Privacy Policy

Introduction and Overview
We have created this privacy policy (version 28.09.2024-112877177) to inform you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, about the personal data (referred to as data) that we, as the data controllers, and the processors we engage (e.g., providers) process, will process in the future, and what legal options you have. The terms used are gender-neutral.
In short: We provide comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. However, this privacy policy aims to describe the most important things in the simplest and most transparent way possible. As far as it promotes transparency, technical terms are explained in an easy-to-read manner, links to further information are provided, and graphics are used. We aim to inform you in clear and simple language that we process personal data only when there is a corresponding legal basis. This is certainly not possible with short, unclear, and legal-technical explanations, which are often the standard on the internet when it comes to privacy. We hope you find the following explanations interesting and informative, and maybe there's some information here you didn't know yet.
If you still have questions, we ask you to contact the responsible party mentioned below or in the imprint, follow the provided links, and check out additional information on third-party sites. You can find our contact details in the imprint as well.

Scope
This privacy policy applies to all personal data processed by us in the company and for all personal data processed by companies we engage (processors). By personal data, we mean information as defined in Art. 4 No. 1 of the GDPR, such as name, email address, and postal address of a person. The processing of personal data ensures that we can offer and invoice our services and products, both online and offline. The scope of this privacy policy includes:

All online presences (websites, online shops) we operate
Social media presence and email communication
Mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas where personal data is processed in a structured manner by the company via the channels mentioned above. If we enter into legal relationships with you outside these channels, we will inform you separately.

Legal Basis
In the following privacy policy, we provide transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, that enable us to process personal data.
As far as EU law is concerned, we refer to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can read this GDPR online at EUR-Lex, the access to EU law, at: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We process your data only when at least one of the following conditions is met:

Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the data you input in a contact form.
Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we enter into a purchase contract with you, we need your personal information beforehand.
Legal Obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes, which typically contain personal data.
Legitimate Interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not infringe your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and efficiently. This processing is thus a legitimate interest.

Other conditions, such as performing public interest tasks and exercising public authority, as well as protecting vital interests, generally do not apply to us. If such a legal basis is applicable, it will be indicated at the relevant point.

In addition to the EU Regulation, national laws also apply:

In Austria, this is the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act), abbreviated DSG.
In Germany, the Federal Data Protection Act, abbreviated BDSG, applies.

If additional regional or national laws apply, we will inform you in the following sections.

Contact Details of the Data Controller
If you have any questions regarding data protection or the processing of personal data, please find below the contact details of the responsible person or entity:
Zara Korian
Forchtenau 324
4971 Aurolzmünster
Austria

Tel.: +43 (0) 660 612 45 40
Website: www.arvestatelier.at

Email: office@arvestatelier.at
Phone: +43 (0) 660 612 45 40
Imprint: https://www.arvestatelier.com/impressum

Storage Duration
We only store personal data as long as it is necessary for the provision of our services and products. This is the general principle that we follow. This means that we will delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally required to retain certain data even after the original purpose has ended, for example, for accounting purposes.

If you request the deletion of your data or withdraw your consent to data processing, we will delete the data as soon as possible, provided there is no obligation to retain it.

We will inform you below about the specific duration of data processing, if we have further information regarding this.

Rights Under the General Data Protection Regulation
According to Articles 13 and 14 of the GDPR, we inform you about the following rights you have to ensure fair and transparent data processing:

Right to Information (Article 15 GDPR): You have the right to know whether we process data about you. If that is the case, you are entitled to receive a copy of the data and the following information:
- The purpose of the processing;
- The categories of data being processed;
- Who receives this data, and if the data is transferred to third countries, how security can be guaranteed;
- How long the data will be stored;
- The existence of the right to rectification, deletion, or restriction of processing, and the right to object to processing;
- That you can lodge a complaint with a supervisory authority (links to these authorities are provided below);
- The origin of the data if we did not collect it from you;
- Whether profiling is carried out, meaning if data is automatically processed to create a personal profile.
Right to Rectification (Article 16 GDPR): You have the right to have your data corrected if you find errors.
Right to Deletion ("Right to Be Forgotten", Article 17 GDPR): You have the right to request the deletion of your data.
Right to Restriction of Processing (Article 18 GDPR): You have the right to request that we restrict processing, meaning that we may store your data but not use it further.
Right to Data Portability (Article 20 GDPR): You have the right to request that we provide your data in a commonly used, machine-readable format.
Right to Object (Article 21 GDPR): You have the right to object to the processing of your data, which, upon implementation, will result in changes to the processing.

If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then review as quickly as possible whether we can legally comply with the objection.

If your data is used for direct marketing purposes, you can object to this processing at any time. We will then no longer use your data for direct marketing.

If your data is used for profiling, you can object to this processing at any time. We will then no longer use your data for profiling.

Right Not to Be Subject to Automated Decisions (Article 22 GDPR): You have the right, under certain circumstances, not to be subject to decisions based solely on automated processing (e.g., profiling).
Right to Lodge a Complaint (Article 77 GDPR): You have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible party listed above for us!

