Introduction and Overview

We have written this privacy policy (version 24.01.2023-122397202) to explain to you in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (short data) we process as controllers - and the processors we have commissioned (e.g. providers) - will process in the future, and what lawful options you have. The terms used are gender-neutral.
In short: we provide comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal terms. However, this privacy policy aims to describe the most important things to you as simply and transparently as possible. Where transparency is beneficial, technical terms are explained in a user-friendly manner, links to further information are provided, and graphics are used. We use clear and simple language to inform that we only process personal data as part of our business activities if there is a corresponding legal basis. This is certainly not possible if we provide as brief, unclear, and legal-technical explanations as are often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information that you did not know before.
If you still have questions, we ask you to contact the responsible office listed below or in the imprint, follow the available links, and view further information on third-party sites. Of course, you can also find our contact details in the imprint.

Scope

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies we have commissioned (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, email address, and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• social media presences and email communication
• mobile apps for smartphones and other devices

In short: the privacy policy applies to all areas where personal data is structured processed in the company via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Basis

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation that allow us to process personal data.
Was das EU-Recht betrifft, beziehen wir uns auf die VERORDNUNG (EU) 2016/679 DES EUROPÄISCHEN PARLAMENTS UND DES RATES vom 27. April 2016. Diese Datenschutz-Grundverordnung der EU können Sie selbstverständlich online auf EUR-Lex, dem Zugang zum EU-Recht, unter https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679 nachlesen.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data entered into a contact form.
2. Contract (Article 6(1)(b) GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a purchase contract with you, we require personal information in advance.
3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obligated to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not infringe on your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website safely and efficiently. This processing is thus a legitimate interest.

Weitere Bedingungen wie die Wahrnehmung von Aufnahmen im öffentlichen Interesse und Ausübung öffentlicher Gewalt sowie dem Schutz lebenswichtiger Interessen treten bei uns in der Regel nicht auf. Soweit eine solche Rechtsgrundlage doch einschlägig sein sollte, wird diese an der entsprechenden Stelle ausgewiesen.

In addition to the EU regulation, national laws also apply:

• In Austria , this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), abbreviated asDSG.
• In Germany, the Federal Data Protection Act, abbreviated as BDSG, applies.

If further regional or national laws apply, we will inform you about them in the following sections.

Contact details of the person responsible

If you have any questions about data protection or the processing of personal data, you can find the contact details of the responsible person or entity below:
Franz Smoliner
Villacher Alpenstraße 2
9500 Villach

E-Mail: office@villacheralpenarena.at
Phone: +43 4242 544 88 0

Storage duration

At our company, we follow the general criterion of storing personal data only as long as it is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the purpose for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has expired, for example, for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as soon as possible and to the extent that there is no obligation to store it.

We will provide you with further information on the specific duration of each data processing below, provided we have further information on it.

Rights according to the General Data Protection Regulation

According to Articles 13 and 14 of the General Data Protection Regulation (GDPR), we inform you about the following rights that you are entitled to in order to ensure fair and transparent processing of data:

• According to Article 15 of the GDPR, you have the right to know whether we process data about you. If that is the case, you have the right to receive a copy of the data and to be informed about the following:
  
  • the purpose of the processing;
  • the categories, i.e. the types of data being processed;
  • who receives this data and if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the right to rectification, erasure or restriction of processing and the right to object to the processing;
  • that you have the right to lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data, if we did not collect it from you;
  • whether profiling is being carried out, i.e. whether data is being automatically evaluated to create a personal profile of you.
• According to Article 16 of the GDPR, you have the right to rectify data, which means that we must correct data if you find any errors.
• According to Article 17 of the GDPR, you have the right to erasure ("right to be forgotten"), which means that you may request the deletion of your data.
• According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
• According to Article 20 of the GDPR, you have the right to data portability, which means that we must provide you with your data in a commonly used format upon request.
• According to Article 21 of the GDPR, you have the right to object, which, when enforced, brings about a change in the processing.
  
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interests), you may object to the processing. We will then promptly review whether we can legally comply with this objection.
  • If data is used for direct marketing purposes, you may object to this type of data processing at any time. We may no longer use your data for direct marketing after that.
  • If data is used for profiling, you may object to this type of data processing at any time. We may no longer use your data for profiling after that.
• Under certain circumstances, according to Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing (such as profiling).
• According to Article 77 of the GDPR, you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: you have rights - do not hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can file a complaint with the supervisory authority. For Austria, this is the Datenschutzbehörde, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austria Datenschutzbehörde

Director Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Wien
Telephone number: +43 1 52 152-0
Email address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data transfer to third countries

We only transfer or process data to countries outside the EU (third countries) if you consent to such processing, if it is legally required or contractually necessary, and in any case only to the extent permitted in general. Your consent is the most important reason in most cases for us to have data processed in third countries. Processing personal data in third countries such as the USA, where many software vendors offer services and have their server locations, can mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. The processing of data by US services (such as Google Analytics) may result in data being processed and stored without being anonymized. In addition, US government agencies may have access to individual data. Furthermore, it may happen that collected data is linked to data from other services of the same provider, if you have a corresponding user account. We try to use server locations within the EU whenever possible, if they are offered.

We will inform you in the appropriate sections of this privacy policy about data transfers to third countries, if applicable.

Security of data processing

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to infer personal information from our data within the scope of our possibilities.

Art. 25 GDPR speaks of "data protection by design and by default," which means that both software (e.g., forms) and hardware (e.g., access to the server room) should always be designed with security in mind, and appropriate measures should be taken. If necessary, we will address specific measures below.

TLS encryption with https

TLS, encryption, and https sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the Internet.
This means that the complete transmission of all data from your browser to our web server is secure, and no one can eavesdrop.

We have thus introduced an additional layer of security and comply with data protection by design (Article 25 (1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small padlock icon on the left side of the browser, next to the Internet address (e.g., examplepage.com), and the use of the https schema (instead of http) as part of our Internet address.
If you would like to learn more about encryption, we recommend searching Google for "Hypertext Transfer Protocol Secure wiki" to get good links to further information.

Data Processing Agreement (DPA)

In this section, we would like to explain what a Data Processing Agreement (DPA) is and why it is necessary. As the term "Data Processing Agreement" can be quite a mouthful, we will also use the acronym DPA in this text. Like most companies, we do not work alone, but also use services from other companies or individuals. By involving different companies or service providers, it may be necessary for us to pass on personal data for processing. These partners then act as data processors, with whom we conclude a contract, the so-called Data Processing Agreement (DPA). The most important thing for you to know is that the processing of your personal data only takes place according to our instructions and must be regulated by the DPA.

Who are data processors?

As a company and website owner, we are responsible for all the data we process from you. In addition to the controllers, there may also be data processors. This includes any company or person who processes personal data on our behalf. According to the GDPR definition, every natural or legal person, authority, institution or other body that processes personal data on our behalf is considered a data processor. Therefore, data processors can be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

To better understand the terminology, here is an overview of the three roles in the GDPR:

Data subject  (you as a customer or interested party) → Controller (us as the company and client) → Data processor (service providers such as web hosts or cloud providers).

