Introduction and Overview
We have prepared this privacy policy (version 21.10.2024-112893550) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as “data”) we as the controller – and the processors commissioned by us (e.g. providers) – process, will process in the future and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.
Privacy policies usually sound very technical and use legal terminology. This privacy policy, however, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it promotes transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that we only process personal data in the course of our business activities when there is a corresponding legal basis. This is certainly not possible if one gives as brief, unclear and legal-technical explanations as possible, as is often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information that you did not yet know.
If you still have questions, we would like to ask you to contact the responsible body named below or in the imprint, to follow the existing links and to look at further information on third-party sites. You can of course also find our contact details in the imprint.
Scope of Application
This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Article 4 No. 1 GDPR, such as a person’s name, e-mail address and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:
- all online presences (websites, online shops) that we operate
- social media presences and email communication
- mobile apps for smartphones and other devices
In short: The privacy policy applies to all areas in which personal data is processed in a structured manner in the company via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.
Legal Bases
In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course access this EU General Data Protection Regulation online on EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.
We process your data only when at least one of the following conditions applies:
- Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
- Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
- Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
- Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we have to process certain data in order to be able to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.
Other conditions such as processing of data in the public interest, exercise of official authority, or protection of vital interests generally do not occur in our case. If such a legal basis should be relevant, it will be indicated at the appropriate place.
In addition to the EU regulation, national laws also apply:
- In Austria, this is the Federal Act concerning the Protection of Personal Data (Data Protection Act), abbreviated as DSG.
- In Germany, the Federal Data Protection Act, abbreviated as BDSG, applies.
If other regional or national laws apply, we will inform you about them in the following sections.
Contact Details of the Responsible Party
If you have any questions about data protection or the processing of personal data, you can find the contact details of the responsible person or entity below:
KathaWedding – Katharina Rieplhuber
Katharina Rieplhuber
Widagasse 11
6850 Dornbirn
Austria
E-mail: info@kathawedding.com
Phone: +43 664 1815283
Imprint: https://kathawedding.com/impressum/
Storage Duration
It is our general criterion that we only store personal data for as long as it is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and insofar as there is no obligation to store it.
We will inform you about the specific duration of the respective data processing further below, if we have additional information about it.
Rights According to the General Data Protection Regulation
According to Articles 13 and 14 of the GDPR, we inform you about the following rights to which you are entitled to ensure fair and transparent data processing:
- According to Article 15 of the GDPR, you have the right to information about whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and to be informed about the following:
- the purpose for which we carry out the processing;
- the categories, i.e., the types of data that are processed;
- who receives this data and if the data is transferred to third countries, how security can be guaranteed;
- how long the data will be stored;
- the existence of the right to rectification, deletion or restriction of processing and the right to object to processing;
- that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
- the origin of the data if we did not collect it from you;
- whether profiling is carried out, i.e., whether data is automatically evaluated to arrive at a personal profile of you.
- According to Article 16 of the GDPR, you have the right to rectification of data, which means that we must correct data if you find errors.
- According to Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request the deletion of your data.
- According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
- According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
- According to Article 21 of the GDPR, you have the right to object, which, when exercised, results in a change in processing.
- If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
- If data is used for direct advertising, you can object to this type of data processing at any time. We may no longer use your data for direct marketing after that.
- If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling after that.
- According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).
- According to Article 77 of the GDPR, you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.
In short: You have rights – don’t hesitate to contact the responsible party listed above!
If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
Austrian Data Protection Authority
Head: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone number: +43 1 52 152-0
Email address:
dsb@dsb.gv.at
Website:
https://www.dsb.gv.at/
Cookies
Cookies Summary 👥 Affected: Website visitors |
What are Cookies?
Our website uses HTTP cookies to store user-specific data.
In the following, we explain what cookies are and why they are used, so that you can better understand the following privacy policy.
Whenever you surf the Internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, quasi the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must be specified.
Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser sends the “user-related” information back to our site. Thanks to the cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.
The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie back from the server, which the browser uses again when another page is requested.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie is to be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans, or other “malware”. Cookies also cannot access information on your PC.
This is how cookie data can look:
Name: _ga
Value: GA1.2.1326744211.152112893550-9
Purpose: Differentiation of website visitors
Expiry date: after 2 years
A browser should be able to support these minimum sizes:
- At least 4096 bytes per cookie
- At least 50 cookies per domain
- At least 3000 cookies in total
What Types of Cookies are there?
The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.
One can distinguish between 4 types of cookies:
Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing other pages and only goes to the checkout later. These cookies ensure that the shopping cart is not deleted even when the user closes their browser window.
Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and behavior of the website with different browsers.
Targeted Cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes, or form data are stored.
Advertising Cookies
These cookies are also called targeting cookies. They serve to deliver individually tailored advertising to the user. This can be very convenient, but also very annoying.
Usually, you are asked which of these types of cookies you want to allow when you first visit a website. And of course, this decision is also stored in a cookie.
If you want to know more about cookies and don’t shy away from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Purpose of Processing via Cookies
The purpose ultimately depends on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie.
Which data is processed?
Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but within the following privacy policy, we will inform you about the data processed or stored.
Storage Duration of Cookies
The storage duration depends on the respective cookie and is specified in more detail below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.
You also have control over the storage duration. You can manually delete all cookies at any time through your browser (see also below under “Right to Object”). Furthermore, cookies based on your consent will be deleted at the latest after you withdraw your consent, while the lawfulness of the storage until then remains unaffected.
Widerspruchsrecht – wie kann ich Cookies löschen?
Wie und ob Sie Cookies verwenden wollen, entscheiden Sie selbst. Unabhängig von welchem Service oder welcher Website die Cookies stammen, haben Sie immer die Möglichkeit Cookies zu löschen, zu deaktivieren oder nur teilweise zuzulassen. Zum Beispiel können Sie Cookies von Drittanbietern blockieren, aber alle anderen Cookies zulassen.
If you want to determine which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:
Chrome: Delete, enable, and manage cookies in Chrome
Safari: Manage cookies and website data with Safari
Firefox: Delete cookies to remove data that websites have placed on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies
If you generally don’t want cookies, you can set up your browser to always inform you when a cookie is about to be set. This way you can decide for each individual cookie whether you want to allow it or not. The procedure varies depending on the browser. It’s best to search for the instructions in Google with the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser.
Legal Basis
Since 2009, there have been the so-called “Cookie Guidelines”. These state that the storage of cookies requires your consent (Article 6(1)(a) GDPR). However, there are still very different reactions to these guidelines within EU countries. In Austria, however, this directive was implemented in § 165 para. 3 of the Telecommunications Act (2021). In Germany, the Cookie Guidelines were not implemented as national law. Instead, the implementation of this directive was largely carried out in § 15 para. 3 of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024.
For absolutely necessary cookies, even if there is no consent, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide website visitors with a pleasant user experience, and certain cookies are often absolutely necessary for this.
If non-essential cookies are used, this only happens with your consent. The legal basis in this respect is Art. 6(1)(a) GDPR.
