information (model, operating system, device identifiers)
• Usage data such as app interactions, friends added, and frequency of use
• Location data, if you enable location services

Snapchat may also share aggregated, anonymized data with partners and advertisers.

How long and where is the data stored?

Data are primarily stored on servers in the United States. Snapchat deletes messages and content by default once they have been viewed or have expired, unless the user saves them manually. Other data are retained as long as necessary for business purposes or legal obligations.

Legal basis

The use of Snapchat is based on your consent under Art. 6 (1)(a) GDPR and our legitimate interest under Art. 6 (1)(f) GDPR to maintain social media presence and communication. You can withdraw your consent at any time.

Snapchat’s privacy policy can be found at: https://values.snap.com/en-US/privacy/privacy-policy

TikTok Privacy Policy

TikTok Privacy Policy Summary 👥 Data subjects: Website visitors and TikTok users 🤝 Purpose: Displaying our TikTok presence, interacting with users, and running marketing campaigns 📓 Data processed: Device information, user activity, IP address, contact information, and content you share on TikTok 📅 Storage duration: As long as necessary for business purposes or legal obligations ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is TikTok?

TikTok is a social media platform that allows users to create, share, and discover short video content. It is operated by TikTok Technology Limited, 10 Earl Place, Dublin 2, Ireland, and by its parent company ByteDance Ltd, based in Beijing, China.

Why do we use TikTok?

We use TikTok to share engaging video content with potential customers and increase awareness of our brand. The platform enables us to reach a younger audience and participate in viral trends relevant to our industry.

What data does TikTok process?

TikTok collects and processes the following types of data:

• Information you provide (profile, messages, videos, interactions)
• Device data (model, system, mobile carrier, IP address)
• Usage data (watch time, likes, shares, comments)
• Location data, if permitted
• Cookies and similar tracking technologies

If you are logged in to TikTok, your data can be linked to your user account. TikTok also uses this data for advertising and content recommendations.

How long and where is the data stored?

Data are stored on servers in Singapore, the United States, and Europe. TikTok retains personal data for as long as necessary for the purposes described or as required by law. Some data may be shared with affiliated companies within the ByteDance group.

Legal basis

The use of TikTok is based on your consent under Art. 6 (1)(a) GDPR and our legitimate interest under Art. 6 (1)(f) GDPR to promote our business through social media. You can withdraw your consent at any time.

More information is available in TikTok’s privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en

X (formerly Twitter) Privacy Policy

X (Twitter) Privacy Policy Summary 👥 Data subjects: Website visitors and X users 🤝 Purpose: Displaying our X profile, interacting with users, and sharing updates 📓 Data processed: Data such as IP address, device information, browser type, user activity, and account data 📅 Storage duration: As long as necessary for business purposes or legal obligations ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is X (Twitter)?

We use the short-message service X (formerly Twitter) to share news, updates, and interact with our community. X Corp. (1355 Market Street, Suite 900, San Francisco, CA 94103, USA) is responsible for the service.

What data does X process?

When you visit our X profile or interact with X elements on our website, X collects and processes data such as:

• Account information (name, username, email address)
• Content you share (tweets, messages, likes)
• Technical data (IP address, browser, operating system)
• Interaction data (clicks, retweets, followers)
• Location data, if enabled

How long and where is the data stored?

According to X, data are stored on servers worldwide, including in the USA. Personal data are kept as long as necessary for business operations or as legally required. Data may also be shared with affiliated companies or third parties for advertising purposes.

Legal basis

We use X based on your consent under Art. 6 (1)(a) GDPR and our legitimate interest under Art. 6 (1)(f) GDPR to maintain an online presence and communicate with customers. You can withdraw your consent at any time.

More information is available in X’s privacy policy: https://twitter.com/en/privacy

Audio & Video Introduction

Audio & Video Privacy Policy Summary 👥 Data subjects: Website visitors who view or listen to embedded media content 🤝 Purpose: Displaying and streaming audio or video files via external platforms 📓 Data processed: IP address, device information, browser data, and user interactions with media content 📅 Storage duration: Depends on the service provider used ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What are Audio & Video Elements?

We use audio and video services to display multimedia content directly on our website. Providers such as YouTube or Vimeo allow us to offer you engaging video and sound experiences without hosting the files ourselves. When you access a page containing such embedded media, your browser automatically connects to the provider’s servers.

Why do we use Audio & Video elements on our website?

We want to present our content as vividly as possible. Embedded videos and audio clips help us explain complex topics more effectively and enhance your user experience. The use of external platforms also saves bandwidth and server capacity on our side.

What data is processed?

When you open a page with embedded audio or video, certain data are automatically transmitted to the provider — including your IP address, device information, the page visited, and possibly your interactions (play, pause, volume, etc.). If you are logged in to a user account with the respective provider, this data may be associated with your profile.

Legal basis

The embedding of multimedia content occurs only with your consent according to Art. 6 (1)(a) GDPR. Additionally, we have a legitimate interest in providing appealing and efficient online content under Art. 6 (1)(f) GDPR. You may withdraw your consent at any time through our cookie-consent tool.

