IT’s our business.

Media owner & publisher:

Nexxys GmbH
EURO PLAZA 5
Building J, Entry J1
Kranichberggasse 4
1120 Vienna, Austria

Tel.: +43 676 765 0977

m.koczi@nexxys.at
www.nexxys.at

UID: ATU 70435237
FN: 447106i

Company purpose:
Marketing, Project Management

Copyright:
All contents (texts, photos, graphics, layout, program code, database contents, etc.) are protected by copyright. Any use is only allowed with explicit permission.
The Austrian Copyright Act (UrhG) applies.

Infringement:
We reserve the right to take legal action in the event of copyright infringement.

Liability:
No liability can be accepted for the content and information on this website.
The publisher of this website does not identify with the content of external websites (links), and assumes no liability for them. At the time of linking to external websites, there were no illegal contents on these websites. However, it is not possible to check these links on an ongoing basis.
The link liability according to the E-Commerce Act (ECG) Austria applies.

Links:
Links to this website are welcome and, until revoked, do not require express permission. The loading of individual contents or pages into external frames is prohibited.

Table of contents

• Introduction and overview
• Scope of application
• Legal basis
• Contact details of the responsible person
• Storage period
• Rights under the General Data Protection Regulation
• Data processing security
• Communication
• Order processing contract (AVV)
• Cookies
• Web hosting introduction
• Cookie Consent Management Platform Introduction
• Security & Anti-Spam
• Explanation of terms used
• Closing words

Introduction and overview

We have drawn up this data protection declaration (version 11.05.2023-112503991) in order to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as the controller – and the processors (e.g. providers) commissioned by us – process, will process in future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We inform you comprehensively about data that we process about you.

Data protection statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. As far as it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or two pieces of information you did not know.
If you still have questions, we would like to ask you to contact the responsible office mentioned below or in the imprint, to follow the links provided and to look at further information on third party sites. You will of course also find our contact details in the imprint.

Application area

This data protection declaration applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (order processors). By personal data, we mean information within the meaning of Art. 4 No. 1 DSGVO, such as a person’s name, email address and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• Social media appearances and e-mail communication
• Mobile apps for smartphones and other devices

In short, the privacy policy applies to all areas in which personal data is processed in the company in a structured manner via the aforementioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following privacy statement, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read
this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
2. contract (Article 6(1)(b) DSGVO): In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information in advance.
3. Legal obligation (Article 6(1)(c) DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6(1)(f) DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website in a secure and economically efficient manner. This processing is therefore a legitimate interest.

Further conditions such as the performance of recordings in the public interest and the exercise of public authority as well as the protection of vital interests do not generally occur with us. If such a legal basis should be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
• In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible person

If you have any questions regarding data protection or the processing of personal data, you will find the contact details of the responsible person or office below:
Nexxys GmbH
Monika Koczi
EURO PLAZA 5
Building J, Entry J1
Kranichberggasse 4
1120 Vienna, Austria

E-mail: office@nexxys.at
Phone: +43 676 765 09 77
Imprint: https://nexxys.at/kontakt

Storage period

The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products applies as a general criterion with us. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13, 14 of the GDPR, we inform you of the following rights you have to ensure that data is processed fairly and transparently:

• According to Article 15 of the GDPR, you have the right to know whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and the following information:
  • the purpose for which we carry out the processing;
  • the categories, i.e. the types of data that are processed;
  • who receives this data and if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can complain to a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we have not collected it from you;
  • whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
• You have a right to rectify data under Article 16 of the GDPR, which means that we must correct data if you find errors.
• According to Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the deletion of your data.
• According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it any further.
• According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
• According to Article 21 of the GDPR, you have a right to object, which, once enforced, entails a change in processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
  • If data is used to carry out direct marketing, you can object to this type of data processing at any time. We are then no longer allowed to use your data for direct marketing.
  • If data is used to carry out profiling, you can object to this type of data processing at any time. We are then no longer allowed to use your data for profiling.
• You may have the right under Article 22 of the GDPR not to be subject to a decision based solely on automated processing (for example profiling).
• According to Article 77 of the GDPR, you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the data processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible body listed above with us!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection commissioner for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austria Data Protection Authority

Head: Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Telephone: +43 1 52 152-0
E-mail address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data processing security

To protect personal data, we have implemented both technical and organisational measures. Where possible, we encrypt or pseudonymise personal data. In this way, we make it as difficult as possible for third parties to infer personal information from our data.

