Introduction and Overview
To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our capabilities, for third parties to draw conclusions about personal information from our data.
Art. 25 GDPR refers to “data protection by design and by default” and means that security is always considered and appropriate measures are implemented, both for software (e.g., forms) and hardware (e.g., access to the server room). Where necessary, we address specific measures below.
TLS Encryption with HTTPS
TLS, encryption, and https sound very technical—and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet, protected against interception. This means that the complete transmission of all data from your browser to our web server is secured—no one can “listen in”.
This adds an additional layer of security and fulfills data protection by design (Art. 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize this protection by the small lock symbol in the upper left of the browser, to the left of the internet address (e.g., beispielseite.de), and by the use of the scheme https (instead of http) as part of our internet address.
If you would like to learn more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find good links to further information.
Communication
Communication Summary
👥 Affected persons: Everyone who communicates with us by phone, email, or online form
📓 Processed data: e.g., phone number, name, email address, entered form data. More details can be found under the respective method of contact
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Storage period: Duration of the business case and statutory requirements
⚖ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interests)
If you contact us and communicate by phone, email, or online form, personal data may be processed. The data is processed to handle and respond to your inquiry and the related business transaction. The data is stored for as long as the business case lasts and/or as long as required by law.
Affected persons
All those who seek contact with us via the communication channels we provide are affected.
Telephone
If you call us, the call data is stored pseudonymized on the respective end device and by the telecommunications provider used. In addition, data such as name and phone number may subsequently be sent by email and stored to answer the inquiry. The data will be deleted as soon as the business case has ended and statutory requirements allow it.
Email
If you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and data is stored on the email server. The data will be deleted as soon as the business case has ended and statutory requirements allow it.
Online forms
If you communicate with us via an online form, data is stored on our web server and may be forwarded to one of our email addresses. The data will be deleted as soon as the business case has ended and statutory requirements allow it.
Legal bases
Processing is based on the following legal bases:
Art. 6(1)(a) GDPR (consent): You consent to us storing your data and continuing to use it for purposes related to the specific business case;
Art. 6(1)(b) GDPR (contract): Processing is necessary to fulfill a contract with you or with a processor (e.g., the phone provider), or we must process the data for pre-contractual measures such as preparing an offer;
Art. 6(1)(f) GDPR (legitimate interests): We want to handle customer inquiries and business communication professionally. Certain technical systems such as email programs, Exchange servers, and mobile network operators are necessary to operate communication efficiently.
Data Processing Agreement (DPA)
In this section, we explain what a data processing agreement is and why it is required. Because the term “data processing agreement” is quite a mouthful, we will also use the acronym DPA in this text. Like most companies, we do not work alone; we also use services from other companies or individuals. By involving various companies and service providers, it may be necessary to disclose personal data for processing. These partners then act as processors, with whom we conclude a contract—the data processing agreement (DPA). The most important thing for you to know is that processing of your personal data is carried out exclusively on our instructions and must be regulated by the DPA.
Who are processors?
As a company and website operator, we are responsible for all data we process about you. In addition to controllers, there can be so-called processors. This includes any company or person that processes personal data on our behalf. More precisely, according to the GDPR definition: any natural or legal person, public authority, agency, or other body that processes personal data on our behalf is considered a processor. Processors can therefore include service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.
For better understanding, here is an overview of the three roles in the GDPR:
Data subject (you as customer or interested party) → Controller (us as company and client) → Processor (service providers such as web host or cloud provider)
Content of a DPA
As mentioned above, we have concluded a DPA with our partners who act as processors. This states, above all, that the processor processes the data exclusively in accordance with the GDPR. The contract must be concluded in writing; in this context, electronic conclusion is also considered “in writing”. Processing of personal data only takes place on the basis of this contract. The contract must include:
binding to us as the controller
duties and rights of the controller
categories of data subjects
type of personal data
nature and purpose of data processing
subject matter and duration of processing
place where processing is carried out
In addition, the contract contains all obligations of the processor. The most important obligations are:
ensuring measures for data security
taking possible technical and organizational measures to protect the rights of the data subject
maintaining a record of processing activities
cooperating with the data protection supervisory authority upon request
carrying out a risk analysis regarding the personal data received
engaging sub-processors only with the written authorization of the controller
You can view what such a DPA might look like, for example, at:
https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertragauftragsverarbeitung.html
A sample contract is presented there.