If you believe that the processing of your data violates data protection laws or that your data protection rights have been violated in any way, you can file a complaint with the supervisory authority. The responsible authority for Austria is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:

Austrian Data Protection Authority
Director: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Transfer to Third Countries
We only transfer or process data in countries outside the scope of the GDPR (third countries) if you consent to this processing or if another legal permission exists. This is especially the case when the processing is legally required or necessary for the fulfillment of a contract, and always only to the extent that it is generally allowed. Your consent is usually the primary reason why we process data in third countries. The processing of personal data in third countries, such as the United States, where many software providers offer services and have server locations, may mean that personal data is processed and stored in unexpected ways.

We explicitly point out that, according to the European Court of Justice, an adequate level of protection for data transfer to the US exists only when a US company that processes personal data of EU citizens in the US is an active participant in the EU-US Data Privacy Framework. You can find more information here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

The data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data being processed and stored in ways that are not anonymized. Furthermore, US government authorities may gain access to individual data. Additionally, collected data may be linked with data from other services of the same provider if you have a corresponding user account. We try to use server locations within the EU where possible, if this is offered.

We will inform you about data transfer to third countries at the relevant points in this privacy policy, where applicable.

Security of Data Processing
To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to infer personal information from our data within our capabilities.

Article 25 GDPR refers to "data protection by design and by default," meaning that both software (e.g., forms) and hardware (e.g., access to the server room) are designed with security in mind and appropriate measures are taken. Below, if necessary, we will describe specific measures in more detail.

Communication

Affected Parties: Anyone communicating with us by phone, email, or online form
Processed Data: e.g., phone number, name, email address, data entered in forms. Further details are provided for the respective communication method used
Purpose: Processing communication with customers, business partners, etc.
Storage Duration: Duration of the business case and legal obligations
Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(b) GDPR (Contract), Article 6(1)(f) GDPR (Legitimate Interests)

When you contact us and communicate via phone, email, or online form, personal data may be processed. The data is used to process and handle your inquiry and the associated business transaction. The data will be stored for as long as necessary or as required by law.

Affected Individuals
All individuals who contact us via the communication channels we provide are affected by the above-mentioned processes.

Phone Communication
When you call us, the call data is pseudonymized and stored on the respective device and with the telecommunications provider. Additionally, data such as name and phone number may be sent via email and stored for responding to your inquiry. The data will be deleted once the business case is completed and legal requirements allow.

Email Communication
When communicating with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and on the email server. The data will be deleted once the business case is completed and legal requirements allow.

Online Forms
When you communicate with us via an online form, data is stored on our web server and may be forwarded to one of our email addresses. The data will be deleted once the business case is completed and legal requirements allow.

Legal Grounds for Data Processing

The processing of the data is based on the following legal grounds:

Article 6(1)(a) GDPR (Consent): You give us consent to store your data and use it for purposes related to the business transaction.
Article 6(1)(b) GDPR (Contract): It is necessary for the performance of a contract with you or a processor (e.g., the telephone provider), or we need to process the data for pre-contractual activities, such as preparing an offer.
Article 6(1)(f) GDPR (Legitimate Interests): We want to handle customer inquiries and business communication professionally. For this, certain technical resources, such as email programs, exchange servers, and mobile network providers, are necessary to conduct communication efficiently.

Cookies Summary

Affected Parties: Visitors of the website
Purpose: Varies depending on the specific cookie. More details are provided below or by the software provider that sets the cookie.
Processed Data: Varies depending on the cookie used. More details are provided below or by the software provider that sets the cookie.
Storage Duration: Varies depending on the cookie, from hours to years.
Legal Grounds: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What Are Cookies?

Our website uses HTTP cookies to store user-specific data. Below is an explanation of what cookies are and why they are used, helping you better understand this privacy policy.

Whenever you browse the internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

There’s no denying it: cookies are very useful helpers. Almost all websites use cookies. Specifically, these are HTTP cookies because there are other types of cookies for other purposes. HTTP cookies are small files stored by our website on your computer. These cookie files are automatically stored in the cookie folder, which functions as the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you visit our page again, your browser sends the "user-related" information back to our site. Thanks to cookies, our website recognizes who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, like Firefox, all cookies are stored in a single file.

The following diagram shows a possible interaction between a web browser, like Chrome, and a web server. The browser requests a website, and the server returns a cookie, which the browser uses again when requesting another page.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each stores different data. The expiration date of a cookie varies, ranging from a few minutes to several years. Cookies are not software programs, and they do not contain viruses, Trojans, or other "malicious" software. Cookies also cannot access information on your PC.

For example, cookie data may look like this:

Name: _ga
Value: GA1.2.1326744211.152112877177-9
Purpose: Distinguishing website visitors
Expiration Date: After 2 years

Minimum Browser Support for Cookies

At least 4096 bytes per cookie
At least 50 cookies per domain
At least 3000 cookies in total

Types of Cookies

There are four main types of cookies used on websites:

Essential Cookies
These cookies are necessary to ensure the basic functionality of the website. For example, when a user adds a product to the shopping cart, browses other pages, and later proceeds to checkout, these cookies prevent the cart from being emptied, even if the browser is closed.
Functional Cookies
These cookies collect information about user behavior, such as whether the user encounters error messages. They also measure page load times and behavior across different browsers.
Targeting Cookies
These cookies improve user experience by storing inputs such as locations, font sizes, or form data, making the use of the site more convenient for the visitor.
Advertising Cookies (Targeting Cookies)
These cookies are responsible for showing the user personalized advertisements. They can be very helpful but can also be perceived as intrusive.

