Privacy Policy

Introduction and Overview

We have drafted this Privacy Policy (version 26.05.2025-123003347) to inform you according to the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws about which personal data (hereinafter referred to as “data”) we process as the responsible party – and the processors commissioned by us (e.g., providers) – will process in the future, and which lawful options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal terminology. However, this Privacy Policy aims to describe the most important aspects as simply and transparently as possible. Where it promotes transparency, technical terms are explained in a user-friendly way, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that we process personal data only where a legal basis exists in the context of our business activities. This would not be possible with overly brief, unclear, and legalistic explanations, as is often the standard on the Internet regarding data protection. We hope you find the following explanations interesting and informative and perhaps learn something new.

Should you still have any questions, please do not hesitate to contact the responsible body mentioned below or in the imprint, follow the available links, and seek additional information on third-party websites. Our contact details can also be found in the imprint.

Scope

This Privacy Policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. Processing personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this Privacy Policy includes:

all online presences (websites, online shops) we operate
social media presences and email communications
mobile apps for smartphones and other devices

In short: The Privacy Policy applies to all areas where personal data is structured through the aforementioned channels within the company. Should we enter into legal relationships with you outside these channels, we will inform you separately as necessary.

Legal Bases

In this Privacy Policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, that enable us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read the EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We process your data only if at least one of the following conditions is met:

Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be storing your entered data in a contact form.
Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, we need personal information to enter into a purchase contract with you.
Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to retain invoices for accounting purposes. These typically contain personal data.
Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not override your fundamental rights, we reserve the right to process personal data. For instance, we must process certain data to operate our website securely and economically. This processing is therefore a legitimate interest.

Other bases like public interest, the exercise of official authority, and the protection of vital interests generally do not apply to us. Where such a legal basis does apply, it is specified accordingly.

In addition to the EU Regulation, national laws also apply:

In Austria, this is the Federal Act concerning the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG.
In Germany, the Federal Data Protection Act (BDSG) applies.

If other regional or national laws are applicable, we will inform you about them in the following sections.

Contact Details of the Controller

If you have questions about data protection or the processing of personal data, you will find the contact details of the controller under Article 4(7) GDPR below:

Email: info@tandem-paragleiten.tirol

Storage Duration

As a general principle, we only store personal data for as long as is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to retain certain data even after the original purpose has ceased to exist, for example for accounting purposes.

If you request the deletion of your data or revoke your consent to data processing, we will delete the data as soon as possible, provided there is no obligation to retain it.

We inform you about the specific duration of data processing further below if we have more information on this.

Rights under the General Data Protection Regulation

According to Articles 13 and 14 GDPR, we inform you of the following rights to ensure fair and transparent data processing:

According to Article 15 GDPR, you have the right to know whether we process data about you. If we do, you have the right to receive a copy of the data and to learn:
- the purpose of processing;
- the categories of data being processed;
- who receives this data and if the data is transferred to third countries, how security is ensured;
- how long the data is stored;
- the existence of rights to rectification, deletion, or restriction of processing, and the right to object;
- that you can lodge a complaint with a supervisory authority (links to authorities are provided below);
- the source of the data if it was not collected from you;
- whether profiling is performed, i.e., whether data is automatically evaluated to create a personal profile of you.
According to Article 16 GDPR, you have the right to have inaccurate data corrected.
According to Article 17 GDPR, you have the right to have your data deleted (“right to be forgotten”).
According to Article 18 GDPR, you have the right to restrict processing, meaning that we may only store the data but not use it further.
According to Article 20 GDPR, you have the right to data portability, meaning we must provide your data to you in a common format upon request.
According to Article 21 GDPR, you have the right to object, which, once exercised, changes the way your data is processed.
- If your data is processed based on Article 6(1)(e) GDPR (public interest, exercise of official authority) or Article 6(1)(f) GDPR (legitimate interests), you may object to the processing.
- If data is used for direct marketing, you can object at any time. We may then no longer use your data for direct marketing.
- If data is used for profiling, you can also object at any time, and we must cease such processing.
According to Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing, including profiling.
According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

In short: You have rights — don’t hesitate to contact us!

If you believe that your data is being processed unlawfully or that your data protection rights have been violated in any other way, you can lodge a complaint with a supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, each federal state has its own data protection commissioner. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the responsible authority is:

Austrian Data Protection Authority
Head: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Transfer to Third Countries

We only transfer or process data in countries outside the scope of the GDPR (third countries) if you have consented to this processing or there is another legal permission. This is especially the case if the processing is legally required or necessary to fulfill a contractual relationship and only to the extent permitted.

Your consent is the most important reason we process data in third countries. The processing of personal data in third countries like the USA — where many software providers are located and maintain server locations — may mean that personal data is processed and stored in unexpected ways.

We expressly point out that, according to the European Court of Justice, an adequate level of protection for data transfer to the USA currently only exists if a US company that processes personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. You can find more information here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Processing by US services not participating in the Data Privacy Framework could mean that data may be processed and stored without anonymization and accessed by US authorities. Data collected may also be linked with data from other services if you have an account with the respective provider. Whenever possible, we try to use server locations within the EU.

We will inform you at the appropriate places in this Privacy Policy if data transfer to third countries occurs.

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Wherever possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to infer personal information within the scope of our capabilities.

Article 25 GDPR refers to “data protection by design and by default,” meaning that both software (e.g., forms) and hardware (e.g., server room access) must always be designed with security in mind and corresponding measures must be implemented. Below, we will discuss specific measures if necessary.

TLS Encryption with HTTPS

TLS, encryption, and HTTPS sound very technical — and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to securely transmit data over the Internet.

This means that the entire transmission of data from your browser to our web server is secured — no one can “listen in.”

By implementing TLS (Transport Layer Security), a protocol for encrypted data transmission on the Internet, we ensure the protection of confidential data.

You can recognize the use of this security measure by the small lock symbol 🛡️ in the top-left corner of your browser and by the use of “https” (instead of “http”) in the address bar.

If you want to learn more about encryption, we recommend searching for “Hypertext Transfer Protocol Secure wiki” for good resources.

Communication

Communication Summary

👥 Data Subjects: Anyone communicating with us via telephone, email, or online form
📓 Data Processed: e.g., phone number, name, email address, data entered in forms. More details can be found under each type of communication
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Storage Duration: Duration of the business case and legal requirements
⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Contract), Art. 6(1)(f) GDPR (Legitimate Interests)

When you contact us via telephone, email, or online form, personal data may be processed.

The data is processed for handling and responding to your inquiry and the related business transaction. The data will be stored for as long as necessary to process the inquiry and for as long as legally required.

Data Subjects

All individuals who contact us via the communication channels we provide are affected.

Telephone

If you call us, call data will be pseudonymously stored on the respective end device and by the telecommunications provider. Additionally, data such as your name and phone number may be stored for answering inquiries and subsequently transmitted via email. Data will be deleted as soon as the business case is concluded and legal requirements permit.

Email

When you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and on the email server. The data will be deleted as soon as the business case is completed and legal requirements permit.

Online Forms

When you contact us via an online form, data is stored on our web server and may also be forwarded to one of our email addresses. The data will be deleted as soon as the business case is completed and legal requirements permit.

Legal Bases

The processing of the data is based on the following legal bases:

Art. 6(1)(a) GDPR (Consent): You consent to the storage and further processing of your data for purposes relating to the business case;
Art. 6(1)(b) GDPR (Contract): Necessary for the fulfillment of a contract or pre-contractual activities;
Art. 6(1)(f) GDPR (Legitimate Interests): We aim to conduct customer inquiries and business communication professionally. Technical facilities such as email programs, exchange servers, and mobile operators are necessary to run communication efficiently.

Data Processing Agreement (DPA)

In this section, we explain what a Data Processing Agreement (DPA) is and why it is necessary. Because “Data Processing Agreement” is a bit of a tongue-twister, we will occasionally use the abbreviation DPA in this text.

Like most businesses, we do not work alone but also use the services of other companies or individuals. By involving different companies or service providers, we may pass on personal data for processing. These partners act as processors, and we must conclude a contract with them — the so-called Data Processing Agreement (DPA).

The most important thing for you to know is that the processing of your personal data is strictly based on our instructions and governed by the DPA.