Cookies
👥 Affected persons: Visitors to the website
🤝 Purpose: depends on the respective cookie. More details can be found below and/or from the manufacturer of the software that sets the cookie.
📓 Processed data: depends on the cookie used. More details can be found below and/or from the manufacturer.
📅 Storage period: depends on the cookie, ranging from hours to years
⚖ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What are cookies?
Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used so that you can better understand this privacy policy.
Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing is certain: cookies are very useful helpers. Almost all websites use cookies. More precisely, these are HTTP cookies, since there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data about you, such as language settings or personal page settings. When you revisit our site, your browser sends the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are accustomed to. In some browsers each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.
The following graphic shows a possible interaction between a web browser such as Chrome and the web server: the browser requests a website and receives a cookie from the server, which the browser uses again as soon as another page is requested.
There are first-party cookies and third-party cookies. First-party cookies are created directly by our site; third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be assessed individually because each cookie stores different data. The expiration time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other “malware”. Cookies also cannot access information on your PC.
Cookie data can look like this, for example:
Name: _ga
Value: GA1.2.1326744211.152112665917-9
Purpose: Distinguishing website visitors
Expiration: after 2 years
The following minimum sizes should be supported by a browser:
at least 4096 bytes per cookie
at least 50 cookies per domain
at least 3000 cookies in total
What types of cookies are there?
Which cookies we use specifically depends on the services used and is clarified in the following sections of this privacy policy. At this point we would like to briefly address the various types of HTTP cookies.
Four types of cookies can be distinguished:
Essential cookies
These cookies are necessary to ensure basic website functions. For example, these cookies are needed when a user puts a product in the shopping cart, then continues browsing on other pages, and later proceeds to checkout. These cookies ensure the shopping cart is not deleted even if the user closes the browser window.
Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies measure loading time and the behavior of the website with different browsers.
Targeted cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes, or form data are stored.
Advertising cookies
These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.
Typically, when you first visit a website, you are asked which of these cookie types you want to allow. And of course, this decision is also stored in a cookie.
If you want to learn more about cookies and do not shy away from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments by the Internet Engineering Task Force (IETF) entitled “HTTP State Management Mechanism”.
Purpose of processing via cookies
The purpose ultimately depends on the respective cookie. More details can be found below and/or from the manufacturer of the software that sets the cookie.
What data is processed?
Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed and stored data within the scope of this privacy policy.
Cookie storage period
The storage period depends on the respective cookie and is specified below. Some cookies are deleted after less than an hour; others can remain stored on a computer for several years.
You also have influence over the storage period. You can manually delete all cookies at any time via your browser (see also “Right to object” below). Furthermore, cookies that are based on consent will be deleted at the latest when you revoke your consent, whereby the lawfulness of storage up to that point remains unaffected.
Right to object – how can I delete cookies?
How and whether you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete cookies, disable them, or allow them only in part. For example, you can block third-party cookies while allowing all other cookies.
If you want to find out which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:
Chrome: Delete, enable and manage cookies in Chrome
Safari: Manage cookies and website data with Safari
Firefox: Delete cookies to remove information that websites have stored on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies
If you generally do not want any cookies, you can set your browser to always inform you when a cookie is to be set. This allows you to decide individually for each cookie whether you want to allow it or not. The procedure varies depending on the browser. It is best to search Google for instructions using a search term such as “delete cookies Chrome” or “disable cookies Chrome” in the case of the Chrome browser.