YouTube Privacy Policy

YouTube Privacy Policy Summary 👥 Data subjects: Website visitors who watch YouTube videos 🤝 Purpose: Displaying and streaming videos on our website 📓 Data processed: IP address, device and browser information, viewed videos, cookies, and unique identifiers 📅 Storage duration: Depends on YouTube settings and your Google account ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is YouTube?

We integrate videos from the YouTube platform to make our website more informative and visually appealing. YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you watch a YouTube video on our site, your data may be transmitted to Google servers in the EU and the USA.

What data does YouTube process?

As soon as you open a page with an embedded YouTube video, at least the following information is transmitted to YouTube:

• IP address and URL of the page visited
• Device information and browser type
• System date and time of access
• Cookies that may identify your browser or Google account

If you are logged into your Google account, these data can be associated with your profile. To avoid this, log out of your Google account before playing a video. YouTube stores cookies on your device to collect statistics and improve usability.

How long and where are data stored?

Data collected via YouTube are stored on Google servers, primarily in the United States. Storage duration varies depending on your account settings and YouTube’s data policies. Some data may remain stored for extended periods for analytics or legal reasons.

Legal basis

We embed YouTube videos based on your consent in accordance with Art. 6 (1)(a) GDPR and our legitimate interest under Art. 6 (1)(f) GDPR to provide engaging multimedia content. You can withdraw consent at any time via our cookie settings.

More information is available in Google’s privacy policy: https://policies.google.com/privacy

Web Design Introduction

Web Design Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Proper display and functionality of our website on all devices 📓 Data processed: Technical data such as IP address, browser type, screen resolution, device type and OS information 📅 Storage duration: Usually until your session ends or the data are no longer needed for the purpose collected ⚖️ Legal basis: Art. 6 (1)(f) GDPR (legitimate interests)

What is Web Design?

Web design refers to the planning and implementation of our website’s visual and technical structure. To ensure our website functions efficiently and looks good on different devices, we use software and services that automatically process technical data about your browser and device.

Why do we process personal data in web design?

Such data processing is necessary to optimize the layout and technical performance of our website. We need to know, for example, which screen size or browser is used to display our content correctly for you.

Legal basis

The processing of technical data for web design purposes is based on our legitimate interest under Art. 6 (1)(f) GDPR to provide a user-friendly and technically secure website.

Online Map Services Introduction

Online Map Services Privacy Policy Summary 👥 Data subjects: Website visitors who use map functions 🤝 Purpose: Displaying interactive maps for location information or navigation 📓 Data processed: IP address, search terms, device information, and location data (if enabled) 📅 Storage duration: Depends on the service provider used ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What are Online Map Services?

Online map services allow us to integrate maps and route planners into our website so that you can easily find our location or plan your visit. We typically use providers such as Google Maps or OpenStreetMap for this purpose.

Why do we use Online Maps on our website?

Interactive maps significantly improve user experience by allowing you to quickly find directions and contact points. They also help present our business location accurately and visually appealing.

What data is processed?

When you use an embedded map, your IP address and possibly location data (if enabled) are transmitted to the provider. Cookies and other technologies may also be used to store user preferences and measure usage behavior.

Legal basis

The use of online map services is based on your consent under Art. 6 (1)(a) GDPR and our legitimate interest under Art. 6 (1)(f) GDPR to present location information clearly and usefully for our visitors. You may withdraw consent at any time via our cookie settings.

Content Delivery Networks (CDN) Introduction

CDN Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Faster and more secure delivery of website content 📓 Data processed: IP address, requested files, device and browser information, date and time of access 📅 Storage duration: Depends on the provider used ⚖️ Legal basis: Art. 6 (1)(f) GDPR (legitimate interests)

What is a Content Delivery Network (CDN)?

We use a Content Delivery Network (CDN) to ensure that our website loads quickly and reliably, even when there are high traffic volumes or users are accessing from distant geographic locations. A CDN stores copies of our website’s static content on distributed servers around the world, allowing faster delivery of data such as images, CSS, or JavaScript files.

Why do we use a CDN?

Speed, stability, and security are key priorities for us. Using a CDN helps minimize latency, prevents downtime, and protects against cyber-attacks such as DDoS attempts. This ensures an optimized and secure browsing experience for all users.

What data is processed?

When you visit our website, technical information such as your IP address, the requested content, browser type, and date/time of the request may be transmitted to CDN servers. These servers deliver cached content to you and may log minimal connection data for performance and security purposes.

Legal basis

The use of a CDN is based on our legitimate interest under Art. 6 (1)(f) GDPR to ensure a stable, efficient, and secure presentation of our online content.

Miscellaneous and Closing Information

We have made every effort to provide complete and accurate information in this privacy policy. However, changes to our website or the technologies used may require updates to this document. We therefore recommend reviewing this privacy policy regularly.

Should significant legal or technical changes occur, we will update the privacy policy promptly and communicate any important modifications where necessary (for example, via a banner or notification).

If you have questions or concerns regarding data protection, please feel free to contact us at any time using the contact details provided in this document.

Glossary of Terms

Below you will find brief explanations of common data-protection terms used in this privacy policy.