Usually, users are asked upon their first visit to a website which types of cookies they wish to allow. This decision is stored in a cookie.

Purpose of Processing by Cookies

The purpose of processing depends on the type of cookie. More details can be found in the following sections or with the manufacturer of the software setting the cookie.

Which Data is Processed?

Cookies serve various purposes, so the data they store may vary. In this privacy statement, you will be informed about the data processed or stored by cookies.

Cookie Retention Duration

The retention duration of a cookie depends on its type. Some cookies are deleted after less than an hour, while others may stay on your computer for years. You can influence the retention period by manually deleting all cookies through your browser at any time. Cookies based on consent will be deleted as soon as the consent is withdrawn, while the lawfulness of the storage remains unaffected until that time.

Right to Object – How Can I Delete Cookies?

You have the choice to decide which cookies you want to use. You can delete, disable, or allow cookies partially at any time. For example, you can block third-party cookies while allowing all other cookies.

To check which cookies are stored in your browser or to change or delete settings, you can do this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome
Safari: Manage cookies and website data with Safari
Firefox: Delete cookies to remove data websites have stored on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies

If you prefer not to use cookies at all, you can configure your browser to notify you whenever a cookie is about to be set. This allows you to decide whether to accept it or not on a case-by-case basis.

Legal Basis

The "Cookie Directive," which has been in effect since 2009, requires that setting cookies obtains your consent (Article 6(1)(a) GDPR). Within the EU, reactions to this directive vary. In Austria, it was implemented in 2021 in Section 165(3) of the Telecommunications Act. In Germany, the cookie regulations were not adopted as national law, but are largely contained in Section 15(3) of the Telemedia Act (TMG), which will be replaced by the Digital Services Act (DSA) in May 2024.

For strictly necessary cookies, there is a legitimate interest (Article 6(1)(f) GDPR), which is typically economic in nature, even without your consent. These cookies are required to provide visitors with a pleasant user experience.

For cookies that are not strictly necessary, they can only be used with your consent. The legal basis for this is Article 6(1)(a) GDPR.

Web Hosting – Introduction
Web Hosting Summary

Affected Individuals: Visitors to the website
Purpose: Professional hosting of the website and ensuring the operation's security
Processed Data: IP address, timestamp of website visit, browser used, and other data. More details can be found with the respective web hosting provider.
Storage Duration: Depends on the provider, typically 2 weeks
Legal Basis: Article 6(1)(f) GDPR (Legitimate Interests)

Why Do We Process Personal Data?

Personal data is processed for several reasons:

Professional Hosting of the Website and Securing Operations
This involves ensuring the smooth and secure delivery of the website.
Maintaining Operational and IT Security
We process data to ensure that the website is protected from attacks and functions smoothly.
Anonymous Evaluation of Access Behavior
This helps improve the service offered and may also be used for law enforcement or the pursuit of claims in the event of unlawful actions or issues.

What Data is Processed?

When you visit our website, the web server hosting the site automatically stores certain data, such as:

The full internet address (URL) of the visited webpage
Browser and browser version (e.g., Chrome 87)
Operating system used (e.g., Windows 10)
The address (URL) of the previously visited page (referrer URL)
Hostname and IP address of the device from which the access is made
Date and time of access

This data is stored in web server log files.

How Long is the Data Stored?

Generally, this data is stored for two weeks and then automatically deleted. The data is not shared, but it is possible that authorities may access it in the case of illegal behavior.

Legal Basis

The legality of data processing related to web hosting is based on Article 6(1)(f) of the GDPR. This article refers to the protection of legitimate interests, as hosting with a provider is necessary to operate the website securely and user-friendly, and to pursue potential attacks or legal claims.

Website Builders

A website builder is a type of Content Management System (CMS) that allows website operators to create a website without needing programming knowledge. In many cases, web hosting services also provide website builder systems. These systems may collect, store, and process personal data from visitors.

Why Do We Use Website Builders?

The main advantage of a website builder is its ease of use. It allows us to design and maintain the website independently and without external help. This enables us to offer a user-friendly and clear website that is regularly updated and maintained.

What Data is Stored by a Website Builder System?

The exact data processed depends on the website builder system used, but typically includes:

Technical Usage Information: Operating system, browser, screen resolution, language and keyboard settings, hosting provider, and date of website visit.
Tracking Data: Activities like browsing behavior, clickstream, session heatmaps.
Personal Data: Contact data such as email address, phone number (if provided), IP address, and geographic location data.

The specific data collected and stored depends on the website builder provider, and detailed information can be found in their privacy policy.

How Long and Where is the Data Stored?

Data is stored only as long as necessary to provide our services. However, the website builder provider may have its own data retention policies, which we cannot influence. More information can be found in the provider's privacy policy.

In summary, using website builders offers an efficient way to design and optimize our website while processing data necessary for its operation and improvement.

Right to Object

You have the right to request information, correction, and deletion of your personal data at any time. If you have any questions, you can always contact the responsible parties of the website builder system used. The relevant contact details can be found either in our privacy policy or on the website of the respective provider.

Cookies used by providers for their functions can be deleted, deactivated, or managed in your browser. This varies depending on the browser you use. However, please note that deleting or disabling cookies may cause some features of the website to no longer function as usual.

