Privacy Policy Statement

Introduction
We have decided to publish this comprehensive privacy policy. It may contain more information than you ever wanted to know. However, we believe it is important to explain in understandable terms what it is about. It is essential to emphasize that the technical processes of individual software products were already in place before the General Data Protection Regulation (GDPR) came into effect. For most users, this was not visible and perhaps not relevant. The GDPR has added transparency regarding how technology works in relation to data collection and what happens to that data when we browse websites or use software products. Users now have the choice to decide how their data is handled. They can do this by accepting, changing their browser settings, or not using individual or all websites and software products.

Data Protection
We have drafted this privacy policy (version 09.02.2021-211141436) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679, what information we collect, how we use data, and what options you have as a visitor to this website.

Privacy policies usually sound very technical. This version aims to describe the most important aspects as simply and clearly as possible. Where possible, technical terms will be explained in a user-friendly manner. We also want to convey that we only collect and use information on this website when there is a corresponding legal basis. This is certainly not possible when providing brief, technical explanations, as is often standard on the internet regarding data protection. We hope you find the following explanations interesting and informative, and perhaps there is some information you did not know before. If you still have questions, we encourage you to follow the available links for more information on third-party sites or simply write us an email. Our contact details can be found in the imprint.

Automatic Data Storage
When you visit websites today, certain information is automatically created and stored, including on this website. This collected data should be kept to a minimum and only collected with justification. By “website,” we mean the entirety of all web pages on your domain, i.e., everything from the homepage to the very last subpage (like this one). By “domain,” we mean, for example, beispiel.de or musterbeispiel.com.

Even while you are currently visiting our website, our web server—the computer on which this website is hosted—automatically stores data for operational security, access statistics, etc. This typically includes:

• The complete internet address (URL) of the accessed webpage (e.g., https://www.beispielwebsite.de/beispielunterseite.html/)
• Browser and browser version (e.g., Chrome 87)
• The operating system used (e.g., Windows 10)
• The address (URL) of the previously visited page (Referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen.html/)
• The hostname and IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
• Date and time

This data is stored in files known as web server log files.

Cookies
Our website uses HTTP cookies to store user-specific data. Below, we explain what cookies are and why they are used, so you can better understand the following privacy policy.

What exactly are cookies?
Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are genuinely useful helpers. Almost all websites use cookies. More specifically, they are HTTP cookies, as there are also other cookies for different applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you revisit our site, your browser sends the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are accustomed to. In some browsers, each cookie has its own file; in others, like Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans, or other “malware.” Cookies also cannot access information on your PC.

Data Storage of Personal Information
Personal data that you electronically transmit to us on this website, such as name, email address, address, or other personal information in the context of submitting a form or comments in the blog, will be used by us solely for the specified purpose, securely stored, and not shared with third parties.

We use your personal data only for communication with those visitors who explicitly wish to contact us and for processing the services and products offered on this website. We do not share your personal data without your consent, but we cannot rule out that this data may be accessed by authorities in the event of unlawful behavior.

If you send us personal data via email—thus outside this website—we cannot guarantee secure transmission and protection of your data. We recommend that you never transmit confidential data unencrypted via email.

Visitor Behavior Analysis
In the following privacy policy, we inform you whether and how we analyze data regarding your visit to this website. The analysis of the collected data is usually done anonymously, and we cannot draw conclusions about your person based on your behavior on this website.

Rights under the General Data Protection Regulation
According to the provisions of the GDPR and the Austrian Data Protection Act (DSG), you generally have the following rights:

• Right to rectification (Article 16 GDPR)
• Right to erasure (“right to be forgotten”) (Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to notification – obligation to inform regarding rectification or erasure of personal data or restriction of processing (Article 19 GDPR)
• Right to data portability (Article 20 GDPR)
• Right to object (Article 21 GDPR)
• Right not to be subject to a decision based solely on automated processing—including profiling (Article 22 GDPR)

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any way, you can file a complaint with the supervisory authority, which in Austria is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/.

TLS Encryption with HTTPS
TLS, encryption, and HTTPS sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet. This means that the entire transmission of all data from your browser to our web server is secured—no one can “eavesdrop.”

This adds an extra layer of security and fulfills data protection by design (Article 25, paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small padlock symbol on the left side of the browser, next to the internet address (e.g., beispielseite.de), and the use of the HTTPS scheme (instead of HTTP) as part of our internet address. If you want to know more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.

Google Analytics Privacy Policy
We use the analysis tracking tool Google Analytics (GA) from the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, if you click a link, this action is stored in a cookie and sent to Google Analytics. With the reports we receive from Google Analytics, we can better tailor our website and services to your needs. Below, we will go into more detail about the tracking tool and inform you primarily about what data is stored and how you can prevent it.

What is Google Analytics?
Google Analytics is a tracking tool used for analyzing traffic on our website. For Google Analytics to work, a tracking code is embedded in the code of our website. When you visit our website, this code records various actions you take on our site. Once you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data, and we receive reports about your user behavior. These reports may include:

• Audience reports: Through audience reports, we learn more about our users and know better who is interested in our service.
• Display reports: Display reports allow us to analyze and improve our online advertising more easily.
• Acquisition reports: Acquisition reports provide us with helpful information on how to attract more people to our service.
• Behavior reports: Here we learn how you interact with our website. We can track the path you take on our site and which links you click.
• Conversion reports: A conversion refers to an action you take as a result of a marketing message. For example, when you become a buyer or newsletter subscriber from a mere website visitor. With these reports, we learn more about how our marketing efforts resonate with you. Thus, we aim to increase our conversion rate.
• Real-time reports: Here we can see immediately what is happening on our website. For example, we can see how many users are currently reading this text.