• Controller: The person or entity that determines the purposes and means of processing personal data.
• Processor: A service provider that processes personal data on behalf of the controller under a data-processing agreement.
• Personal data: Any information relating to an identified or identifiable natural person (e.g. name, email address, IP address).
• Processing: Any operation performed on personal data, such as collection, recording, organization, storage, adaptation, use, transmission, or deletion.
• Consent: A freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they agree to the processing of personal data concerning them.
• Legitimate interest: A legal basis allowing processing when it is necessary for the legitimate interests of the controller or a third party and does not override the data subject’s rights.
• Third countries: Countries outside the European Economic Area (EEA) where personal data may be transferred under specific conditions.

Final Remarks

We take data protection seriously and strive to handle your personal data responsibly, transparently, and in compliance with the law. Thank you for visiting our website and for the trust you place in us.

Last updated: October 2025

Name: guest_id
Value: 122821163v1%3A157132626
Purpose: This cookie is set to identify you as a guest.
Expiration date: after 2 years

Name: fm
Value: 0
Purpose: Unfortunately, we could not determine the specific purpose of this cookie.
Expiration date: after session end

Name: external_referer
Value: 1228211632beTA0sf5lkMrlGt
Purpose: This cookie collects anonymous data such as how often and how long you visit X.
Expiration date: after 6 days

Name: eu_cn
Value: 1
Purpose: This cookie stores user activity and serves various advertising purposes of X.
Expiration date: after 1 year

Name: ct0
Value: c1179f07163a365d2ed7aad84c99d966
Purpose: We could not find any detailed information about this cookie.
Expiration date: after 6 hours

Name: _twitter_sess
Value: 53D%253D–dd0248122821163-
Purpose: This cookie enables you to use functions within the X website.
Expiration date: after session end

Note: X also collaborates with third-party providers. Therefore, during our test, we also detected the three Google Analytics cookies _ga, _gat, and _gid.

X uses the collected data to better understand user behavior and improve its own services and advertising offerings, and also for internal security purposes.

How long and where are the data stored?

If X collects data from other websites, these are deleted, aggregated, or anonymized within a maximum of 30 days. X servers are located in various data centers across the United States, so it can be assumed that the collected data are gathered and stored there. We could not clearly determine whether X operates its own servers in Europe. In general, X may retain collected data until they are no longer useful to the company, you delete them, or a statutory retention period expires.

How can I delete or prevent my data from being stored?

X emphasizes in its privacy policy that it does not store data from external website visits if you or your browser are located in the European Economic Area or Switzerland. However, if you interact directly with X, the platform will of course store data about you.

If you have an X account, you can manage your data by clicking on “More” under the “Profile” menu, then selecting “Settings and privacy.” There you can customize data processing preferences.

If you do not have an X account, visit twitter.com and click on “Personalization.” Under “Personalization and data,” you can manage your collected data.

Most data, as mentioned above, are stored via cookies, which you can manage, disable, or delete in your browser settings. Please note that cookie preferences are browser-specific — meaning if you switch browsers, you’ll need to adjust these settings again. Under the “Cookies” section of our Privacy Policy, you’ll find links to instructions for popular browsers.

You can also configure your browser to notify you each time a cookie is set, allowing you to decide individually whether to allow or deny it.

X uses the collected data for personalized advertising both within and outside the platform. You can disable personalized ads under “Personalization and data” in your X account settings. If you use X through a browser, you can also opt out of personalized ads at https://optout.aboutads.info/?c=2&lang=EN.

Legal basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis under Art. 6 (1)(a) GDPR. Your data may also be processed based on our legitimate interest under Art. 6 (1)(f) GDPR in maintaining fast and efficient communication with you and other users. We only use embedded social media elements if you have given consent. Since most social platforms set cookies, we recommend reading our Cookie Policy carefully and reviewing the respective provider’s Privacy Policy or Cookie Policy.

X processes some of your data in the United States. We point out that, according to the Court of Justice of the European Union, there is currently no adequate level of protection for data transfer to the U.S., which may pose certain risks regarding the lawfulness and security of data processing.

As a safeguard for data transfers to third countries (outside the EU/EEA), X uses so-called Standard Contractual Clauses (SCCs) pursuant to Art. 46 (2) and (3) GDPR. These EU-approved templates ensure that your data continue to be handled in accordance with European data protection standards, even when transferred and stored in third countries like the U.S. Through these clauses, X commits to maintaining the same level of data protection as required in the EU. You can find the official decision and the Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

Further details about Twitter’s Standard Contractual Clauses can be found at https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

We hope this overview gives you a clear understanding of how X processes your data. We do not receive any data from X and have no control over what X does with your information. For more details, please refer to X’s full privacy policy at https://twitter.com/en/privacy.

Name: guest_id
Value: 122821163v1%3A157132626
Purpose: This cookie is set to identify you as a guest.
Expiration: after 2 years

Name: fm
Value: 0
Purpose: Unfortunately, we could not determine the specific purpose of this cookie.
Expiration: after the session ends

Name: external_referer
Value: 1228211632beTA0sf5lkMrlGt
Purpose: This cookie collects anonymous data such as how often and how long you visit X.
Expiration: after 6 days

Name: eu_cn
Value: 1
Purpose: This cookie stores user activity and serves various advertising purposes of X.
Expiration: after one year

Name: ct0
Value: c1179f07163a365d2ed7aad84c99d966
Purpose: Unfortunately, we could not find any information about this cookie.
Expiration: after 6 hours

Name: _twitter_sess
Value: 53D%253D–dd0248122821163-
Purpose: This cookie allows you to use functions within the X website.
Expiration: after the session ends

Note: X also works with third parties. During our test, we also detected three Google Analytics cookies: _ga, _gat, and _gid.