Who are processors?

As a company and website owner, we are responsible for all the data we process about you. In addition to the controller (us), there can also be processors.

In short, any natural or legal person, authority, agency, or other body that processes personal data on our behalf is considered a processor.

Processors can be service providers such as hosting or cloud providers, payment service providers, newsletter providers, or large companies like Google or Microsoft.

For a better understanding of the terminology, here’s an overview of the three roles under GDPR:

Data Subject (you as customer or interested party) → Controller (us as company and client) → Processor (service providers such as web hosts or cloud providers)

Content of a Data Processing Agreement

As mentioned above, we have signed a DPA with all our partners who act as processors. The agreement ensures that processors only process personal data according to the GDPR.

The contract must be concluded in writing, but electronic contracts are considered written in this context.

The DPA must include:

Binding to us as the controller
Duties and rights of the controller
Categories of data subjects
Nature of the personal data
Type and purpose of data processing
Subject and duration of processing
Location of data processing

It also contains all obligations of the processor. The most important duties include:

Ensuring data security measures
Implementing technical and organizational measures to protect the rights of data subjects
Maintaining a record of processing activities
Cooperating with supervisory authorities upon request
Conducting a risk analysis related to the processed personal data
Engaging sub-processors only with the written consent of the controller

You can see an example of a DPA at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html, where a sample contract is provided.

Cookies

Cookies Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Depends on the specific cookie. More details are provided below or by the software provider setting the cookie
📓 Data Processed: Depends on the specific cookie. More details are provided below or by the software provider setting the cookie
📅 Storage Duration: Varies depending on the cookie, from a few hours to several years
⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.

Below, we explain what cookies are and why they are used, so that you can better understand the following Privacy Policy.

Whenever you browse the Internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser — these are called cookies.

One thing is clear: cookies are truly useful helpers. Almost all websites use cookies. More precisely, they use HTTP cookies because there are also other types of cookies for different applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder — the “brain” of your browser. A cookie consists of a name and a value. When creating a cookie, one or more attributes must also be specified.

Cookies store certain user data, such as your language or personal site settings. When you return to our site, your browser sends the “user-specific” information back to our site. Thanks to the cookies, our website knows who you are and offers you your usual settings. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser like Chrome and the web server. The web browser requests a website and receives a cookie from the server, which the browser uses again when another page is requested.

HTTP Cookie interaction between browser and web server

There are first-party cookies and third-party cookies. First-party cookies are created directly by our site; third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. Also, the lifespan of a cookie can range from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans, or other malware. Cookies cannot access information on your PC.

Here’s an example of cookie data:

Name: _ga
Value: GA1.2.1326744211.152123003347-9
Purpose: Differentiation of website visitors
Expiration date: after 2 years

Minimum requirements that a browser should support:

At least 4096 bytes per cookie
At least 50 cookies per domain
At least 3000 cookies in total

What types of cookies are there?

The types of cookies we use specifically depend on the services employed and are detailed in the following sections of this Privacy Policy. Here we want to briefly outline the different types of HTTP cookies:

Essential Cookies
These cookies are necessary to ensure basic website functions. For example, they are needed when a user places a product in the shopping cart and then continues to browse other pages before checking out. These cookies ensure that the cart contents are not deleted even if the browser is closed.
Functional Cookies
These cookies collect information about user behavior and any error messages. They also help measure loading times and website behavior across different browsers.
Performance Cookies
These cookies improve user-friendliness. For instance, they store entered locations, font sizes, or form data.
Advertising Cookies
Also known as targeting cookies, these are used to deliver personalized advertising to users. This can be very practical but also quite annoying.

Typically, when visiting a website for the first time, you are asked which of these cookie types you wish to allow. Your selection is, of course, also saved in a cookie.

If you want to learn more about cookies and are not deterred by technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the “HTTP State Management Mechanism” request for comments by the Internet Engineering Task Force (IETF).

Purpose of Processing via Cookies

The ultimate purpose depends on the specific cookie. More details are provided below or by the provider of the software that sets the cookie.

What data is processed?

Cookies are little helpers for many different tasks. What data is stored in cookies cannot be generalized, but we will inform you about the processed or stored data in the following Privacy Policy.

Storage Duration of Cookies

The storage duration depends on the specific cookie and is clarified further below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You can also influence the storage duration yourself. You can manually delete all cookies at any time via your browser settings (see also below “Right to Object”). Furthermore, cookies based on consent will be deleted at the latest when you withdraw your consent, with the legality of processing until the withdrawal remaining unaffected.

Right to Object — How Can I Delete Cookies?

You decide how and whether you want to use cookies. Regardless of the service or website source, you can always delete, deactivate, or only partially allow cookies in your browser settings. For example, you can block third-party cookies but allow all other cookies.

If you want to determine which cookies are stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

If you generally do not want cookies, you can set your browser to always inform you when a cookie is to be set. This allows you to decide whether to allow each individual cookie. The procedure differs depending on the browser. The best way is to search for the instructions in Google using the search term: “delete cookies [browser name]”.

Legal Basis

Since 2009, there have been what are known as “cookie guidelines.” These state that the storage of cookies requires your consent (Article 6(1)(a) GDPR). Within EU countries, there are, however, still very different reactions to these guidelines. In Austria, the implementation was done through § 165 (3) of the Telecommunications Act (TKG 2021). In Germany, the cookie regulations are largely based on § 25 (1) of the Telecommunications-Telemedia Data Protection Act (TTDSG).

For absolutely necessary cookies, even if no consent has been given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are economic in nature.

We will inform you in the following sections about the precise legal basis of the individual cookies and cookie-based technologies.

Web Hosting Introduction

Web Hosting Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Professional hosting of the website and ensuring operational security
📓 Data Processed: IP address, time of website visit, browser used, and other data. More details can be found below or with the respective web hosting provider.
📅 Storage Duration: Depends on the provider, usually 2 weeks
⚖️ Legal Bases: Article 6(1)(f) GDPR (Legitimate Interests)

What is Web Hosting?

When you visit websites today, certain information — including personal data — is automatically created and stored, and this applies to our website as well. This data should be processed as sparingly and with as much justification as possible. When we refer to a website, we mean all web pages on a domain, from the homepage to the very last subpage. A domain could be something like example.com or sampleexample.com.

When you want to view a website on your computer, tablet, or smartphone, you use a program called a web browser. You are probably familiar with some web browsers: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.

For the website to be displayed, your browser must connect to another computer where the website’s code is stored — the web server. Operating a web server is complex and expensive, so this task is usually handled by professional providers known as hosts, who offer web hosting services and ensure reliable and error-free storage of website data.

When your browser connects to the server and data is transmitted to and from the web server, personal data may be processed. On one hand, your computer stores data, and on the other, the web server must temporarily store data to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between browser, the internet, and the hosting provider:

Browser and Web Server

Why Do We Process Personal Data?

The purposes of data processing are:

Professional hosting of the website and ensuring operational security
Maintaining operational and IT security
Anonymous analysis of access behavior to improve our offer and possibly to pursue legal claims

What Data Is Processed?

Even while you are currently visiting our website, our web server — the computer hosting this site — automatically stores data such as:

The full Internet address (URL) of the accessed website
Browser and browser version (e.g., Chrome 87)
The operating system used (e.g., Windows 10)
The address (URL) of the previously visited page (referrer URL) (e.g., https://www.example-source.com/whereicamefrom/)
The hostname and IP address of the device accessing the site (e.g., COMPUTERNAME and 194.23.43.121)
Date and time
In files called web server log files

How Long Is the Data Stored?

Usually, the data mentioned above is stored for about two weeks and then automatically deleted. We do not disclose this data but cannot rule out that it might be viewed in the event of unlawful behavior by authorities.

In short: Your visit is logged by our provider (the company that runs our website on special servers), but we do not share your data without consent!

Legal Basis

The legality of processing personal data within the scope of web hosting is based on Article 6(1)(f) GDPR (legitimate interests), as the use of professional hosting with a provider is necessary to securely and user-friendly present the company on the internet and, if necessary, pursue attacks and claims.

We usually have a data processing agreement (DPA) with the hosting provider under Article 28 GDPR, which ensures compliance with data protection and guarantees data security.

