Privacy Policy

Controller

Legal Notice

Types of data processed:

• Inventory data (e.g., names, addresses).
• Contact data (e.g., email, telephone numbers).
• Content data (e.g., text entries, photographs, videos).
• Usage data (e.g., websites visited, interest in content, access times).
• Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects

Visitors and users of the online offering (hereinafter we also refer to the data subjects collectively as "users").

Purpose of processing

• Provision of the online offering, its functions and content.
• Responding to contact requests and communicating with users.
• Security measures.
• Reach measurement / marketing

Definitions used

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.

"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Applicable legal bases

In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. Where the legal basis is not stated in this Privacy Policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) GDPR; the legal basis for processing in order to fulfil our legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing in order to protect our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g. if a transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6(1)(b) GDPR), you have consented, a legal obligation provides for it, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

Where we commission third parties to process data on the basis of a so-called "data processing agreement", this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this only takes place if it is necessary to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. That is, the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection equivalent to that of the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

Rights of data subjects

You have the right to request confirmation as to whether relevant data is being processed and to obtain information about such data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.

In accordance with Art. 17 GDPR, you have the right to request that relevant data be deleted without undue delay, or alternatively, in accordance with Art. 18 GDPR, to request a restriction of the processing of the data.

You have the right to request that the data concerning you which you have provided to us be received in accordance with Art. 20 GDPR and to request its transmission to other controllers.

You also have the right, pursuant to Art. 77 GDPR, to lodge a complaint with the competent supervisory authority.

Right of withdrawal

You have the right to revoke any consent given pursuant to Art. 7(3) GDPR with effect for the future.

Right to object

You may object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes.

Cookies and right to object to direct marketing

"Cookies" are small files that are stored on users' computers. Various types of information can be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offering. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offering and closes their browser. For example, the contents of a shopping cart in an online shop or a login status can be stored in such a cookie. "Permanent" or "persistent" cookies are cookies that remain stored even after the browser is closed. For example, the login status can be saved when users return after several days. The interests of users, which are used for reach measurement or marketing purposes, can also be stored in such a cookie. "Third-party cookies" are cookies offered by providers other than the controller operating the online offering (otherwise, if they are only the controller's own cookies, they are referred to as "first-party cookies").

We may use temporary and permanent cookies and inform you of this within the scope of our Privacy Policy.

If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Disabling cookies may result in functional limitations of this online offering.

A general objection to the use of cookies for online marketing purposes can be made for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, cookies can be prevented from being stored by disabling them in the browser settings. Please note that in this case it may not be possible to use all functions of this online offering.

Deletion of data

The data processed by us is deleted or restricted in its processing in accordance with Arts. 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. That is, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

In accordance with German legal requirements, data is retained in particular for 6 years pursuant to § 257(1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years pursuant to § 147(1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

In accordance with Austrian legal requirements, data is retained in particular for 7 years pursuant to § 132(1) BAO (accounting documents, vouchers/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years in connection with documents relating to electronically supplied services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU member states for which the Mini-One-Stop-Shop (MOSS) is used.

Hosting

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offering.

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offering on the basis of our legitimate interests in the efficient and secure provision of this online offering pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

Collection of access data and log files

We, or our hosting provider, collect data about each access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR. The access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security purposes (e.g. to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.

Administration, financial accounting, office organisation, contact management

We process data in the context of administrative tasks as well as the organisation of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the course of providing our contractual services. The legal bases are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in administration, financial accounting, office organisation, archiving of data — in other words, tasks that serve to maintain our business activities, fulfil our duties and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information stated for these processing activities.

In this context, we disclose or transmit data to the tax authorities, advisors such as tax consultants or auditors, as well as other fee offices and payment service providers.

Furthermore, we store information about suppliers, organisers and other business partners on the basis of our business interests, e.g. for the purpose of making contact at a later date. This predominantly company-related data is stored by us on a permanent basis.

Contact

When contacting us (e.g. via contact form, email, telephone or social media), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6(1)(b) GDPR. The users' details may be stored in a Customer Relationship Management System ("CRM system") or comparable request organisation system.

We delete requests if they are no longer required. We review the necessity every two years; the statutory archiving obligations also apply.

Online presences in social media

We maintain online presences within social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in this Privacy Policy, we process users' data when they communicate with us within social networks and platforms, e.g. writing posts on our online presences or sending us messages.