Unfortunately, by their nature these explanations tend to sound very technical. However, when preparing this document we have tried to describe the most important points as simply and clearly as possible.
Automatic data storage
These days, when you visit websites certain information is automatically created and stored. This is also true of our website.
If you visit our website as it is now, our web server (the computer on which this website is stored) will automatically save data such as:
• The name of the website accessed
• The browser type and browser version
• The operating system used
• The Internet address (URL) of the previously visited page (referrer URL)
• The host name and IP address of the device from which the website was accessed
• The date and time
This data is stored in files (web server log files).
As a rule, web server log files are stored for two weeks and then automatically deleted. We do not disclose this information, however we cannot exclude that third parties may be able to view this data by engaging in illegal conduct.
Our website uses HTTP cookies to store user-specific data.
What exactly are cookies?
Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
Cookies store certain user data about you, such as language or personal website settings. When you return to our website, your browser will serve the “user-related” information to our website. Thanks to these cookies, our website knows who you are and offers you your usual standard settings. In some browsers each cookie has a separate file, while in others such as Firefox all cookies are stored in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually because each cookie stores different data. Cookie expiration times also vary from a few minutes to a few years. Cookies are not software programmes. They contain no viruses, Trojan horses or other “malware”. Cookies cannot access information on your PC.
For example, cookie data might look like this:
• Name: _ga
• Expiration time: 2 years
• Usage: Differentiating between visitors to the website
• Example value: GA1.2.1326744211.152111171501 GA1.2.1326744211.152111171501
A browser should support the following minimum sizes:
• A cookie should be able to contain at least 4096 bytes
• At least 50 cookies should be stored per domain
• In total, at least 3000 cookies should be stored
What types of cookies are there?
There are 4 types of cookies:
Strictly necessary cookies These cookies are necessary to ensure the basic functionality of the website. For example, these cookies are needed if a user puts a product in their shopping cart, then continues surfing on other websites, and later returns to the checkout. These cookies prevent the contents of the shopping cart from being deleted, even if the user closes the browser window.
Functional cookies These cookies collect information about user behaviour and whether the user receives any error messages. In addition, these cookies also measure the loading time of the website and how it performs on different browsers.
Goal-oriented cookies These cookies ensure a better user experience. For example, they store locations, font sizes and form data.
Advertising cookies These cookies are also called targeting cookies. They are used to provide the user with customised advertising. This can be very convenient, but also very annoying.
Usually, the first time you visit a website, you are asked which types of cookies you want to allow. And of course, this decision is also stored in a cookie.
How can I delete cookies?
If you want to know which cookies have been saved in your browser, or change and/or delete your cookie settings, you can find this in your browser settings:
If you basically want to reject all cookies, you can set up your browser so that it informs you every time a cookie is about to be set. So you can decide in the case of every single cookie whether to allow the cookie or not. The procedure varies depending on the browser. The best way is to search for instructions in Google using the terms “delete cookies Chrome” or “disable cookies Chrome” if you use Chrome as your browser, or swap the word “Chrome” for the name of your browser, e.g. Edge, Firefox, Safari etc.
What about my privacy?
Since 2009 there are the so-called “cookie guidelines”. These state that the storage of cookies requires the consent of the website visitor (i.e. you). Within the various EU member states, however, there are still very different reactions to these guidelines. In Austria, this directive was implemented in Section 96 (3) of the Telecommunications Act (Telekommunikationsgesetz, TKG).
If you want to know more about cookies and are not put off by technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the request for comments from the Internet Engineering Task Force (IETF) named “HTTP State Management Mechanism”.
Storage of personal data
We store personal data that you provide to us electronically on this website in the course of submitting a form or a blog comment, such as your name, email address, address or other personal information, together with the time of submission and your IP address. Such data will be used only for the purpose specified, kept safe and not disclosed to third parties.
We use your personal data solely to communicate with website visitors who expressly request us to contact them, and in order to process the products and services offered on this website. We do not disclose your personal data, however we cannot exclude that third parties may be able to view this data by engaging in illegal conduct.