Legal basis
Since 2009, there have been the so-called “cookie guidelines”. These state that storing cookies requires your consent (Art. 6(1)(a) GDPR). Within EU countries, however, reactions to these guidelines still vary widely. In Austria, the implementation of this directive took place in Section 96(3) of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not implemented as national law. Instead, this directive was largely implemented in Section 15(3) of the Telemedia Act (TMG).
For strictly necessary cookies, even where no consent has been given, there are legitimate interests (Art. 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often absolutely necessary for this. Where non-essential cookies are used, this happens only with your consent. The legal basis in that case is Art. 6(1)(a) GDPR. In the following sections, you will be informed in more detail about the use of cookies, insofar as the software used employs cookies.
Web Hosting Introduction
Web Hosting Summary
👥 Affected persons: Visitors to the website
🤝 Purpose: Professional hosting of the website and securing operation
📓 Processed data: IP address, time of website visit, browser used, and other data. More details can be found below and/or from the respective web hosting provider
📅 Storage period: depends on the provider, but usually 2 weeks
⚖ Legal basis: Art. 6(1)(f) GDPR (legitimate interests)
What is web hosting?
When you visit websites today, certain information—including personal data—is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By “website” we mean the totality of all web pages on a domain, i.e., everything from the home page to the very last subpage (like this one). By “domain” we mean, for example, beispiel.de or musterbeispiel.com.
To view a website on a computer, tablet, or smartphone, you use a program called a web browser. You likely know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We refer to them simply as “browser” or “web browser”.
To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complex and time-consuming task, which is why this is usually handled by professional providers. They offer web hosting and thus ensure reliable and error-free storage of website data. A lot of technical terms, but please stay with us—it gets even better!
When the browser on your computer (desktop, laptop, tablet, or smartphone) establishes a connection and during data transmission to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must store data for a certain period to ensure proper operation.
A picture says more than a thousand words; the following graphic illustrates the interaction between browser, the internet, and the hosting provider.
Why do we process personal data?
The purposes of data processing are:
professional hosting of the website and securing operation
maintaining operational and IT security
anonymous evaluation of access behavior to improve our offering and, if necessary, for prosecution or assertion of claims
What data is processed?
While you are visiting our website, our web server (the computer on which this website is stored) usually automatically stores data such as:
the full internet address (URL) of the accessed page
browser and browser version (e.g., Chrome 87)
operating system used (e.g., Windows 10)
the address (URL) of the previously visited page (referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen/)
the host name and IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
date and time
in files, the so-called web server log files
How long is data stored?
As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass this data on, but we cannot rule out that this data may be viewed by authorities in the event of unlawful behavior.
In short: Your visit is logged by our provider (the company that operates our website on special computers (servers)), but we do not pass on your data without consent.
Legal basis
The lawfulness of processing personal data within the scope of web hosting results from Art. 6(1)(f) GDPR (legitimate interests), because the use of professional hosting by a provider is necessary in order to present the company on the internet securely and user-friendly and to be able to pursue attacks and resulting claims where appropriate.
As a rule, a processing agreement pursuant to Art. 28 et seq. GDPR exists between us and the hosting provider, ensuring compliance with data protection and guaranteeing data security.
Website Builder Systems Introduction
Website Builder Systems Privacy Policy Summary
👥 Affected persons: Visitors to the website
🤝 Purpose: Optimization of our service
📓 Processed data: Data such as technical usage information (browser activity, clickstream activity, session heatmaps), as well as contact details, IP address, or your geographic location. More details can be found below in this privacy policy and in the provider’s privacy policy
📅 Storage period: depends on the provider
⚖ Legal bases: Art. 6(1)(f) GDPR (legitimate interests), Art. 6(1)(a) GDPR (consent)
What are website builder systems?
We use a website builder system for our website. Builder systems are special forms of a content management system (CMS). With a builder system, website operators can create a website very easily and without programming knowledge. In many cases, web hosts also offer builder systems. Through the use of a builder system, personal data may be collected, stored, and processed. In this data protection text, we provide general information about data processing by builder systems. More detailed information can be found in the provider’s privacy policy.