Legal Basis

The use of a website builder system is based on our legitimate interest to optimize the online service and ensure an efficient and user-friendly presentation. The relevant legal basis for this is Art. 6 (1) lit. f GDPR (Legitimate Interests). However, we only use the website builder if you have given prior consent.

Where the processing of data is not essential for the operation of the website, the data processing occurs based on your consent. This primarily applies to tracking activities. The legal basis for this is Art. 6 (1) lit. a GDPR (Consent).

Messenger & Communication

Purpose of Processing:

We offer various communication channels on our website, such as messenger services, chat functions, online contact forms, email, and telephone, to get in touch with you and respond to your inquiries. The processing of your data is carried out to respond to your inquiries and support you.

Processed Data:

Depending on the communication function used, the following data may be processed:

Contact Data: Name, address, email address, phone number
Content Data: Information entered in a contact form or provided in a message
Device Data: Information about your device and IP address
Additional Technical Data: Data stored by the tools used, such as messenger services

Why Do We Use Messenger & Communication Functions?

Communication via these channels allows us to get in direct contact with you and handle your concerns. Well-functioning communication is a vital part of our service. By offering the option to choose between different communication channels, we provide you with a flexible and user-friendly interaction. For sensitive or specific issues, we recommend using direct communication via email or telephone.

Responsibility When Using Social Media Platforms:

We assume that we remain data protection responsible even when using social media platforms. In some cases, such as when using platforms like Facebook or WhatsApp, it may be that we are jointly responsible for data processing with the platform operator. The European Court of Justice has ruled that, in such cases, joint responsibility under Art. 26 GDPR may apply. In such cases, we will inform you separately and work based on a corresponding agreement.

Please note that when using services operated outside the EU (e.g., WhatsApp), there may be difficulties in enforcing your rights regarding your personal data.

Data Retention Period:

The retention period of the processed data depends on the communication tools used. As a general rule, personal data is stored only as long as necessary to process your request and provide our services. If data is stored through cookies or similar technologies, the retention period varies depending on the type of cookie and the settings of the respective provider. For more details on data retention periods and types of stored data, you should consult the privacy policy of the respective provider.

Summary:

You have the right to object to data processing at any time, particularly in relation to cookies and tracking.
Messenger and communication functions allow us to respond to your inquiries and ensure easy interaction.
The data processed in this context depends on the communication channel used and may include contact and technical information.
The retention period and processing details vary depending on the communication tool and provider used. It is advisable to consult the privacy policy of the respective provider for more specific information.

Right to Object

You also have the right and the possibility to withdraw your consent for the use of cookies or third-party providers at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. For more information, we refer to the section on consent.

Since cookies are also used in messenger and communication functions, we recommend reviewing our general privacy policy on cookies. To learn exactly which data is stored and processed, you should read the privacy policies of the respective tools.

Legal Basis

If you have consented to the processing and storage of your data through integrated messenger and communication functions, this consent serves as the legal basis for the data processing (Art. 6 (1) lit. a GDPR). We process your inquiry and manage your data within the framework of contractual or pre-contractual relationships to fulfill our pre-contractual and contractual obligations or to answer inquiries. The legal basis for this is Art. 6 (1) S. 1 lit. b GDPR. In general, your data is also stored and processed based on our legitimate interest (Art. 6 (1) lit. f GDPR) in fast and effective communication with you or other customers and business partners.

Online Marketing Introduction

Online Marketing Privacy Policy Summary:

Affected Parties: Website visitors
Purpose: Evaluation of visitor information to optimize the website offer.
Processed Data: Access statistics, including data such as the location of access, device data, access duration and timing, navigation behavior, click behavior, and IP addresses. Personal data such as name or email address may also be processed. More details can be found in the specific online marketing tool used.
Storage Duration: Depending on the online marketing tools used
Legal Basis: Art. 6 (1) lit. a GDPR (Consent), Art. 6 (1) lit. f GDPR (Legitimate Interests)

What is Online Marketing?

Online marketing refers to all activities conducted online to achieve marketing objectives such as increasing brand awareness or completing a business transaction. Our online marketing efforts aim to attract people to our website. To show our offerings to as many interested people as possible, we engage in online marketing. This usually involves online advertising, content marketing, or search engine optimization. In order to use online marketing efficiently and purposefully, personal data is also stored and processed. This data helps us both show content only to those who are interested and measure the success of our online marketing efforts.

Why Do We Use Online Marketing Tools?

We want to show our website to everyone who is interested in our offerings. We are aware that this would not be possible without specific measures. Therefore, we engage in online marketing. There are various tools that facilitate our online marketing activities and provide data-driven suggestions for improvements. This helps us tailor our campaigns more precisely to our target audience. The ultimate goal of using these tools is to optimize our offerings.

Which Data is Processed?

For online marketing to work and to measure the success of our campaigns, user profiles are created, and data is stored in cookies (small text files). With this data, we can not only place traditional advertisements but also display content on our website that suits your preferences. Various third-party tools offer these functions and, consequently, collect and store data from you. These cookies store information such as which pages you have visited on our site, how long you viewed them, which links or buttons you clicked, or which website referred you to us. Technical information can also be stored, such as your IP address, the browser you use, the device from which you visit our website, the time when you accessed the site, and when you left it. If you consent to us determining your location, we can also store and process that data.