Content of a processing order

As already mentioned above, we have concluded an DPA with our partners who act as contract processors. This contract primarily stipulates that the contract processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, but in this context, electronic contract conclusion is also considered "in writing". Only on the basis of the contract will the processing of personal data take place. The following must be included in the contract:

• Binding to us as the controller
• Obligations and rights of the controller
• Categories of data subjects
• Type of personal data
• Nature and purpose of the data processing
• Subject and duration of data processing
• Place of data processing

Furthermore, the contract includes all obligations of the data processor. The most important obligations are:

• to ensure measures for data security
• to take possible technical and organizational measures to protect the rights of the data subjects
• to maintain a record of processing activities
• to cooperate with the supervisory authority for data protection upon request
• to carry out a risk analysis regarding the personal data received
• subcontractors may only be engaged with the written approval of the data controller

An example of what such a DPA might look like can be found, for instance, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html , where a sample contract is presented.

Cookies

Privatsphäre-Einstellungen ändern

Historie der Privatsphäre-Einstellungen

Einwilligungen widerrufen

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is for sure: cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other application areas. HTTP cookies are small files that are stored by our website on your computer. These cookie files are automatically placed in the cookie folder, the "brain" of your browser, so to speak. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you revisit our site, your browser sends the "user-related" information back to our site. Thanks to the cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie from the server, which the browser reuses when requesting another page.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (such as Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans or other "malware". Cookies cannot access information on your computer.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152122397202-9
Purpose: Distinguishing website visitors
Expiration Date: after 2 years

These are the minimum sizes a browser should be able to support:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

Which types of cookies exist?

The question of which specific cookies we use depends on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies that can be distinguished:

Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are necessary when a user adds a product to the shopping cart, then continues browsing on other pages and later goes to checkout. These cookies ensure that the shopping cart is not deleted, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies also measure the loading time and behavior of the website on different browsers.

Targeted Cookies
These cookies provide better user-friendliness. For example, entered locations, font sizes, or form data are saved.

Advertising cookies
These cookies are also called targeting cookies. They serve to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.

Usually, when you first visit a website, you are asked which of these types of cookies you want to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and don't mind technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism."

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data as part of the following privacy policy.

Storage period of cookies

The storage period depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have influence over the storage period. You can manually delete all cookies at any time through your browser (see also "Right to object" below). Furthermore, cookies based on consent will be deleted at the latest after revocation of your consent, whereby the legality of the storage remains unaffected until then.

Right to object - how can I delete cookies?

You decide for yourself whether and how you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to see which cookies are stored in your browser, change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Manage cookies and website data in Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you don't want to have any cookies at all, you can set up your browser to always inform you when a cookie is about to be set. This way, you can decide on a case-by-case basis whether to allow the cookie or not. The procedure varies depending on the browser. It's best to search for instructions on Google using the search term "Delete cookies Chrome" or "Disable cookies Chrome" in the case of a Chrome browser.

Legal basis

Since 2009, there have been the so-called "Cookie Directives". It is stipulated therein that storing cookies requires consent (Article 6 (1) (a) GDPR) from you. Within the EU countries, there are still very different reactions to these directives. However, in Austria, this directive was implemented in § 96 (3) of the Telecommunications Act (TKG). In Germany, the cookie directives were not implemented as national law. Instead, the implementation of this directive was largely carried out in § 15 (3) of the Telemedia Act (TMG).

For strictly necessary cookies, even if no consent is given, there are legitimate interests (Article 6 (1) (f) GDPR), which are mostly of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often strictly necessary for this purpose.

To the extent that non-strictly necessary cookies are used, this only happens with your consent. The legal basis in this regard is Article 6 (1) (a) GDPR.

In the following sections, you will be provided with more detailed information about the use of cookies, if the software used employs cookies.

Cookie Banner

We use the consent tool "Real Cookie Banner" to manage the cookies and similar technologies (tracking pixels, web beacons, etc.) used on our website and the related consents. Details on the functioning of "Real Cookie Banner" can be found at <a href=“https://devowl.io/de/rcb/datenverarbeitung/“; rel=“noreferrer“ target=“_blank“><a href="https://devowl.io/de/rcb/datenverarbeitung/" rel="nofollow" target="_self">https://devowl.io/de/rcb/datenverarbeitung/;.

The legal bases for the processing of personal data in this context are Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used on our website and the related consents.

The provision of personal data is not contractually required and is also not necessary for the conclusion of a contract. You are not obliged to provide your personal data. If you do not provide your personal data, we cannot manage your consents.

web hosting introduction

What is web hosting?

When you visit websites these days, certain information - including personal data - is automatically created and stored, and this also applies to this website. This data should be processed sparingly and only with justification. By website, we mean the entirety of all web pages on a domain, i.e. everything from the homepage to the very last subpage (like this one). By domain, we mean, for example, example.com or sampleexample.com.

When you want to view a website on a computer, tablet or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We call them browsers or web browsers for short.

To display the website, the browser must connect to another computer where the code of the website is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why it is usually taken over by professional providers, the providers. They offer web hosting and ensure reliable and error-free storage of website data. Quite a few technical terms, but please stay tuned, it will get better!

When the browser on your computer (desktop, laptop, tablet, or smartphone) establishes a connection and during the data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server also has to store data for a while to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and securing operations
2. Maintaining operational and IT security
3. Anonymous evaluation of access behavior to improve our offerings and, if necessary, for law enforcement or pursuing claims.

What data is processed?

Even as you visit our website right now, our web server - the computer where this website is stored - typically automatically stores data such as:

• The complete internet address (URL) of the accessed webpage
• Browser and browser version (e.g., Chrome 87)
• The operating system used (e.g., Windows 10)
• The address (URL) of the previously visited page (referrer URL) (e.g., https://www.example-source-site.de/vondabinichgekommen/)
• The hostname and IP address of the device from which access is being made (e.g., COMPUTERNAME and 194.23.43.121)
• Date and time
• In files called web server log files.

How long are data stored?

In general, the above-mentioned data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out that this data may be viewed by authorities in the event of illegal behavior.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not share your data without your consent!

Legal basis

The legality of processing personal data in the context of web hosting arises from Art. 6 para. 1 lit. f GDPR (preservation of legitimate interests), because the use of professional hosting with a provider is necessary to present the company securely and user-friendly on the Internet and, if necessary, to pursue attacks and claims arising from them.

There is usually a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

World4You privacy policy

For our website, we use World4You, among other things, a web hosting provider. The service provider is the Austrian company World4You Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria.

You can find out more about the data processed by using World4You in the privacy policy at https://www.world4you.com/de/unternehmen/datenschutzerklaerung.html.

Introduction to Website Builders

What are website building systems?

We use a website building system for our website. Building systems are special forms of content management systems (CMS). With a building system, website operators can easily create a website without any programming knowledge. In many cases, web hosts also offer building systems. By using a building system, personal data about you can also be collected, stored, and processed. In this data protection text, we provide you with general information about data processing by building systems. For more information, please refer to the provider's data protection policy.

