Privacy policy

Introduction and Overview

We have written this privacy policy (version 27.11.2023-112679220) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, what personal data (briefly data) we, as the responsible party – and processors commissioned by us (e.g., providers) – process, will process in the future, and what lawful options you have. The terms used are gender-neutral.
In short: We provide you comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal terminology. However, this privacy policy aims to describe the most important things to you as simply and transparently as possible. To promote transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used for illustration. Thus, we inform in clear and simple language that we only process personal data in the context of our business activities when there is a corresponding legal basis for it. This is certainly not possible if we provide, as often standard on the internet, concise, unclear, and legal-technical explanations about data protection. I hope you find the following explanations interesting and informative, and perhaps there is information here that you did not know.
If you still have questions, we ask you to follow the links provided and look at further information on third-party sites, or to contact us directly. You can, of course, also find our contact details in the imprint.

Scope

This privacy policy applies to all personal data processed by us, both the data we collect directly from our customers and data processed on our behalf by third-party processors. By personal data, we mean information as defined by Article 4 No. 1 GDPR such as your name, e-mail address, and postal address. Processing personal data allows us to offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• social media profiles and e-mail communication
• mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas where personal data is processed in a structured manner by us through the channels mentioned. Should we enter into legal relations with you outside these channels, we will inform you separately.

Legal Bases

In the following privacy policy, we provide transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which allow us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this General Data Protection Regulation of the EU online at EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We process your data only if at least one of the following conditions applies:

1. Consent (Article 6 (1) (a) GDPR): You have given us your consent to process data for a specific purpose. An example would be storing your data from a contact form.
2. Contract (Article 6 (1) (b) GDPR): In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we enter into a purchase agreement with you, we need personal information in advance.
3. Legal obligation (Article 6 (1) (c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6 (1) (f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. We may need to process certain data to operate our website securely and economically efficiently. This processing is thus a legitimate interest.

Further conditions such as the performance of tasks carried out in the public interest or in the exercise of official authority as well as the protection of vital interests generally do not occur with us. If such a legal basis should be relevant, it will be indicated in the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), abbreviated as DSG.
• In Germany, the Federal Data Protection Act, abbreviated as BDSG, applies.

If other regional or national laws apply, we will inform you in the following sections.

Contact Details of the Responsible Party

If you have any questions about privacy or the processing of personal data, you will find the contact details of the responsible person or office below:
Simple Solution. OG
Salzgasse 2, 5400 Hallein, Austria

Imprint: https://www.rapid-remove.com/impressum

Duration of Storage

That we store personal data only as long as necessary to provide our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased, for example for accounting purposes.

If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as soon as possible and as far as no storage obligation exists.

We will inform you about the specific duration of each data processing below, if we have further information on this.

Rights According to the General Data Protection Regulation

According to Articles 13 and 14 GDPR, we inform you about the following rights that you have, ensuring fair and transparent processing of data:

• According to Article 15 GDPR, you have the right to obtain confirmation as to whether or not data concerning you is being processed. If this is the case, you have the right to request a copy of the data and the following information:
  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • if the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
• According to Article 16 GDPR, you have the right to obtain without undue delay the rectification of inaccurate personal data concerning you.
• According to Article 17 GDPR, you have the right to request the erasure of personal data concerning you without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
• According to Article 18 GDPR, you have the right to obtain restriction of processing where one of the following applies:
• According to Article 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1), and the processing is carried out by automated means.
• According to Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
• According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. This means that you can always complain to the data protection authority if you believe that the processing of personal data relating to you infringes the GDPR.

In short: You have rights – do not hesitate to contact the responsible entity listed above at our site!

If you believe that the processing of your data violates data protection law or if your data protection claims have been violated in any other way, you can complain to the supervisory authority. In Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/. In Germany, each federal state has its own data protection officer. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:

Austria Data Protection Authority

Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Telephone number: +43 1 52 152-0
Email address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Transfer to Third Countries

We only transfer or process data in countries outside the scope of the GDPR (third countries) if you have consented to this processing or if there is another legal permission. This is particularly true if the processing is required by law or necessary to fulfill a contractual relationship and in any case only as far as this is generally allowed. Your consent is most often the main reason we let data be processed in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have server locations, can mean that personal data is processed and stored in unexpected ways.