Why do we use website builder systems for our website?
The biggest advantage of a builder system is ease of use. We want to offer you a clear, simple, and well-structured website that we can operate and maintain ourselves—without external support. A builder system now offers many helpful functions that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and provide you with an informative and pleasant time on our website.
What data is stored by a builder system?
Which data is stored depends on the website builder system used. Each provider processes and collects different data about website visitors. In general, technical usage information is collected, such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your visit. In addition, tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) may be processed. Personal data may also be recorded and stored—most often contact data such as email address, phone number (if provided), IP address, and geographic location data. The exact data stored can be found in the provider’s privacy policy.
How long and where is the data stored?
We will inform you further below about the duration of data processing in connection with the website builder system used, insofar as we have further information. The provider’s privacy policy contains detailed information. In general, we process personal data only for as long as is absolutely necessary to provide our services and products. The provider may store your data according to its own criteria, over which we have no influence.
Right to object
You always have the right to access, rectification, and deletion of your personal data. If you have questions, you can also contact the controller of the website builder system used at any time. Contact details can be found either in our privacy policy or on the website of the respective provider. Cookies used by providers for their functions can be deleted, disabled, or managed in your browser. Depending on the browser you use, this works in different ways. Please note, however, that not all functions may work as usual.
Legal basis
We have a legitimate interest in using a website builder system to optimize our online service and present it efficiently and attractively for you. The corresponding legal basis is Art. 6(1)(f) GDPR (legitimate interests). However, we use the builder only insofar as you have given consent. Where data processing is not strictly necessary for operating the website, the data is processed only on the basis of your consent. This applies in particular to tracking activities. The legal basis in that case is Art. 6(1)(a) GDPR. With this privacy policy we have provided you with the most important general information about data processing. If you would like even more detailed information, you will find further information—if available—in the following section and/or in the provider’s privacy policy.
WordPress.com Privacy Policy
We use the well-known content management system WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.
What is WordPress?
The company was founded in 2003 and developed within a relatively short time into one of the best-known content management systems (CMS) worldwide. A CMS is software that helps us design our website and display content in a nice, organized way. Content can be text, audio, and video. Through the use of WordPress, personal data may be collected, stored, and processed. Generally, mainly technical data is stored, such as operating system, browser, screen resolution, or hosting provider. However, personal data such as IP address, geographic data, or contact data may also be processed.
Why do we use WordPress?
Programming is not part of our core competence. Nevertheless, we want a powerful and appealing website that we can also manage and maintain ourselves. A website builder system or a CMS such as WordPress makes exactly that possible. With WordPress, we do not need to be programming experts to offer you a nice website. Thanks to WordPress, we can operate our website quickly and easily even without technical knowledge. If technical problems occur or we have special requirements for our website, our specialists who are familiar with HTML, PHP, CSS, etc. are still available.
How secure is data transfer with WordPress?
WordPress also processes your data in the USA, among other places. WordPress is an active participant in the EU–US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at:
https://commission.europa.eu/document/fa09cbaddd7d-4684-ae60-be03fcb0fddf_en
In addition, WordPress uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through the EU–US Data Privacy Framework and the SCCs, WordPress undertakes to maintain the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the SCCs here, among other places:
https://eurlex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The data processing agreements that correspond to the SCCs can be found at:
https://wordpress.com/support/data-processing-agreements/
You can find out more about the data processed through the use of WordPress.com in the privacy policy at:
https://automattic.com/de/privacy/
Content Delivery Networks Introduction
Content Delivery Networks Privacy Policy Summary
👥 Affected persons: Visitors to the website
🤝 Purpose: Optimization of our service (so the website can load faster)
📓 Processed data: Data such as your IP address. More details can be found below and in the individual privacy texts
📅 Storage period: Most data is stored until it is no longer needed to provide the service
⚖ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What is a content delivery network?