In the following sections, you will be informed in more detail about the use of cookies, insofar as the software used uses cookies.
Web Hosting Introduction
Web Hosting Summary 👥 Affected: Website visitors |
What is Web Hosting?
When you visit websites today, certain information – including personal data – is automatically created and stored, as is the case on this website. This data should be processed as sparingly as possible and only with justification. By website, we mean the entirety of all web pages on a domain, i.e. everything from the homepage to the very last subpage (like this one here). By domain, we mean, for example, example.com or sampleexample.com.
When you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply call them browsers or web browsers.
To display the website, the browser needs to connect to another computer where the website’s code is stored: the web server. Operating a web server is a complicated and onerous task, which is why this is usually done by professional providers, the providers. They offer web hosting and thus ensure reliable and error-free storage of website data. That’s quite a lot of technical terms, but please stay with us, it gets even better!
When the browser on your computer (desktop, laptop, tablet, or smartphone) connects and during data transfer to and from the web server, personal data may be processed. On one hand, your computer stores data, on the other hand, the web server must also store data for a period of time to ensure proper operation.
A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.
Why Do We Process Personal Data?
The purposes of data processing are:
- Professional hosting of the website and ensuring its operation
- to maintain operational and IT security
- Anonymous analysis of access behavior to improve our offer and, if necessary, for prosecution or pursuit of claims
Which data is processed?
Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, typically automatically stores data such as
- the complete internet address (URL) of the accessed web page
- Browser and browser version (e.g., Chrome 87)
- the operating system used (e.g., Windows 10)
- the address (URL) of the previously visited page (Referrer URL) (e.g., https://www.examplesourcesite.com/whereicamefrom/)
- the hostname and IP address of the device being accessed from (e.g., COMPUTERNAME and 194.23.43.121)
- Date and time
- in files, the so-called web server log files
How Long is Data Stored?
Usually, the above-mentioned data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot exclude the possibility that this data may be viewed by authorities in the event of unlawful behavior.
In short: Your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not share your data without consent!
Legal Basis
The lawfulness of processing personal data in the context of web hosting results from Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), as the use of professional hosting with a provider is necessary to present the company securely and user-friendly on the internet and to be able to pursue attacks and claims arising from it if necessary.
Between us and the hosting provider, there is usually a contract for order processing pursuant to Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.
External Web Hosting Provider Privacy Policy
Below you will find the contact details of our external hosting provider, where you can learn more about data processing in addition to the information above:
hosttech GmbH
Warwitzstraße 9
5020 Salzburg
Austria
You can learn more about data processing by this provider in the privacy policy.
Website Builder Systems Introduction
Website Builder Systems Privacy Policy Summary 👥 Affected parties: Website visitors |
What are Website Builder Systems?
We use a website builder system for our website. Builder systems are special forms of a Content Management System (CMS). With a builder system, website operators can very easily create a website without programming knowledge. In many cases, web hosts also offer builder systems. By using a builder system, personal data from you can also be collected, stored, and processed. In this privacy text, we provide you with general information about data processing by builder systems. You can find more detailed information in the privacy policies of the provider.
Why Do We Use Website Builder Systems for our Website?
The biggest advantage of a builder system is its ease of use. We want to offer you a clear, simple, and straightforward website that we can operate and maintain ourselves – without external support – without any problems. A builder system now offers many helpful functions that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and offer you an informative and pleasant time on our website.
What Data is Stored by a Builder System?
What data is exactly stored depends, of course, on the website builder system used. Each provider processes and collects different data from the website visitor. However, as a rule, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are collected. Furthermore, tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) may also be processed. In addition, personal data can also be collected and stored. This is usually contact data such as email address, telephone number (if you have provided it), IP address, and geographic location data. You can find exactly what data is stored in the privacy policy of the provider.
How Long and where is the Data Stored?
We will inform you about the duration of data processing further below in connection with the website builder system used, if we have further information about it. You can find detailed information about this in the provider’s privacy policy. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It may be that the provider stores data from you according to their own specifications, over which we have no influence.
Right to Object
You always have the right to information, correction, and deletion of your personal data. If you have any questions, you can also contact those responsible for the website builder system used at any time. You can find contact details either in our privacy policy or on the website of the respective provider.
You can delete, deactivate, or manage cookies that providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that then not all functions may work as usual.
Legal Basis
We have a legitimate interest in using a website builder system to optimize our online service and present it efficiently and in a user-friendly manner. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). However, we only use the builder if you have given your consent.
Insofar as the processing of data is not absolutely necessary for the operation of the website, the data is only processed on the basis of your consent. This particularly concerns tracking activities. The legal basis in this respect is Art. 6 para. 1 lit. a GDPR.
With this privacy policy, we have brought you closer to the most important general information about data processing. If you want to inform yourself more precisely about this, you will find further information – if available – in the following section or in the privacy policy of the provider.
Elementor Privacy Policy
We use the Elementor website builder for our website. The service provider is the Israeli company Elementor Ltd., Rehov Tuval 40, 5252247 Ramat Gan, Israel.
Your data may be transferred to Israel. Israel is outside the scope of the GDPR. However, the European Commission has decided, based on Art. 45 Para. 1 GDPR, that Israel offers a level of protection comparable to the GDPR standard. You can view the decision here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32011D0061
You can find out more about the data processed through the use of Elementor in the privacy policy at https://elementor.com/about/privacy/.
Web Analytics Introduction
Web Analytics Privacy Policy Summary 👥 Affected: Website visitors |
What is Web Analytics?
We use software on our website to analyze the behavior of website visitors, briefly called web analytics or web analysis. Data is collected, which the respective analytics tool provider (also called tracking tool) stores, manages, and processes. With the help of this data, analyses of user behavior on our website are created and made available to us as website operators. Additionally, most tools offer various testing options. For example, we can test which offers or content are best received by our visitors. For this purpose, we show you two different offers for a limited period of time. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as well as for other analytics procedures, user profiles can also be created and the data stored in cookies.
Why Do We Use Web Analytics?
With our website, we have a clear goal in mind: we want to provide the best web offering in the market for our industry. To achieve this goal, we want to offer the best and most interesting content on the one hand, and on the other hand, ensure that you feel completely comfortable on our website. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our web offering accordingly for you and us. For example, we can see how old our visitors are on average, where they come from, when our website is visited the most, or which content or products are particularly popular. All this information helps us to optimize the website and thus best adapt it to your needs, interests, and wishes.
Which data is processed?
Exactly what data is stored depends, of course, on the analysis tools used. However, usually, for example, it is stored which content you view on our website, which buttons or links you click, when you access a page, which browser you use, with which device (PC, tablet, smartphone, etc.) you visit the website, or which computer system you use. If you have agreed that location data may also be collected, this can also be processed by the web analysis tool provider.
Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored in pseudonymized form (i.e., in an unrecognizable and shortened form). For the purpose of testing, web analysis, and web optimization, no direct data such as your name, age, address, or email address is stored. All this data, if collected, is stored pseudonymously. This way, you cannot be identified as a person.