If you send us personal data by email – outside of this website – we cannot guarantee the secure transmission and protection of your data. We recommend that you never send confidential information via email.
Rights in accordance with the General Data Protection Regulation
In accordance with the provisions of the GDPR and the Austrian Data Protection Act (Datenschutzgesetz, DSG), you have the following rights:
• Right to rectification (Article 16 GDPR)
• Right to deletion (“Right to be forgotten”) (Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right of notification – Right to be notified in connection with the correction or deletion of personal data or the restriction of processing (Article 19 GDPR)
• Right to data portability (Article 20 GDPR)
• Right to object (Article 21 GDPR)
• Right not to be subjected to a decision based solely on automated processing – including profiling – (Article 22 GDPR)
If you believe that the processing of your data violates data protection law, or your data protection rights have been otherwise violated in any way, you can complain to the supervisory authority, which in Austria is the data protection authority (Datenschutzbehörde) whose website you can find at https://www.dsb.gv.at/.
TLS encryption with https
We use https to transmit data securely on the Internet (data protection through technology design Article 25 para. 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, we can ensure the protection of confidential data. You can tell that we are using this protocol to secure our data transfers in this way by the small lock symbol displayed in the top left-hand corner of the browser, as well as the use of “https” (instead of “http”) as part of our Internet address.
We use Google Fonts from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) on our website.
You do not need to sign in or have a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested through the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry about your Google account information being sent to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used, and stores this data securely. We will now take a more detailed look at exactly what this data storage looks like.
What is Google Fonts?
Google Fonts (formerly Google Web Fonts) is an interactive directory of over 800 fonts that Google LLC provides for free use.
Many of these fonts are published under the SIL Open Font License, while others have been released under the Apache license. Both are free software licenses. Thus, we can use them freely without paying royalties.
Why do we use Google Fonts on our website?
With Google Fonts, we can use fonts on our own website without having to upload them onto our own server. Google Fonts is an important element in keeping the quality of our website high. All Google fonts are automatically optimised for the web, which saves data volume and is a great advantage especially for use on mobile devices. When you visit our website, the low file size ensures fast loading times. Furthermore, Google fonts are so-called secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can visually distort texts or entire websites. Thanks to the rapid Content Delivery Network (CDN), there are no cross-platform issues with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So we use Google Fonts to display our entire online service as attractively and consistently as possible.
What data is stored by Google?
When you visit our website, the fonts are reloaded via a Google server. This external call sends data to Google’s servers. Google also recognises that you or your IP address is visiting our website. The Google Fonts API is designed to limit the collection, storage and use of end-user data to what is needed for efficient font delivery. Incidentally, API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software area.
Google Fonts securely stores CSS and font requests on Google’s servers and is thus protected. Through collated usage figures, Google can determine the popularity of each individual font. Google publishes the results on internal analysis pages, such as Google Analytics. In addition, Google also uses data from its own web crawler to determine which websites use Google Fonts. This data is published in Google Fonts’ BigQuery database. BigQuery is a Google web service for companies that want to move and analyse large amounts of data.
It should be kept in mind, however, that any Google Font request will also automatically transfer information such as IP address, language settings, browser screen resolution, browser version, and browser name to Google’s servers. It is not clear, or it is not clearly communicated by Google, whether this data is also stored.
Where is the data stored, and for how long?
Google stores requests for CSS assets on its servers for a day. These servers are mainly located outside the EU. This allows us to utilise the fonts by using a Google style sheet. A style sheet is a template that allows you to change, for example, the design or font of a website quickly and easily.
Google stores the font files for one year. Google does this with the aim of improving website loading times across the board. If millions of websites refer to the same fonts, they will be cached after the first visit and will thus immediately appear on all other websites visited subsequently. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.
How can I delete my data or prevent data storage?
Data stored by Google, whether for a day or a year, cannot simply be deleted. Data is automatically transmitted to Google when you view our website. To prematurely delete this information, you must contact Google Support at https://support.google.com/?hl=de&tid=111171501. In this case, the only way to prevent data storage is not to visit our website.