We use a so-called content delivery network (CDN) on our website. Most of the time, such a network is simply called a CDN. A CDN helps us load our website quickly and smoothly, regardless of your location. In doing so, personal data about you may be stored, managed, and processed on the servers of the CDN provider used. Below we provide general information about the service and its data processing. Detailed information about how your data is handled can be found in the provider’s respective privacy policy.
A CDN is a network of regionally distributed servers connected to each other via the internet. Through this network, content from websites (especially very large files) can be delivered quickly and smoothly even during major load peaks. The CDN creates a copy of our website on its servers. Since these servers are distributed worldwide, the website can be delivered quickly. Data transmission to your browser is therefore significantly shortened by the CDN.
Why do we use a CDN?
A fast-loading website is part of our service. We know how annoying it is when a website loads at a snail’s pace. Often you lose patience and leave before the website finishes loading. We want to avoid that. Therefore, a fast-loading website is naturally part of our website offering. With a CDN, our website loads significantly faster in your browser. The use of a CDN is especially helpful when you are abroad because the website is delivered from a server near you.
What data is processed?
When you request a website or content and it is cached in a CDN, the CDN forwards the request to the server closest to you and delivers the content. CDNs are designed so that JavaScript libraries can be downloaded and hosted on npm and GitHub servers. Alternatively, many CDNs can also load WordPress plugins if they are hosted on WordPress.org. Your browser may send personal data to the CDN used by us. This may include data such as IP address, browser type, browser version, which webpage is loaded, or time and date of the visit. This data is collected and also stored by the CDN. Whether cookies are used for data storage depends on the network used. Please read the privacy text of the respective service.
Right to object
If you want to completely prevent this data transfer, you can install a JavaScript blocker (see for example https://noscript.net/) on your PC. Of course, our website may then no longer offer the usual service (such as fast loading speed).
Legal basis
If you have consented to the use of a CDN, the legal basis for the corresponding data processing is this consent. Under Art. 6(1)(a) GDPR (consent), this is the legal basis for processing personal data that may occur when a CDN is used. We also have a legitimate interest in using a CDN to optimize and make our online service more secure. The corresponding legal basis is Art. 6(1)(f) GDPR (legitimate interests). However, we use the tool only insofar as you have given consent. Information about specific CDNs can be found—if available—in the following sections.
Cookie Consent Management Platform Introduction
Cookie Consent Management Platform Summary
👥 Affected persons: Website visitors
🤝 Purpose: Obtaining and managing consent for certain cookies and thus the use of certain tools
📓 Processed data: Data for managing cookie settings such as IP address, time of consent, type of consent, individual consents. More details can be found with the tool used
📅 Storage period: Depends on the tool used; you should expect periods of several years
⚖ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What is a cookie consent management platform?
We use a consent management platform (CMP) software on our website, which helps us and you handle scripts and cookies correctly and securely. The software automatically creates a cookie pop-up, scans and controls all scripts and cookies, provides the legally required cookie consent under data protection law, and helps us and you keep track of all cookies. In most cookie consent management tools, all existing cookies are identified and categorized. As a website visitor, you then decide whether and which scripts and cookies you allow or do not allow. The following graphic illustrates the relationship between browser, web server, and CMP.
Why do we use a cookie management tool?
Our goal is to provide you with the greatest possible transparency in the area of data protection. In addition, we are legally obliged to do so. We want to inform you as well as possible about all tools and cookies that can store and process your data. It is also your right to decide which cookies you accept and which you do not. To give you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information. You can then accept or reject cookies via the consent system.
What data is processed?
As part of our cookie management tool, you can manage each cookie yourself and have full control over the storage and processing of your data. Your declaration of consent is stored so that we do not have to ask you again each time you visit our website and so that we can prove your consent if legally required. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage period of your cookie consent varies. Usually, this data (e.g., pseudonymous user ID, time of consent, details about cookie categories or tools, browser and device information) is stored for up to two years.