We expressly point out that according to the opinion of the European Court of Justice, an adequate level of protection for data transfer to the USA is currently only given if a US company that processes personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. More information on this can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

The data processing by US services that are not active participants in the EU-US Data Privacy Framework may lead to data not being anonymized and stored. Furthermore, US governmental authorities may access individual data. Additionally, it may occur that collected data is linked with data from other services of the same provider if you have an appropriate user account. Whenever possible, we try to use server locations within the EU, provided this is offered.
We will inform you more precisely about data transfers to third countries where applicable in this privacy policy.

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to infer personal information from our data.

Art. 25 GDPR talks about "data protection by design and by default" and means that one should think about security both in software (e.g., forms) and hardware (e.g., access to the server room) at all times and set appropriate measures. We will go into more detail about specific measures below, if necessary.

TLS Encryption with https

TLS, encryption, and https sound very technical and they are technical. We use HTTPS (the Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transmit data securely on the internet.
This means that the complete transmission of all data from your browser to our web server is secure – nobody can "listen in".

Thus, we have introduced an additional layer of security and meet data protection through technology design (Article 25 Paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small lock symbol in the top left of the browser, left of the internet address (e.g. examplepage.com) and the use of the scheme https (instead of http) as part of our internet address.
If you want to know more about encryption, we recommend a Google search for "Hypertext Transfer Protocol Secure wiki" to get good links to further information.

Communication

Communication Summary 👥 Affected: All who communicate with us via phone, email, or online form 📓 Processed Data: e.g., phone number, name, email address, entered form data. More details can be found with the respective contact type used 🤝 Purpose: Handling communication with customers, business partners, etc. 📅 Duration of Storage: Duration of the business case and the legal regulations ⚖️ Legal Bases: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. b GDPR (contract), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

When you contact us and communicate via phone, email, or online form, personal data may be processed.

The data are processed for the handling and processing of your question and the related business case. The data are stored during and as long as the law prescribes.

Affected Persons

All those affected who seek contact with us via the communication channels we provide are affected.

Phone

When you call us, call data is pseudonymized and stored on the respective device and by the telecommunications provider used. In addition, data such as name and phone number can subsequently be sent by email and stored for answering inquiries. The data are deleted as soon as the business case has ended and the legal regulations allow it.

Email

If you communicate with us by email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and there is data storage on the email server. The data are deleted as soon as the business case has ended and the legal regulations allow it.

Online Forms

If you communicate with us using an online form, data are stored on our web server and possibly forwarded to an email address of ours. The data are deleted as soon as the business case has ended and the legal regulations allow it.

Legal Bases

The processing of the data is based on the following legal bases:

• Art. 6 Para. 1 lit. a GDPR (consent): You give us your consent to store your data and continue to use it for purposes related to the business case;
• Art. 6 Para. 1 lit. b GDPR (contract): There is a need for the fulfillment of a contract with you or a processor such as the phone provider, or we must process the data for pre-contractual activities, such as the preparation of an offer;
• Art. 6 Para. 1 lit. f GDPR (legitimate interests): We want to operate customer inquiries and business communication in a professional framework. Certain technical facilities such as email programs, Exchange servers, and mobile phone providers are necessary to operate communication efficiently.

Data Processing Agreement (DPA)

In this section, we want to explain what a data processing agreement is and why it is needed. Because the term "data processing agreement" is quite a mouthful, we will often only use the acronym DPA here in the text. Like most companies, we do not work alone but also take on the services of other companies or individuals. By involving various companies or service providers, it may be that we pass on personal data for processing. These partners then act as processors, with whom we conclude a contract, the so-called data processing agreement (DPA). Most importantly for you to know is that the processing of your personal data is done exclusively according to our instructions and must be regulated by the DPA.

Who are Processors?