The following example shows schematically how Google Analytics works as an example of client-based web tracking with JavaScript code.
How long the respective data is stored always depends on the provider. Some cookies store data for only a few minutes or until you leave the website again, while other cookies can store data for several years.
Duration of Data Processing
We provide further information about the duration of data processing below, if we have additional information about it. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. If legally required, as in the case of accounting, this storage period may be exceeded.
Right to Object
You also have the right and option to revoke your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.
Legal Basis
The use of web analytics requires your consent, which we have obtained through our cookie popup. This consent represents the legal basis according to Art. 6 para. 1 lit. a GDPR (Consent) for the processing of personal data, as it may occur during the collection by web analytics tools.
In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offer technically and economically. With the help of web analytics, we can detect website errors, identify attacks, and improve profitability. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests) . However, we only use the tools if you have given your consent.
Since cookies are used in web analytics tools, we also recommend that you read our general privacy policy on cookies. To find out exactly what data about you is stored and processed, you should read the privacy policies of the respective tools.
Information on Specific Web Analytics Tools, if Available, Can be Found in the Following Sections.
Social Media Introduction
Social Media Privacy Policy Summary 👥 Affected parties: Visitors to the website |
What is Social Media?
In addition to our website, we are also active on various social media platforms. User data may be processed so that we can target users who are interested in us through social networks. Furthermore, elements of a social media platform may be directly embedded in our website. This is the case, for example, when you click on a so-called social button on our website and are redirected directly to our social media presence. Social media or social networks are websites and apps through which registered members can produce content, share content openly or in specific groups, and network with other members.
Why Do We Use Social Media?
For years, social media platforms have been the place where people communicate and make contact online. With our social media presences, we can bring our products and services closer to interested parties. The social media elements integrated on our website help you to quickly and easily switch to our social media content.
The data that is stored and processed through your use of a social media channel is primarily intended to conduct web analyses. The goal of these analyses is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, appropriate conclusions about your interests can be drawn using the evaluated data, and so-called user profiles can be created. This also allows the platforms to present you with tailored advertisements. Usually, cookies are set in your browser for this purpose, which store data about your usage behavior.
We generally assume that we remain responsible under data protection law, even when we use services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform can be jointly responsible with us in the sense of Art. 26 GDPR. Insofar as this is the case, we specifically point this out and work on the basis of a corresponding agreement. The essential aspects of the agreement are then reproduced further below for the affected platform.
Please note that when using social media platforms or our embedded elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may not be able to claim or enforce your rights regarding your personal data as easily.
Which data is processed?
The exact data stored and processed depends on the respective provider of the social media platform. But usually, it involves data such as phone numbers, email addresses, data you enter into a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have your own profile on the visited social media channel and are logged in, data can be linked to your profile.
All data collected via a social media platform is also stored on the providers’ servers. Thus, only the providers have access to the data and can provide you with the appropriate information or make changes.
If you want to know exactly what data is stored and processed by social media providers and how you can object to data processing, you should carefully read the respective privacy policy of the company. Also, if you have questions about data storage and data processing or want to assert corresponding rights, we recommend contacting the provider directly.
Duration of Data Processing
We inform you about the duration of data processing further below, if we have additional information about it. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. However, customer data that is matched with their own user data is deleted within two days. In general, we process personal data only as long as is absolutely necessary for the provision of our services and products. If it is legally required, as in the case of accounting, this storage period can be exceeded.
Right to Object
You also have the right and option to revoke your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.
Since cookies may be used in social media tools, we also recommend that you read our general privacy policy on cookies. To find out exactly what data about you is stored and processed, you should read the privacy policies of the respective tools.
Legal Basis
If you have consented to data being processed and stored by integrated social media elements, this consent serves as the legal basis for data processing (Art. 6 Para. 1 lit. a GDPR). In principle, if consent has been given, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policy of the respective service provider.
Information about Specific Social Media Platforms Can be Found – if Available – in the Following Sections.
Facebook Privacy Policy
Facebook Privacy Policy Summary 👥 Affected: Website visitors |
What are Facebook Tools?
We use selected Facebook tools on our website. Facebook is a social media network of Meta Platforms Inc. or, for the European region, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With the help of these tools, we can offer you and people interested in our products and services the best possible offer.
If data is collected from you and forwarded via our embedded Facebook elements or via our Facebook page (fan page), both we and Facebook Ireland Ltd. are responsible for this. Facebook alone is responsible for the further processing of this data. Our joint obligations have also been anchored in a publicly accessible agreement at https://www.facebook.com/legal/controller_addendum. It states, for example, that we must clearly inform you about the use of Facebook tools on our site. We are also responsible for ensuring that the tools are securely integrated into our website in terms of data protection. Facebook, on the other hand, is responsible for the data security of Facebook products, for example. If you have any questions about data collection and data processing by Facebook, you can contact the company directly. If you direct the question to us, we are obliged to forward it to Facebook.
In the following, we provide an overview of the various Facebook tools, which data is sent to Facebook and how you can delete this data.
In addition to many other products, Facebook also offers the so-called Facebook Business Tools. This is the official designation from Facebook. However, since the term is hardly known, we have decided to simply call them Facebook tools. These include, among others:
- Facebook-Pixel social plug-ins (such as the Like or Share button) Facebook Login Account Kit APIs (programming interface) SDKs (collection of programming tools) Platform integrations Plugins Codes Specifications Documentation Technologies and services
We want to show our services and products only to people who are really interested in them. With the help of advertisements (Facebook ads), we can reach precisely these people. In order for users to be shown appropriate advertising, Facebook needs information about people’s wishes and needs. This way, information about user behavior (and contact details) on our website is made available to the company. As a result, Facebook collects better user data and can show interested people the appropriate advertising about our products or services. The tools thus enable tailor-made advertising campaigns on Facebook.
Facebook calls data about your behavior on our website Event Data. These are also used for measurement and analysis services. Facebook can thus create campaign reports on the effectiveness of our advertising campaigns on our behalf. Furthermore, through analyses, we gain a better insight into how you use our services, website or products. This allows us to optimize your user experience on our website with some of these tools. For example, you can use the social plug-ins to share content on our site directly on Facebook.
What Data is Stored by Facebook Tools?
By using individual Facebook tools, personal data (customer data) can be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number, and IP address may be transmitted.
Facebook uses this information to match the data with the data it already has about you (if you are a Facebook member). Before customer data is transmitted to Facebook, a so-called Hashing takes place. This means that any data set is transformed into a string of characters. This also serves to encrypt data.
In addition to contact details, “event data” is also transmitted. “Event data” refers to the information we receive about you on our website. For example, which subpages you visit or which products you buy from us. Facebook does not share the received information with third parties (such as advertisers) unless the company has explicit permission or is legally obligated to do so. “Event data” can also be linked to contact data. This allows Facebook to offer better personalized advertising. After the aforementioned matching process, Facebook deletes the contact data again.