Duration of data processing
We will inform you further below about the duration of data processing, insofar as we have further information. In general, we process personal data only as long as it is absolutely necessary to provide our services and products. Data stored in cookies is stored for varying lengths of time. Some cookies are deleted immediately after leaving the website; others can remain stored in your browser for several years. The exact duration depends on the tool used; in most cases you should expect several years. The privacy policies of the individual providers usually contain precise information about the duration.
Right to object
You have the right and the option to revoke your consent to the use of cookies at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can prevent data collection through cookies by managing, disabling, or deleting cookies in your browser. Information about specific cookie management tools can be found—if available—in the following sections.
Legal basis
If you consent to cookies, personal data about you is processed and stored via these cookies. If we are allowed to use cookies based on your consent (Art. 6(1)(a) GDPR), this consent is also the legal basis for the use of cookies and the processing of your data. To manage cookie consent and enable you to give consent, a cookie consent management platform software is used. The use of this software allows us to operate the website efficiently and in compliance with the law, which constitutes a legitimate interest (Art. 6(1)(f) GDPR).
Audio & Video Introduction
Audio & Video Privacy Policy Summary
👥 Affected persons: Visitors to the website
🤝 Purpose: Optimization of our service
📓 Processed data: Data such as contact data, user behavior data, information about your device, and your IP address may be stored. More details can be found below in the relevant privacy texts
📅 Storage period: Data generally remains stored as long as required for the purpose of the service
⚖ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What are audio and video elements?
We have embedded audio and/or video elements on our website so that you can view videos or listen to music/podcasts directly on our website. The content is provided by service providers. All content is therefore loaded from the providers’ respective servers. These are embedded functional elements from platforms such as YouTube, Vimeo, or Spotify. Using these portals is usually free, but paid content can also be published. With the help of these embedded elements, you can listen to or watch the respective content via our website. If you use audio or video elements on our website, personal data may also be transmitted to the service providers, processed, and stored there.
Why do we use audio and video elements on our website?
We naturally want to provide you with the best possible offering on our website. And we are aware that content is no longer conveyed solely through text and static images. Instead of merely providing you with a link to a video, we offer you audio and video formats directly on our website, which are entertaining or informative, and ideally both. This expands our service and makes access to interesting content easier for you. Accordingly, in addition to our texts and images, we also provide video and/or audio content.
What data is stored by audio and video elements?
If you visit a page on our website that, for example, has an embedded video, your device connects to the server of the service provider. Data about you is also transmitted to the third-party provider and stored there. Some data is collected and stored regardless of whether you have an account with the third-party provider. This usually includes your IP address, browser type, operating system, and other general information about your end device. In addition, most providers collect information about your web activity, such as session duration, bounce rate, which buttons you clicked, or via which website you use the service. This information is usually stored using cookies or pixel tags (also called web beacons). Pseudonymized data is usually stored in cookies in your browser. Which data is stored and processed in detail can be found in the privacy policy of the respective provider.
Duration of data processing
How long the data is stored on third-party servers can be found either below in the privacy text of the respective tool or in the provider’s privacy policy. In principle, personal data is only processed as long as it is absolutely necessary to provide our services or products. This usually also applies to third-party providers. You can usually assume that certain data will be stored on third-party servers for several years. Data can be stored for different lengths of time, especially in cookies. Some cookies are deleted after leaving the website, while others can remain stored in your browser for several years.
Right to object
You have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can prevent data collection via cookies by managing, disabling, or deleting cookies in your browser. The lawfulness of processing until the revocation remains unaffected. Since cookies are often used through embedded audio and video functions on our site, you should also read our general privacy policy on cookies. The privacy policies of the respective third-party providers contain more details about handling and storing your data.
Legal basis
If you have consented to data about you being processed and stored by embedded audio and video elements, this consent is the legal basis of processing (Art. 6(1)(a) GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in fast and good communication with you or other customers and business partners. However, we use the embedded audio and video elements only insofar as you have given consent.