X uses the collected data to better understand user behavior and improve its own services and advertising offerings. The data also serves internal security purposes.

How long and where are the data stored?

If X collects data from other websites, it deletes, aggregates, or anonymizes them after a maximum of 30 days. X servers are located in various data centers in the United States. Therefore, it can be assumed that collected data is stored in the USA. We could not determine whether X also operates its own servers in Europe. In general, X may store collected data as long as they are useful for the company, until you delete them, or until a legal retention period applies.

How can I delete or prevent data storage?

X repeatedly emphasizes in its privacy policy that it does not store data from external website visits if you or your browser are located within the European Economic Area or Switzerland. However, if you interact directly with X, your data will naturally be stored.

If you have an X account, you can manage your data by clicking on the "Profile" button, then on "More", and selecting "Settings and Privacy". There you can individually manage data processing.

If you don’t have an X account, you can visit twitter.com and click on “Personalization”. Under “Personalization and Data”, you can manage your collected data.

Most data are stored via cookies, which you can manage, disable, or delete in your browser. Please note that this only applies to the browser you choose. If you use another browser later, you’ll need to adjust your cookie settings again. See the “Cookies” section for links to browser instructions.

You can also configure your browser to notify you each time a cookie is set. Then you can decide individually whether to allow or reject each cookie.

X also uses your data for personalized advertising on and off its platform. In the settings under “Personalization and Data”, you can disable personalized ads. If you use X in a browser, you can disable personalized ads at https://optout.aboutads.info/?c=2&lang=EN.

Legal basis

If you have consented to your data being processed and stored by embedded social media elements, this consent serves as the legal basis for processing (Art. 6(1)(a) GDPR). Your data may also be processed based on our legitimate interest (Art. 6(1)(f) GDPR) in efficient communication with customers and partners. We only use embedded social media elements when you have provided consent. Most social platforms also set cookies in your browser to store data. Therefore, we recommend reviewing our cookie policy and the privacy statements of each provider.

X also processes your data in the USA. We note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can involve certain legal and security risks.

As a basis for data processing with recipients in third countries (outside the EU/EEA, particularly the USA), X uses Standard Contractual Clauses (SCCs) under Art. 46(2) and (3) GDPR. These are model clauses issued by the EU Commission to ensure that your data remain protected under European standards even when transferred abroad. X commits to upholding these protections when processing your data in the USA. The decision and SCCs can be found at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

More information about X’s Standard Contractual Clauses is available at: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

We hope this overview gives you a clear understanding of X’s data processing. We do not receive any data from X and are not responsible for how X handles your data. For further information, please refer to X’s privacy policy: https://twitter.com/en/privacy.

Content Delivery Networks (CDN) Introduction

Content Delivery Networks Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of our services (to enable faster website loading) 📓 Data processed: Data such as your IP address (details below) 📅 Storage duration: Data are usually stored until no longer necessary to fulfill the service ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is a Content Delivery Network?

We use a so-called Content Delivery Network (CDN) on our website. A CDN helps us deliver our website quickly and smoothly, regardless of your location. In doing so, personal data may be stored, managed, and processed on the servers of the CDN provider used. Below, we provide a general explanation of this service and how it processes data. For precise information, please refer to the provider’s privacy policy.

Every Content Delivery Network (CDN) is a network of regionally distributed servers connected via the Internet. Through this network, website content (especially large files) can be delivered quickly and reliably even during high traffic peaks. The CDN stores a copy of our website on its servers. Because these servers are distributed worldwide, the website can be delivered faster, and the data transfer to your browser is significantly shortened.

Why do we use a Content Delivery Network?

A fast-loading website is part of our service. We know how frustrating it is when a website loads slowly. Many users lose patience and leave before the site has fully loaded. To prevent that, we use a CDN, ensuring our pages load faster in your browser. This is especially useful if you are abroad, as the website is delivered from a nearby server.

What data are processed?

When you request content from our website that is cached in a CDN, the CDN forwards the request to the server closest to you, which then delivers the content. CDNs are structured so that JavaScript libraries can be downloaded and hosted on npm or GitHub servers. Alternatively, WordPress plugins hosted on WordPress.org can also be loaded. Your browser may transmit personal data such as IP address, browser type, version, visited page, date, and time of access to the CDN. This data is collected and stored by the CDN. Whether cookies are used depends on the specific network. Please refer to the provider’s privacy policy for details.

Right to object

If you wish to completely prevent this data transfer, you can install a JavaScript blocker (e.g., https://noscript.net/) on your computer. Please note, however, that this may limit website functionality (such as faster loading speeds).

Legal basis

If you have consented to the use of a Content Delivery Network, the legal basis for this data processing is your consent (Art. 6(1)(a) GDPR). We also have a legitimate interest (Art. 6(1)(f) GDPR) in using a CDN to optimize and secure our online service. Nevertheless, we only use this tool if you have given consent.

Information about specific Content Delivery Networks can be found in the following sections.