World4You Privacy Policy

World4You Privacy Policy Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Website hosting and accessibility on the Internet
📓 Data Processed: IP address, primarily technical data
📅 Storage Duration: Log files are deleted after 14 days
⚖️ Legal Bases: Article 6(1)(f) GDPR (Legitimate Interests)

What is World4You?

You may have heard of the web hosting provider World4You, which is particularly popular in Austria. The service provider is the Austrian company World4You Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria.

Since 1998, this company from Linz, Upper Austria’s capital city, has been active in the web hosting sector. World4You operates several of its own data centers in Austria and relies on in-house technology, ensuring reliable operation and fast server connections. As we explained in our introduction to web hosting, data is also transmitted to and processed on World4You’s servers when you visit our website. Primarily, this involves technical data such as your browser version or operating system, but your IP address — a personal datum — is also processed.

Why Do We Use World4You?

For a website, reliability, speed, and security are crucial — just as you would expect. Even if you access our website in the middle of the night or if we have many visitors at once, it must function smoothly. Clicking on subpages should not take ages to load. Should any problems occur, there must be a solid backup system in place to safeguard our content and protect all data.

To ensure all this, we need a reliable web host. We believe we have found that partner in World4You, who meets these demands. Thanks to their own data centers and fixed bandwidth, websites can be accessed quickly. We also appreciate their personal customer support.

What Data Is Processed by World4You?

World4You can process personal data about you. When you visit our website, the web server automatically stores data such as:

The full Internet address (URL) of the accessed website
Device information like browser version and operating system
The address (URL) of the previously visited site
Hostname and IP address of the device used
Date and time of access
Possibly location data

The IP address can be used to enhance website security, detect errors, and conduct anonymous statistical analyses. Cookies may also be used for data storage.

How Long and Where Is the Data Stored?

The data is stored on World4You’s own servers. The exact retention period depends heavily on the type of data and individual configurations. Generally, World4You stores data as long as necessary to fulfill their obligations. Data collected solely to provide the website is deleted after the session ends. Data stored in log files is typically deleted after 14 days. However, data may be retained longer for legal evidence purposes if necessary.

How Can I Delete My Data or Prevent Data Storage?

You have the right to access, correct, delete, and restrict the processing of your personal data at any time. You can also revoke your consent to data processing at any time.

If you do not want cookies to be set or data to be stored, you can disable cookies via your browser settings. The process varies slightly depending on your browser.

Please refer to our Cookies section for links to instructions on managing cookies in the most popular browsers.

Legal Basis

We have a legitimate interest in using World4You to provide our online service (Article 6(1)(f) GDPR).

You can also contact World4You directly if you have specific data protection questions. We recommend reviewing World4You’s privacy policy at https://www.world4you.com/en/company/privacy-policy.html and their GDPR FAQ section at https://www.world4you.com/faq/en/gdpr.html for more detailed information.

Data Processing Agreement (DPA) with World4You

In accordance with Article 28 GDPR, we have concluded a Data Processing Agreement (DPA) with World4You Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria.

This legally required agreement ensures that World4You processes personal data solely in accordance with our instructions and complies with the GDPR.

You can find the link to World4You’s DPA here: https://www.world4you.com/faq/en/gdpr/faq.does-world4you-provide-a-data-processing-agreement.html

Web Analytics Introduction

Web Analytics Privacy Policy Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Evaluation of visitor information to optimize our web offering
📓 Data Processed: Access statistics, including data such as access locations, device data, access times and duration, navigation behavior, click behavior, and IP addresses. More details are provided by each Web Analytics tool used.
📅 Storage Duration: Depends on the Web Analytics tool used
⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Web Analytics?

We use software on our website to analyze the behavior of website visitors — known as Web Analytics or Web Analysis. Data is collected, stored, managed, and processed by the respective analytics tool provider (also called a tracking tool). These data help create analyses of user behavior on our website, which are then made available to us as website operators. Additionally, most tools offer testing options — for example, to test which offers or content are best received by our visitors. For such tests (so-called A/B testing) and other analytics procedures, user profiles may be created and data may be stored in cookies.

Why Do We Use Web Analytics?

With our website, we aim to provide the best web offering in our field. To achieve this, we strive to deliver the most attractive and useful content and ensure that you have an outstanding experience on our site. Web Analytics tools allow us to observe visitor behavior and optimize our offerings accordingly. For instance, we can see the average age of our visitors, their origin, peak visit times, and which content or products are most popular. All this information helps us tailor our website to your needs, interests, and wishes.

What Data Is Processed?

The exact data stored depends on the analysis tool used. Generally, the data recorded includes:

Which content you view on our website
What buttons or links you click
When you access a page
The browser you use
The device you use (PC, tablet, smartphone, etc.)
Your operating system

If you have agreed to location data being collected, it can also be processed by the analytics provider. Furthermore, your IP address is recorded — considered personal data under GDPR. However, IP addresses are usually pseudonymized (masked and shortened) for storage.

No direct personal data such as your name, address, or email address is typically stored — only pseudonymized data, meaning that personal identification is generally not possible.

The following diagram illustrates how client-based web tracking with JavaScript code, such as Google Analytics, typically works:

Schematic Data Flow for Google Analytics

The storage duration depends on the provider — some cookies store data for a few minutes, others for several years.

Duration of Data Processing

We inform you below about the specific duration of data processing where further details are available. Generally, we process personal data only as long as necessary to provide our services and products. Where required by law, such as in bookkeeping, data may be stored longer.

Right to Object

You always have the right to revoke your consent to the use of cookies or third-party providers. This can be done through our cookie management tool or via other opt-out functions. You can also prevent data collection via cookies by disabling cookies in your browser settings.

Legal Basis

The use of Web Analytics requires your consent, which we obtain via a cookie popup. This consent is the legal basis for processing personal data according to Article 6(1)(a) GDPR.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our offering technically and economically. Web Analytics helps us detect website errors, identify attacks, and enhance profitability. This constitutes a legitimate interest under Article 6(1)(f) GDPR.

As Web Analytics tools use cookies, we recommend reading our general Cookies privacy policy. To find out exactly what data is collected and processed, please read the privacy policies of the respective tools.

Social Media Introduction

Social Media Privacy Policy Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Presentation and optimization of our services, communication with visitors, prospective customers, etc., advertising
📓 Data Processed: Data such as phone numbers, email addresses, contact details, user behavior data, device information, and IP addresses.
More details can be found with each social media tool used.
📅 Storage Duration: Depends on the respective social media platform
⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Social Media?

In addition to our website, we are also active on various social media platforms. User data can be processed so that we can specifically address users interested in our company via social networks. Additionally, social media elements may be embedded directly into our website — for example, when you click on a social button that leads you to our social media profile.

Social media platforms are websites and apps where registered users can produce, exchange, and network content openly or in specific groups.

Why Do We Use Social Media?

For years, social media platforms have been where people communicate and connect online. Through our social media presences, we can present our products and services to interested parties. Embedded social media elements on our website help you quickly and easily access our social media content.

The data processed by social media platforms is primarily used for web analytics. These analyses aim to develop more precise and personalized marketing and advertising strategies. Based on your behavior on a social media platform, conclusions can be drawn about your interests, allowing the platforms to show you tailored advertisements. Most platforms set cookies in your browser to store data about your usage behavior.

Typically, we remain the data controller even when using social media services. However, the European Court of Justice has ruled that in certain cases, we may be jointly responsible with the social media platform under Article 26 GDPR. Where applicable, we point this out explicitly and provide the key elements of such agreements further below.

Please note that when using social media platforms or embedded elements, your data may be processed outside the European Union, particularly in the United States, where many platforms are based. As a result, you may not be able to easily exercise or enforce your data protection rights.

What Data Is Processed?

The specific data processed depends on the provider. Typically, the data includes:

Phone numbers, email addresses, and contact details
Data entered into contact forms
User data like clicked buttons, likes, follows, visited pages
Device and browser information
IP addresses

Most of this data is stored in cookies. If you have a profile with the platform and are logged in, data can be linked directly to your profile.

All data collected via social media platforms is stored on the providers’ servers, meaning only they have access and can provide you with detailed information or changes regarding your data.