To deliver advertisements optimally, Facebook only uses the event data if it has been combined with other data (collected by Facebook in other ways). Facebook also uses this event data for security, protection, development, and research purposes. Much of this data is transferred to Facebook via cookies. Cookies are small text files used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, different numbers of cookies are placed in your browser. We go into more detail about individual Facebook cookies in the descriptions of the individual Facebook tools. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.
How Long and where is the Data Stored?
In general, Facebook stores data until it is no longer needed for its own services and Facebook products. Facebook has servers distributed all over the world where its data is stored. However, customer data is deleted within 48 hours after it has been matched with their own user data.
How Can I Delete My Data or Prevent Data Storage?
In accordance with the General Data Protection Regulation, you have the right to information, correction, portability, and deletion of your data.
A complete deletion of the data only occurs if you completely delete your Facebook account. And this is how deleting your Facebook account works:
1) Click on Settings on the right side of Facebook.
2) Then click on “Your Facebook Information” in the left column.
3) Now click on “Deactivation and Deletion”.
4) Now choose “Delete Account” and then click on “Continue to Account Deletion”
5) Now enter your password, click on “Continue” and then on “Delete Account”
The storage of data that Facebook receives about our site occurs, among other things, via cookies (e.g., for social plugins). In your browser, you can deactivate, delete, or manage individual or all cookies. Depending on which browser you use, this works in different ways. Under the section “Cookies”, you will find the corresponding links to the instructions for the most popular browsers.
If you generally don’t want any cookies, you can set up your browser to always inform you when a cookie is about to be set. This way you can decide for each individual cookie whether you want to allow it or not.
Legal Basis
If you have consented to data being processed and stored by integrated Facebook tools, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and view Facebook’s privacy policy or cookie guidelines.
Facebook processes data from you, among other places, in the USA. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Furthermore, Facebook uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR). Standard contractual clauses (SCC) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the standard contractual clauses, Facebook commits to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
You can find Facebook’s data processing terms, which refer to the standard contractual clauses, at https://www.facebook.com/legal/terms/dataprocessing.
We hope we have provided you with the most important information about the use and data processing by Facebook tools. If you want to learn more about how Facebook uses your data, we recommend you read the data policy at https://www.facebook.com/privacy/policy/.
Facebook Login Privacy Policy
We have integrated the convenient Facebook Login on our site. This allows you to easily log in to us with your Facebook account without having to create another user account. When you choose to register via Facebook Login, you will be redirected to the social media network Facebook. There, you log in using your Facebook user data. Through this login process, data about you or your user behavior is stored and transmitted to Facebook.
To store the data, Facebook uses various cookies. Below, we show you the most important cookies that are set in your browser or already exist when you log in to our site via Facebook Login:
Name: fr
Value: 0jieyh4c2GnlufEJ9..Bde09j…1.0.Bde09j
Purpose: This cookie is used to ensure that the social plugin on our website functions optimally.
Expiry date: after 3 months
Name: datr
Value: 4Jh7XUA2112893550SEmPsSfzCOO4JFFl
Purpose: Facebook sets the “datr” cookie when a web browser accesses facebook.com, and the cookie helps identify login activities and protect users.
Expiry date: after 2 years
Name: _js_datr
Value: deleted
Purpose: This session cookie is set by Facebook for tracking purposes, even if you don’t have a Facebook account or are logged out.
Expiry date: after end of session
Note: The cookies listed are only a small selection of the cookies available to Facebook. Other cookies include _fbp, sb or wd. A complete list is not possible as Facebook has a large number of cookies and uses them variably.
On the one hand, Facebook Login offers you a quick and easy registration process, and on the other hand, we have the opportunity to share data with Facebook. This allows us to better tailor our offer and advertising campaigns to your interests and needs. Data we receive from Facebook in this way is public data such as
- Your Facebook name
- Your profile picture
- A stored email address
- Friends lists
- Button information (e.g. “Like” button)
- Date of birth
- Language
- Place of residence
In return, we provide Facebook with information about your activities on our website. This includes, among other things, information about your used end device, which subpages you visit with us, or which products you have purchased from us.
By using Facebook Login, you consent to data processing. You can revoke this agreement at any time. If you want to learn more about data processing by Facebook, we recommend you read the Facebook privacy policy at https://www.facebook.com/privacy/policy/.
If you are logged in to Facebook, you can change your settings for advertisements yourself at https://www.facebook.com/adpreferences/advertisers/?entry_product=ad_settings_screen.
Instagram Privacy Policy
Instagram Privacy Policy Summary 👥 Affected: Website visitors |
What is Instagram?
We have integrated Instagram features on our website. Instagram is a social media platform of Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Instagram has been a subsidiary of Meta Platforms Inc. since 2012 and belongs to the Facebook products. The embedding of Instagram content on our website is called embedding. This allows us to show you content such as buttons, photos or videos from Instagram directly on our website. When you visit web pages of our web presence that have an Instagram function integrated, data is transmitted to Instagram, stored and processed. Instagram uses the same systems and technologies as Facebook. Your data is thus processed across all Facebook companies.
In the following, we want to give you a more detailed insight into why Instagram collects data, what data it is and how you can largely control the data processing. Since Instagram belongs to Meta Platforms Inc., we draw our information both from the Instagram policies and from the Meta privacy policies themselves.
Instagram is one of the most well-known social media networks worldwide. Instagram combines the advantages of a blog with the advantages of audiovisual platforms like YouTube or Vimeo. You can upload photos and short videos on “Insta” (as many users casually call the platform), edit them with various filters and also spread them on other social networks. And if you don’t want to be active yourself, you can also just follow other interesting users.
Why Do We Use Instagram on our Website?
Instagram is the social media platform that has really gone through the roof in recent years. And of course, we have also reacted to this boom. We want you to feel as comfortable as possible on our website. Therefore, a varied preparation of our content is a matter of course for us. Through the embedded Instagram functions, we can enrich our content with helpful, funny or exciting content from the Instagram world. Since Instagram is a subsidiary of Facebook, the data collected can also be useful to us for personalized advertising on Facebook. This way, our advertising ads only reach people who are really interested in our products or services.
Instagram also uses the collected data for measurement and analysis purposes. We receive summarized statistics and thus more insight into your wishes and interests. It is important to mention that these reports do not personally identify you.
What Data is Stored by Instagram?
When you come across one of our pages that has Instagram features (such as Instagram images or plug-ins) built in, your browser automatically connects to Instagram’s servers. Data is sent to Instagram, stored and processed. This happens regardless of whether you have an Instagram account or not. This includes information about our website, about your computer, about purchases made, about advertisements you see and how you use our offer. The date and time of your interaction with Instagram are also stored. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.
Facebook distinguishes between customer data and event data. We assume that this is exactly the case with Instagram. Customer data are, for example, name, address, phone number and IP address. This customer data will only be transmitted to Instagram after it has been “hashed”. Hashing means that a data record is transformed into a string of characters. This allows you to encrypt the contact data. In addition, the above-mentioned “event data” are also transmitted. By “event data”, Facebook – and consequently Instagram – understands data about your user behavior. It may also happen that contact data is combined with event data. The contact information collected is compared with the data that Instagram already has about you.