BootstrapCDN Privacy Policy

BootstrapCDN Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of our services (to enable faster website loading) 📓 Data processed: IP address, browser type, version, requested page, date, and time of visit 📅 Storage duration: Usually stored as long as necessary to provide the service ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is BootstrapCDN?

To deliver all pages of our website quickly and securely across all devices, we use the open-source Content Delivery Network (CDN) BootstrapCDN provided by jsdelivr.com, operated by ProspectOne, Królewska 65A/1, 30-081 Kraków, Poland. A CDN is a network of regionally distributed servers connected over the internet, enabling rapid delivery of web content, especially large files.

Why do we use BootstrapCDN?

We aim to provide a fully functional and fast website. Using jsDelivr’s CDN allows our pages to load much faster — especially for users abroad, as content is delivered from a nearby server.

What data are processed by BootstrapCDN?

BootstrapCDN delivers JavaScript libraries to your browser. When your browser downloads a file from the BootstrapCDN server, your IP address is transmitted during the connection. BootstrapCDN may collect and store data such as IP address, browser type, version, requested page, and time/date of the visit. According to jsDelivr’s privacy policy, the service does not use cookies or tracking tools.

How long and where are the data stored?

BootstrapCDN has servers in multiple countries, and your data may be stored outside the European Economic Area (EEA). Personal data processed on our behalf are retained only as long as necessary to provide services, fulfill legal obligations, resolve disputes, or enforce agreements.

Right to object

You always have the right to access, correct, or delete your personal data. If you wish to block this data transmission, you can disable JavaScript in your browser or use a blocker such as https://noscript.net/. However, this may reduce website functionality (like faster loading times).

Legal basis

If you have consented to the use of BootstrapCDN, your consent forms the legal basis under Art. 6(1)(a) GDPR. We also have a legitimate interest under Art. 6(1)(f) GDPR to use BootstrapCDN for optimizing and securing our website, though we only activate it with your consent.

According to the European Court of Justice, there is currently no adequate level of data protection for transfers to the USA. Data processing may thus occur without anonymization, and U.S. authorities could access such data. More information about jsDelivr’s privacy policy can be found here: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net.

Cloudflare Privacy Policy

Cloudflare Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of our services (to enable faster website loading) 📓 Data processed: IP address, contact and log information, security fingerprints, performance data 📅 Storage duration: usually less than 24 hours ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is Cloudflare?

We use Cloudflare from Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107 USA, to deliver our website quickly and securely. Cloudflare provides a globally distributed Content Delivery Network (CDN) with DNS and security services. All requests to our website pass through Cloudflare servers and are cached there to improve performance and protect against attacks such as DDoS.

Why do we use Cloudflare?

Cloudflare helps us enhance website speed, stability, and security. The CDN reduces loading times and blocks malicious traffic. Cloudflare also acts as a shield against data-scraping bots and prevents service interruptions due to traffic spikes or hacker attacks.

What data does Cloudflare process?

Cloudflare may process technical data such as:

• IP address
• Contact information (only for abuse reports)
• System configuration data
• Traffic and performance statistics
• Security fingerprints and HTTP header information

Cloudflare never stores personal data permanently. Typically, log data are deleted within 24 hours. Cookies may be used for security and load-balancing purposes but do not contain personal identifiers.

How long and where are data stored?

Cloudflare’s primary data centers are located worldwide. Data processing may occur in the USA and other countries outside the EEA. Cloudflare retains transient logs for less than 24 hours unless necessary for security analysis. Aggregated statistics may be kept longer in anonymized form.

Legal basis

If you have given your consent, the legal basis for data processing is Art. 6 (1)(a) GDPR. Our legitimate interest under Art. 6 (1)(f) GDPR lies in optimizing and securing our website. Cloudflare also relies on Standard Contractual Clauses (SCCs) under Art. 46 GDPR to ensure data protection when transferring data to third countries. Details: https://www.cloudflare.com/cloudflare-customer-dpa/

Further information: https://www.cloudflare.com/privacypolicy/

jQuery CDN Privacy Policy

jQuery CDN Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of website performance 📓 Data processed: IP address, browser type, requested page, date, and time of visit 📅 Storage duration: logs are usually deleted within 24 hours ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is jQuery CDN?

We use the jQuery Content Delivery Network provided by the jQuery Foundation and hosted by StackPath LLC, Dallas, Texas, USA. The CDN enables us to deliver the jQuery JavaScript library quickly to your browser, improving load times and reliability.

Why do we use the jQuery CDN?

We use this CDN to accelerate website loading, reduce bandwidth consumption, and ensure stable availability of core JavaScript functions used across our site.

What data are processed?

When your browser retrieves a jQuery file, your IP address is transmitted to StackPath’s servers. StackPath may log this information temporarily for performance and security monitoring. No personal data such as names or email addresses are collected.

How long and where are data stored?

StackPath stores access logs (including IP addresses) for a short period — usually less than 24 hours — and deletes them automatically unless required for security investigations. Data may be processed in the USA.

Legal basis

Your consent forms the legal basis for this processing under Art. 6 (1)(a) GDPR. Our legitimate interest in providing a fast, stable website represents Art. 6 (1)(f) GDPR. StackPath ensures data protection through Standard Contractual Clauses (Art. 46 GDPR). Privacy policy: https://www.stackpath.com/legal/privacy-statement/

jsDelivr.com CDN Privacy Policy

jsDelivr.com CDN Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Optimization of website performance (faster loading speed) 📓 Data processed: IP address, request URL, date and time, browser information 📅 Storage duration: logs are generally kept for 7 days and then deleted ⚖️ Legal basis: Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is jsDelivr.com CDN?