Why do we use website building systems for our website?

The biggest advantage of a building system is ease of use. We want to provide you with a clear, simple, and well-organized website that we can operate and maintain easily without external assistance. A building system now offers many helpful functions that we can use without programming knowledge. This enables us to design our web presence according to our wishes and provide you with an informative and enjoyable time on our website.

What data is stored by a website building system?

The exact data that is stored depends, of course, on the website building system used. Each provider processes and collects different data from website visitors. However, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit is usually collected. Additionally, tracking data (such as browser activity, clickstream activity, session heatmaps, etc.) can also be processed. Furthermore, personal data can also be collected and stored, usually contact data such as email address, phone number (if you have provided it), IP address, and geographic location data. You can find out exactly what data is stored in the provider's data protection policy.

How long and where are the data stored?

We will inform you about the duration of data processing further down in connection with the website builder system used, if we have further information on this. Detailed information on this can be found in the provider's privacy policy. Generally, we only process personal data for as long as it is absolutely necessary to provide our services and products. It may be that the provider stores data from you according to their own guidelines, over which we have no influence.

Right to object

You always have the right to information, correction, and deletion of your personal data. If you have any questions, you can also contact the person responsible for the website builder system used at any time. You can find contact details either in our privacy policy or on the website of the respective provider.

Cookies that providers use for their functions can be deleted, deactivated, or managed in your browser. Depending on which browser you use, this works in different ways. Please note, however, that not all functions may work as usual in this case.

Legal basis

We have a legitimate interest in using a website builder system to optimize our online service and present it efficiently and user-friendly for you. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use the builder to the extent that you have given your consent.

If the processing of data is not absolutely necessary for the operation of the website, the data will only be processed based on your consent. This particularly concerns tracking activities. The legal basis for this is Art. 6 para. 1 lit. a GDPR.

With this privacy policy, we have provided you with the most important general information about data processing. If you would like to find out more about this, you can find further information - if available - in the following section or in the privacy policy of the provider.

Wordpress.com Privacy Policy

We use WordPress.com, a website builder system, for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

WordPress processes data from you, among other things, in the USA. We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks for the lawfulness and security of data processing.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or for data transfer to such countries, WordPress uses so-called standard contract clauses (= Art. 46. para. 2 and 3 GDPR). Standard contract clauses (Standard Contractual Clauses – SCC) are sample templates provided by the EU Commission and are intended to ensure that your data also comply with European data protection standards when they are transferred to third countries (such as the USA) and stored there. With these clauses, WordPress undertakes to comply with the European data protection level when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contract clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find the data processing conditions (Data Processing Agreements) corresponding to the standard contract clauses at https://wordpress.com/support/data-processing-agreements/.

You can learn more about the data processed through the use of WordPress.com in the privacy policy at https://automattic.com/de/privacy/.

Data Processing Agreement (DPA) for Wordpress.com

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a data processing agreement (DPA) with WordPress.com. You can read about what a DPA is and, above all, what it must contain in our general section "Data Processing Agreement (DPA)".

This contract is legally required because WordPress.com processes personal data on our behalf. It is clarified therein that WordPress.com may only process data received from us according to our instructions and must comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) at https://wordpress.com/support/data-processing-agreements/.

Web Analytics Introduction

What is Web Analytics?

We use software for evaluating the behavior of website visitors, called Web Analytics or Web Analysis on our website. In doing so, data is collected, stored, managed, and processed by the respective analytic tool provider (also called tracking tool). Using the data, analyses of user behavior on our website are created and provided to us as website operators. Additionally, most tools offer various testing options. For example, we can test which offers or content our visitors like best. For this purpose, we show you two different offers for a limited period of time. After the test (called A/B testing), we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytics procedures, user profiles can be created and data can be stored in cookies.

Why do we operate Web Analytics?

With our website, we have a clear goal in mind: we want to deliver the best web offering on the market for our industry. In order to achieve this goal, we want to offer the best and most interesting content, and at the same time, ensure that you feel comfortable and at ease on our website. With the help of web analytics tools, we can take a closer look at the behavior of our website visitors and then improve our web offering for you and us accordingly. For example, we can see how old our visitors are on average, where they come from, when our website is most visited, or which content or products are particularly popular. All of this information helps us optimize the website and adapt it perfectly to your needs, interests, and desires.

What data is processed?

The exact data that is stored depends on the analytics tools being used. However, typically stored data includes which content you view on our website, which buttons or links you click, when you visit a page, which browser you use, what device (PC, tablet, smartphone, etc.) you use to access the website, or what computer system you use. If you agreed to location data being collected, the web analytics tool provider can also process this.

In addition, your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is typically stored in pseudonymized (i.e., unrecognizable and shortened) form. Direct personal data such as your name, age, address, or email address are not generally stored for the purposes of testing, web analytics, or web optimization. All of this data, if collected, is stored pseudonymously. This means you cannot be identified as an individual.

The following example shows the schematic functionality of Google Analytics as an example of client-based web tracking using JavaScript code.

The duration for which the respective data is stored always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, while other cookies can store data for several years.

Duration of data processing

We will inform you below about the duration of data processing, if we have further information about it. In general, we only process personal data for as long as it is absolutely necessary to provide our services and products. If, for example, it is legally required, such as in the case of accounting, this storage period can also be exceeded.

Right to object

You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating, or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we obtained with our cookie pop-up. This consent is the legal basis for the processing of personal data, such as that which may occur during the collection by web analytics tools, according to Art. 6 para. 1 lit. a GDPR (consent).

In addition to the consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offer technically and economically. With the help of web analytics, we can detect website errors, identify attacks, and improve efficiency. The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use the tools to the extent that you have given your consent.

Since web analytics tools use cookies, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Information about specific web analytics tools, if available, can be found in the following sections.

Jetpack Privacy Policy

What is Jetpack?

We use the WordPress plug-in Jetpack on our website. Jetpack is software that provides us with web analytics, among other things. Jetpack is operated by the company Automattic (Inc. 132 Hawthorne Street San Francisco, CA 94107, USA), which uses the technology of the company Quantcast (Inc., 201 3rd St, Floor 2, San Francisco, CA 94103-3153, USA) for this product. The integrated tracking tool also collects, stores, and processes personal data from you. In this privacy policy, we will show you exactly what data is involved, why we use Jetpack, and how you can prevent this data storage.

Jetpack is a plug-in for WordPress websites with many different features and modules. All of these tools help us make our website more beautiful, secure, and welcome more visitors. For example, the tool can also display related posts, content can be shared, and Jetpack can also improve the loading speed of our website. All functions are hosted and provided by WordPress.

Why do we use Jetpack?

For us, it is essential that you feel comfortable on our website and find what you are looking for. Only if you are satisfied with our service can we be successful. And so that we know how and where we can still improve our website, we need information. With Jetpack, we can see how often and how long you are on a single webpage or which buttons you like to click. With this information, we can improve our website and adapt it to your wishes and preferences.

What data is stored by Jetpack?