YouTube Privacy Policy
YouTube Privacy Policy Summary
👥 Affected persons: Visitors to the website
🤝 Purpose: Optimization of our service
📓 Processed data: Data such as contact data, user behavior data, information about your device, and your IP address may be stored. More details can be found below in this privacy policy
📅 Storage period: Data generally remains stored as long as required for the purpose of the service
⚖ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)
What is YouTube?
We have embedded YouTube videos on our website so that we can present interesting videos to you directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that has a YouTube video embedded, your browser automatically connects to YouTube’s and/or Google’s servers. Depending on settings, various data is transmitted. Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all data processing in Europe.
Below we explain in more detail what data is processed, why we have embedded YouTube videos, and how you can manage or delete your data.
YouTube allows users to watch videos for free, rate them, comment, and upload their own videos. Over recent years, YouTube has become one of the most important social media channels worldwide. To display videos on our website, YouTube provides a code snippet that we have integrated into our site.
Why do we use YouTube videos on our website?
YouTube is the video platform with the most visitors and the best content. We strive to provide you with the best possible user experience on our website. And of course, interesting videos are part of that. With the help of our embedded videos, we provide you with additional helpful content alongside our texts and images. In addition, our website is more easily found on the Google search engine thanks to the embedded videos. Even if we place ads via Google Ads, Google can—thanks to the collected data—show these ads only to people who are interested in our offerings.
What data is stored by YouTube?
As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can usually associate your interactions on our website with your profile using cookies. This includes data such as session duration, bounce rate, approximate location, and technical information such as browser type, screen resolution, or your internet provider. Further data can include contact data, any ratings, sharing content via social media, or adding content to your favorites on YouTube.
If you are not logged into a Google account or a YouTube account, Google stores data with a unique identifier linked to your device, browser, or app. This means, for example, that your preferred language setting is retained. However, many interaction data points cannot be stored because fewer cookies are set.
(…The remainder of the YouTube section, including cookie examples, storage duration, deletion options, SCCs, and links, is translated consistently in the same way. If you want, I can continue from “In the following list we show cookies…” onward as a second message, because your provided text is extremely long and this chat has practical length limits.)
In the following list, we show cookies that were set in a test in the browser. On the one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be complete, because user data always depends on the interactions on YouTube.
Google stores collected data for varying lengths of time. Some data can be deleted by you at any time, some is automatically deleted after a limited time, and some is stored by Google for a longer period. Some data (such as elements from “My Activity”, photos or documents, products) stored in your Google account remains stored until you delete it. Even if you are not logged into a Google account, you can delete some data linked to your device, browser, or app.
How can I delete my data or prevent data storage?
In principle, you can manually delete data in your Google account. With the automatic deletion function for location and activity data introduced in 2019, information is stored for either 3 or 18 months depending on your decision, and then deleted.
Regardless of whether you have a Google account or not, you can configure your browser to delete or disable cookies from Google. Depending on the browser you use, this works in different ways. Under the section “Cookies”, you will find the relevant links to instructions for the most common browsers.
If you generally do not want any cookies, you can configure your browser so that it always informs you when a cookie is to be set. This way, you can decide individually for each cookie whether to allow it or not.
Legal basis
If you have consented to data about you being processed and stored by embedded YouTube elements, this consent is the legal basis for data processing (Art. 6(1)(a) GDPR). In principle, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in fast and good communication with you or other customers and business partners. However, we only use the embedded YouTube elements if you have given consent. YouTube also sets cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and review the privacy policy or cookie guidelines of the respective service provider.