Your IP address is stored in pseudonymized form (i.e., shortened). Identifiable personal data, such as your name, address, or email address, is also stored in pseudonymized form during the advertising and online marketing processes. Therefore, we cannot identify you as an individual but only have pseudonymized information in the user profiles.

Cookies may also be used on other websites that employ the same advertising tools, analyzed, and used for advertising purposes. The data may then be stored on the servers of the advertising tool providers.

In exceptional cases, identifiable data (name, email address, etc.) may also be stored in user profiles. This occurs when you are a member of a social media channel that we use for our online marketing efforts and the network already links previously acquired data with the user profile.

For all advertising tools we use that store data on their servers, we always receive aggregated information and never data that identifies you as an individual. The data only shows how well the advertising measures worked. For example, we can see which actions you or other users took to visit our website and make a purchase. Based on these analyses, we can improve our advertising offering in the future and adapt it more closely to the needs and desires of interested individuals.

Duration of Data Processing

We will provide you with further information about the duration of data processing if available. In general, we process personal data only for as long as it is necessary to provide our services and products. Data stored in cookies is retained for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others can remain in your browser for several years. In the respective privacy policies of individual providers, you can generally find detailed information about the cookies used.

Right to Object

You also have the right and possibility to withdraw your consent for the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or other opt-out functions. For example, you can prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. The legality of processing until the withdrawal remains unaffected.

Since online marketing tools typically use cookies, we also recommend reviewing our general privacy policy regarding cookies. To find out which data is specifically stored and processed, you should read the privacy policies of the respective tools.

Legal Basis

If you have consented to the use of third-party providers, the legal basis for the corresponding data processing is that consent. This consent, according to Art. 6 (1) lit. a GDPR (Consent), is the legal basis for the processing of personal data, as may occur during the collection via online marketing tools.

Additionally, we have a legitimate interest in measuring online marketing activities in an anonymized form, in order to optimize our offerings and efforts with the data collected. The corresponding legal basis for this is Art. 6 (1) lit. f GDPR (Legitimate Interests). We only use these tools if you have granted consent.

Information on Specific Online Marketing Tools

For further details on specific online marketing tools, please refer to the sections below if available.

Google AdMob Privacy Policy

We use Google AdMob, a mobile advertising tool, on our website. The service provider is the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.

Google processes data, including in the USA. Google participates in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at EU-US Data Privacy Framework.

Additionally, Google uses standard contractual clauses (= Art. 46 (2) and (3) GDPR). These clauses are model templates provided by the European Commission to ensure that your data meets European data protection standards when transferred and stored in third countries (e.g., the USA). Google is committed to complying with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. For more details, visit Standard Contractual Clauses.

The data processing terms for Google Ads (Controller-Controller Data Protection Terms), which refer to the standard contractual clauses, can be found here.

For more about the data processed through the use of Google AdMob, please refer to Google's Privacy Policy.

Es scheint, dass dies ein Abschnitt aus einer Datenschutzerklärung ist, die sich auf die Nutzung von Cookies und Online-Marketing-Tools auf einer Website bezieht. Er informiert die Nutzer über die Art und Weise, wie ihre Daten gesammelt und verarbeitet werden, welche Tools verwendet werden, und welche Rechte sie haben, insbesondere im Hinblick auf die Einwilligung zur Verwendung von Cookies und den Widerruf dieser Einwilligung.

Hauptpunkte:

Widerspruchsrecht und Opt-Out: Nutzer können jederzeit ihre Zustimmung zur Verwendung von Cookies widerrufen, entweder über ein Cookie-Management-Tool auf der Website oder durch direkte Änderungen in den Browsereinstellungen.
Rechtsgrundlage für die Verarbeitung: Daten werden auf der Grundlage der Einwilligung (Art. 6 Abs. 1 lit. a DSGVO) oder im Rahmen berechtigter Interessen verarbeitet (Art. 6 Abs. 1 lit. f DSGVO), etwa um die Kommunikation mit Nutzern zu optimieren oder die Website zu betreiben.
Verwendete Tools: Die Website nutzt verschiedene Tools wie Google Marketing Platform und Google AdMob, um Marketing- und Werbemaßnahmen durchzuführen. Diese Tools sammeln und verarbeiten Daten, um die Wirksamkeit von Werbemaßnahmen zu messen.
Datenschutz bei Drittanbietern: Daten werden auch von Drittanbietern verarbeitet, darunter Google, das Daten in den USA verarbeitet, wobei Schutzmechanismen wie das EU-US Data Privacy Framework und Standardvertragsklauseln zur Sicherstellung des Datenschutzniveaus angewendet werden.
Verwendung eines Cookie-Management-Tools: Ein Cookie-Management-Tool wird eingesetzt, um die Zustimmung der Nutzer zu Cookies und anderen Tracking-Technologien zu verwalten. Dies hilft, die Datenschutzbestimmungen zu erfüllen und den Nutzern die Kontrolle über die gesammelten Daten zu geben.

Haben Sie Fragen zu einem spezifischen Abschnitt oder möchten Sie, dass ich mehr über einen bestimmten Aspekt erkläre?

The AdSimple Consent Manager Privacy Policy informs about the use of a tool for managing cookie consent on the website and the processing of collected data. Here are the key points summarized:

1. Affected Parties

Website visitors who give their consent to cookies.