Specifically, through the built-in tracking tool WordPress.com Stats, personal data from you is also collected, stored, and processed. In order for the Jetpack tool to work, Jetpack sets a cookie in your browser when you open a website that has components of the tool embedded. The collected data is synchronized with Automattic and stored there.

In addition to the IP address (which is anonymized before storage) and data on user behavior, the collected information includes browser type, unique device identifier, preferred language, date and time of page entry, operating system, and information on the mobile network. Jetpack uses this information to improve its own services and offerings and to gain better insights into the use of its own service. Furthermore, the following data can also be synchronized and stored:

• For Google Ads customers, the email address and physical address of the account are synchronized.
• Successful and failed login attempts are logged, including your IP address and user agent.
• The user IDs, usernames, email addresses, roles, and capabilities of registered users are stored, but no passwords are saved.
• The user ID of users who make changes to the website is stored.
• Twitter username, if configured with Jetpack.

Jetpack also uses cookies for data storage. Below are some selected, exemplary cookies used by Jetpack:

Name: eucookielaw
Value: 1613651061376122397202-6
Purpose: Stores the user's consent status for the use of cookies.
Expiration Date: after 180 days

Name: tk_ai
Value: 0
Purpose: This cookie stores a randomly generated anonymous ID. It is only used within the administration area for tracking general analytics.
Expiration Date: after the end of the session

Name: tk_tc
Value: E3%2BgJ1Pw6iYKk%2Fvj122397202-3
Purpose: This is a so-called referral cookie. It analyzes the connection between WooCommerce and a website with Jetpack plugin.
Expiration Date: after the end of the session

Note: Jetpack uses many different cookies. The specific cookies used depend on both the Jetpack features used and your actions on the websites with the integrated Jetpack plugin. At https://de.jetpack.com/support/cookies/ you can see a list of possible cookies used by Jetpack.

How long and where are the data stored?

Automattic stores the collected data until they are no longer needed for their own services. Beyond this period, the data is only retained if the company is legally obligated to do so. Server logs such as your IP address, browser type, and operating system are deleted after approximately 30 days. The data is stored on servers located in the United States of America.

How can I delete my data or prevent data storage?

As mentioned above, Jetpack uses cookies to store data. If you do not want Jetpack to collect data from you in the future, you can request an "opt-out" cookie at https://www.quantcast.com/opt-out/ Quantcast sets this cookie and no visitor data is stored from you. This is the case until you delete this cookie

Alternatively, you can manage, disable, or delete cookies in your browser as you wish. Cookie management works slightly differently depending on your browser type. Under the "Cookies" section, you will find the relevant links to the instructions for the most popular browsers.

Legal basis

The use of Jetpack requires your consent, which we have obtained through our cookie popup. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent represents the legal basis for the processing of personal data that may occur during the collection of web analytics tools.

In addition to consent, we also have a legitimate interest in analyzing the behavior of website visitors in order to improve our offer technically and economically. With the help of Jetpack, we can identify website errors, detect attacks, and improve profitability. The legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests) . However, we only use Jetpack if you have given your consent.

Jetpack also processes data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection for data transfers to the USA. This can be associated with various risks for the legality and security of data processing.

As a basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and especially in the USA) or data transfers to such countries, Jetpack uses standard contractual clauses approved by the European Commission (= Art. 46. para. 2 and 3 GDPR). These clauses oblige Jetpack to comply with the EU data protection level when processing relevant data outside the EU as well. These clauses are based on an implementing decision of the European Commission. You can find the decision and the clauses, among other things, here: https://germany.representation.ec.europa.eu/index_de.

If you want to learn more about Jetpack's and Automattic's data protection policies and data processing, we recommend that you review the privacy policy at https://automattic.com/privacy/, the cookie policy athttps://automattic.com/cookies/ and also the information page at https://jetpack.com/support/what-data-does-jetpack-sync/. We hope we have provided you with a good overview of the data processing by Jetpack.

Blogs and Publication Media Privacy Policy Summary

What are blogs and publication media?

On our website, we use blogs and other communication tools to enable us to communicate with you and vice versa. This may involve storing and processing data from you. This can be necessary so that we can display content appropriately, ensure that communication works, and increase security. In our privacy policy, we generally explain what data may be processed from you. Exact information about data processing always depends on the tools and functions used. The privacy policies of the individual providers contain detailed information about data processing.

Why do we use blogs and publication media?

Our main goal with our website is to offer you interesting and exciting content, and we also value your opinions and contributions. Therefore, we want to create a good interactive exchange between us and you. With various blogs and publication options, we can achieve precisely that. For example, you can write comments on our content, comment on other comments, or even contribute your own articles in some cases.

What data is processed?

What data is processed exactly always depends on the communication functions we use. Very often, the IP address, username, and published content are stored. This is primarily done to ensure security, prevent spam, and take action against illegal content. Cookies can also be used for data storage. These are small text files that are stored in your browser with information. More information about the data collected and stored can be found in our individual sections and in the privacy policy of the respective provider.

Duration of data processing

We will inform you about the duration of data processing further below if we have additional information on it. For example, post and comment functions may store data until you revoke data storage. Generally, personal data is only stored for as long as it is absolutely necessary to provide our services.

Right to object

You also have the right and the option to revoke your consent to the use of cookies or third-party communication tools at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

As cookies may also be used in publishing media, we also recommend that you read our general privacy policy on cookies. To find out exactly what data is stored and processed by you, you should read the privacy policies of the respective tools.

Legal basis

We primarily use communication tools based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers, business partners, and visitors. Insofar as the use serves to process contractual relationships or their initiation, the legal basis is also Art. 6 para. 1 sentence 1 lit. b. GDPR.

Certain processing, in particular the use of cookies and the use of comment or messaging functions, requires your consent. If and to the extent that you have consented to the processing and storage of data about you by embedded publishing media, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). Most of the communication functions we use use cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and check the privacy policy or cookie policies of the respective service providers.

Information on specific tools can be found - if available - in the following sections.

WordPress Emojis Privacy Policy

We also use so-called emojis and smileys in our blog. We probably don't need to explain exactly what emojis are. You know those smiling, angry or sad faces. They are graphic elements or files that we provide and are loaded from another server. The service provider for accessing WordPress emojis and smileys is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. This third-party provider stores your IP address in order to transmit the emoji files to your browser.

WordPress processes data from you, among other things, in the USA. We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks for the lawfulness and security of data processing.

As a basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or for data transfer to such countries, WordPress uses so-called standard contract clauses (= Art. 46. para. 2 and 3 GDPR). Standard contract clauses (Standard Contractual Clauses – SCC) are sample templates provided by the EU Commission and are intended to ensure that your data also comply with European data protection standards when they are transferred to third countries (such as the USA) and stored there. With these clauses, WordPress undertakes to comply with the European data protection level when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contract clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find the data processing conditions (Data Processing Agreements) corresponding to the standard contract clauses at https://wordpress.com/support/data-processing-agreements/.