We use the Content Delivery Network (CDN) jsDelivr.com operated by ProspectOne, Królewska 65A/1, 30-081 Kraków, Poland. jsDelivr distributes website files via a global network of servers — including locations in Europe, Asia, and North America — to ensure faster delivery and improved reliability.

Why do we use jsDelivr.com CDN?

Our goal is to optimize the user experience and minimize page-loading times. Using jsDelivr helps deliver static content (such as JavaScript, CSS, and images) from the nearest server to your location, improving efficiency and availability.

What data are processed?

When you load a file from jsDelivr, your IP address and browser details are transmitted to the nearest server. jsDelivr collects anonymized performance metrics and minimal connection logs to maintain system stability. Cookies are generally not used.

How long and where are data stored?

Server logs are retained for approximately 7 days and then automatically deleted. jsDelivr stores data on servers around the world (including EU locations) and applies GDPR-compliant safeguards to all processing.

Legal basis

Your consent constitutes the legal basis under Art. 6 (1)(a) GDPR. Our legitimate interest in fast, reliable, and secure website delivery is protected under Art. 6 (1)(f) GDPR. Further information: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net

Cookie Consent Management Platform Introduction

Cookie Consent Management Platform Summary 👥 Data subjects: Website visitors 🤝 Purpose: Obtaining and managing consent for specific cookies and tools 📓 Data processed: IP address, consent data, device information, time of consent, and browser information 📅 Storage duration: Consent data are stored for the duration of the consent or as long as necessary for compliance ⚖️ Legal basis: Art. 6 (1)(c) GDPR (legal obligation), Art. 6 (1)(a) GDPR (consent), Art. 6 (1)(f) GDPR (legitimate interests)

What is a Cookie Consent Management Platform?

We use a Cookie Consent Management Platform (CMP) on our website to ensure compliance with data protection laws. This tool helps us manage cookie usage and obtain your consent to store certain cookies in your browser or to use analytics and marketing tools.

Whenever you visit our website, you will be asked which cookie categories you wish to allow. The CMP stores your selection and transmits this information to our systems. This allows us to use cookies only after you have given explicit consent and to document your preferences for compliance purposes.

Why do we use a Cookie Consent Tool?

Our goal is to be transparent about data usage and to respect your privacy. A consent management tool helps us meet the legal requirements of the GDPR and the ePrivacy Directive. It also ensures that your cookie preferences are retained on subsequent visits.

What data are processed?

Depending on the provider, the following data may be processed:

• IP address of the device
• Date and time of consent
• Browser and device information
• Anonymized, random ID of the consent record
• Cookie preference status (consent or rejection)

This information allows us to verify whether consent was granted and to maintain an audit trail as required by law. The data are stored locally in your browser (for example in a cookie) and on the CMP provider’s servers.

How long and where are data stored?

The duration of data storage depends on the respective CMP provider. Typically, consent records are stored for several months or until you revoke your consent. The data may be stored on servers within the EU or, in some cases, transferred to third countries under Standard Contractual Clauses to ensure an adequate level of data protection.

Legal basis

The use of a Cookie Consent Management Platform is necessary to fulfill our legal obligation under Art. 6 (1)(c) GDPR in connection with Art. 7 GDPR (documenting consent). If you have consented to the use of cookies, data processing is based on Art. 6 (1)(a) GDPR. We also have a legitimate interest (Art. 6 (1)(f) GDPR) in providing user-friendly and legally compliant consent management.

Cookiebot Privacy Policy

Cookiebot Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Managing and documenting cookie consent 📓 Data processed: IP address, consent status, browser and device information, timestamp 📅 Storage duration: 12 months ⚖️ Legal basis: Art. 6 (1)(c) GDPR (legal obligation), Art. 6 (1)(a) GDPR (consent)

What is Cookiebot?

We use Cookiebot, a service of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot automatically scans and categorizes all cookies and trackers on our website and allows visitors to give or refuse consent for each category.

What data are processed?

When you provide or withdraw consent, Cookiebot stores the following information:

• Your anonymized IP address
• Consent date and time
• User agent (browser type and version)
• Unique, anonymous consent ID
• Status of the consent (categories accepted or rejected)

The data are stored on Cookiebot’s servers within the EU. In addition, a “CookieConsent” cookie is stored in your browser to remember your selection for future visits.

How long are the data stored?

Consent information is retained for 12 months and then automatically deleted. The consent cookie itself also expires after 12 months.

Legal basis

The use of Cookiebot is based on our legal obligation to document consent (Art. 6 (1)(c) GDPR) and, if applicable, on your consent (Art. 6 (1)(a) GDPR). More information: https://www.cookiebot.com/en/privacy-policy/

Real Cookie Banner Privacy Policy

Real Cookie Banner Privacy Policy Summary 👥 Data subjects: Website visitors 🤝 Purpose: Managing and documenting cookie consent 📓 Data processed: IP address, consent status, device and browser data, timestamp, unique consent ID 📅 Storage duration: 12 months ⚖️ Legal basis: Art. 6 (1)(c) GDPR (legal obligation), Art. 6 (1)(a) GDPR (consent)

What is Real Cookie Banner?