The collected data is transmitted to Facebook via small text files (cookies) that are usually set in your browser. Depending on the Instagram features used and whether you have an Instagram account yourself, different amounts of data are stored.
We assume that data processing on Instagram works the same way as on Facebook. This means: if you have an Instagram account or have visited www.instagram.com, Instagram has set at least one cookie. If this is the case, your browser sends information to Instagram via the cookie as soon as you come into contact with an Instagram feature. At the latest after 90 days (after reconciliation), this data is deleted or anonymized. Although we have dealt intensively with Instagram’s data processing, we cannot say exactly what data Instagram collects and stores.
In the following, we show you cookies that are at least set in your browser when you click on an Instagram feature (such as a button or an Insta image). In our test, we assume that you do not have an Instagram account. If you are logged in to Instagram, of course, significantly more cookies will be set in your browser.
These cookies were used in our test:
Name: csrftoken
Value: “”
Purpose: This cookie is most likely set for security reasons to prevent request forgeries. However, we couldn’t find out more details about it.
Expiration date: after one year
Name: mid
Value: “”
Purpose: Instagram sets this cookie to optimize its own services and offers on and off Instagram. The cookie sets a unique user ID.
Expiration date: after end of session
Name: fbsr_112893550124024
Value: no information
Purpose: This cookie stores the login request for users of the Instagram app.
Expiration date: after end of session
Name: rur
Value: ATN
Purpose: This is an Instagram cookie that ensures functionality on Instagram.
Expiration date: after end of session
Name: urlgen
Value: “{“194.96.75.33″: 1901}:1iEtYv:Y833k2_UjKvXgYe112893550”
Purpose: This cookie serves Instagram’s marketing purposes.
Expiration date: after end of session
Note: We cannot claim completeness here. Which cookies are set in individual cases depends on the embedded functions and your use of Instagram.
How Long and where is the Data Stored?
Instagram shares the information received between Facebook companies with external partners and with people you connect with worldwide. Data processing is carried out in compliance with their own data policy. Your data is distributed, among other things for security reasons, on Facebook servers around the world. Most of these servers are located in the USA.
How Can I Delete My Data or Prevent Data Storage?
Thanks to the General Data Protection Regulation, you have the right to information, transferability, correction and deletion of your data. You can manage your data in the Instagram settings. If you want to completely delete your data on Instagram, you must permanently delete your Instagram account.
And this is how deleting the Instagram account works:
First, open the Instagram app. On your profile page, scroll down and click on “Help Center”. Now you will be directed to the company’s website. Click on “Managing Your Account” on the website and then on “Delete Your Account”.
If you delete your account completely, Instagram deletes posts such as your photos and status updates. Information that other people have shared about you does not belong to your account and will therefore not be deleted.
As mentioned above, Instagram primarily stores your data via cookies. You can manage, deactivate or delete these cookies in your browser. Depending on your browser, management always works a little differently. Under the section “Cookies” you will find the corresponding links to the instructions for the most popular browsers.
You can also set up your browser to always inform you when a cookie is about to be set. Then you can always decide individually whether you want to allow the cookie or not.
Legal Basis
If you have consented to the processing and storage of your data by embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the embedded social media elements if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy text about cookies and view the privacy policy or cookie policies of the respective service provider.
Instagram also processes data from you in the USA, among other places. Instagram or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Instagram uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are template models provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Instagram commits to comply with European data protection levels when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
We have tried to provide you with the most important information about data processing by Instagram. At https://privacycenter.instagram.com/policy/ you can learn more about Instagram’s data policies.
Pinterest Privacy Policy
Pinterest Privacy Policy Summary 👥 Affected parties: Visitors to the website |
What is Pinterest?
We use buttons and widgets of the social media network Pinterest, from Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA, on our site. For the European region, the Irish company Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all data protection-related aspects.
Pinterest is a social network that specializes in graphical representations or photographs. The name is composed of the two words “pin” and “interest”. Users can exchange information about various hobbies and interests via Pinterest and view the respective profiles with images openly or in defined groups.
Why Do We Use Pinterest?
Pinterest has been around for several years now and still counts as one of the most visited and appreciated social media platforms. It is particularly suitable for our industry because the platform is primarily known for beautiful and interesting images. That’s why we are also represented on Pinterest and want to showcase our content appropriately outside of our website as well. The collected data can also be used for advertising purposes so that we can show advertising messages precisely to those people who are interested in our services or products.
What Data is Processed by Pinterest?
So-called log data may be stored. This includes information about your browser, IP address, the address of our website and the activities performed on it (for example, when you click the Save or Pin button), search histories, date and time of the request, and cookie and device data. When you interact with an embedded Pinterest feature, cookies that store various data may also be set in your browser. Usually, the aforementioned log data, preset language settings, and clickstream data are stored in cookies. Pinterest understands clickstream data as information about your website behavior.
If you have a Pinterest account yourself and are logged in, the data collected through our site can be added to your account and used for advertising purposes. When you interact with our embedded Pinterest features, you are usually redirected to the Pinterest page. Here you can see an example selection of cookies that are then set in your browser.
Name: _auth
Value: 0
Purpose: This cookie is used for authentication. For example, a value like your “username” can be stored in it.
Expiration date: after one year
Name: _pinterest_referrer
Value: 1
Purpose: This cookie stores that you came to Pinterest via our website. So the URL of our website is stored.
Expiration date: after end of session
Name: _pinterest_sess
Value: …9HRHZvVE0rQlUxdG89
Purpose: This cookie is used for logging in to Pinterest and contains user IDs, authentication tokens, and timestamps.
Expiration date: after one year
Name: _routing_id
Value: “8d850ddd-4fb8-499c-961c-77efae9d4065112893550-8”
Purpose: This cookie contains an assigned value used to identify a specific routing destination.
Expiration date: after one day
Name: cm_sub
Value: denied
Purpose: This cookie stores a user ID and the timestamp.
Expiration date: after one year
Name: csrftoken
Value: 9e49145c82a93d34fd933b0fd8446165112893550-1
Purpose: This cookie is most likely set for security reasons to prevent request forgeries. However, we couldn’t find out more specific details about it.
Expiration date: after one year
Name: sessionFunnelEventLogged
Value: 1
Purpose: We couldn’t find any more detailed information about this cookie.
Expiration date: after one day
How Long and where is the Data Stored?
Pinterest generally stores the collected data for as long as it is needed for the company’s purposes. As soon as data retention is no longer necessary, for example to comply with legal requirements, the data is either deleted or anonymized so that you can no longer be identified as a person. The data may also be stored on American servers.
Right to Object
You also have the right and the option to revoke your consent to the use of cookies or third-party providers like Pinterest at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.
Since embedded Pinterest elements may use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly what data about you is stored and processed, you should read the privacy policies of the respective tools.