Article 25 of the GDPR refers to “data protection through technical design and through data protection-friendly default settings” and thus means that both software (e.g. forms) and hardware (e.g. access to the server room) should always be designed with security in mind and that appropriate measures should be taken. In the following, we will go into more detail on specific measures, if necessary.

TLS encryption with https

TLS, encryption and https sound very technical and they are. We use HTTPS (Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) to transfer data tap-proof on the internet.
This means that the complete transmission of all data from your browser to our web server is secured – no one can “listen in”.

In this way, we have introduced an additional layer of security and comply with data protection by design of technology (Article 25(1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognise the use of this data transmission protection by the small lock symbol at the top left of the browser, to the left of the internet address (e.g. beispielseite.de) and the use of the scheme https (instead of http) as part of our internet address.
If you want to know more about encryption, we recommend a Google search for “Hypertext Transfer Protocol Secure wiki” to get good links to further information.

Communication

Communication Summary Data subjects: anyone who communicates with us by phone, email or online form Data processed: e.g. telephone number, name, email address, form data entered. More details can be found at the respective contact type used Purpose: Handling communication with customers, business partners, etc. Storage period: Duration of the business case and legal requirements ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. b DSGVO (contract), Art. 6 para. 1 lit. f DSGVO (legitimate interests)

When you contact us and communicate by phone, email or online form, personal data may be processed.

The data is processed for the handling and processing of your question and the related business transaction. The data is stored for as long as it is required by law.

Persons concerned

All those who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.

Phone

When you call us, the call data is stored pseudonymously on the respective end device and with the telecommunications provider used. In addition, data such as name and telephone number can subsequently be sent by e-mail and stored for the purpose of responding to enquiries. The data is deleted as soon as the business case has been completed and legal requirements permit.

E-mail

If you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone,…) and data is stored on the e-mail server. The data is deleted as soon as the business case has been completed and legal requirements permit.

Online forms

If you communicate with us using an online form, data is stored on our web server and, if necessary, forwarded to an e-mail address of ours. The data is deleted as soon as the business case has been terminated and legal requirements permit.

Legal basis

The processing of data is based on the following legal bases:

• Art. 6 para. 1 lit. a DSGVO (consent): You give us your consent to store your data and to use it for purposes related to the business case;
• Art. 6 para. 1 lit. b DSGVO (contract): There is a need for the performance of a contract with you or a processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
• Art. 6 para. 1 lit. f DSGVO (Legitimate Interests): We want to operate customer enquiries and business communication in a professional framework. For this purpose, certain technical facilities such as e-mail programmes, exchange servers and mobile phone operators are necessary in order to be able to operate the communication efficiently.

Order processing contract (AVV)

In this section, we would like to explain what a processing contract is and why it is needed. Because the word “order processing contract” is quite a mouthful, we will also often just use the acronym AVV here in the text. Like most companies, we do not work alone, but also use the services of other companies or individuals ourselves.  Through the involvement of various companies or service providers, it may be that we pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called order processing agreement (AVV). The most important thing for you to know is that the processing of your personal data is carried out exclusively according to our instructions and must be regulated by the GCU.

Who are processors?

As a company and website owner, we are responsible for all the data we process from you. In addition to data controllers, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal person, authority, institution or other body that processes personal data on our behalf is considered a processor. Consequently, processors can be service providers such as hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft, for example.

For a better understanding of the terminology, here is an overview of the three roles in the GDPR:

Data subject (you as a customer or interested party) → Responsible party (we as a company and client) → Processor (service provider such as web hoster or cloud provider)

Content of a processing order

As already mentioned above, we have concluded an AVV with our partners who act as processors. This states first and foremost that the processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing; however, in this context, the electronic conclusion of the contract is also considered to be “in writing”. Only on the basis of the contract will the processing of personal data take place. The contract must contain the following:

• Binding to us as the responsible party
• Duties and rights of the responsible person
• Categories of persons concerned
• Nature of the personal data
• Nature and purpose of data processing
• Subject and duration of data processing
• Place of implementation of the data processing

Furthermore, the contract contains all obligations of the processor. The most important obligations are:

• To ensure data security measures
• take possible technical and organisational measures to protect the rights of the data subject
• keep a data processing register
• cooperate with the data protection supervisory authority at its request
• Conduct a risk analysis in relation to the personal data received
• Sub-processors may only be engaged with the written consent of the responsible person

You can see what such an AVV looks like in concrete terms at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html, for example. A sample contract is presented here.