To learn exactly what data is stored and processed and how to object to data processing, we recommend reading the respective privacy policies of the platforms. For inquiries about data processing, we suggest contacting the provider directly.

Duration of Data Processing

We inform you about specific storage durations where possible. For example, Facebook retains data until it is no longer needed for their purposes. Customer data matched with their own user data is deleted within two days. Generally, we process personal data only as long as necessary to provide our services and products. Where required by law (e.g., for bookkeeping), the retention period may be longer.

Right to Object

You can revoke your consent to the use of cookies or third-party services such as embedded social media elements at any time. This can be done via our cookie management tool or other opt-out mechanisms. Alternatively, you can prevent data collection by managing, disabling, or deleting cookies in your browser settings.

Since social media tools may use cookies, we also recommend reviewing our general Cookies privacy policy. For detailed information about data storage and processing, please read the privacy policies of the respective providers.

Legal Basis

If you have consented to data being processed and stored via embedded social media elements, this consent is the legal basis (Article 6(1)(a) GDPR). Your data is also processed based on our legitimate interest (Article 6(1)(f) GDPR) in fast and efficient communication with you and other customers and business partners. However, we only use these tools if you have given your consent.

Most social media platforms also use cookies to store data. We recommend reading our Cookies policy and the respective provider’s privacy or cookie policies.

You will find information about specific social media platforms — where applicable — in the following sections.

Facebook Privacy Policy

Facebook Privacy Policy Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Optimization of our services
📓 Data Processed: Data such as customer information, user behavior data, device information, and IP addresses.
More details can be found further below in this privacy policy.
📅 Storage Duration: Until the data is no longer useful for Facebook’s purposes
⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What Are Facebook Tools?

We use selected tools from Facebook on our website. Facebook is a social media network operated by Meta Platforms Inc., and in Europe by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These tools help us offer the best possible services and products to users interested in what we provide.

When you interact with embedded Facebook elements or our Facebook page (Fanpage), both we and Facebook Ireland Ltd. are responsible for data collection and forwarding. Facebook is solely responsible for any further processing. Our mutual obligations are defined in a public agreement available at https://www.facebook.com/legal/controller_addendum.

This agreement stipulates that we must inform you clearly about the use of Facebook tools on our site and ensure that they are implemented in a GDPR-compliant manner. Facebook, in turn, is responsible for the data security of Facebook products. For questions about data collection and processing by Facebook, you can contact the company directly. If questions are addressed to us, we are obliged to forward them to Facebook.

Below, we provide an overview of the various Facebook tools, the data sent to Facebook, and how you can manage or delete this data.

Among many other products, Facebook offers what are called “Facebook Business Tools.” Since this term is not very well known, we refer to them simply as Facebook tools. These include:

Facebook Pixel
Social plugins (e.g., the “Like” or “Share” button)
Facebook Login
Account Kit
APIs (Application Programming Interfaces)
SDKs (Software Development Kits)
Platform Integrations
Plugins
Codes
Specifications
Documentation
Technologies and Services

These tools extend Facebook’s services and allow them to collect information about user activities outside of Facebook.

Why Do We Use Facebook Tools on Our Website?

We want to show our services and products only to people who are truly interested. Facebook Ads help us reach exactly these people. To tailor ads to user interests, Facebook requires information about their behavior and interests, which it collects via data from our website.

This behavioral data, known as “event data,” is also used for measurement and analytics services. Facebook can create “campaign reports” on our behalf, helping us understand how users interact with our ads. This improves your user experience and enables us to optimize our website and advertising efforts.

What Data Is Stored by Facebook Tools?

When you use individual Facebook tools, personal data such as customer information can be transmitted to Facebook. Depending on the tool, this may include:

Name, address, phone number, IP address

Facebook matches this information with the data it already has about you (if you are a Facebook member). Before transmitting customer data, the data undergoes a process called “hashing,” which converts it into a string of characters for encryption.

In addition to contact details, “event data” is collected — information like:

Which subpages you visit
What products you buy
Interaction behavior on the website

Facebook uses this event data for personalized advertising. Event data can be linked to customer data, allowing Facebook to create better targeted ads. Facebook deletes contact details after the matching process.

To optimize ad delivery, event data is used only when combined with other data Facebook has collected through different means. Facebook also uses this data for security, protection, development, and research purposes. Most of the data is transmitted to Facebook via cookies.

For more general information about Facebook cookies, visit https://www.facebook.com/policies/cookies.

How Long and Where Is the Data Stored?

In principle, Facebook stores data until it is no longer needed for its services and products. Facebook maintains servers around the world, but customer data, after being matched with Facebook user data, is deleted within 48 hours.

How Can I Delete My Data or Prevent Data Storage?

According to GDPR, you have the right to access, correct, transfer, and delete your data.

You can completely delete your Facebook account by following these steps:

Click on “Settings” in Facebook.
In the left column, click on “Your Facebook Information.”
Click “Deactivation and Deletion.”
Choose “Delete Account” and click “Continue to Account Deletion.”
Enter your password, click “Continue,” and then “Delete Account.”

Data Facebook receives via our site, particularly through social plugins, is stored in cookies. You can manage, disable, or delete cookies in your browser settings (refer to our Cookies section for links).

Alternatively, you can set your browser to notify you whenever a cookie is about to be set, allowing you to allow or deny it individually.

Legal Basis

If you have consented to the processing and storage of your data via embedded Facebook tools, this consent serves as the legal basis under Article 6(1)(a) GDPR. Data processing also takes place based on our legitimate interest (Article 6(1)(f) GDPR) in efficient communication with you and other customers.

Facebook processes data in the USA and is an active participant in the EU-US Data Privacy Framework, ensuring the lawful transfer of personal data from EU citizens to the USA. More details can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Facebook uses Standard Contractual Clauses (SCCs) under Article 46(2) and (3) GDPR. These templates ensure that your data meets European protection standards even when transferred outside the EU. You can read more about SCCs at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

Facebook’s data processing terms, referencing the SCCs, can be found at https://www.facebook.com/legal/terms/dataprocessing.

For more detailed information on how Facebook uses your data, visit https://www.facebook.com/privacy/policy/.

Instagram Privacy Policy

Instagram Privacy Policy Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Optimization of our services
📓 Data Processed: Data such as user behavior data, device information, and IP addresses.
More details can be found further below in this privacy policy.
📅 Storage Duration: Until Instagram no longer needs the data for its purposes
⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Instagram?

We have integrated features from Instagram on our website. Instagram is a social media platform operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA. Since 2012, Instagram has been a subsidiary of Meta Platforms Inc. (formerly Facebook Inc.). Embedding Instagram content on our website — known as “embedding” — allows us to display Instagram features like buttons, photos, or videos directly on our site. When you visit a webpage with an integrated Instagram function, data is transmitted to and processed by Instagram.

Instagram uses the same systems and technologies as Facebook, meaning your data is processed across all Meta companies.

Below, we explain what data Instagram collects, why it collects it, and how you can manage or control data processing as much as possible.

Why Do We Use Instagram on Our Website?

Instagram has seen massive growth in recent years, and we want to respond to this trend. We aim to make your experience on our website as pleasant and engaging as possible. By embedding Instagram content, we can enrich our website with interesting, helpful, or entertaining posts from the Instagram world.

As Instagram is part of Facebook, the collected data can also be used for personalized advertising on Facebook. This ensures that our ads reach only those users who are genuinely interested in our offerings.

Instagram also uses the collected data for measurement and analytics purposes, providing us with aggregated, non-personally identifiable statistics and insights about user preferences and interactions.

What Data Is Stored by Instagram?

When you interact with an Instagram feature (e.g., a photo or button) on our website, your browser automatically establishes a connection with Instagram’s servers. Data transmitted and processed includes:

Information about the website you visited
Device information (browser, operating system)
Purchases made
Ads you interact with
Your usage behavior on our site
Date and time of your interaction

If you have an Instagram account and are logged in, Instagram can associate this data with your personal profile.

Facebook (and by extension Instagram) differentiates between “customer data” and “event data”:

Customer data includes name, address, phone number, and IP address.
Event data includes information about your interactions with our website (e.g., pages visited, buttons clicked).

Customer data is “hashed” before being transmitted — meaning it is converted into a string of characters to encrypt the data. Event data can be linked with customer data to enhance personalized advertising and improve services.