We use the consent management tool Real Cookie Banner, provided by devowl.io GmbH, Tannet 12, 94539 Grafling, Germany. It enables us to comply with legal requirements for cookie management and to store user consent preferences in a verifiable way.

What data are processed?

Real Cookie Banner stores the following information:

• Anonymized IP address
• Consent status and categories
• Date and time of the consent
• Browser and device information
• A unique, anonymous key for consent proof

The consent data are stored locally in your browser and in encrypted form on our web server to verify compliance with the GDPR.

How long and where are data stored?

The consent data are stored for 12 months and then deleted automatically. Real Cookie Banner itself does not transfer data to third countries.

Legal basis

The use of Real Cookie Banner is necessary to meet our legal documentation duties (Art. 6 (1)(c) GDPR). If consent is given for cookie categories, processing is based on Art. 6 (1)(a) GDPR. Further information: https://devowl.io/rcb/privacy-policy/

What is Web Design?

We use various tools on our website that serve our web design. Web design does not only mean, as is often assumed, that our website looks nice, but it also includes functionality and performance. Of course, the right visual appearance of a website is one of the major goals of professional web design. Web design is a subfield of media design and deals with the visual, structural, and functional design of a website. The goal is to improve your experience on our website through web design. In web design terminology, this is referred to as User Experience (UX) and Usability. User Experience encompasses all impressions and experiences that visitors have on a website. Usability is a subcategory of UX and refers to the user-friendliness of a website. The focus here is on ensuring that content, subpages, or products are clearly structured, allowing you to find what you are looking for easily and quickly. To offer you the best possible experience on our website, we also use third-party web design tools. In this privacy policy, the category “Web Design” includes all services that improve the visual appearance of our website. These may include fonts, plugins, or other integrated web design functions.

Why do we use web design tools?

The way you perceive and process information on a website depends heavily on its structure, functionality, and visual appearance. Therefore, good and professional web design has become increasingly important to us. We constantly work on improving our website and consider this an additional service for you as a visitor. Furthermore, an appealing and well-functioning website also provides economic benefits for us, since you will only visit and use our services if you feel completely comfortable.

What data is stored by web design tools?

When you visit our website, web design elements may be embedded into our pages that can also process data. The specific data collected depends on the tools used. Further below, you will find detailed information about the tools we use on our website. For more details on data processing, we recommend reading the respective privacy policies of these tools. Usually, you will find information there about which data is processed, whether cookies are used, and how long the data is stored. For example, using fonts such as Google Fonts automatically transmits information such as language settings, IP address, browser version, screen resolution, and browser name to Google’s servers.

Duration of data processing

How long data is processed depends largely on the specific web design tools used. Detailed information can be found below in the sections for each tool. Generally, data is stored only as long as necessary to provide the service or as required by law.

Legal basis

If you have given your consent to the use of web design tools, the legal basis for the corresponding data processing is your consent (Art. 6 para. 1 lit. a GDPR). We also have a legitimate interest in improving the usability and design of our website (Art. 6 para. 1 lit. f GDPR). If the use of third-party services is necessary to fulfill a contract with you, Art. 6 para. 1 lit. b GDPR may also apply.

Google Fonts Privacy Policy

We use Google Fonts on our website, a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Fonts are web fonts that allow us to display fonts on our website without hosting them locally. Instead, they are loaded directly from Google’s servers when you visit our pages.

Why do we use Google Fonts on our website?

Google Fonts allows us to ensure a consistent and visually appealing presentation of text across all browsers and devices, without the need to host fonts ourselves. This reduces loading times and improves both performance and user experience.

What data does Google store?

When you visit our website, your browser requests the required fonts from Google’s servers. During this process, information such as your IP address, browser type and version, operating system, and the referring URL is transmitted to Google. According to Google, this data is used only to deliver and optimize the font service and is not associated with other Google services.

How long and where is the data stored?

Requests for fonts are stored by Google for one year to improve loading performance. Font files themselves are cached for one year on Google’s servers. Google’s servers are located worldwide, mainly in the United States.

How can I delete or prevent data storage?

If you do not want data to be transmitted to Google when loading fonts, you can block access to Google’s servers in your browser settings or firewall. However, this may affect how text appears on our website. You can also delete stored data manually or automatically via your browser settings.

Legal basis

If you have consented to the use of Google Fonts, your data will be processed based on Art. 6 para. 1 lit. a GDPR (consent). We also have a legitimate interest in using Google Fonts to ensure an optimized and consistent presentation of our website (Art. 6 para. 1 lit. f GDPR).

Adobe Fonts Privacy Policy

We use Adobe Fonts, a font service provided by Adobe Systems Incorporated (345 Park Avenue, San Jose, CA 95110-2704, USA). Adobe Fonts allows us to use high-quality fonts that are hosted on Adobe’s servers and automatically loaded when you visit our website.

Why do we use Adobe Fonts?

Adobe Fonts enables us to improve the design and readability of our website by providing a variety of fonts that work consistently across browsers and devices. This ensures that our site always appears professional and visually balanced.