2. Purpose of Use

Obtaining consent for cookies and the use of certain tools on the website. The tool ensures that consent is obtained in compliance with data protection regulations.

3. Processed Data

Data for managing cookie settings, such as:
- IP address
- Time of consent
- Type of consent (e.g., marketing, statistics)
- Individual consents
This data is used to manage cookie settings and comply with GDPR requirements.

4. Storage Duration

The "acm_status" cookie stores the consent for one year.

5. Legal Basis

Art. 6 para. 1 lit. a GDPR: Consent to the use of cookies.
Art. 6 para. 1 lit. f GDPR: Legitimate interest in operating the website in a legally compliant manner.

6. Function of the AdSimple Consent Manager

The AdSimple Consent Manager scans the website, identifies and categorizes all cookies, and provides users with the option to grant or deny consent for the use of cookies.
This ensures GDPR compliance and gives users control over cookie usage.

7. Data Transfer and Storage

All collected data is stored exclusively within the European Union.
The data is stored on servers of Hetzner GmbH in Germany, with access granted only to AdSimple GmbH and Hetzner GmbH.

8. User Rights

Users have the right to access and delete their personal data at any time.
They can prevent data collection by rejecting cookies via the cookie notice script or adjusting their browser's cookie settings.

9. Legal Basis for Data Processing

The user's consent to the use of cookies forms the legal basis for processing. This is necessary to operate the AdSimple Consent Manager in compliance with data protection regulations.

10. Further Information

More details about the AdSimple Consent Manager can be found on the official AdSimple website: AdSimple Consent Manager.

Summary:

The privacy policy explains how the AdSimple Consent Manager manages user consent for cookies, what data is processed, how it is stored, and how users can manage their data. It outlines the legal basis for data processing and gives users control over their cookie settings.

The Payment Provider Privacy Policy provides information about the use of payment providers on the website and the processing of personal data. Below is a summary of the key points:

Payment Provider Privacy Policy Summary

👥 Affected Parties: Website visitors
🤝 Purpose: Enabling and optimizing the payment process on the website
📓 Processed Data: Name, address, bank data (account number, credit card number, passwords, TANs), IP address, and contract data. More details can be found at the respective payment provider.
📅 Storage Duration: Depending on the payment provider used
⚖️ Legal Basis: Art. 6 para. 1 lit. b GDPR (Contract fulfillment)

What is a Payment Provider?

We use online payment systems on our website to provide you with a secure and smooth payment process. Personal data may be transmitted, stored, and processed by the payment provider. Payment providers allow you to make online transactions via online banking. The payment processing is carried out by the payment provider you choose, and we only receive information about the payment status.

Why Do We Use Payment Providers?

To offer the best possible service and ensure fast, secure payment processes, we integrate various payment providers. This gives you the option to select your preferred payment method.

What Data Is Processed?

The type of data processed depends on the payment provider but typically includes:

Name
Address
Bank details (account number, credit card number, passwords, TANs)
Contract data
IP address
Device information

Most payment providers store data on their servers, and we only receive confirmation of payment status. For identity and credit checks, payment providers may share data with external agencies.

Duration of Data Processing

Data is processed as long as necessary for service provision. Legal retention obligations may extend the storage period (e.g., 10 years for accounting records under § 147 AO).

Right to Object

You have the right to access, correct, or delete your data. Please contact the respective payment provider for data-related inquiries. You can also delete cookies associated with payment providers via your browser settings.

Legal Basis

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR (Contract fulfillment). Specific privacy policies of payment providers such as Amazon Payments, Apple Pay, or Discover offer more detailed insights.

PayPal Privacy Policy Summary

👥 Affected Parties: Website visitors
🤝 Purpose: Optimizing the payment process
📓 Processed Data: Name, address, bank data, IP address, contract data
📅 Storage Duration: Until the cooperation with PayPal is terminated
⚖️ Legal Basis: Art. 6 para. 1 lit. b GDPR (Contract fulfillment), Art. 6 para. 1 lit. a GDPR (Consent)

What is PayPal?

PayPal is an online payment service provided by PayPal Europe (S.à r.l. et Cie, S.C.A.), based in Luxembourg. With over 325 million active users, PayPal is one of the largest payment providers worldwide.

Why Do We Use PayPal?

PayPal provides high security standards, international payment options, and fast transactions. Many users trust PayPal, making it an attractive option for our website.

What Data Does PayPal Process?

PayPal processes:

Registration and contact data
Payment information
Device and location data
Transaction-based data (e.g., purchase habits, creditworthiness)
Data from third parties (e.g., fraud detection providers, banks)

PayPal also uses tracking technologies like cookies, pixel tags, and web beacons.

Storage Duration

PayPal stores customer data for up to 10 years after the business relationship ends, in compliance with legal obligations.

How Can You Delete or Prevent Data Processing?

You can request access, correction, or deletion of your data. PayPal's cookie settings can be adjusted in your browser.

Legal Basis

Our legitimate interest in integrating PayPal is based on Art. 6 para. 1 lit. f GDPR. PayPal also uses Standard Contractual Clauses (SCC) to ensure compliance with European data protection standards when transferring data outside the EU.

More information is available at: PayPal Privacy Policy.