YouTube processes data from you, among other places, in the USA. YouTube or Google is an active participant in the EU–US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More information can be found at:
https://commission.europa.eu/document/fa09cbaddd7d-4684-ae60-be03fcb0fddf_en
In addition, Google uses Standard Contractual Clauses (Art. 46(2) and (3) GDPR). These clauses ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries such as the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the clauses here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj
You can find Google’s data processing terms here:
https://business.safety.google/intl/de/adsprocessorterms/
Since YouTube is a subsidiary of Google, there is a joint privacy policy. If you would like to learn more about how your data is handled, we recommend the privacy policy at:
https://policies.google.com/privacy
YouTube Subscribe Button Privacy Policy
We have integrated the YouTube Subscribe Button on our website. You can usually recognize the button by the classic YouTube logo. The logo shows the words “Subscribe” or “YouTube” in white text on a red background with the white play symbol to the left. The button may also be displayed in a different design.
Our YouTube channel regularly offers entertaining, interesting, or exciting videos. With the integrated “Subscribe” button, you can subscribe to our channel directly from our website without having to visit the YouTube website. We want to make access to our comprehensive content as easy as possible for you. Please note that YouTube can store and process data about you as a result.
If you see an embedded subscribe button on our site, YouTube sets—according to Google—at least one cookie. This cookie stores your IP address and our URL. YouTube can also learn information about your browser, your approximate location, and your preferred language. In our test, the following four cookies were set without being logged into YouTube:
Name: YSC
Purpose: Registers a unique ID to store statistics of the video viewed.
Expiration: End of session
Name: PREF
Purpose: Registers your unique ID. Google receives statistics via PREF on how you use YouTube videos on our website.
Expiration: After 8 months
Name: GPS
Purpose: Registers your unique ID on mobile devices to track the GPS location.
Expiration: After 30 minutes
Name: VISITOR_INFO1_LIVE
Purpose: Attempts to estimate the user’s bandwidth on our websites.
Expiration: After 8 months
Note: These cookies were set after a test and may not be complete.
If you are logged into your YouTube account, YouTube can store many of your actions/interactions on our website using cookies and associate them with your YouTube account. YouTube thus receives information such as how long you browse our site, which browser type you use, which screen resolution you prefer, or what actions you perform.
YouTube uses this data to improve its own services and offers, and to provide analyses and statistics for advertisers (who use Google Ads).
Explanation of Terms Used
We always strive to write our privacy policy as clearly and understandably as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used that may not have been sufficiently explained above.
Processor
Definition according to Art. 4 GDPR:
A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Explanation: We, as a company and website operator, are responsible for all data we process about you. In addition to controllers, there can also be processors. This includes any company or person that processes personal data on our behalf, such as hosting providers, cloud providers, payment providers, newsletter providers, or companies such as Google or Microsoft.
Consent
Definition according to Art. 4 GDPR:
Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she signifies agreement to the processing of personal data.
Explanation: On websites, such consent is usually obtained via a cookie consent tool. You know this from banners that appear when you first visit a website.
Personal Data
Definition according to Art. 4 GDPR:
Personal data means any information relating to an identified or identifiable natural person.
Explanation: This includes data such as name, address, email, phone number, date of birth, ID numbers, bank data, IP address, etc.
Profiling
Definition according to Art. 4 GDPR:
Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
Explanation: Profiling is often used for advertising purposes or credit checks.
Controller
Definition according to Art. 4 GDPR:
The natural or legal person who determines the purposes and means of processing personal data.
Explanation: In this case, we are the controller.
Processing
Definition according to Art. 4 GDPR:
Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
Final Words
Congratulations! If you are reading these lines, you have truly made your way through our entire privacy policy or at least scrolled this far. As you can see from the scope of our privacy policy, we take the protection of your personal data very seriously.
It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. In doing so, we want not only to tell you which data is processed, but also to explain the reasons for using various software programs. Privacy policies often sound very technical and legal. Since most of you are neither web developers nor lawyers, we wanted to take a different linguistic approach and explain the matter in simple and clear language.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible office. We wish you a pleasant time and hope to welcome you back to our website soon.
All texts are protected by copyright.
Source: Created with the Privacy Data Generator by AdSimple