You can find out more about the data processed by Automattic by using their services in the Privacy Policy on https://automattic.com/privacy/.

Introduction to Cookie Consent Management Platform

What is a Cookie Consent Management Platform?

We use a Consent Management Platform (CMP) software on our website that facilitates correct and secure handling of scripts and cookies for us and for you. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides legally required cookie consent for you, and helps us and you keep track of all cookies. With most cookie consent management tools, all existing cookies are identified and categorized. As a website visitor, you then decide whether to allow or disallow scripts and cookies. The following graphic illustrates the relationship between browser, web server, and CMP.

Why do we use a cookie management tool?

Our goal is to provide you with the best possible transparency in the area of data protection. We are also legally obliged to do so. We want to inform you as well as possible about all tools and all cookies that can store and process data from you. It is also your right to decide for yourself which cookies you accept and which you do not. In order to grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with GDPR-compliant information about them. You can then accept or reject cookies through the consent system.

What data is processed?

With our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to query you again on every new visit to our website, and so that we can provide proof of your consent if required by law. This is stored either in an opt-in cookie or on a server. The storage period of your cookie consent varies depending on the provider of the cookie management tool. Most often, this data (such as pseudonymous user ID, consent time, detailed information about cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We will provide you with information on the duration of data processing below, if we have any further information on this. In general, we process personal data only for as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies are kept for varying lengths of time. Some cookies are deleted as soon as you leave the website, while others may be stored in your browser for several years. The exact duration of data processing depends on the tool used, but you should generally expect a storage period of several years. In the respective privacy policies of the individual providers, you will usually find precise information on the duration of data processing.

Right to object

You also have the right and the possibility to revoke your consent to the use of cookies at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling or deleting cookies in your browser.

Information on specific cookie management tools, if available, can be found in the following sections.

Legal basis

If you agree to cookies, personal data about you will be processed and stored via these cookies. If we are allowed to use cookies through your consent (Article 6(1)(a) GDPR), this consent is also the legal basis for the use of cookies or the processing of your data. In order to manage your consent to cookies and to allow you to give your consent, a cookie consent management platform software is used. The use of this software enables us to operate the website in a legally compliant and efficient manner, which represents a legitimate interest (Article 6(1)(f) GDPR).

Audio & Video Introduction

What are audio and video elements?

We have integrated audio and video elements on our website so that you can directly watch videos or listen to music/podcasts through our website. The content is provided by service providers, which means that all content is also obtained from the respective servers of the providers.

These are embedded functional elements of platforms such as YouTube, Vimeo or Spotify. The use of these portals is usually free, but paid content can also be published. With the help of these embedded elements, you can listen to or watch the respective content on our website.

If you use audio or video elements on our website, personal data may also be transmitted, processed, and stored by the service providers.

Why do we use audio and video elements on our website?

Of course, we want to provide you with the best offer on our website. And we are aware that content is no longer just conveyed in text and static images. Instead of simply giving you a link to a video, we offer you audio and video formats directly on our website, which are entertaining or informative and ideally both. This expands our service and makes it easier for you to access interesting content. Therefore, we also offer video and/or audio content in addition to our texts and images.

What data is stored by audio and video elements?

When you access a page on our website that has an embedded video, for example, your server connects to the server of the service provider. Data about you is also transmitted and stored by the third-party provider. Some data is collected and stored regardless of whether you have an account with the third-party provider or not. This usually includes your IP address, browser type, operating system, and other general information about your device. Additionally, most providers also collect information about your web activity. This includes session duration, bounce rate, which button you clicked on, or which website you used to access the service. All of this information is usually stored through cookies or pixel tags (also known as web beacons). Pseudonymized data is usually stored in cookies in your browser. You can always find out exactly which data is stored and processed in the privacy policy of the respective provider.

Duration of data processing

You can find out exactly how long the data is stored on the servers of third-party providers either in the privacy text of the respective tool or in the provider's privacy policy. Personal data is generally only processed for as long as it is absolutely necessary to provide our services or products. This also applies to third-party providers in most cases. You can usually assume that certain data will be stored on the servers of third-party providers for several years. Data can be stored in cookies for different lengths of time. Some cookies are deleted as soon as you leave the website, while others can be stored in your browser for several years.

Right to object

You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This can be done either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection through cookies by managing, disabling, or deleting cookies in your browser. The lawfulness of the processing up to the revocation remains unaffected.

As the embedded audio and video features on our site usually also use cookies, you should also read our general privacy policy on cookies. In the privacy policies of the respective third-party providers, you can find more detailed information about the handling and storage of your data.

Legal basis

If you have consented to the processing and storage of your data through embedded audio and video elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In general, your data is also stored and processed based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the embedded audio and video elements if you have given your consent.

Vimeo Privacy Policy

What is Vimeo?

We also use videos from Vimeo on our website. The video platform is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plugin, we can display interesting video material directly on our website. Certain data about you may be transferred to Vimeo. In this privacy policy, we will show you what data is involved, why we use Vimeo, and how you can manage or prevent the transfer of data.

Vimeo is a video platform that was founded in 2004 and has been allowing streaming of videos in HD quality since 2007. Since 2015, streaming in 4k Ultra HD has also been possible. The use of the platform is free, but paid content can also be published. Compared to the market leader YouTube, Vimeo primarily focuses on high-quality content. The platform offers a wide range of artistic content such as music videos and short films, as well as informative documentaries on a variety of topics.

Why do we use Vimeo on our website?

Our goal is to provide you with the best possible content. And as easily accessible as possible. Only when we have achieved that are we satisfied with our service. The video service Vimeo helps us to achieve this goal. Vimeo offers us the possibility to present you with high-quality content directly on our website. Instead of just giving you a link to an interesting video, you can watch the video right here on our site. This expands our service and makes it easier for you to access interesting content. So, in addition to our texts and images, we also offer video content.

What data is stored on Vimeo?

When you visit a page on our website that has an embedded Vimeo video, your browser connects to Vimeo's servers. This results in a transfer of data. This data is collected, stored, and processed on Vimeo's servers. Regardless of whether you have a Vimeo account or not, Vimeo collects data about you. This includes your IP address, technical information about your browser type, your operating system, or basic device information. Vimeo also stores information about which website you use the Vimeo service on and which actions (web activities) you perform on our website. These web activities include session duration, bounce rate, or which button you clicked on our website with an embedded Vimeo function. Vimeo can track and store these actions using cookies and similar technologies.

If you are logged in as a registered member on Vimeo, more data can usually be collected, as more cookies may already have been set in your browser. In addition, your actions on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while browsing our website.

Below we show you cookies that are set by Vimeo when you are on a website with integrated Vimeo functionality. This list is not exhaustive and assumes that you do not have a Vimeo account.