Data is primarily transmitted via cookies stored in your browser. Depending on the features used and your Instagram account status, varying amounts of data are stored.

Below are some cookies set by Instagram when you interact with its features:

Name	Purpose	Expiration
`csrftoken`	Security purposes, likely to prevent cross-site request forgeries.	After 1 year
`mid`	Identifies the user uniquely to optimize services.	End of session
`fbsr_123003347124024`	Stores login request for Instagram app users.	End of session
`rur`	Ensures Instagram functionality.	End of session
`urlgen`	Marketing purposes, stores location data.	End of session

Please note: This is a sample — exact cookies and data depend on the specific Instagram feature used and your personal browser settings.

How Long and Where Is the Data Stored?

Instagram shares the collected information with Facebook companies and external partners worldwide. Data is processed according to their Data Policy and stored on servers around the world — mainly in the USA.

Collected data is stored as long as necessary for service provision and security purposes. Aggregated (non-personally identifiable) data may be stored longer. Direct personal data like IP addresses are typically anonymized or deleted after 90 days.

How Can I Delete My Data or Prevent Data Storage?

Under the GDPR, you have the right to access, correct, transfer, and delete your personal data. You can manage your data via Instagram settings.

To completely delete your Instagram account:

Open the Instagram app.
Go to your profile, then tap “Help.”
You will be redirected to the Instagram website.
Under “Managing Your Account,” select “Delete Your Account.”

Once deleted, posts, photos, and status updates will be permanently removed. However, content shared by others will not be deleted.

You can also manage cookies in your browser settings to prevent data collection. See our Cookies section for detailed instructions for each major browser.

Alternatively, set your browser to notify you before cookies are set, allowing you to accept or reject each one individually.

Legal Basis

If you have consented to the processing of your data via embedded social media elements, this consent serves as the legal basis (Article 6(1)(a) GDPR). Data processing also occurs based on our legitimate interest (Article 6(1)(f) GDPR) in efficient and quick communication with customers and business partners. However, we use embedded elements only if you have given your consent.

Instagram processes data in the USA and is an active participant in the EU-US Data Privacy Framework, ensuring compliant and secure data transfer from EU citizens to the USA. More information is available at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Instagram uses Standard Contractual Clauses (SCCs) under Article 46(2) and (3) GDPR. SCCs ensure that your data meets European data protection standards even when transferred to third countries. You can find more about the SCCs at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

For more information on how Instagram handles your data, we recommend reviewing Instagram’s Data Policy at https://privacycenter.instagram.com/policy/.

Content Delivery Networks Introduction

Content Delivery Networks Privacy Policy Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Optimization of our service performance (to enable faster website loading)
📓 Data Processed: Data such as your IP address
More details can be found below and in the individual privacy policies.
📅 Storage Duration: Most data is stored only as long as necessary to fulfill the service
⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is a Content Delivery Network?

We use a Content Delivery Network (CDN) on our website. A CDN helps us load our website quickly and reliably regardless of your location. In doing so, personal data may be stored, managed, and processed on the CDN provider’s servers. Below, we explain the service and data processing in more detail. For exact information, please refer to the privacy policy of the respective provider.

A CDN is a network of regionally distributed servers, all interconnected via the Internet. This network enables the fast and seamless delivery of website content, especially large files, even during peak traffic periods. The CDN creates a copy of our website on its servers, and because these servers are globally distributed, delivery time to your browser is significantly reduced.

Why Do We Use a Content Delivery Network on Our Website?

A fast-loading website is an essential part of our service. We understand how frustrating it can be when a website loads slowly — often causing users to leave before the page fully loads. We want to avoid that. Using a CDN significantly speeds up our website loading time. This is particularly beneficial when you are accessing the site from abroad, as it delivers the website from a server near you.

What Data Is Processed?

When you request a website that is cached on a CDN, the request is directed to the nearest server, which delivers the content. CDNs can host JavaScript libraries, WordPress plugins, and other assets. Your browser may transmit personal data such as IP address, browser type, browser version, the web page being loaded, or the time and date of the visit to the CDN. This data is collected and stored by the CDN. Whether cookies are used depends on the specific CDN — please consult the privacy policies of the respective providers for details.

Right to Object

If you wish to completely prevent data transmission to a CDN, you can install a JavaScript blocker (e.g., https://noscript.net/) on your device. However, this may negatively affect the website’s performance and user experience.

Legal Basis

If you have consented to the use of a Content Delivery Network, your consent is the legal basis for data processing (Article 6(1)(a) GDPR).

Additionally, we have a legitimate interest (Article 6(1)(f) GDPR) in using a CDN to optimize and secure our online service. However, we only use the tool if you have provided consent.

Information about specific CDNs can be found — if available — in the following sections.

Cookie Consent Management Platform Introduction

Cookie Consent Management Platform Summary

👥 Data Subjects: Website visitors
🤝 Purpose: Obtaining and managing consent for certain cookies and tools
📓 Data Processed: Data for managing cookie settings such as IP address, time of consent, type of consent, individual consents. More details can be found with each tool used.
📅 Storage Duration: Depends on the tool used; generally, data is stored for several years
⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is a Cookie Consent Management Platform?

We use a Consent Management Platform (CMP) on our website to ensure the proper and lawful use of scripts and cookies. This software automatically generates a cookie popup, scans and monitors all scripts and cookies, provides legally required cookie consent options for you, and helps both you and us keep track of all cookies.

Most Cookie Consent Management Tools identify and categorize all cookies used. As a visitor, you can then decide for yourself which scripts and cookies you want to allow or decline. The graphic below illustrates the relationship between the browser, web server, and CMP:

Consent Management Platform Overview

Why Do We Use a Cookie Management Tool?

Our goal is to offer you maximum transparency in matters of data protection. We are also legally obliged to do so. We want to inform you about all tools and cookies that may collect and process your data. It is your right to decide which cookies you accept and which you do not. To grant you this right, we must first identify all cookies on our website.

Thanks to a cookie management tool that regularly scans the website for cookies, we can provide GDPR-compliant information. Using the consent system, you can accept or reject cookies as you wish.

What Data Is Processed?

With our Cookie Management Tool, you can manage each individual cookie and maintain complete control over your data storage and processing preferences. Your consent declaration is stored to avoid asking for it again on each visit and to be able to prove your consent when required by law. This is stored either in an opt-in cookie or on a server.

The storage period of your consent depends on the tool used — generally up to two years. Stored data may include:

Pseudonymous user ID
Time of consent
Details on cookie categories and tools
Browser and device information

Duration of Data Processing

We inform you about specific data retention periods where possible. In general, personal data is processed only as long as necessary to provide our services. Cookie storage periods vary; some cookies are deleted once you leave the site, while others may persist for years. More specific details can be found in the privacy policies of the respective providers.

Right to Object

You can revoke your consent to the use of cookies at any time — either via our Cookie Management Tool or other opt-out features. You can also prevent data collection by managing, disabling, or deleting cookies in your browser settings.

More information about specific Cookie Management Tools can be found — if available — in the following sections.

Legal Basis

If you consent to the use of cookies, your consent serves as the legal basis for the processing of personal data (Article 6(1)(a) GDPR).

To manage your consent, we use a Cookie Consent Management Platform. This enables us to operate our website in a legally compliant and efficient manner, representing a legitimate interest under Article 6(1)(f) GDPR.

Security & Anti-Spam

Security & Anti-Spam Privacy Policy Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Cybersecurity
📓 Data Processed: Data such as your IP address, name, or technical data like browser version
More details can be found below and in the individual privacy policies.
📅 Storage Duration: Most data is stored only as long as necessary to fulfill the service
⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Security & Anti-Spam Software?

Security & Anti-Spam software helps protect both you and us from spam emails, phishing attacks, and other cyber threats. Spam refers to unsolicited mass emails, often containing advertising. Phishing involves deceptive messages aimed at stealing personal information. Anti-spam software protects against such spam and malicious emails, which might introduce viruses or malware into our systems. We also use general firewall and security systems to safeguard our computers from unauthorized network attacks.

Why Do We Use Security & Anti-Spam Software?