Unlike other web fonts, Google allows us unrestricted access to all fonts. So we can access unlimited fonts and get the most out of our website. More about Google Fonts and other questions can be found at https://developers.google.com/fonts/faq?tid=111171501. Although Google addresses privacy issues, it does not include detailed information about data storage. It is relatively difficult (almost impossible) to get really accurate information from Google about the data it stores.
You can also see what data Google collects and what it is used for at https://www.google.com/intl/de/policies/privacy/.
We use Google Analytics from Google LLC (1600 Amphitheater Parkway Mountain View, CA 94043, USA) to statistically analyse visitor data. Google Analytics uses targeted cookies.
Google Analytics cookies
◦ Expiration time: 2 years
◦ Usage: Differentiating between visitors to the website
◦ Example value: GA1.2.1326744211.152111171501 GA1.2.1326744211.152111171501
◦ Expiration time: 24 hours
◦ Usage: Differentiating between visitors to the website
◦ Example value: GA1.2.1326744211.152111171501 GA1.2.1687193234.152111171501
◦ Expiration time: 1 minute
◦ Usage: Used to throttle the request rate. If Google Analytics is provided through Google Tag Manager, this cookie will be named _dc_gtm_.
◦ Example value: 1
Our legitimate interest in the context of the GDPR is the improvement of our services and our web presence. We pseudonymise user data since the privacy of our users is important to us.
Deactivation of data collection by Google Analytics
You can also prevent the data generated by cookies about your use of the website from being passed to Google, and the processing of this data by Google, by downloading and installing the browser plugin available at the following link:https://tools.google.com/dlpage/gaoptout?hl=de.
Google Analytics IP anonymisation
We have implemented Google Analytics IP address anonymisation on this website. This feature has been developed by Google to enable websites to comply with the relevant privacy provisions and recommendations of local data protection authorities if these authorities prohibit the storage of complete IP addresses. The anonymisation or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place.
More information on IP anonymisation can be found at https://support.google.com/analytics/answer/2763052?hl=de.
Google Analytics reports on demographic characteristics and interests
We have turned on the advertising reporting features in Google Analytics. The reports on demographic characteristics and interests include age, gender, and interests. This allows us – without being able to assign this data to individual persons – to build a better picture of our users. More information on the advertising features of Google Analytics can be found at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.
You can stop your Google account activity and information from being used by going to “Advertising settings” at https://adssettings.google.com/authenticated and selecting the checkbox.
Google Analytics Data Processing Amendment
We have entered into a direct customer agreement with Google for the use of Google Analytics by accepting the Google Analytics “Data Processing Amendment”.
More information on the Google Analytics Data Processing Amendment can be found here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad.
We use Google Maps from Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) on our website.
When using Google Maps features, data is transmitted to Google. To see what data Google collects and what it is used for, go to https://www.google.com/intl/de/policies/privacy/.
What is reCAPTCHA?
Why do we use reCAPTCHA on our website?
We only want to welcome real people to our website. Bots and spam software of all kinds are not welcome. That’s why we’re working hard to protect ourselves and provide the best possible usability for you. And that’s why we use Google reCAPTCHA. So we can be pretty sure that we remain a “non-bot” website. Using reCAPTCHA transmits data to Google which Google then uses to determine if you are truly human. Thus, reCAPTCHA serves the security of our website and consequently also your safety. For example, during the registration process, without reCAPTCHA a bot could register as many email addresses as possible, and then “tag” forums or blogs with unwanted adverts. reCAPTCHA enables us to avoid such bot attacks.
What data is stored by reCAPTCHA?
ReCAPTCHA collects personally identifiable information from users to determine if actions on our website are actually being undertaken by humans. So your IP address and other data that Google needs for the reCAPTCHA service may be sent to Google. IP addresses within EU member states or other parties to the Agreement on the European Economic Area are almost always truncated before the data ends up on a server in the United States. Your IP address will not be combined with any other Google data unless you are logged into your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks if your browser already has Google cookies from other Google services (YouTube, Gmail, etc.). Then reCAPTCHA sets an additional cookie in your browser and captures a snapshot of your browser window.