What data does Adobe collect?

When fonts are requested from Adobe’s servers, your IP address, browser type and version, and operating system are transmitted to Adobe. This data is used to deliver and optimize the service and to detect any malfunctions. According to Adobe, no cookies are used for font delivery and no tracking of individual users occurs.

How long and where is the data stored?

Adobe stores font request logs for up to 30 days for system monitoring and troubleshooting. The data is then anonymized. Adobe’s servers are located primarily in the United States and other global regions.

Legal basis

Your consent (Art. 6 para. 1 lit. a GDPR) serves as the legal basis for using Adobe Fonts. Additionally, our legitimate interest lies in maintaining an appealing and consistent online appearance (Art. 6 para. 1 lit. f GDPR).

Font Awesome Privacy Policy

We use Font Awesome, provided by Fonticons, Inc. (6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA), to integrate scalable icons and symbols into our website.

Why do we use Font Awesome?

Font Awesome allows us to enhance our website visually and improve usability through recognizable icons. The lightweight vector icons help reduce load times and ensure visual consistency across all devices.

What data is collected by Font Awesome?

When you visit our website, your browser loads necessary files from Font Awesome’s servers. During this process, data such as your IP address, browser type, and access time may be transmitted. According to Fonticons, this data is used solely to maintain and optimize the service.

How long and where is the data stored?

Fonticons stores access logs for a short time for security and maintenance purposes. The data is not analyzed for personal tracking or marketing.

Legal basis

The use of Font Awesome is based on our legitimate interest in maintaining a consistent, visually optimized, and technically reliable website (Art. 6 para. 1 lit. f GDPR).

Google Maps Privacy Policy

We use Google Maps from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website to display maps and location information interactively. When you use Google Maps, data such as your IP address and location may be transmitted to Google’s servers.

Why do we use Google Maps?

Google Maps helps us provide accurate location details and improves usability by allowing visitors to find our physical address easily.

What data is processed?

When you use Google Maps, data such as your IP address, search terms, and location (if enabled) are processed and sent to Google. This information helps Google display maps and improve its services. Data may also be stored in cookies on your device.

Legal basis

Your consent (Art. 6 para. 1 lit. a GDPR) serves as the legal basis for the use of Google Maps. Our legitimate interest also lies in enhancing the functionality and usability of our website (Art. 6 para. 1 lit. f GDPR).

OpenStreetMap Privacy Policy

We use the open-source mapping service OpenStreetMap (OSM) on our website. OpenStreetMap is operated by the OpenStreetMap Foundation (St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom). OpenStreetMap allows us to display interactive maps directly on our website, showing routes or locations.

Why do we use OpenStreetMap on our website?

OpenStreetMap provides an easy and privacy-friendly way to embed maps without relying on commercial providers. It helps us display location information transparently while keeping data processing to a minimum.

What data does OpenStreetMap store?

When you visit a page on our website that includes an OpenStreetMap map, your browser connects to OSM’s servers. This transmits data such as your IP address and browser information to OSM. Your interactions with the map (e.g., zooming or moving) may also be logged. According to the OpenStreetMap Foundation, this data is used exclusively to ensure the service’s functionality and for analytical purposes in anonymized form.

How long and where is the data stored?

OpenStreetMap stores the collected data on servers located primarily in the United Kingdom and the European Union. The data is kept only as long as necessary for the stated purposes and is then deleted or anonymized.

Legal basis

The use of OpenStreetMap is based on your consent (Art. 6 para. 1 lit. a GDPR). We also have a legitimate interest in providing an accessible, visually optimized, and privacy-friendly map service (Art. 6 para. 1 lit. f GDPR).

Google Custom Search Privacy Policy

We use Google Custom Search on our website, a search service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). This feature allows you to search our website content efficiently using Google’s search technology.

Why do we use Google Custom Search?

Google Custom Search helps users find information on our website quickly and accurately. It improves the usability of our site by integrating a familiar, high-performance search interface.

What data does Google process?

When you use the search function on our website, your input, IP address, and other browser data may be transmitted to Google. If you are logged into a Google account, Google may associate your search queries with your account. Google may also store cookies on your device to remember preferences and improve performance.

How long and where is the data stored?

Google stores search queries and associated data for as long as necessary to provide and improve the service. Most data is stored on Google’s servers in the United States. You can delete cookies at any time or adjust your privacy settings in your Google account.

Legal basis

The use of Google Custom Search is based on your consent (Art. 6 para. 1 lit. a GDPR). Our legitimate interest also lies in enhancing the usability and accessibility of our website (Art. 6 para. 1 lit. f GDPR).

General Information on Data Processing

In principle, we process personal data of users only insofar as this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons, and the processing of data is permitted by legal provisions.

Security of your data

We take appropriate technical and organizational measures to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. Our security measures are continuously improved in line with technological developments.

Your rights under the GDPR

According to the General Data Protection Regulation (GDPR), you have the following rights:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Contact

If you have questions about data protection, please contact us using the details provided in the imprint of our website.

Changes to this Privacy Policy

We reserve the right to modify this privacy policy at any time to ensure it complies with current legal requirements or to reflect changes to our services. The new privacy policy will apply the next time you visit our website.

Source: Created with the Privacy Policy Generator Austria by AdSimple