Visa Privacy Policy

We use Visa, a globally operating payment provider, on our website. The service provider is the American company Visa Inc. For the European region, the responsible company is Visa Europe Services Inc. (1 Sheldon Square, London W2 6TT, United Kingdom).

Visa processes your data, including in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks regarding the legality and security of data processing.

As a basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or for data transfer to such countries, Visa uses so-called standard contractual clauses (SCC) in accordance with Art. 46 para. 2 and 3 GDPR. These standard contractual clauses are model contracts provided by the EU Commission and aim to ensure that your data complies with European data protection standards even if it is stored, processed, and managed in third countries like the USA. Visa commits to complying with the European data protection level when processing your relevant data through these clauses. These clauses are based on an implementing decision of the EU Commission, which you can find here: EU Commission Decision and Standard Contractual Clauses.

More information on Visa's standard contractual clauses can be found at: Visa SCC Information.

Further details on the data processed by Visa can be found in their privacy policy: Visa Privacy Policy.

Web Design Introduction

Web Design Privacy Policy Summary

👥 Affected Parties: Website visitors
🤝 Purpose: Improving user experience
📓 Processed Data: Depends on the services used, typically IP address, technical data, language settings, browser version, screen resolution, and browser name. More details can be found in the privacy policies of the respective web design tools.
📅 Storage Duration: Varies depending on the tools used
⚖️ Legal Basis: Art. 6 para. 1 lit. a GDPR (Consent), Art. 6 para. 1 lit. f GDPR (Legitimate Interests)

What is Web Design?

We use various tools on our website that serve our web design. Web design is not only about making the website visually appealing but also about functionality and performance. However, aesthetics are a major goal of professional web design. Web design is a subfield of media design and deals with both the visual and structural as well as functional design of a website. The goal is to improve your experience on our website. In web design jargon, this is referred to as User Experience (UX) and Usability. User Experience encompasses all impressions and experiences a visitor has on a website, while Usability focuses on user-friendliness — ensuring that content, subpages, or products are clearly structured and easy to find.

To offer you the best possible experience on our website, we also use third-party web design tools. This privacy policy includes all services that improve the design of our website, such as fonts, plugins, or other embedded design functions.

Why Do We Use Web Design Tools?

How you perceive information on a website strongly depends on its structure, functionality, and visual appearance. A good and professional web design has become increasingly important for us. We constantly strive to improve our website and see this as an additional service for you as a visitor. Furthermore, an attractive and functional website also offers economic advantages, as you are more likely to visit our site and use our services if you feel comfortable.

What Data Is Stored by Web Design Tools?

When you visit our website, web design elements may be integrated into our pages that can process data. The type of data processed depends heavily on the tools used. Below, you will find an overview of the tools we use. For more detailed information, please refer to the privacy policies of the respective tools. Typically, the data includes:

Language settings
IP address
Browser version
Screen resolution
Browser name

For example, Google Fonts automatically transmits such information to Google servers.

Duration of Data Processing

The duration of data processing depends on the individual web design elements used. If cookies are employed, the storage period can range from one minute to several years. Please refer to our Cookies section and the privacy policies of the used tools to learn more about the exact storage periods.

Right to Object

You have the right to withdraw your consent to the use of cookies or third-party providers at any time. This can be done via our Cookie Management Tool or other opt-out functions. You can also manage, disable, or delete cookies directly in your browser settings. However, some data (such as from Google Fonts) may not be easily deleted as it is automatically transmitted when a page is accessed. In such cases, please contact the relevant provider’s support service. Google support can be reached at: Google Support.

Legal Basis

If you have given consent for the use of web design tools, the legal basis for data processing is Art. 6 para. 1 lit. a GDPR (Consent). Additionally, we have a legitimate interest in improving our website's web design, which makes Art. 6 para. 1 lit. f GDPR (Legitimate Interests) the applicable legal basis. However, we only use web design tools if you have given your consent.

Information about specific web design tools, if available, can be found in the following sections.

Google Fonts Privacy Policy Summary 👥 Affected Parties: Website Visitors 🤝 Purpose: Optimization of our service performance 📓 Processed Data: Data such as IP address and CSS and font requests More details can be found below in this privacy policy. 📅 Storage Duration: Font files are stored by Google for one year ⚖️ Legal Basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What are Google Fonts? On our website, we use Google Fonts, which are Google fonts provided by Google Inc. For the European area, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

You do not need to register or enter a password to use Google Fonts. No cookies are stored in your browser. The files (CSS, fonts) are requested via Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, rest assured that your account information will not be transmitted to Google when using Google Fonts. Google tracks the use of CSS and fonts and stores this data securely. We will review the exact data storage details below.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to users free of charge. Many of these fonts are published under the SIL Open Font License, while others are published under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website? With Google Fonts, we can use fonts on our website without having to upload them to our own server. Google Fonts is an essential building block for maintaining the quality of our website. All Google Fonts are automatically optimized for the web, saving data volume and offering significant advantages for mobile devices. The small file size ensures fast loading times. Google Fonts are also secure web fonts, avoiding platform-specific issues across different browsers and devices. Google Fonts support all common browsers and work reliably on most modern mobile operating systems.