Legal Basis
If you have consented to the processing and storage of your data by embedded social media elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in quick and good communication with you or other customers and business partners. However, we only use the tool if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy text about cookies and review the privacy policy or cookie policies of the respective service provider.
Pinterest also processes data from you in the USA, among other places. We would like to point out that according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can be associated with various risks to the lawfulness and security of data processing.
As a basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, thus especially in the USA) or data transfer there, Pinterest uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to third countries (such as the USA) and stored there. Through these clauses, Pinterest commits to complying with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
You can find more information about the standard contractual clauses at Pinterest at https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.
We have tried to provide you with the most important information about data processing by Pinterest. At https://policy.pinterest.com/de/privacy-policy you can learn more about Pinterest’s data policies.
Cookie Consent Management Platform Introduction
Cookie Consent Management Platform Summary 👥 Affected parties: Website visitors |
What is a Cookie Consent Management Platform?
We use Consent Management Platform (CMP) software on our website that makes it easier for us and you to handle the scripts and cookies used correctly and securely. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides the legally required cookie consent for you, and helps us and you keep track of all cookies. Most cookie consent management tools identify and categorize all existing cookies. As a website visitor, you then decide for yourself whether and which scripts and cookies you allow or don’t allow. The following graphic illustrates the relationship between browser, web server, and CMP.
Why Do We Use a Cookie Management Tool?
Our goal is to offer you the best possible transparency in the area of data protection. We are also legally obligated to do so. We want to inform you as well as possible about all tools and all cookies that can store and process data from you. It is also your right to decide which cookies you accept and which you don’t. To grant you this right, we must first know exactly which cookies have landed on our website in the first place. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information about them. You can then accept or reject cookies via the consent system.
Which data is processed?
Within our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The declaration of your consent is stored so that we don’t have to ask you again on every new visit to our website and can also prove your consent if legally required. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage duration of your cookie consent varies. Usually, this data (such as pseudonymous user ID, consent timestamp, details on cookie categories or tools, browser, device information) is stored for up to two years.
Duration of Data Processing
We inform you about the duration of data processing further below, if we have additional information about it. In general, we process personal data only as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies are stored for different lengths of time. Some cookies are deleted immediately after leaving the website, others can be stored in your browser for several years. The exact duration of data processing depends on the tool used, but you should usually expect a storage duration of several years. In the respective privacy policies of the individual providers, you will generally find precise information about the duration of data processing.
Right to Object
You also have the right and the option to revoke your consent to the use of cookies at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.
Information about specific cookie management tools can be found – if available – in the following sections.
Legal Basis
If you consent to cookies, personal data about you will be processed and stored through these cookies. If we are allowed to use cookies through your consent (Article 6(1)(a) GDPR), this consent is also the legal basis for the use of cookies or the processing of your data. In order to be able to manage the consent to cookies and to enable you to give your consent, a cookie consent management platform software is used. The use of this software enables us to operate the website efficiently in a legally compliant manner, which represents a legitimate interest (Article 6(1)(f) GDPR).
BorlabsCookie Privacy Policy
We use BorlabsCookie on our website, which among other things is a tool for storing your cookie consent. The service provider is the German company Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany.
You can find out more about the data processed through the use of BorlabsCookie in the Privacy Policy at
https://de.borlabs.io/datenschutz/.
Audio Video Introduction
Audio Video Privacy Policy Summary 👥 Affected parties: Website visitors |
What are Audio and Video Elements?
We have integrated audio or video elements on our website so that you can directly watch videos or listen to music/podcasts on our website. The content is provided by service providers. All content is therefore also obtained from the respective servers of the providers.
These are embedded functional elements from platforms such as YouTube, Vimeo or Spotify. The use of these portals is usually free of charge, but paid content can also be published. With the help of these embedded elements, you can listen to or view the respective content via our website.
If you use audio or video elements on our website, personal data may also be transmitted to the service providers, processed and stored.
Why Do We Use Audio Video Elements on our Website?
Of course, we want to provide you with the best offer on our website. We are aware that content is no longer conveyed merely through text and static images. Instead of simply giving you a link to a video, we offer audio and video formats directly on our website that are entertaining or informative, and ideally both. This expands our service and makes it easier for you to access interesting content. Thus, in addition to our texts and images, we also offer video and/or audio content.
What Data is Stored by Audio Video Elements?
When you access a page on our website that has an embedded video, for example, your server connects with the service provider’s server. In the process, data from you is also transferred to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system, and other general information about your device. Furthermore, most providers also collect information about your web activity. This includes session duration, bounce rate, which button you clicked on, or which website you use the service through. All this information is usually stored via cookies or pixel tags (also called web beacons). Pseudonymized data is mostly stored in cookies in your browser. You can always find out exactly what data is stored and processed in the privacy policy of the respective provider.
Duration of Data Processing
You can find out exactly how long the data is stored on the third-party providers’ servers either further down in the privacy text of the respective tool or in the provider’s privacy policy. In principle, personal data is only processed for as long as is absolutely necessary for the provision of our services or products. This usually applies to third-party providers as well. In most cases, you can assume that certain data will be stored on the third-party providers’ servers for several years. Data can be stored in cookies for different lengths of time. Some cookies are deleted immediately after leaving the website, others can be stored in your browser for several years.
Right to Object
You also have the right and the opportunity to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser. The lawfulness of the processing up to the revocation remains unaffected.
Since cookies are usually also used by the embedded audio and video functions on our site, you should also read our general privacy policy on cookies. You can find out more details about the handling and storage of your data in the privacy policies of the respective third-party providers.
Legal Basis
If you have consented to data being processed and stored by embedded audio and video elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the embedded audio and video elements if you have given your consent.
Vimeo Privacy Policy
Vimeo Privacy Policy Summary 👥 Affected parties: Website visitors |
What is Vimeo?
We also use videos from the company Vimeo on our website. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plugin, we can show you interesting video material directly on our website. In the process, certain data from you may be transferred to Vimeo. In this privacy policy, we show you what data is involved, why we use Vimeo, and how you can manage or prevent the transfer of your data.
Vimeo is a video platform founded in 2004 that has enabled streaming of HD quality videos since 2007. Since 2015, streaming in 4K Ultra HD is also possible. The use of the portal is free, but paid content can also be published. Compared to market leader YouTube, Vimeo primarily focuses on high-quality content. The portal offers many artistic contents such as music videos and short films, as well as informative documentaries on various topics.
Why Do We Use Vimeo on our Website?
The goal of our web presence is to provide you with the best possible content, as easily accessible as possible. Only when we have achieved this are we satisfied with our service. The video service Vimeo helps us achieve this goal. Vimeo offers us the opportunity to present high-quality content directly on our website. Instead of just giving you a link to an interesting video, you can watch the video right here with us. This expands our service and makes it easier for you to access interesting content. Thus, in addition to our texts and images, we also offer video content.
What Data is Stored on Vimeo?