We prioritize security on our website to protect both your data and ours. Cyberattacks have become a daily threat in the online world. Hackers often attempt to steal personal data from IT systems. A robust defense system is essential. Security software monitors all inbound and outbound network traffic to detect and block unauthorized access. In addition to standard security systems, we also use external security services to enhance protection against cybercrime.

What Data Is Processed by Security & Anti-Spam Software?

The exact data collected depends on the service used. Generally, only the data necessary to fulfill the offered service is collected. This may include:

Name
Address
IP address
Email address
Browser type and version
Performance and log data

These data are processed in compliance with applicable laws, including the GDPR. Some services may work with third parties who process data on their behalf under strict privacy regulations and security measures. Data is usually stored using cookies.

Duration of Data Processing

We inform you about specific data retention periods where possible. Generally, personal data is processed only as long as necessary for providing services. Security software providers may store data longer if needed. Unfortunately, precise retention periods are often not disclosed by providers.

Right to Object

You may withdraw your consent to the use of cookies or third-party security software at any time. This can be done via our Cookie Management Tool or by managing cookies in your browser settings.

Since security services often use cookies, we recommend reading our general Cookies privacy policy. You can find further details about data collection and storage in the respective service providers’ privacy policies.

Legal Basis

We use security services primarily based on our legitimate interest (Article 6(1)(f) GDPR) in maintaining a secure system against cyberattacks.

Certain processing activities, especially those involving cookies and security features, require your consent. If you consent to the processing and storage of your data via security services, this consent constitutes the legal basis (Article 6(1)(a) GDPR).

Most of the services we use store data via cookies in your browser. We recommend reading our Cookies privacy policy and the privacy policies of the respective service providers.

Google reCAPTCHA Privacy Policy

Google reCAPTCHA Privacy Policy Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Optimization of our services and protection against cyberattacks
📓 Data Processed: Data such as IP address, browser information, operating system, limited location and usage data
More details can be found below in this privacy policy.
📅 Storage Duration: Depends on the data collected
⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is reCAPTCHA?

Our top priority is to secure and protect our website. To achieve this, we use Google reCAPTCHA from Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. reCAPTCHA helps us determine whether a user is a real person and not a bot or spam software. Traditional CAPTCHAs required solving text or image puzzles. With Google’s reCAPTCHA, this is usually not necessary — often, simply checking a box suffices. With Invisible reCAPTCHA, no interaction is required at all.

reCAPTCHA is a free captcha service that protects websites from spam and abuse by non-human visitors. It’s primarily used for securing forms. A captcha is a type of Turing test to distinguish humans from bots. Unlike traditional CAPTCHAs, reCAPTCHA uses advanced risk analysis techniques to make this distinction without active user involvement.

Why Do We Use reCAPTCHA on Our Website?

We want to ensure that our site is used by real people, not bots or malicious software. Google reCAPTCHA helps us protect our website and your security. Without it, bots could register massive numbers of fake accounts or flood forums and blogs with spam content. reCAPTCHA allows us to prevent such attacks effectively.

What Data Is Stored by reCAPTCHA?

reCAPTCHA collects personal data to verify that interactions are human. This may include:

IP address
Browser and operating system information
Referrer URL (the page the user came from)
Date and time of the visit
Mouse and keyboard movements
Language settings
Screen resolution
Cookies

reCAPTCHA may also check for existing Google cookies in your browser and set a new cookie as part of the verification process.

Examples of cookies used by reCAPTCHA (from the demo site https://www.google.com/recaptcha/api2/demo):

Name	Purpose	Expiration
IDE	Records user actions for measuring ad effectiveness (set by DoubleClick)	After 1 year
1P_JAR	Collects website usage statistics and measures conversions	After 1 month
ANID	Used for advertising purposes	After 9 months
CONSENT	Stores consent status for Google services	After 19 years
NID	Personalizes advertising in Google search	After 6 months
DV	Used by Google Analytics for personalized ads	After 10 minutes

Note: This list is not exhaustive, as Google may modify the cookies used at any time.

How Long and Where Are the Data Stored?

Data collected by reCAPTCHA is transferred to and stored on Google’s servers, which are located globally (primarily in the USA and Europe). IP addresses are generally anonymized within EU member states before transmission to the USA.

If you are logged into your Google account while using reCAPTCHA, the data may be associated with your account. For detailed information, refer to Google’s privacy policy.

How Can I Delete My Data or Prevent Data Storage?

To avoid data transmission to Google, log out of your Google account and delete all Google cookies before visiting our website. Generally, data is transmitted automatically when visiting a page with reCAPTCHA.

For deletion requests, you can contact Google Support: https://support.google.com/.

Note that data may be transferred and processed outside the EU. The USA is currently classified as an insecure third country under European data protection laws, although protections such as the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) help ensure an adequate level of protection.

Legal Basis

If you have given your consent to the use of Google reCAPTCHA, this consent constitutes the legal basis for data processing (Article 6(1)(a) GDPR).

Additionally, we have a legitimate interest (Article 6(1)(f) GDPR) in using Google reCAPTCHA to optimize and secure our online services. However, we only use Google reCAPTCHA if you have provided your consent.

Google participates in the EU-US Data Privacy Framework, ensuring lawful data transfer from the EU to the USA. More information: EU-US Data Privacy Framework.

Google also uses Standard Contractual Clauses (SCCs) as an additional protection mechanism. These SCCs are templates approved by the EU Commission to safeguard your data even in countries with lower data protection standards. More information about the SCCs: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

Google’s data processing terms for Ads, which reference the SCCs, can be found here: https://business.safety.google/intl/en/adsprocessorterms/.

For more details on reCAPTCHA and how it works, visit: https://developers.google.com/recaptcha/.

For Google’s privacy policy, go to: https://policies.google.com/privacy.

Audio & Video Introduction

Audio & Video Privacy Policy Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Optimization of our services
📓 Data Processed: Data such as contact information, user behavior data, device information, and IP address may be collected.
More details can be found further below in the respective privacy policies.
📅 Storage Duration: Data is generally retained as long as necessary for the service purpose
⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What Are Audio and Video Elements?

We have embedded audio and video elements on our website to allow you to listen to or watch content (such as videos or podcasts) directly on our site. These contents are provided by third-party service providers, meaning all media is streamed from their servers.

Such embedded features come from platforms like YouTube, Vimeo, or Spotify. While many of these platforms offer free services, some may also include premium or paid content. With these integrated elements, you can access various media directly through our website.

Why Do We Use Audio & Video Elements on Our Website?

Our goal is to deliver the best possible content and make it as easily accessible as possible. Nowadays, content is often conveyed not only through text and images but also through audio and video. Instead of redirecting you via links, we can present videos or audio content directly on our site — enriching your user experience and facilitating access to engaging content.

What Data Is Stored by Audio & Video Elements?

When you access a page containing an embedded audio or video element, your browser connects to the servers of the third-party provider. Data transmitted and stored may include:

Your IP address
Browser type and operating system
Basic device information
The referring website (from where you accessed the content)
Information about your web activity (e.g., session duration, bounce rate, button clicks)

These data are usually collected via cookies or pixel tags (also called web beacons). Cookies are small text files stored in your browser; they often contain pseudonymized information.

The exact data collected depend on the provider. Please refer to the privacy policies of the respective service providers for detailed information.

Duration of Data Processing

We inform you about specific retention periods where possible. Generally, personal data is only processed as long as necessary to provide our services. Third-party providers may retain data longer, depending on their internal policies. Cookies, in particular, can have different lifespans, ranging from being deleted after leaving the site to remaining stored for several years.

Right to Object

You can withdraw your consent to the use of cookies or third-party services at any time. This can be done via our Cookie Management Tool or by managing cookies in your browser settings. Revoking consent does not affect the lawfulness of processing based on consent before its withdrawal.

Since embedded audio and video features typically involve cookies, we recommend reading our general Cookies privacy policy. For further details, please check the privacy policies of the respective third-party providers.

Legal Basis

If you have given consent for the processing of your data via embedded audio and video elements, this consent constitutes the legal basis (Article 6(1)(a) GDPR).

Additionally, data processing occurs based on our legitimate interest (Article 6(1)(f) GDPR) in maintaining fast and effective communication with our users and partners. However, we only deploy these elements if you have provided consent.