Name: player
Value: “”
Purpose: This cookie stores your settings before you play an embedded Vimeo video. This ensures that you get your preferred settings the next time you watch a Vimeo video.
Expiration Date: after one year

Name: vuid
Value: pl1046149876.614422590122397202-4
Purpose:  This cookie collects information about your actions on websites that have embedded Vimeo videos.
Expiration Date:  after 2 years

Note: These two cookies are always set as soon as you are on a website with an embedded Vimeo video. If you watch the video and click on the button to "share" or "like" the video, for example, further cookies are set. These are also third-party cookies such as _ga or _gat_UA-76641-8 from Google Analytics or _fbp from Facebook. Which cookies are set exactly depends on your interaction with the video.

The following list shows a selection of possible cookies that may be set when you interact with the Vimeo video:

Name: _abexps
Value: %5B%5D
Purpose: This Vimeo cookie helps Vimeo remember the settings you have made. This can include, for example, a pre-set language, region, or username. In general, the cookie stores data about how you use Vimeo.
Expiration Date: after one year

Name: continuous_play_v3
Value: 1
Purpose: This is a first-party cookie from Vimeo. The cookie collects information about how you use the Vimeo service. For example, the cookie stores when you pause or replay a video.
Expiration Date: after one year

Name: _ga
Value: GA1.2.1522249635.1578401280122397202-7
Purpose: This cookie is a third-party cookie from Google. By default, analytics.js uses the _ga cookie to store the user ID. Essentially, it is used to distinguish website visitors.
Expiration Date: after 2 years

Name: _gcl_au
Value: 1.1.770887836.1578401279122397202-3
Purpose: This third-party cookie from Google AdSense is used to improve the efficiency of advertisements on websites.
Expiration Date: after 3 months

Name: _fbp
Value: fb.1.1578401280585.310434968
Purpose: This is a Facebook cookie. This cookie is used to display advertising or advertising products from Facebook or other advertisers.
Expiration Date: after 3 months

Vimeo uses this data, among other things, to improve its own service, to communicate with you, and to set its own targeted advertising measures. Vimeo emphasizes on its website that only first-party cookies (i.e., cookies from Vimeo itself) are used for embedded videos as long as you do not interact with the video.

How long and where are the data stored?

Vimeo is headquartered in White Plains, New York (USA), but its services are offered worldwide. The company uses computer systems, databases, and servers in the USA and other countries. Your data may therefore be stored and processed on servers in America. The data remains stored with Vimeo until the company no longer has an economic reason for storage. Then the data will be deleted or anonymized.

How can I delete my data or prevent data storage?

You always have the option to manage cookies in your browser according to your wishes. For example, if you do not want Vimeo to set cookies and collect information about you, you can delete or disable cookies in your browser settings at any time. Depending on the browser, this works a little differently. Please note that after deactivating/deleting cookies, some functions may no longer be available to you in full. Under the "Cookies" section, you will find the corresponding links to the instructions for the most popular browsers.

If you are a registered Vimeo member, you can also manage the cookies used in the Vimeo settings.

Legal basis

If you have given your consent to the processing and storage of your data by embedded Vimeo elements, this consent serves as the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). In general, your data is also stored and processed based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners. However, we only use the embedded Vimeo elements if you have given your consent. Vimeo also uses cookies in your browser to store data. Therefore, we recommend that you read our data protection text on cookies carefully and review the privacy policy or cookie policies of the respective service provider.

Vimeo also processes data from you, among other places, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can entail various risks for the lawfulness and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or data transfers to such countries, Vimeo uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard contractual clauses (SCC) are template clauses provided by the European Commission and are intended to ensure that your data also complies with European data protection standards when transferred and stored in third countries (such as the USA). Through these clauses, Vimeo undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding standard contractual clauses, among other places, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More information on the standard contractual clauses at Vimeo can be found at https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights.

You can learn more about the use of cookies at Vimeo at https://vimeo.com/cookie_policy, and information about data protection at Vimeo can be found at https://vimeo.com/privacy.

Web design introduction

What is web design?

We use various tools on our website that serve our web design. Web design is not just about making our website look pretty, as is often assumed, but also about functionality and performance. However, the appropriate appearance of a website is also one of the main goals of professional web design. Web design is a subfield of media design and deals with both the visual and structural and functional design of a website. The goal is to improve your experience on our website through web design. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all impressions and experiences that the website visitor experiences on a website. A sub-point of user experience is usability. This is about the user-friendliness of a website. The emphasis is on ensuring that content, subpages, or products are clearly structured and easy and quick to find what you are looking for. To provide you with the best possible experience on our website, we also use third-party web design tools. The category "web design" in this privacy policy therefore includes all services that improve the design of our website. These can be, for example, fonts, various plugins, or other integrated web design functions.

Why do we use web design tools?

How you absorb information on a website depends heavily on the structure, functionality, and visual perception of the website. Therefore, a good and professional web design has become increasingly important to us as well. We are constantly working to improve our website and see this as an extended service for you as a website visitor. Furthermore, a beautiful and functional website also has economic advantages for us. After all, you will only visit us and take advantage of our offers if you feel completely comfortable.

What data is stored by web design tools?

When you visit our website, web design elements may be embedded in our pages that can also process data. The exact data that is processed depends, of course, heavily on the tools used. Below, you can see exactly which tools we use for our website. We recommend that you also read the respective privacy policy of the tools used for more information on data processing. You will usually find out there what data is processed, whether cookies are used, and how long the data is stored. For example, with fonts such as Google Fonts, information such as language settings, IP address, browser version, browser screen resolution, and browser name are automatically transmitted to Google servers.

Duration of data processing

The duration of data processing varies depending on the web design elements used and is very individual. For example, if cookies are used, the storage period can last from one minute to several years. Please inform yourself about this. We recommend that you read our general section on cookies and the privacy policies of the tools used. There you will usually find information about which cookies are used and what information is stored in them. For example, Google font files are stored for one year to improve the loading time of a website. In general, data is only stored for as long as necessary to provide the service. However, data can also be stored for longer periods of time due to legal requirements.

Right to object

You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. You can do this either through our cookie management tool or through other opt-out functions. You can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. However, there may be some data that cannot be easily deleted under web design elements (usually in the case of fonts). This is the case when data is automatically collected and transmitted to a third-party provider (such as Google) when a page is accessed. In this case, please contact the support of the respective provider. In the case of Google, you can reach the support at https://support.google.com/?hl=de.

Legal basis

If you have consented to the use of web design tools, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent is the legal basis for the processing of personal data, which can occur during the collection of data by web design tools. We also have a legitimate interest in improving the web design on our website. After all, we can only provide you with a beautiful and professional web offering. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only use web design tools if you have given your consent. We want to emphasize this again here.

If available, you can find information about specific web design tools in the following sections.

Google Fonts Privacy Policy

What are Google Fonts?

On our website, we use Google Fonts. These are the "Google fonts" provided by Google Inc. For the European market, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

To use Google fonts, you do not need to register or enter a password. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry about your Google account data being transmitted to Google during the use of Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will take a closer look at how data storage works in detail.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google provides to its users for free.