Cookies

Cookies Summary Data subjects: visitors to the website Purpose: depends on the cookie. More details can be found below or from the manufacturer of the software that sets the cookie. Data processed: Depending on the cookie used. More details can be found below or from the manufacturer of the software that sets the cookie. Storage period: depends on the cookie, can vary from hours to years. ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit.f DSGVO (legitimate interests).

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, effectively the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the “user-related” information back to our site. Thanks to the cookies, our website knows who you are and offers you the setting you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. Here, the web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie is to be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programmes and do not contain viruses, Trojans or other “pests”. Cookies also cannot access information on your PC.

Cookie data, for example, can look like this:

Name: _ga
Wert: GA1.2.1326744211.152112503991-9
Intended use: Differentiation of website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What are the different types of cookies?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

One can distinguish between 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic website functionality. For example, these cookies are needed when a user places a product in the shopping cart, then continues surfing on other pages and later goes to the checkout. These cookies do not delete the shopping cart even if the user closes his browser window.

Purposeful cookies
These cookies collect information about user behaviour and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behaviour of the website with different browsers.

Targeting cookies
These cookies provide a better user experience. For example, entered locations, font sizes or form data are saved.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver individually adapted advertising to the user. This can be very practical, but also very annoying.

Usually, when you visit a website for the first time, you are asked which of these cookie types you would like to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the cookie in question. More details can be found below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalise about what data is stored in cookies, but we will inform you about the data processed or stored within the framework of the following data protection declaration.

Storage period of cookies

The storage period depends on the cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You can also influence the storage period yourself. You can manually delete all cookies at any time via your browser (see also “Right of objection” below). Furthermore, cookies that are based on consent will be deleted at the latest after revocation of your consent, whereby the legality of the storage remains unaffected until then.

Right of objection – how can I delete cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, activate and manage cookies in Chrome

Safari: Managing Cookies and Website Data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. It is best to search for the instructions in Google with the search term “Delete Cookies Chrome” or “Deactivate Cookies Chrome” in the case of a Chrome browser.

Legal basis

The so-called “Cookie Guidelines” have been in place since 2009. These state that the storage of cookies requires your consent (Article 6 para. 1 lit. a DSGVO). Within the EU countries, however, there are still very different reactions to these directives. In Austria, however, this directive was implemented in § 96 para. 3 of the Telecommunications Act (TKG). In Germany, the Cookie Directive has not been implemented as national law. Instead, this directive was largely implemented in § 15 para.3 of the Telemedia Act (TMG).

For absolutely necessary cookies, even where there is no consent, there are legitimate interests (Article 6(1)(f) DSGVO), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and for this purpose certain cookies are often absolutely necessary.

If cookies are used that are not absolutely necessary, this only happens in the case of your consent. The legal basis in this respect is Art. 6 para. 1 lit. a DSGVO.

In the following sections, you will be informed in more detail about the use of cookies, insofar as the software used uses cookies.

Web hosting introduction

Web hosting summary Data subjects: visitors to the website Purpose: Professional hosting of the website and securing its operation Data processed: IP address, time of website visit, browser used and other data. More details can be found below or with the respective web hosting provider used. Storage period: depends on the respective provider, but usually 2 weeks. ⚖️ Legal basis: Art. 6 para. 1 lit.f DSGVO (legitimate interests)

What is web hosting?

When you visit websites nowadays, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, by the way, we mean the totality of all web pages on a domain, i.e. everything from the home page (homepage) to the very last subpage (like this one). By domain, we mean, for example, example.de or example.com.

If you want to view a website on a computer, tablet or smartphone, you use a programme called a web browser to do so. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We call them browsers or web browsers for short.

To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complicated and costly task, which is why it is usually done by professional providers. These offer web hosting and thus ensure reliable and error-free storage of website data. A whole lot of technical terms, but please stay tuned, it gets better!

When the browser on your computer (desktop, laptop, tablet or smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, on the other hand, the web server must also store data for a while to ensure proper operation.

A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the Internet and the hosting provider.

Why do we process personal data?

The purposes of the data processing are:

1. Professional hosting of the website and safeguarding of the operation
2. to maintain operational and IT security
3. Anonymous evaluation of access behaviour to improve our offer and, if necessary, for criminal prosecution or the pursuit of claims.

What data is processed?

Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as

• the complete internet address (URL) of the accessed website
• Browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/)
• The host name and IP address of the device being accessed (e.g. COMPUTERNAME and 194.23.43.121).
• Date and time
• in files, the so-called web server log files

How long is data stored?

As a rule, the above data is stored for a fortnight and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of unlawful conduct.