Why do we use Google Analytics on our website?
Our goal with this website is clear: we want to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data gives us a clear picture of the strengths and weaknesses of our website. On one hand, we can optimize our site so that it is more easily found by interested people on Google. On the other hand, the data helps us understand you as a visitor better. We thus know very well what we need to improve on our website to provide you with the best possible service. The data also helps us conduct our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?
Google Analytics creates a random, unique ID linked to your browser cookie. This allows Google Analytics to recognize you as a new user. When you visit our site again, you are recognized as a “returning” user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles.

Through identifiers like cookies and app instance IDs, your interactions on our website are measured. Interactions are all types of actions you take on our website. If you also use other Google systems (like a Google account), data generated by Google Analytics can be linked with third-party cookies. Google does not share Google Analytics data unless we, as the website operator, approve it. Exceptions may occur if legally required.

The following cookies are used by Google Analytics:

• Name: _ga
  Value: 2.1326744211.152211141436-5
  Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It serves to distinguish website visitors.
  Expiration: after 2 years
• Name: _gid
  Value: 2.1687193234.152211141436-1
  Purpose: This cookie also serves to distinguish website visitors.
  Expiration: after 24 hours
• Name: gat_gtag_UA
  Value: 1
  Purpose: Used to throttle request rates. If Google Analytics is provided via Google Tag Manager, this cookie is named dc_gtm.
  Expiration: after 1 minute
• Name: AMP_TOKEN
  Value: no information
  Purpose: This cookie has a token that can retrieve a user ID from the AMP Client ID service. Other possible values indicate a logout, request, or error.
  Expiration: after 30 seconds to a year
• Name: __utma
  Value: 1564498958.1564498958.1564498958.1
  Purpose: This cookie allows tracking your behavior on the website and measuring performance. The cookie is updated every time information is sent to Google Analytics.
  Expiration: after 2 years
• Name: __utmt
  Value: 1
  Purpose: This cookie is used to throttle request rates.
  Expiration: after 10 minutes
• Name: __utmb
  Value: 3.10.1564498958
  Purpose: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.
  Expiration: after 30 minutes
• Name: __utmc
  Value: 167421564
  Purpose: This cookie is used to establish new sessions for returning visitors. It is a session cookie and is only stored until you close the browser.
  Expiration: after closing the browser
• Name: __utmz
  Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
  Purpose: This cookie is used to identify the source of visitor traffic to our website. This means the cookie stores where you came from to our website. This could be another page or an advertisement.
  Expiration: after 6 months
• Name: __utmv
  Value: no information
  Purpose: This cookie is used to store custom user data. It is updated every time information is sent to Google Analytics.
  Expiration: after 2 years

Note: This list may not be exhaustive, as Google frequently changes its choice of cookies.

Here is an overview of the most important data collected by Google Analytics:

• Heatmaps: Google creates so-called heatmaps. Through heatmaps, we can see exactly which areas you click on. This provides us with information on where you are “traveling” on our site.
• Session duration: Google refers to the time you spend on our site without leaving as session duration. If you are inactive for 20 minutes, the session automatically ends.
• Bounce rate: A bounce occurs when you view only one page on our website and then leave.
• Account creation: If you create an account on our website or make an order, Google Analytics collects this data.
• IP address: The IP address is only displayed in truncated form, so that no unique assignment is possible.
• Location: The country and your approximate location can be determined via the IP address. This process is also referred to as IP geolocation.
• Technical information: Technical information includes your browser type, internet provider, or screen resolution.
• Source of origin: Google Analytics is also interested in which website or advertisement brought you to our site.

Other data includes contact information, any reviews, media playback (e.g., if you play a video on our site), sharing content via social media, or adding to your favorites. This list is not exhaustive and serves only as a general orientation of data storage by Google Analytics.

How long and where is the data stored?
Google has its servers distributed worldwide. Most servers are located in America, and consequently, your data is mostly stored on American servers. You can read exactly where the Google data centers are located here: https://www.google.com/about/datacenters/inside/locations/?hl=de.

Your data is distributed across various physical storage devices. This has the advantage that the data is retrieved faster and better protected against manipulation. Each Google data center has corresponding emergency programs for your data. For example, if hardware fails at Google or natural disasters take servers offline, the risk of service interruption at Google remains low.

Google Analytics has a standardized retention period of 26 months for your user data. After that, your user data is deleted. However, we have the option to choose the retention period for user data ourselves. We have five options available:

• Deletion after 14 months
• Deletion after 26 months
• Deletion after 38 months
• Deletion after 50 months
• No automatic deletion

Once the specified period has expired, the data is deleted once a month. This retention period applies to your data linked with cookies, user recognition, and advertising IDs (e.g., cookies from the DoubleClick domain). Reporting results are based on aggregated data and are stored independently of user data. Aggregated data is a combination of individual data into a larger unit.

How can I delete my data or prevent data storage?
Under European Union data protection law, you have the right to access your data, update it, delete it, or restrict its processing. By using the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js), you can prevent Google Analytics from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only disables data collection by Google Analytics.

If you want to disable, delete, or manage cookies in general (regardless of Google Analytics), there are specific instructions for each browser:

• Chrome: Delete, enable, and manage cookies in Chrome
• Safari: Manage cookies and website data with Safari
• Firefox: Delete cookies to remove data that websites have stored on your computer
• Internet Explorer: Delete and manage cookies
• Microsoft Edge: Delete and manage cookies

Google Analytics is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. More information can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=211141436. We hope we have provided you with the most important information regarding data processing by Google Analytics. If you want to learn more about the tracking service, we recommend these two links: http://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de.

Google Tag Manager Privacy Policy
For our website, we use the Google Tag Manager from Google Inc. For the European area