We are the company and website owner responsible for all data that we process from you. In addition to the responsible parties, there can also be so-called processors. This includes any company or person who processes personal data on our behalf. More precisely and according to the definition of the GDPR: any natural or legal person, authority, institution, or other body processing personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

For better understanding of the terminology, here is an overview of the three roles in the GDPR:

Data Subject (you as a customer or prospect) → Controller (we as a company and client) → Processor (service provider such as a web host or cloud provider)

Content of a Data Processing Agreement

As mentioned above, we have concluded a DPA with our partners who act as processors. First and foremost, it is stated in the agreement that the processor processes the data exclusively in accordance with the GDPR. The contract must be concluded in writing, although in this context electronic contract conclusion is also considered "in writing". Only on the basis of the contract is the processing of personal data carried out. The contract must contain the following:

• Binding to us as the controller
• Duties and rights of the controller
• Categories of affected persons
• Type of personal data
• Nature and purpose of data processing
• Subject and duration of data processing
• Place of data processing

Furthermore, the contract contains all the obligations of the processor. The most important obligations are:

• To ensure data security measures
• To take possible technical and organizational measures to protect the rights of the affected person
• To maintain a data processing directory
• To cooperate with the data protection supervisory authority upon request
• To conduct a risk analysis regarding the received personal data
• Sub-processors may only be commissioned with written permission of the controller

What a DPA actually looks like can be viewed, for example, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html. Here, a model contract is presented.

Cookies

Cookies Summary 👥 Affected: Visitors of the website 🤝 Purpose: depends on the respective cookie. More details can be found below or with the manufacturer of the software that sets the cookie. 📓 Processed Data: Depends on the cookie used. More details can be found below or with the manufacturer of the software that sets the cookie. 📅 Duration of Storage: depends on the respective cookie, can vary from hours to years ⚖️ Legal Bases: Art. 6 Abs. 1 lit. a DSGVO (consent), Art. 6 Abs. 1 lit.f DSGVO (legitimate interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data.
In the following, we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you surf the internet, you are using a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.

There is no denying that cookies are really useful helpers. Nearly all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically put into the cookie folder, sort of the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you revisit our site, your browser transmits the "user-related" information back to our site. Thanks to the cookies, our website knows who you are and offers you your usual default settings. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. In this case, the web browser requests a site and gets a cookie from the server, which the browser uses again the next time a page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner-websites (e.g. Google Analytics). Each cookie is to be evaluated individually since each cookie stores different data. Also, the expiry time of a cookie varies from a few minutes to a couple of years. Cookies are not software programs and do not contain viruses, Trojans or other "pests". Cookies also cannot access information on your PC.

For example, cookie data might look like this:

Name: _ga
Value: GA1.2.1326744211.152112679220-9
Purpose: Distinguishing between website visitors
Expiry Date: after 2 years

The minimum size a browser should be able to support is:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we specifically use depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly touch on the different types of HTTP cookies.

There are 4 types of cookies:

Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product into the shopping cart, then continues browsing on other pages and later goes to the checkout. These cookies do not delete the shopping cart, even if the user closes their browser window.

Functional Cookies
These cookies collect info about the user behavior and whether the user gets any error messages. Also, these cookies measure the load time and behavior of the website on different browsers.

Target-oriented Cookies
These cookies provide a better user-friendliness. For example, entered locations, font sizes or form data are saved.

Advertising Cookies
These cookies are also called targeting cookies. They are used to deliver individually adapted advertisements to the user. This can be very practical, but also very annoying.

Usually, you are asked which of these cookie types you want to allow the first time you visit a website. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. More details can be found below or with the manufacturer of the software that sets the cookie.

What data are processed?

Cookies are little helpers for many different tasks. What data is stored in cookies cannot be generalized, but we will inform you in the context of this privacy policy about the processed and stored data.

Duration of Cookie Storage

The duration of storage depends on the respective cookie and is further specified below. Some cookies are deleted after less than one hour, others can be stored on a computer for several years.

You also have control over the duration of storage. You can manually delete all cookies at any time via your browser settings (see also below "Right of objection"). Furthermore, cookies based on consent are deleted at the latest after the consent has been revoked, whereby the lawfulness of the storage remains unaffected until then.

Right of Objection – How can I delete cookies?

How and whether you want to use cookies is up to you. Regardless of which service or which website the cookies are from, you always have the option to delete, deactivate or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change cookie settings or delete cookies, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove the data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. This allows you to decide for each individual cookie whether you allow the cookie or not. The procedure is different depending on the browser. The best way is to search the instructions in Google with the search term "delete cookies Chrome" or "disable cookies Chrome" if you have a Chrome browser.