In short, your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not share your data without consent!

Legal basis

The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f DSGVO (protection of legitimate interests), because the use of professional hosting with a provider is necessary to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary.

As a rule, there is a contract on commissioned processing between us and the hosting provider in accordance with Art. 28 f. DSGVO, which ensures compliance with data protection and guarantees data security.

Cookie Consent Management Platform Introduction

Cookie Consent Management Platform Summary Data subjects: Website visitors Purpose: To obtain and manage consent for certain cookies and thus the use of certain tools Data processed: Data used to manage the cookie settings set such as IP address, time of consent, type of consent, individual consents. More details can be found with the respective tool used. Storage period: Depends on the tool used, you must be prepared for periods of several years. ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit.f DSGVO (legitimate interests)

What is a Cookie Consent Management Platform?

We use Consent Management Platform (CMP) software on our website to help us and you deal correctly and safely with scripts and cookies in use. The software automatically creates a cookie pop-up, scans and checks all scripts and cookies, provides cookie consent for you as required by data protection law and helps us and you to keep track of all cookies. With most cookie consent management tools, all existing cookies are identified and categorised. You as a website visitor then decide yourself whether and which scripts and cookies you allow or do not allow. The following graphic illustrates the relationship between browser, web server and CMP.

Why do we use a cookie management tool?

Our goal is to offer you the best possible transparency in the area of data protection. In addition, we are also legally obliged to do so. We want to inform you as well as possible about all tools and all cookies that can store and process data from you. It is also your right to decide for yourself which cookies you accept and which you do not. To give you this right, we first need to know exactly which cookies have ended up on our website in the first place. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we know about all cookies and can provide you with DSGVO-compliant information about them. You can then accept or reject cookies via the consent system.

What data is processed?

Within the framework of our cookie management tool, you can manage each individual cookie yourself and have complete control over the storage and processing of your data. The declaration of your consent is stored so that we do not have to query you each time you visit our website again and so that we can also prove your consent if required by law. This is stored either in an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the storage period of your cookie consent varies. In most cases, this data (e.g. pseudonymous user ID, time of consent, details of cookie categories or tools, browser, device information) is stored for up to two years.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. In general, we only process personal data for as long as is strictly necessary for the provision of our services and products. Data that is stored in cookies is stored for different lengths of time. Some cookies are deleted as soon as you leave the website, others may be stored in your browser for several years. The exact duration of data processing depends on the tool used, but in most cases you should be prepared for a storage period of several years. In the respective data protection declarations of the individual providers, you will usually receive precise information about the duration of data processing.

Right of objection

You also have the right and the possibility to revoke your consent to the use of cookies at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.

Information on special cookie management tools, if available, can be found in the following sections.

Legal basis

If you agree to cookies, your personal data will be processed and stored via these cookies. If we are allowed to use cookies through your consent (Article 6 (1) (a) DSGVO), this consent is also the legal basis for the use of cookies or the processing of your data. In order to be able to manage the consent to cookies and to enable you to give your consent, we use cookie consent management platform software. The use of this software enables us to efficiently operate the website in a legally compliant manner, which constitutes a legitimate interest (Article 6 (1) (f) DSGVO).

Security & Anti-Spam

Security & Anti-Spam Privacy Policy Summary Data subjects: Visitors to the website Purpose: Cybersecurity Data Processed: Data such as your IP address, name or technical data such as browser version More details can be found below and in the individual privacy texts. Storage period: for the most part, data is stored until it is no longer required for the fulfilment of the service. ⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests)

What is Security & Anti-Spam Software?

With so-called security & anti-spam software, you can protect yourself and we can protect ourselves from various spam or phishing emails and possible other cyberattacks. Spam is advertising mails from a mass mailing that you did not ask for yourself. Such mails are also called data rubbish and can also cause costs. Phishing mails, on the other hand, are messages that aim to build trust via fake news or websites in order to obtain personal data. Anti-spam software usually protects against unwanted spam messages or malicious mails that could, for example, introduce viruses into our system. We also use general firewall and security systems that protect our computers from unwanted network attacks.

Why do we use security & anti-spam software?

We place particular emphasis on security on our website. After all, it is not only our security that is at stake, but above all yours. Unfortunately, cyber threats have become part of everyday life in the world of IT and the Internet. Hackers often try to steal personal data from an IT system with the help of a cyberattack. And that is why a good defence system is absolutely necessary. A security system monitors all incoming and outgoing connections to our network or computer. In order to achieve even greater security against cyber attacks, we also use other external security services in addition to the standardised security systems on our computer. Unauthorised data traffic is thus better prevented and we protect ourselves from cybercrime.