When you visit a page on our website that has a Vimeo video embedded, your browser connects to Vimeo’s servers. This results in a data transfer. This data is collected, stored, and processed on Vimeo’s servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical information about your browser type, your operating system, or basic device information. Furthermore, Vimeo stores information about which website you use the Vimeo service on and what actions (web activities) you perform on our website. These web activities include, for example, session duration, bounce rate, or which button you clicked on our website with built-in Vimeo functionality. Vimeo can track and store these actions using cookies and similar technologies.
If you are logged in as a registered member of Vimeo, more data can usually be collected, as more cookies may already be set in your browser. In addition, your actions on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while “surfing” on our website.
Below we show you cookies that are set by Vimeo when you are on a website with integrated Vimeo functionality. This list does not claim to be complete and assumes that you do not have a Vimeo account.
Name: player
Value: “”
Purpose: This cookie saves your settings before you play an embedded Vimeo video. This way, you get your preferred settings again the next time you watch a Vimeo video.
Expiry date: after one year
Name: vuid
Value: pl1046149876.614422590112893550-4
Purpose:
This cookie collects information about your actions on websites that have a Vimeo video embedded.
Expiry date:
after 2 years
Note: These two cookies are always set as soon as you are on a website with an embedded Vimeo video. When you watch the video and click on the button to “share” or “like” the video, for example, additional cookies are set. These are also third-party cookies such as _ga or _gat_UA-76641-8 from Google Analytics or _fbp from Facebook. Which cookies are set here exactly depends on your interaction with the video.
The following list shows an excerpt of possible cookies that are set when you interact with the Vimeo video:
Name: _abexps
Value: %5B%5D
Purpose: This Vimeo cookie helps Vimeo remember the settings you have made. This can be, for example, a preset language, a region or a username. In general, the cookie stores data about how you use Vimeo.
Expiry date: after one year
Name: continuous_play_v3
Value: 1
Purpose: This cookie is a first-party cookie from Vimeo. The cookie collects information about how you use the Vimeo service. For example, the cookie stores when you pause or resume playing a video.
Expiration date: after one year
Name: _ga
Value: GA1.2.1522249635.1578401280112893550-7
Purpose: This cookie is a third-party cookie from Google. By default, analytics.js uses the _ga cookie to store the User ID. Basically, it serves to distinguish website visitors.
Expiration date: after 2 years
Name: _gcl_au
Value: 1.1.770887836.1578401279112893550-3
Purpose: This third-party cookie from Google AdSense is used to improve the efficiency of advertisements on websites.
Expiration date: after 3 months
Name: _fbp
Value: fb.1.1578401280585.310434968
Purpose: This is a Facebook cookie. This cookie is used to display advertisements or advertising products from Facebook or other advertisers.
Expiration date: after 3 months
Vimeo uses this data, among other things, to improve its own service, to communicate with you, and to set its own targeted advertising measures. Vimeo emphasizes on its website that only first-party cookies (i.e., cookies from Vimeo itself) are used for embedded videos, as long as you don’t interact with the video.
How Long and where is the Data Stored?
Vimeo is headquartered in White Plains, New York (USA). However, the services are offered worldwide. The company uses computer systems, databases, and servers in the USA and other countries. Your data may therefore be stored and processed on servers in America. The data remains stored at Vimeo for as long as the company has an economic reason for storage. When this is no longer the case, the data is deleted or anonymized.
How Can I Delete My Data or Prevent Data Storage?
You always have the option to manage cookies in your browser according to your preferences. If, for example, you don’t want Vimeo to set cookies and thus collect information about you, you can delete or deactivate cookies in your browser settings at any time. This works slightly differently depending on the browser. Please note that after deactivating/deleting cookies, various functions may no longer be available to their full extent. Under the section “Cookies”, you will find the corresponding links to the instructions for the most popular browsers.
If you are a registered Vimeo member, you can also manage the cookies used in the settings at Vimeo.
Legal Basis
If you have consented to data being processed and stored by embedded Vimeo elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the embedded Vimeo elements if you have given your consent. Vimeo also sets cookies in your browser to store data. Therefore, we recommend that you read our privacy text about cookies carefully and view the privacy policy or cookie policies of the respective service provider.
Vimeo also processes your data in the USA, among other places. We would like to point out that according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This may be associated with various risks to the lawfulness and security of data processing.
As a basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or for data transfer there, Vimeo uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR). Standard contractual clauses (Standard Contractual Clauses – SCC) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through these clauses, Vimeo commits to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
You can find more information about the standard contractual clauses at Vimeo at https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights.
You can learn more about the use of cookies at Vimeo on https://vimeo.com/cookie_policy, and information about data protection at Vimeo can be found at https://vimeo.com/privacy.
YouTube Privacy Policy
YouTube Privacy Policy Summary 👥 Affected: Website visitors |
What is YouTube?
We have embedded YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that has a YouTube video embedded, your browser automatically connects to the servers of YouTube or Google. Various data is transferred in the process (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in the European area.
In the following, we want to explain to you in more detail which data is processed, why we have embedded YouTube videos, and how you can manage or delete your data.
On YouTube, users can watch, rate, comment on, and upload videos for free. Over the last few years, YouTube has become one of the most important social media channels worldwide. For us to display videos on our website, YouTube provides a code snippet that we have embedded on our site.
Why Do We Use YouTube Videos on our Website?
YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course, interesting videos should not be missing. With the help of our embedded videos, we provide you with additional helpful content in addition to our texts and images. Additionally, our website is easier to find on the Google search engine thanks to the embedded videos. Even when we run advertising campaigns through Google Ads, Google can – thanks to the collected data – really only show these ads to people who are interested in our offers.
What Data is Stored by YouTube?
As soon as you visit one of our pages that has a YouTube video built in, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually associate your interactions on our website with your profile using cookies. This includes data such as session duration, bounce rate, approximate location, technical information like browser type, screen resolution, or your internet provider. Additional data can include contact details, any ratings, sharing content via social media, or adding to your favorites on YouTube.
If you’re not logged into a Google account or a YouTube account, Google stores data with a unique identifier linked to your device, browser, or app. For example, your preferred language setting is retained. But many interaction data cannot be stored because fewer cookies are set.
In the following list, we show cookies that were set in a test in the browser. On one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be exhaustive, as user data always depends on the interactions on YouTube.
Name: YSC
Value: b9-CV6ojI5Y112893550-1
Purpose: This cookie registers a unique ID to store statistics of the viewed video.
Expiration date: after session end
Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics via PREF on how you use YouTube videos on our website.
Expiration date: after 8 months
Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track the GPS location.
Expiration date: after 30 minutes
Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie tries to estimate the user’s bandwidth on our pages (with embedded YouTube video).
Expiration date: after 8 months
Additional cookies that are set when you are logged in to your YouTube account:
Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7112893550-
Purpose: This cookie is used to create a profile about your interests. The data is used for personalized advertisements.
Expiration date: after 2 years
Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user’s consent to the use of various Google services. CONSENT also serves security purposes to verify users and protect user data from unauthorized attacks.
Expiration date: after 19 years
Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile about your interests. This data helps to display personalized advertising.
Expiration date: after 2 years
Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL…
Purpose: Information about your login data is stored in this cookie.