Vimeo Privacy Policy

Vimeo Privacy Policy Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Optimization of our services
📓 Data Processed: Data such as contact details, user behavior data, device information, and IP address may be collected.
More details can be found further below in this privacy policy.
📅 Storage Duration: Data is generally stored as long as necessary for the service purpose
⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is Vimeo?

We use videos from Vimeo on our website. Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plugin, we can display engaging video content directly on our website, during which certain data may be transmitted to Vimeo.

Vimeo is a video platform founded in 2004, offering HD video streaming since 2007 and 4K Ultra HD streaming since 2015. Unlike market leader YouTube, Vimeo focuses on high-quality, artistic, and documentary content.

Why Do We Use Vimeo on Our Website?

Our goal is to deliver the best possible content to you in the simplest way. Embedding Vimeo videos directly into our site enhances your user experience by making content instantly accessible without redirecting you elsewhere. Vimeo helps us provide high-quality video content as an extension of our service.

What Data Is Stored by Vimeo?

When you visit a page with an embedded Vimeo video, your browser connects to Vimeo’s servers, leading to data transfer and storage. Whether or not you have a Vimeo account, Vimeo collects data such as:

Your IP address
Browser type and operating system
Basic device information
The referring website
User activity on the website (e.g., session duration, bounce rate, button clicks)

This data is often collected via cookies or similar technologies. If you are logged into a Vimeo account while browsing, your activity can be directly linked to your account. To avoid this, log out of Vimeo before visiting our site.

Cookies Set by Vimeo:

Name	Purpose	Expiration
`player`	Stores your preferences before playing an embedded Vimeo video.	After 1 year
`vuid`	Collects information about your interactions with pages containing Vimeo videos.	After 2 years

Note: Additional cookies such as _ga, _gat_UA-76641-8 (Google Analytics), or _fbp (Facebook) may be set depending on your interaction.

Examples of Additional Cookies:

Name	Purpose	Expiration
`_abexps`	Remembers user settings like preferred language or region.	After 1 year
`continuous_play_v3`	Remembers playback preferences like pausing/resuming videos.	After 1 year
`_ga`	Differentiates website visitors (Google Analytics).	After 2 years
`_gcl_au`	Improves ad efficiency (Google AdSense).	After 3 months
`_fbp`	Displays ads through Facebook.	After 3 months

Vimeo states that it only uses first-party cookies (its own cookies) for embedded videos, provided you don’t interact with them.

How Long and Where Are the Data Stored?

Vimeo’s headquarters are in White Plains, New York, USA, but it operates globally. Your data may be stored on servers in the USA and other countries. Data remains with Vimeo as long as necessary for business purposes, after which it is deleted or anonymized.

How Can I Delete My Data or Prevent Data Storage?

You can manage cookies in your browser settings to delete or disable cookies as you prefer. Instructions are available in our Cookies section. Note that disabling cookies may limit some functionalities.

If you are a registered Vimeo user, you can also manage your cookie preferences in your Vimeo account settings.

Legal Basis

If you have given consent for the processing of your data via embedded Vimeo elements, this consent constitutes the legal basis (Article 6(1)(a) GDPR).

Additionally, data processing is based on our legitimate interest (Article 6(1)(f) GDPR) in ensuring smooth communication and content delivery. We only use embedded Vimeo elements if you have provided consent.

Vimeo processes data in the USA. According to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This could entail risks regarding the legality and security of data processing.

To protect your data, Vimeo uses Standard Contractual Clauses (SCCs) (Article 46(2) and (3) GDPR) — templates provided by the EU Commission to ensure your data is treated according to European data protection standards even when transferred to the USA. More information about SCCs: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

Details on Vimeo’s use of SCCs: https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights.

For more information about cookies on Vimeo: https://vimeo.com/cookie_policy

YouTube Privacy Policy

YouTube Privacy Policy Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Optimization of our services
📓 Data Processed: Data such as contact information, user behavior data, device information, and IP address may be collected.
More details can be found further below in this privacy policy.
📅 Storage Duration: Data is generally retained as long as necessary for the service purpose
⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What is YouTube?

We have embedded YouTube videos on our website to present engaging content directly. YouTube is a video platform and a subsidiary of Google since 2006, operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with an embedded YouTube video, your browser automatically connects to YouTube or Google servers, transferring various data depending on your settings. For all data processing within the European Economic Area, the responsible entity is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

In this section, we explain what data is processed, why we use YouTube videos, and how you can manage or delete your data.

On YouTube, users can watch, rate, comment on, and upload videos for free. Over the years, YouTube has become one of the most significant social media platforms globally. To display videos, YouTube provides a piece of code that we embed on our website.

Why Do We Use YouTube Videos on Our Website?

YouTube offers the best content and the largest user base among video platforms. We strive to provide you with the best possible user experience on our website, and engaging videos are a crucial part of that. Additionally, embedding YouTube videos helps improve our site’s visibility on Google Search and allows us to deliver targeted advertising through Google Ads based on the collected data.

What Data Is Stored by YouTube?

As soon as you visit one of our pages with an embedded YouTube video, YouTube sets at least one cookie, storing your IP address and our URL. If you are logged into your YouTube account, YouTube can associate your interactions with your profile. Stored data may include:

Session duration
Bounce rate
Approximate location
Browser type
Screen resolution
Internet service provider
Contact data
Video ratings and social media shares
Favorites on YouTube

If you are not logged into a Google or YouTube account, Google stores data linked to your device or browser via a unique identifier.

Cookies Set by YouTube (Examples):

Name	Purpose	Expiration
`YSC`	Registers a unique ID to track video views.	End of session
`PREF`	Stores your unique ID and YouTube usage statistics.	After 8 months
`GPS`	Tracks your GPS location on mobile devices.	After 30 minutes
`VISITOR_INFO1_LIVE`	Estimates user bandwidth for embedded videos.	After 8 months

Additional Cookies if Logged into YouTube:

Name	Purpose	Expiration
`APISID`, `HSID`, `SAPISID`, `SID`	Create a profile of your interests for personalized ads.	After 2 years
`LOGIN_INFO`	Stores login information.	After 2 years
`SIDCC`	Stores information about your interaction with the site and ads.	After 3 months
`CONSENT`	Stores user consent and ensures security.	After 19 years

How Long and Where Are the Data Stored?

YouTube stores your data on Google servers, primarily in the United States. Server locations can be found at: Google Data Center Locations.

Google stores data for varying durations. Some data can be deleted manually; others are automatically deleted after a set period. Data like “My Activity” remains stored until manually deleted.

How Can I Delete My Data or Prevent Data Storage?

You can delete data manually in your Google account. With Google’s auto-delete feature, introduced in 2019, you can set activity data to be stored for 3 or 18 months before deletion.

Regardless of whether you have a Google account, you can configure your browser to delete or block Google cookies. Instructions for various browsers can be found in our Cookies section.

If you prefer not to accept any cookies, configure your browser to notify you whenever a cookie is set.

Legal Basis

If you have consented to the processing of your data through embedded YouTube elements, this consent forms the legal basis (Article 6(1)(a) GDPR).

Additionally, data processing is based on our legitimate interest (Article 6(1)(f) GDPR) in ensuring effective communication and service delivery. However, we only use embedded YouTube elements if you have provided consent.

YouTube processes data in the United States. YouTube/Google participates in the EU-US Data Privacy Framework, ensuring proper and secure data transfers for EU citizens. More details: EU-US Data Privacy Framework Information.

Google also uses Standard Contractual Clauses (SCCs) (Article 46(2) and (3) GDPR) to ensure compliance with European data protection standards for international transfers. You can find the SCCs here: EU SCCs.

Google Ads Data Processing Terms: Google Ads Data Processing Terms.

For more information about how Google processes your data, see their privacy policy: Google Privacy Policy.

Online Map Services Privacy Policy

Online Map Services Privacy Policy Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Improving user experience
📓 Data Processed: Data depends heavily on the services used; typically includes IP address, location data, search terms, and/or technical data. More details can be found in the respective tool sections.
📅 Storage Duration: Depends on the tools used
⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What Are Online Map Services?

