Privacy Policy
Privacy Policy
Embedded Files
Privacy Policy
Privacy Policy
Introduction and Overview
Introduction and Overview
We have prepared this Privacy Policy (version 11.11.2024-312905021) in order to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable national laws, which personal data (hereinafter referred to as “data”) we, as the controller, and the processors engaged by us (e.g. service providers), process, will process in the future, and what lawful options and rights you have. The terms used are to be understood as gender-neutral.
In short: we provide you with comprehensive information about the data we process concerning you.
Privacy policies usually sound highly technical and use legal terminology. This Privacy Policy, however, is intended to describe the most important matters as simply and transparently as possible. Wherever it supports transparency, technical terms are explained in a user-friendly manner, links to further information are provided, and graphics may be used. We thereby inform you, in clear and simple language, that we only process personal data within the scope of our business activities where a corresponding legal basis exists. This would certainly not be possible if explanations were kept as brief, unclear, and overly legal-technical as is often standard practice on the internet regarding data protection. We hope you find the following explanations interesting and informative and that you may discover information you were not previously aware of.
Should you nevertheless have further questions, we kindly ask you to contact the responsible entity listed below or in the legal notice (“Imprint”), follow the available links, and consult additional information on third-party websites. Our contact details can of course also be found in the legal notice.
Scope of Application
Scope of Application
This Privacy Policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Article 4(1) GDPR, such as a person’s name, email address, and postal address. The processing of personal data enables us to provide and invoice our services and products, whether online or offline.
The scope of this Privacy Policy includes:
all online presences (websites, online shops) operated by us;
social media presences and email communications;
mobile applications for smartphones and other devices.
In short: this Privacy Policy applies to all areas in which personal data is processed in a structured manner within the company through the aforementioned channels. Should we enter into legal relationships with you outside these channels, we will inform you separately where necessary.
Legal Bases
Legal Bases
In the following Privacy Policy, we provide you with transparent information regarding the legal principles and regulations, i.e. the legal bases under the GDPR, which permit us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You may of course access and review the GDPR online via EUR-Lex, the gateway to EU law, at:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
We only process your data where at least one of the following conditions applies:
Consent (Article 6(1)(a) GDPR)
Consent (Article 6(1)(a) GDPR)
You have given us your consent to process data for a specific purpose. An example would be the storage of data entered into a contact form.
Contract (Article 6(1)(b) GDPR)
Contract (Article 6(1)(b) GDPR)
We process your data in order to fulfil a contract or pre-contractual obligations with you. For example, if we conclude a purchase agreement with you, we require certain personal information in advance.
Legal Obligation (Article 6(1)(c) GDPR)
Legal Obligation (Article 6(1)(c) GDPR)
If we are subject to a legal obligation, we process your data accordingly. For example, we are legally obliged to retain invoices for accounting purposes. These generally contain personal data.
Legitimate Interests (Article 6(1)(f) GDPR)
Legitimate Interests (Article 6(1)(f) GDPR)
Where legitimate interests exist that do not override your fundamental rights and freedoms, we reserve the right to process personal data. For example, we must process certain data in order to operate our website securely and efficiently. This processing therefore constitutes a legitimate interest.
Other legal bases, such as processing necessary for the performance of a task carried out in the public interest, exercise of official authority, or protection of vital interests, generally do not apply to us. Should such a legal basis become relevant, it will be indicated at the appropriate point.
In addition to the GDPR, national laws may also apply:
In Austria, this is the Federal Act concerning the Protection of Natural Persons with regard to the Processing of Personal Data (Datenschutzgesetz – DSG).
In Germany, this is the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).
Where additional regional or national laws apply, we will inform you accordingly in the following sections.
Storage Period
Storage Period
As a general principle, we only store personal data for as long as is strictly necessary to provide our services and products. This means that we delete personal data as soon as the purpose for processing the data no longer exists. In some cases, however, we are legally obliged to retain certain data even after the original purpose no longer applies, for example for accounting purposes.
If you request the deletion of your data or withdraw your consent to data processing, the data will be deleted as quickly as possible, provided there is no legal obligation to retain it.
Where additional information is available, we will inform you below about the specific duration of the respective data processing activities.
Rights under the General Data Protection Regulation (GDPR)
Rights under the General Data Protection Regulation (GDPR)
Pursuant to Articles 13 and 14 GDPR, we inform you of the following rights to which you are entitled in order to ensure fair and transparent data processing:
Under Article 15 GDPR, you have the right to obtain information as to whether we process your data. If this is the case, you have the right to receive a copy of the data and information regarding:
the purposes of the processing;
the categories of data processed;
the recipients of the data and, where data is transferred to third countries, how an adequate level of protection is ensured;
the duration of storage;
the existence of the right to rectification, erasure, restriction of processing, and objection;
your right to lodge a complaint with a supervisory authority;
the origin of the data where it was not collected directly from you;
whether profiling is carried out, i.e. whether data is automatically evaluated to create a personal profile.
Under Article 16 GDPR, you have the right to rectification of inaccurate data.
Under Article 17 GDPR, you have the right to erasure (“right to be forgotten”).
Under Article 18 GDPR, you have the right to restriction of processing.
Under Article 20 GDPR, you have the right to data portability.
Under Article 21 GDPR, you have the right to object to processing.
Where processing is based on Article 6(1)(e) GDPR (public interest or exercise of official authority) or Article 6(1)(f) GDPR (legitimate interests), you may object to the processing. We will then assess as quickly as possible whether we can legally comply with your objection.
If data is processed for direct marketing purposes, you may object to such processing at any time. We may then no longer use your data for direct marketing purposes.
If data is processed for profiling purposes, you may object to such processing at any time. We may then no longer use your data for profiling purposes.
Under Article 22 GDPR, you may also have the right not to be subject to a decision based solely on automated processing, including profiling.
Under Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you infringes the GDPR.
In short: you have rights — please do not hesitate to contact the responsible entity listed above.
Security of Data Processing
Security of Data Processing
In order to protect personal data, we have implemented both technical and organizational measures. Wherever possible, we encrypt or pseudonymize personal data. In doing so, we make it as difficult as possible for third parties to infer personal information from our data.
Article 25 GDPR refers to this as “data protection by design and by default,” meaning that security should always be considered and appropriate measures implemented for both software (e.g. forms) and hardware (e.g. server room access). Further details regarding specific measures are provided below where necessary.
TLS Encryption with HTTPS
TLS Encryption with HTTPS
We use HTTPS (Hypertext Transfer Protocol Secure) in order to transmit data securely over the internet.
This means that all data transmitted between your browser and our web server is protected against interception.
By implementing TLS (Transport Layer Security), an encryption protocol for secure data transmission over the internet, we ensure the protection of confidential data and fulfil the requirements of data protection by design pursuant to Article 25(1) GDPR.
You can recognize the use of this security measure by the padlock symbol displayed in your browser and the use of “https” instead of “http” in our web address.
(Translation continued — remaining sections available upon request due to length.)
Page updated
Report abuse