Expiration date: after 2 years
Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile about your interests.
Expiration date: after 2 years
Name: SID
Value: oQfNKjAsI112893550-
Purpose: This cookie stores your Google Account ID and your last login time in digitally signed and encrypted form.
Expiration date: after 2 years
Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information about how you use the website and what advertising you may have seen before visiting our site.
Expiration date: after 3 months
How Long and where is the Data Stored?
The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. At https://www.google.com/about/datacenters/locations/?hl=en you can see exactly where the Google data centers are located. Your data is distributed across the servers. This way, the data can be retrieved more quickly and is better protected against manipulation.
Google stores the collected data for varying lengths of time. Some data you can delete at any time, others are automatically deleted after a limited time, and still others are stored by Google for longer periods. Some data (such as elements from “My Activity”, photos or documents, products) that are stored in your Google Account remain stored until you delete them. Even when you’re not signed in to a Google Account, you can delete some data associated with your device, browser, or app.
How Can I Delete My Data or Prevent Data Storage?
In general, you can manually delete data in your Google Account. With the automatic deletion function for location and activity data introduced in 2019, information is stored for either 3 or 18 months depending on your choice, and then deleted.
Regardless of whether you have a Google Account or not, you can configure your browser to delete or deactivate cookies from Google. Depending on which browser you use, this works in different ways. Under the section “Cookies” you will find the corresponding links to the instructions for the most popular browsers.
If you generally don’t want any cookies, you can set up your browser to always inform you when a cookie is about to be set. This way, you can decide for each individual cookie whether to allow it or not.
Legal Basis
If you have consented to data from you being processed and stored by embedded YouTube elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the embedded YouTube elements if you have given your consent. YouTube also sets cookies in your browser to store data. Therefore, we recommend that you carefully read our privacy text about cookies and view the privacy policy or cookie policies of the respective service provider.
YouTube also processes data from you in the USA, among other places. YouTube, or Google, is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Google uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard contractual clauses (SCC) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google commits to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
As YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to learn more about how your data is handled, we recommend you read the privacy policy at https://policies.google.com/privacy?hl=de.
YouTube Subscribe Button Privacy Policy
We have integrated the YouTube Subscribe Button on our website. You usually recognize the button by the classic YouTube logo. The logo shows the words “Subscribe” or “YouTube” in white text on a red background, with the white “play symbol” to the left of it. However, the button may also be displayed in a different design.
Our YouTube channel offers you funny, interesting or exciting videos time and again. With the built-in “Subscribe Button”, you can subscribe to our channel directly from our website and don’t have to visit the YouTube website separately. We want to make access to our comprehensive content as easy as possible for you. Please note that YouTube may store and process data about you as a result.
When you see a built-in subscribe button on our page, YouTube – according to Google – sets at least one cookie. This cookie stores your IP address and our URL. YouTube can also learn information about your browser, your approximate location and your preset language. In our test, the following four cookies were set without being logged into YouTube:
Name: YSC
Value: b9-CV6ojI5112893550Y
Purpose: This cookie registers a unique ID to store statistics of the viewed video.
Expiry date: after end of session
Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics via PREF on how you use YouTube videos on our website.
Expiration date: after 8 months
Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track the GPS location.
Expiration date: after 30 minutes
Name: VISITOR_INFO1_LIVE
Value: 11289355095Chz8bagyU
Purpose: This cookie attempts to estimate the user’s bandwidth on our websites (with embedded YouTube video).
Expiration date: after 8 months
Note: These cookies were set after a test and may not claim to be complete.
If you are logged into your YouTube account, YouTube can store many of your actions/interactions on our website using cookies and associate them with your YouTube account. YouTube thereby receives information such as how long you surf on our site, which browser type you use, which screen resolution you prefer, or which actions you perform.
YouTube uses this data on the one hand to improve its own services and offers, and on the other hand to provide analyses and statistics for advertisers (who use Google Ads).
YouTube IFrame Player Privacy Policy
We also use the YouTube IFrame Player to embed videos on our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
Google processes data from you in the USA, among other places. YouTube or Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Google uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR). Standard contractual clauses (Standard Contractual Clauses – SCC) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google commits to complying with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
You can find the Google Ads Data Processing Terms, which refer to the standard contractual clauses, at https://business.safety.google/intl/de/adsprocessorterms/.
You can find out more about the data processed by using the YouTube IFrame Player in the Privacy Policy at https://policies.google.com/privacy?hl=en.
YouTube Video Widget Privacy Policy
We also use the YouTube Video Widget on our website. The service provider is the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
Google processes data from you in the USA, among other places. YouTube or Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Google also uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR). Standard contractual clauses (SCC) are template forms provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Google commits to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
You can learn more about the data processed through the use of the YouTube video widget in the Privacy Policy at https://policies.google.com/privacy?hl=de.
Explanation of Terms Used
We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used, which we may not have sufficiently addressed in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also include the GDPR texts here and add our own explanations if necessary.
Data Processor
Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the controllers, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. Processors can therefore be, in addition to service providers such as tax advisors, for example, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.
Consent
Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Explanation: Usually, such consent on websites is given via a cookie consent tool. You probably know this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to or consent to data processing. You can usually also make individual settings and thus decide for yourself which data processing you allow and which you don’t. If you do not consent, no personal data about you may be processed. In principle, consent can of course also be given in writing, i.e. not via a tool.
Personal Data
Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“personal data”
means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Explanation: Personal data is therefore all data that can identify you as a person. This typically includes data such as:
- Name
- Address
- Email address
- Postal address
- Phone number
- Date of birth
- Identification numbers such as social security number, tax identification number, ID card number or matriculation number
- Bank details such as account number, credit information, account balances, etc.
According to the European Court of Justice (ECJ), your IP address also counts as personal data. IT experts can use your IP address to determine at least the approximate location of your device and subsequently you as the connection owner. Therefore, storing an IP address also requires a legal basis in the sense of the GDPR. There are also so-called “special categories” of personal data that are particularly worthy of protection. These include:
- racial and ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data such as data taken from blood or saliva samples
- biometric data (this is information on psychological, physical or behavioral characteristics that can identify a person).
Health data - Data concerning a person’s sex life or sexual orientation
Profiling
Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
Explanation: Profiling involves gathering various pieces of information about a person to learn more about that person. In the web sector, profiling is often used for advertising purposes or for credit checks. For example, web or advertising analysis programs collect data about your behavior and interests on a website. This results in a special user profile, which can be used to target advertising to a specific audience.
Controller
Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Explanation: In our case, we are responsible for the processing of your personal data and consequently the “Controller”. If we pass on collected data to other service providers for processing, they are “Processors”. For this, a “Data Processing Agreement (DPA)” must be signed.
Processing
Definition according to Article 4 of the GDPR
For the purposes of this Regulation:
“Processing”
means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Note: When we talk about processing in our privacy policy, we mean any type of data processing. As mentioned above in the original GDPR explanation, this includes not only the collection but also the storage and processing of data.
All texts are protected by copyright.