The following list of browser and user data collected by reCAPTCHA is not exhaustive. Rather, they are examples of data that we understand to be processed by Google.
• Referrer URL (the address of the website from which the visitor comes)
• IP address (e.g. 222.214.171.124)
• Information about the operating system (the software that allows you to operate your computer. Well-known operating systems include Windows, Mac OS X, and Linux)
• Cookies (small text files that store data in your browser)
• Mouse and keyboard behaviour (any action you perform with the mouse or keyboard will be saved)
• Date and language settings (which language or which date you have preset on your PC)
• Screen resolution (indicates the number of pixels in the image display)
It is indisputable that Google uses and analyses this data before you check the “I am not a robot” box. With Invisible reCAPTCHA version, you don’t even have to check the box and the entire recognition process runs in the background. Precisely how much and what data Google stores, you will not learn from Google in detail.
reCAPTCHA uses the following cookies: Here we are referring to the Google reCAPTCHA demo version available at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has used on the demo version:
Expiration time: one year
Usage: This cookie is set by the company DoubleClick (which also belongs to Google) to register and report user actions on the website which relate to advertising. Thus the effectiveness of advertising can be measured and the appropriate optimisation measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Example value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-111171501
Expiration time: 1 month
Usage: This cookie collects statistics about website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to show users relevant ads. Furthermore, the cookie prevents the same user from seeing the same ad more than once.
Example value: 2019-5-14-12
Expiration time: 9 months
Example value: U7j1v3dZa1111715010xgZFmiqWppRWKOr
Expiration time: 19 years
Usage: This cookie stores the status of a user’s consent to the usage of various services from Google. CONSENT also helps to verify users, prevent scams using log-in information, and protect user data from unauthorised attacks.
Example value: YES+AT.de+20150628-20-0
Expiration time: 6 months
Usage: NID is used by Google to match ads to your Google search. With the help of cookies, Google “remembers” your most-typed searches or your earlier interaction with ads. So you always get customised ads. The cookie contains a unique ID that Google uses to collect the user’s personal settings for promotional purposes.
Example value: 0WmuWqy111171501zILzqV_nmt3sDXwPeM5Q
Expiration time: 10 minutes
Usage: This cookie is set as soon as you check the “I’m not a robot” box. The cookie is used by Google Analytics for targeted advertising. DV collects information in an anonymous form and is further used to make distinctions between users.
Example value: gEAABBCjJMXcI0dSAAAANbqc111171501
Note: This list cannot claim to be exhaustive, as experience has shown that Google changes its choice of cookies over and over again.
Where is the data stored, and for how long?
Integrating reCAPTCHA means that your data is transferred to the Google server. Even after repeated inquiries, Google has not made clear where exactly this data is stored. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website and/or language settings are stored on Google’s European or American servers. The IP address your browser sends to Google will generally not be merged with other Google data from other Google services. However, if you’re signed in to your Google account while using the reCAPTCHA plug-in, the data will be merged. Google’s deviating data protection provisions apply in this case.
How can I delete my data or prevent data storage?
If you do not want data about you and your behaviour to be transmitted to Google, you must log out of Google completely and delete all Google cookies before you visit our website or use the reCAPTCHA software. As a rule, this data will be sent to Google automatically as soon as you visit our website. To delete this information, you must contact Google Support at https://support.google.com/?hl=de&tid=111171501.
So, if you use our website, you are agreeing that Google LLC and its agents can automatically collect, process and use your data.
We use features of the LinkedIn social media network on our website (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA).
If you call up pages that use LinkedIn features, your data (IP address, browser data, date and time, cookies) is transmitted to LinkedIn, stored and evaluated.
If you have a LinkedIn account and are logged in, this information will be associated with your personal account and the data stored in it.