Many of these fonts are published under the SIL Open Font License, while others have been published under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our own website without having to upload them to our own server. Google Fonts is an important component in maintaining the quality of our website. All Google fonts are automatically optimized for the web, which saves data volume and is a great advantage, especially for use with mobile devices. When you visit our site, the low file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems, and mobile devices can cause errors. Such errors can sometimes visually distort text or entire websites. Thanks to the fast Content Delivery Network (CDN), there are no platform-specific problems with Google Fonts. Google Fonts supports all popular browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts to make our entire online service look as beautiful and consistent as possible.

What data is stored by Google?

When you visit our website, the fonts are loaded via a Google server. This external call transmits data to the Google servers, and Google also recognizes that you, or rather your IP address, have visited our website. The Google Fonts API was developed to reduce the use, storage, and collection of end-user data to what is necessary for the proper provision of fonts. API stands for "Application Programming Interface" and serves, among other things, as a data transmitter in the software field.

Google Fonts securely stores CSS and font requests with Google and is thus protected. Through the collected usage figures, Google can determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the BigQuery database of Google Fonts. Entrepreneurs and developers use the Google web service BigQuery to investigate and manipulate large amounts of data.

However, it should be noted that every Google Font request also automatically transmits information such as language settings, IP address, browser version, browser screen resolution, and browser name to the Google servers. Whether this data is also stored is not clearly determinable or communicated by Google.

How long and where are the data stored?

Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This allows us to use Google's stylesheet to access fonts. A stylesheet is a formatting template that allows you to easily and quickly change the design or font of a website, for example.

The font files are stored for one year at Google. Google aims to improve the loading time of websites in general. When millions of websites refer to the same fonts, they are cached after the first visit and immediately appear on all other websites visited later. Sometimes, Google updates font files to reduce file size, increase language coverage, and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for a day or a year cannot be easily deleted. The data is automatically transmitted to Google when the page is loaded. To delete this data prematurely, you must contact Google support at https://support.google.com/?hl=de&tid=122397202. In this case, you can only prevent data storage if you do not visit our site.

Unlike other web fonts, Google allows us unrestricted access to all fonts. We can therefore access an unlimited number of fonts and get the most out of our website. More information about Google Fonts and other questions can be found at https://developers.google.com/fonts/faq?tid=122397202. Although Google addresses privacy-related issues there, detailed information about data storage is not included. It is relatively difficult to get precise information from Google about stored data.

Legal basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent), this consent is the legal basis for the processing of personal data that may occur when Google Fonts is accessed.

We also have a legitimate interest in using Google Font to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use Google Font if you have given your consent.

Google also processes data from you in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can be associated with various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or for data transfers to these countries, Google uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard contractual clauses (SCC) are template contracts provided by the European Commission and are intended to ensure that your data also comply with European data protection standards when they are transferred and stored in third countries (such as the USA). Through these clauses, Google undertakes to comply with the European data protection level when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding standard contractual clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which also correspond to the standard contractual clauses for Google Fonts, can be found at https://business.safety.google/adsprocessorterms/.

You can also find information on which data Google generally collects and what this data is used for at https://www.google.com/intl/de/policies/privacy/ nachlesen.

Online mapping services Introduction

What are online map services?

We use online map services as an additional feature on our website. Google Maps is probably the most well-known service, but there are other providers that specialize in creating digital maps. Such services allow locations, route plans, or other geographic information to be displayed directly on our website. With an embedded map service, you no longer need to leave our website to view, for example, the route to a location. In order for the online map to work on our website, map sections are integrated using HTML code. The services can display street maps, the Earth's surface, or aerial/satellite images. When you use the embedded map service, data is also transmitted and stored in the used tool. Among these data may be personal data.

Why do we use online map services on our website?

In general, our aim is to provide you with a pleasant experience on our website. Your time is naturally only enjoyable if you can easily find your way around our website and quickly and easily find all the information you need. Therefore, we thought that an online mapping system could be a significant improvement to our service on the website. With the map system, you can easily view route descriptions, locations, or sights without leaving our website. Of course, it is also super convenient for you to see at a glance where our company is located, so you can find us quickly and safely. As you can see, there are simply many advantages, and we clearly consider online map services on our website as part of our customer service.

What data is stored by online map services?

When you open a page on our website that has an embedded online map function, personal data can be transmitted to the respective service and stored there. In most cases, this is your IP address, through which your approximate location can also be determined. In addition to the IP address, data such as entered search terms as well as latitude and longitude coordinates are stored. If you enter an address for route planning, this data will also be stored. The data is not stored by us, but on the servers of the integrated tools. You can think of it roughly like this: you are on our website, but when you interact with a map service, this interaction actually happens on their website. In order for the service to work properly, at least one cookie is usually also set in your browser. For example, Google Maps also uses cookies to record user behavior and thus optimize their own service and display personalized advertising. You can learn more about cookies in our "Cookies" section.

How long and where are the data stored?

Each online map service processes different user data. If we have further information, we will inform you about the duration of data processing in the corresponding sections for each tool below. Generally, personal data is only stored for as long as it is necessary for the provision of the service. For example, Google Maps stores certain data for a defined period of time, while other data must be deleted by the user. With Mapbox, the IP address is stored for 30 days and then deleted. As you can see, each tool stores data for different lengths of time. Therefore, we recommend that you carefully review the privacy policies of the tools used.

The providers also use cookies to store data on your user behavior with the map service. You can find more general information about cookies in our "Cookies" section, but also in the privacy policies of the individual providers, which will inform you about the cookies that may be used. However, this is usually only an exemplary list and is not comprehensive.

Right to object

You always have the possibility and also the right to access your personal data and to object to its use and processing. You can also revoke your consent, which you have given us, at any time. Usually, this works easiest through the cookie consent tool. But there are also other opt-out tools that you can use. You can also manage, delete or disable possible cookies set by the providers with just a few mouse clicks. However, it may happen that some functions of the service no longer work as usual. How you manage cookies in your browser also depends on the browser you use. In the "Cookies" section, you will also find links to instructions for the most important browsers.

Legal basis

If you have consented to the use of an online map service, the legal basis for the corresponding data processing is this consent, according to Art. 6 para. 1 lit. a GDPR (consent). This consent constitutes the legal basis for the processing of personal data, such as may occur when using an online map service.

We also have a legitimate interest in using an online map service to optimize our service on our website. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use an online map service if you have given your consent. We want to emphasize this once again at this point.

Information on specific online map services, if available, can be found in the following sections.

Google Maps Privacy Policy

What is Google Maps?

We use Google Maps from Google Inc. on our website. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Maps, we can show you locations better and tailor our service to your needs. By using Google Maps, data is transferred to Google and stored on Google servers. We will now go into more detail about what Google Maps is, why we use this Google service, what data is stored, and how you can prevent this.

Google Maps is an internet mapping service from Google. With Google Maps, you can search for accurate locations of cities, sights, accommodations, or companies online via a PC, tablet, or app. If companies are represented on Google My Business, additional information about the company is displayed in addition to the location. To display the directions, map sections of a location can be embedded in a website using HTML code. Google Maps shows the earth's surface as a street map or as an aerial or satellite image. Thanks to the Street View images and high-quality satellite images, very accurate representations are possible.

Why do we use Google Maps on our website?