We also use online map services on our website to extend our service offering. Google Maps is likely the most familiar service, but there are also other providers specializing in digital maps. These services allow us to display locations, route plans, and other geographic information directly on our website. Thanks to the embedded map service, you do not need to leave our website to view, for example, a route to a specific location. Online maps are integrated via HTML code and can display street maps, aerial photos, or satellite images. When you interact with the map service, data — including personal data — is transmitted and stored by the service provider.

Why Do We Use Online Map Services on Our Website?

Our goal is to make your time on our website as convenient and user-friendly as possible. Integrated map services help you find all necessary information quickly, including our company location or points of interest. This optimizes the customer service aspect of our website and makes navigation easier for you.

What Data Is Stored by Online Map Services?

When you access a page with an embedded map feature, personal data may be transmitted to and stored by the respective provider. Typically, this includes your IP address and possibly your approximate location. Data like entered search queries and latitude and longitude coordinates are also stored. These interactions happen on the map service’s servers, not ours. Most services also use cookies to record your interaction and optimize user experience or deliver personalized advertising. For more on cookies, please see our “Cookies” section.

How Long and Where Are the Data Stored?

Each map service provider processes user data differently. If available, we provide more specific details on data retention in the respective tool sections below. Generally, personal data is only stored as long as necessary for service provision. For example, Google Maps stores some data for a defined period while other data can be manually deleted by users.

Service providers also use cookies to store information about your interaction with the map services. Details on this can be found in our general “Cookies” section as well as in the specific privacy policies of the providers.

Right to Object

You always have the right to access your personal data and object to its use and processing. You can revoke your consent at any time. Typically, this is easiest via our cookie consent tool, but there are also other opt-out options. You can manage, delete, or disable cookies directly in your browser settings. Note that this might affect the full functionality of the map services.

Legal Basis

If you have consented to the use of an online map service, your consent forms the legal basis for the data processing (Article 6(1)(a) GDPR).

Additionally, we have a legitimate interest in using online map services to improve our website services (Article 6(1)(f) GDPR). However, we use online map services only if you have given consent.

For details on specific online map services used, see the following sections.

Google Maps Privacy Policy

Google Maps Privacy Policy Summary

👥 Data Subjects: Visitors to the website
🤝 Purpose: Optimizing our service
📓 Data Processed: Data such as entered search queries, your IP address, and latitude/longitude coordinates.
More details can be found further below.
📅 Storage Duration: Depends on the stored data
⚖️ Legal Bases: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)

What Is Google Maps?

We use Google Maps on our website, operated by Google Inc. For the European region, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible for all Google services. With Google Maps, we can show locations and enhance our services to suit your needs. Using Google Maps transmits data to Google, which is stored on Google servers. Here, we explain what data is processed and how you can control this.

Google Maps is an internet mapping service that allows users to search for locations and businesses online. Businesses listed on Google My Business can display information alongside their location. The service can be embedded in websites via HTML code, displaying maps or satellite imagery.

Why Do We Use Google Maps on Our Website?

We aim to make your time on our site useful and informative. Through the integration of Google Maps, you can easily find locations, including our headquarters. This adds to our customer service offering.

What Data Is Stored by Google Maps?

For Google Maps to provide its service, data such as search queries, your IP address, and latitude/longitude coordinates are collected and stored. When using route planning features, the starting address entered is also stored. As Google Maps is embedded on our site, Google places at least one cookie (NID) in your browser, storing information about your user behavior to optimize services and personalize advertising.

Cookie Example:

Name	Purpose	Expiration
`NID`	Used to customize ads in Google Search. Saves your search preferences and prior interactions with ads.	After 6 months

Note: Due to the nature of cookies and Google’s frequent updates, exact data may vary.

How Long and Where Are the Data Stored?

Google’s servers are distributed globally, with many located in the USA. Google Data Center Locations.

Google stores data on multiple media and locations to ensure fast access and data protection against manipulation. The duration of storage depends on the type of data. Some data can be deleted manually; others are deleted automatically after a period. Advertising data is anonymized after 9 or 18 months.

How Can I Delete My Data or Prevent Data Storage?

You can use the automatic deletion feature in your Google account to store location and activity data for either 3 or 18 months. Manual deletion is also possible. To completely stop location tracking, pause “Web & App Activity” in your Google account under “Data & Personalization.”

Browser settings also allow you to manage, delete, or block cookies. Detailed guides are in our “Cookies” section.

Legal Basis

If you have consented to the use of Google Maps, this consent is the legal basis for the data processing (Article 6(1)(a) GDPR).

Additionally, we have a legitimate interest in using Google Maps to improve our online services (Article 6(1)(f) GDPR). However, we use Google Maps only with your consent.

Google processes data in the USA and participates in the EU-US Data Privacy Framework, ensuring proper and secure data transfers for EU citizens. More information: EU-US Data Privacy Framework Information.

Google also relies on Standard Contractual Clauses (SCCs) to comply with European data protection standards for international transfers. EU SCCs.

For more information on Google’s data processing, see: Google Privacy Policy.

For Vimeo’s privacy policy: https://vimeo.com/privacy

Explanation of Terms Used

We strive to make our privacy policy as clear and understandable as possible. However, especially with technical and legal topics, this is not always easy. It often makes sense to use legal terms (e.g., personal data) or specific technical expressions (e.g., cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used, which we may not have explained sufficiently in the previous privacy policy. If these terms are derived from the GDPR and are defined terms, we will also quote the GDPR text and, where appropriate, add our own explanations.

Processor

Definition according to Article 4 GDPR:

“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;

Explanation:
As a company and website owner, we are responsible for all data we process from you. Besides the controllers, there are also so-called processors. This includes any company or person processing personal data on our behalf. Processors can therefore be service providers like accountants, but also hosting or cloud providers, payment or newsletter services, or large companies like Google or Microsoft.

Consent

Definition according to Article 4 GDPR:

“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation:
On websites, such consent is usually obtained via a cookie consent tool — surely you’ve seen it before. Whenever you visit a website for the first time, you are typically asked via a banner whether you consent to data processing. You usually can make individual settings and decide which processing activities you allow or disallow. Without consent, no personal data may be processed. Consent can also be given in writing and not just via a tool.

Personal Data

Definition according to Article 4 GDPR:

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation:
Personal data includes any information that can identify you as a person. These usually include:

Name
Address
Email address
Postal address
Phone number
Date of birth
Identification numbers like social security number, tax ID, passport number, or student number
Bank details like account numbers, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address also counts as personal data. IT experts can use your IP address to at least determine the approximate location of your device and subsequently identify the subscriber. Therefore, storing an IP address requires a legal basis under the GDPR. There are also “special categories” of personal data that are particularly sensitive, including:

Racial and ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic data, e.g., from blood or saliva samples
Biometric data (information about physical, physiological, or behavioral characteristics that can identify a person)
Health data
Data concerning a person’s sex life or sexual orientation

Profiling

Definition according to Article 4 GDPR:

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

Explanation:
Profiling involves gathering various information about a person to learn more about them. In the online context, profiling is often used for advertising or credit checks. Web or advertising analytics programs collect data about your behavior and interests on a website. This data can then be used to create a user profile for targeted advertising.

Controller

Definition according to Article 4 GDPR:

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

Explanation:
In our case, we are the controller responsible for processing your personal data. If we share collected data with other service providers, they act as “processors”. A “Data Processing Agreement (DPA)” must be signed for this purpose.

Processing

Definition according to Article 4 GDPR:

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;

Note:
When we refer to “processing” in our privacy policy, we mean any handling of data, including collecting, storing, and processing data.

Final Note

Congratulations! If you are reading this, you have really made it through our entire privacy policy — or at least scrolled this far. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously.

It is important to us to inform you as comprehensively and transparently as possible about how personal data is processed. We also want to explain not just what data is processed but also why we use certain software programs. Privacy policies typically sound very technical and legalistic. However, since most of you are neither web developers nor lawyers, we have tried to explain things in simple, clear language. Of course, this is not always possible due to the complexity of the topic. Therefore, key terms are explained in detail at the end of the privacy policy.

If you have any questions about data protection on our website, please do not hesitate to contact us or the designated responsible party. We hope you have a pleasant time and look forward to welcoming you again soon on our website.

All texts are protected by copyright.

Source: Privacy Policy created with the Privacy Policy Generator for Austria by AdSimple

Please note: This page is a translation. The legally binding version is the original German version.