What data is processed by security & anti-spam software?

Exactly what data is collected and stored depends, of course, on the service in question. However, we always endeavour to use only programmes that collect data very sparingly or only store data that is necessary for the fulfilment of the service offered. In principle, the service may store data such as name, address, IP address, e-mail address and technical data such as browser type or browser version. Any performance and log data may also be collected in order to detect possible incoming threats in good time. This data is processed within the scope of the services and in compliance with applicable laws. This also includes the GDPR in the case of US providers (via the standard contractual clauses). These security services also work in some cases with third-party providers who may store and/or process data under instruction and in accordance with the data protection policies and further security measures. The data storage is mostly done via cookies.

Duration of data processing

We will inform you about the duration of data processing below, provided we have further information on this. For example, security programmes store data until you or we revoke the data storage. In general, personal data is only stored for as long as is absolutely necessary for the provision of the services. In many cases, we unfortunately lack precise information from the providers about the length of storage.

Right of objection

You also have the right and the possibility to revoke your consent to the use of cookies or third-party security software providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser.

Since cookies may also be used with such security services, we recommend that you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy statements of the respective tools.

Legal basis

We use the security services mainly on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO) in a good security system against various cyber attacks.

Certain processing, in particular the use of cookies and the use of security functions, requires your consent. If you have consented to your data being processed and stored by integrated security services, this consent is the legal basis for the data processing (Art. 6 para. 1 lit. a DSGVO). Most of the services we use set cookies in your browser to store data. That is why we recommend that you read our privacy text on cookies carefully and view the privacy policy or cookie policy of the respective service provider.

Information on special tools – if available – can be found in the following sections.

Explanation of terms used

We always try to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). However, we do not want to use these without explanation. Below you will now find an alphabetical list of important terms used that we may not have sufficiently addressed in the previous privacy statement. If these terms have been taken from the GDPR and are definitions, we will also quote the GDPR texts here and add our own explanations if necessary.

Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all the data we process from you. In addition to data controllers, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. Processors can therefore be service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.

Consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“consent’ means any freely given specific, informed and unambiguous indication of the data subject’s wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to personal data relating to him or her being processed;

Explanation: As a rule, such consent is given on websites via a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree or consent to data processing. In most cases, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data of yours may be processed. In principle, consent can of course also be given in writing, i.e. not via a tool.

Personal data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“personal data’ means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is therefore all data that can identify you as a person. This is usually data such as:

• Name
• Address
• E-mail address
• Postal address
• Telephone number
• Date of birth
• Identification numbers such as national insurance number, tax identification number, identity card number or matriculation number
• Bank data such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address is also personal data. IT experts can use your IP address to at least determine the approximate location of your device and subsequently you as the connection owner. Therefore, the storage of an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called “special categories” of personal data that also require special protection. These include:

• racial and ethnic origin
• political opinions
• Religious or ideological convictions
• the trade union affiliation
• Genetic data such as data taken from blood or saliva samples
• biometric data (this is information on mental, physical or behavioural characteristics that can identify a person).
  Health data
• Data on sexual orientation or sexual life

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location;

Explanation: Profiling involves gathering various pieces of information about a person in order to learn more about that person. In the web sector, profiling is often used for advertising purposes or for credit checks. Web or advertising analysis programmes, for example, collect data about your behaviour and interests on a website. This results in a special user profile that can be used to target advertising to a specific group.

 

Responsible

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“controller’ means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for the processing of your personal data and consequently the “controller”. If we pass on collected data to other service providers for processing, they are “processors”. This requires the signing of a “Contractual Processing Agreement (CPA)”.

 

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

“processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we talk about processing in our privacy statement, we mean any kind of data processing. This includes, as mentioned above in the original GDPR declaration, not only the collection but also the storage and processing of data.

Closing words

Congratulations! If you are reading these lines, you have really “fought” your way through our entire data protection statement, or at least scrolled this far. As you can see from the scope of our data protection declaration, we take the protection of your personal data anything but lightly.
It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. In doing so, we not only want to tell you what data is processed, but also explain the reasons for the use of various software programmes. As a rule, data protection statements sound very technical and legalistic. However, since most of you are not web developers or lawyers, we also wanted to take a different linguistic approach and explain the facts in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible office. We wish you a pleasant time and hope to welcome you back to our website soon.

All texts are protected by copyright.

Source: Created with the privacy generator from AdSimple