All of our efforts on this site aim to provide you with a useful and meaningful time on our website. By integrating Google Maps, we can provide you with the most important information about various locations. You can see at a glance where our company headquarters are located. The directions always show you the best or fastest way to get to us. You can access the directions for routes by car, public transportation, walking, or cycling. For us, providing Google Maps is part of our customer service.

Welche Daten werden von Google Maps gespeichert?

In order for Google Maps to offer its service in full, the company needs to record and store data from you. This includes, among other things, the search terms entered, your IP address, and also the latitude and longitude coordinates. If you use the route planner function, the entered start address will also be stored. However, this data storage takes place on the Google Maps website. We can only inform you about this, but we have no influence on it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google primarily uses this data to optimize its own services and to provide individual, personalized advertising for you.

The following cookie is set in your browser due to the integration of Google Maps:

Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ122397202-5
Purpose: NID is used by Google to tailor ads to your Google search. With the help of the cookie, Google "remembers" your most frequently entered search queries or your previous interaction with ads. This way, you always get tailored ads. The cookie contains a unique ID that Google uses to collect your personal settings for advertising purposes.
Expiration Date: after 6 months

Note: We cannot guarantee the completeness of the stored data. Changes are never excluded, especially when using cookies. To identify the NID cookie, a separate test page was created where only Google Maps was integrated.

How long and where are the data stored?

Google's servers are located in data centers around the world, although most of them are located in America. As a result, your data is predominantly stored in the USA. You can read exactly where Google's data centers are located here: https://www.google.com/about/datacenters/locations/?hl=de

Google distributes the data across different storage devices, which makes it faster to access and provides better protection against possible manipulation attempts. Each data center also has special emergency programs, so if there are problems with Google's hardware or a natural disaster takes down the servers, the data remains fairly secure.

Google stores some data for a defined period of time, while for other data, it only offers the option to manually delete it. Furthermore, the company anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months.

How can I delete my data or prevent data storage?

With the automatic deletion function introduced in 2019 for location and activity data, information about location determination and web/app activity is stored for either 3 or 18 months, depending on your decision, and then deleted. Additionally, you can manually delete this data from the Google account's history. If you want to completely prevent location tracking, you must pause the "Web and App Activity" section in your Google account. Click "Data and Personalization," then select "Activity Controls." Here, you can turn activities on or off.

You can also disable, delete, or manage individual cookies in your browser. Depending on the browser you use, this process may differ slightly. Under the "Cookies" section, you'll find links to the relevant instructions for the most popular browsers.

If you don't want any cookies at all, you can configure your browser to always notify you when a cookie is about to be set. This way, you can decide whether to allow each individual cookie or not.

Legal basis

If you have consented to the use of Google Maps, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, such as may occur during the collection by Google Maps.

Furthermore, we have a legitimate interest in using Google Maps to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only use Google Maps if you have given your consent.

Google also processes data from you in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can be associated with various risks for the legality and security of data processing.

As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or for data transfers to these countries, Google uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard contractual clauses (SCC) are template contracts provided by the European Commission and are intended to ensure that your data also comply with European data protection standards when they are transferred and stored in third countries (such as the USA). Through these clauses, Google undertakes to comply with the European data protection level when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding standard contractual clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads data processing terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

If you would like to learn more about Google's data processing, we recommend the company's own privacy policy at https://policies.google.com/privacy?hl=de.

Explanation of used terms

We always strive to write our privacy policy as clearly and understandable as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). However, we do not want to use these terms without explanation. Below is an alphabetical list of important terms used, on which we may not have sufficiently explained in our previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also provide the GDPR texts here and add our own explanations if necessary.

Data processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to controllers, there may also be data processors. This includes any company or person who processes personal data on our behalf. Data processors can therefore include service providers such as tax consultants, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Third party

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

‘third party’ means a natural or legal person, public authority, agency or any other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

Explanation: The GDPR essentially explains what a "third party" is not. In practice, any "third party" who also has an interest in the personal data but does not belong to the aforementioned persons, authorities, or institutions is considered a third party. For example, a parent company may appear as a "third party." In this case, the subsidiary is the controller and the parent company is the "third party." However, this does not mean that the parent company can automatically view, collect, or store the personal data of the subsidiary.

Restriction of processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

'restriction of processing' refers to the marking of stored personal data with the aim of restricting their future processing.

Explanation: It is your right to demand from processors at any time to restrict the further processing of your personal data. For this purpose, specific personal data such as your name, date of birth or address are marked in such a way that complete further processing is no longer possible. For example, you could restrict processing to the extent that your data may no longer be used for personalized advertising.

Consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

'consent' of the data subject refers to any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Explanation: Usually, such consent is obtained through a cookie consent tool on websites. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree or consent to the processing of your data. Usually, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data about you may be processed. In principle, consent can of course also be given in writing, i.e. not via a tool.

Personal data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

'personal data' refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Explanation: Personal data refers to all data that can identify you as a person. These typically include data such as:

• Name
• Address
• Email address
• Postal address
• Phone number
• Date of birth
• Identification numbers such as social security number, tax identification number, ID card number or student ID number
• Bank details such as account number, credit information, account balance and more.

According to the European Court of Justice (ECJ), your IP address also counts as personal data. IT experts can use your IP address to determine at least the approximate location of your device and, consequently, identify you as the connection holder. Therefore, the storage of an IP address also requires a legal basis under the GDPR. There are also so-called "special categories" of personal data that are particularly worthy of protection. These include:

• Racial and ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data, such as data obtained from blood or saliva samples
• Biometric data (information on psychological, physical or behavioral characteristics that can identify a person)
  Health data
• Data on sexual orientation or sex life.

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

'Profiling' refers to any form of automated processing of personal data consisting of using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Explanation: Profiling involves collecting various information about a person in order to learn more about them. In the web domain, profiling is often used for advertising purposes or for credit checks. For example, web or advertising analysis programs collect data about your behaviour and interests on a website, which results in a specific user profile that can be used to target advertising to a specific audience.

Controller

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

'Controller' refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for their nomination may be provided for by Union or Member State law.

Explanation: In our case, we are responsible for processing your personal data and therefore the "controller". If we pass on collected data for processing to other service providers, they are "processors". For this, a "data processing agreement (DPA)" must be signed.

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

'Processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we use the term "processing" in our privacy policy, we mean any type of data processing. This includes not only the collection, but also the storage and processing of data, as mentioned in the original GDPR definition above.

Closing statement

Congratulations! If you are reading these lines, you have really "fought" your way through our entire privacy policy, or at least scrolled down to this point. As you can see from the extent of our privacy policy, we take the protection of your personal data very seriously.
It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. We not only want to inform you about which data is being processed, but also to explain the reasons for the use of various software programs. Usually, privacy policies sound very technical and legal. However, since most of you are not web developers or lawyers, we wanted to take a different linguistic approach and explain the matter in simple and clear language. Of course, this is not always possible due to the topic. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible party. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are protected by copyright.

Source: Created with the Privacy Policy Generator from AdSimple