What data does Google store? When you visit our website, fonts are reloaded from a Google server. This external request transmits data such as your IP address to Google servers. The Google Fonts API is designed to reduce data collection to what is necessary to provide fonts. Google stores CSS and font requests securely, and usage data helps Google assess the popularity of fonts. This data is published on internal analytics pages like Google Analytics. Additionally, Google's web crawler tracks which websites use Google Fonts, storing this information in the BigQuery database.

However, Google may automatically transmit information such as language settings, IP address, browser version, screen resolution, and browser name when fonts are requested. Whether this data is stored is not clearly communicated by Google.

How long and where is the data stored? Google stores CSS requests for one day on servers primarily outside the EU, while font files are stored for one year. This caching improves website loading times. Google occasionally updates font files to reduce file size, increase language coverage, and improve design.

How can I delete or prevent data storage? Data stored by Google cannot be easily deleted. Automatic data transmission occurs when the website is accessed. You can contact Google support at https://support.google.com/?hl=en to request data deletion. To prevent data storage, avoid visiting our website.

Legal Basis If you have given consent for the use of Google Fonts, the legal basis for the corresponding data processing is Art. 6 para. 1 lit. a GDPR. Additionally, our legitimate interest in optimizing our online services is based on Art. 6 para. 1 lit. f GDPR. Google processes data in the USA under the EU-US Data Privacy Framework and standard contractual clauses.

More information about Google Fonts can be found at https://developers.google.com/fonts/faq and Google's privacy policy at https://www.google.com/intl/en/policies/privacy/.

Google Fonts Local Privacy Policy On our website, we use Google Fonts from Google Inc., with Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) responsible for the European area. We have embedded Google Fonts locally on our web server, not on Google servers. This prevents data transmission or storage by Google.

Online Booking Systems Privacy Policy Summary 👥 Affected Parties: Website Visitors 🤝 Purpose: Improving user experience and organization 📓 Processed Data: Data such as IP address, contact and payment information, and technical data, depending on the tools used More details can be found in the relevant tool sections below. 📅 Storage Duration: Varies depending on the tools used ⚖️ Legal Basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests)

What is an Online Booking System? We use one or more online booking systems to allow you to book appointments on our website. These systems display available resources and allow direct booking and often payment. Such systems are widely used across various industries, not just hospitality. Depending on the tool, both internal and customer data may be collected and stored.

Why do we use an Online Booking System? Our website aims to provide you with helpful information and services. An online booking system simplifies appointment booking, eliminating the need for phone or email confirmations. This system benefits both you and our internal booking management.

What data is processed? The data processed depends on the booking system used and its features. Commonly processed data includes IP address, name, contact details, device information, and booking time. If payments are made through the system, bank details such as account numbers and passwords may be stored and transmitted to payment providers. Please refer to the specific tool's privacy policy for more details.

Storage Duration Data storage duration varies by booking system and tool. Generally, personal data is stored only as long as necessary for service provision. Cookies used by booking systems may have varying storage durations. Further details can be found in the tool provider's privacy policy.

Right to Object You have the right to withdraw your consent for data processing at any time. Withdrawal can typically be managed through a cookie consent tool or other opt-out features.

Legal Basis If you have given consent, the legal basis for data processing is Art. 6 para. 1 lit. a GDPR. Additionally, our legitimate interest in using booking systems is based on Art. 6 para. 1 lit. f GDPR. However, we only use tools if you have given consent.

Further information about specific booking systems is provided in the following sections.

Explanation of Terms Used We always strive to draft our privacy policy as clearly and understandably as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we do not want to use these without explanation. Below, you will find an alphabetical list of important terms used, which may not have been sufficiently explained in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also include the GDPR texts here and, if necessary, add our own explanations.

Processor Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Processor" means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to controllers, there can also be so-called processors. This includes any company or person that processes personal data on our behalf. Processors can include service providers such as tax consultants, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Consent Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Consent" of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them;

Explanation: On websites, such consent is typically obtained via a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to data processing. You can often make individual settings and decide which data processing you allow and which you do not. If you do not consent, no personal data may be processed. Consent can, of course, also be given in writing, not just via a tool.

Personal Data Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

Explanation: Personal data includes all information that can identify you as a person. These are typically data such as:

Name
Address
Email address
Postal address
Telephone number
Date of birth
Identification numbers such as social security number, tax identification number, ID card number, or student number
Bank data such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address also counts as personal data. IT experts can use your IP address to determine at least the approximate location of your device and, consequently, identify you as the connection owner. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called "special categories" of personal data, which are particularly worthy of protection. These include:

Racial and ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic data, such as data obtained from blood or saliva samples
Biometric data (information on physical, physiological, or behavioral characteristics that can identify a person)
Health data
Data concerning sexual orientation or sexual life

Profiling Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

Explanation: Profiling involves compiling various information about a person to learn more about them. In the online sector, profiling is often used for advertising purposes or credit checks. Web or advertising analysis programs, for example, collect data on your behavior and interests on a website. This results in a specific user profile, which helps to target advertising to a particular audience.

Controller Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Controller" means the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for processing your personal data and are therefore the "controller." If we pass on collected data to other service providers for processing, they are "processors." A "Data Processing Agreement (DPA)" must be signed for this purpose.

Processing Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;

Note: When we speak of processing in our privacy policy, we mean any kind of data processing. This includes, as mentioned in the original GDPR definition, not only collection but also storage and processing of data.

All texts are protected by copyright.

Source: Created with the Austrian Privacy Policy Generator by AdSimple