Legal Basis

Since 2009, there are the so-called "cookie guidelines". In it is stipulated that storing cookies requires a consent (Article 6 Paragraph 1 lit. a GDPR) from you. In the EU countries, there are still very different reactions to these guidelines. In Austria, however, the implementation of this guideline was done in § 96 Paragraph 3 of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not implemented as national law. Instead, the implementation of this guideline was largely done in § 15 Paragraph.3 of the Telemedia Act (TMG).

For absolutely necessary cookies, even if no consent exists, there are legitimate interests (Article 6 Paragraph 1 lit. f GDPR), which are mostly of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often absolutely necessary for this.

As far as non-essential cookies are used, this only happens in the case of your consent. The legal basis is thus Article 6 Paragraph 1 lit. a GDPR.

In the following sections, you will be informed more precisely about the use of cookies, provided that software used utilizes cookies.

Web Analytics Introduction

Web Analytics Privacy Policy Summary 👥 Affected: Visitors of the website 🤝 Purpose: Evaluation of visitor information to optimize the web offer. 📓 Processed Data: Access statistics, which include data such as locations of access, device data, duration of access and time, navigation behavior, click behavior, and IP addresses. More details can be found with the respective Web Analytics tool used. 📅 Duration of Storage: depends on the web analytics tool used ⚖️ Legal Bases: Article 6 Paragraph 1 lit. a GDPR (consent), Article 6 Paragraph 1 lit. f GDPR (legitimate interests)

What is Web Analytics?

We use software on our website to evaluate the behavior of website visitors, briefly called Web Analytics or Web Analysis. Data are collected, which the respective Analytic Tool provider (also called tracking tool) stores, manages, and processes. With the help of the data, analyses about user behavior on our website are created and provided to us as website operators. Additionally, most tools offer various testing options. For example, we can test which offers or contents are most popular with our visitors. For this, we show you two different offers for a limited time period. After the test (so-called A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as well as for other analytics procedures, user profiles can also be created and the data stored in cookies.

Why do we operate Web Analytics?

With our website, we have a clear goal in mind: we want to provide the best web offer in our industry. To achieve this goal, we want to offer the best and most interesting offer on the one hand and ensure that you feel completely comfortable on our website on the other hand. With the help of web analytics tools, we can take a closer look at the behavior of our website visitors and then improve our web offer accordingly for you and us. For example, we can find out how old our visitors are on average, where they come from, when our website is most visited, or which contents or products are particularly popular. All this information helps us to optimize the website and thus adapt it optimally to your needs, interests, and wishes.

What data are processed?

The exact data stored depends, of course, on the used analysis tools. But usually, data such as which contents you view on our website, which buttons or links you click, when you access a page, which browser you use, with which device (PC, tablet, smartphone, etc.) you visit the website, or which computer system you use are stored. If you have agreed that location data may also be collected, these can also be processed by the web analysis tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. Your IP address is usually anonymized (i.e., made unrecognizable and shortened) when stored. For the purposes of tests, web analysis, and web optimization, generally no direct data such as your name, your age, your address, or your e-mail address are stored. All this data, if collected, is stored pseudonymized. This means that you cannot be identified as a person.

The following example shows schematically the functioning of Google Analytics as an example for client-based web tracking with JavaScript code.

How long the respective data are stored depends on the provider. Some cookies store data only for a few minutes or until you leave the website, other cookies can store data for several years.

Duration of Data Processing

We will inform you about the duration of data processing further below, as far as we have further information. In general, we only process personal data as long as it is absolutely necessary for the provision of our services and products. If it is required by law, such as in the case of accounting, this storage duration can also be exceeded.

Right of Objection

You also have the right and the opportunity at any time to revoke your consent to the use of cookies or third parties. This can either be done via our cookie management tool or other opt-out functions. For example, you can also prevent the collection of data by cookies by managing, disabling, or deleting cookies in your browser.

Legal Basis

The use of web analytics requires your consent, which we have obtained with our cookie popup. This consent is the legal basis according to Art. 6 Abs. 1 lit. a DSGVO (consent) for the processing of personal data, as it may occur during the collection by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus technically and economically improving our offer. With the help of web analytics, we recognize errors on the website, can identify attacks, and improve the economy. The legal basis for this is Art. 6 Abs. 1 lit. f DSGVO (legitimate interests). However, we only use the tools as long as you have given your consent.

As web analytics tools use cookies, we recommend you also read our general privacy policy on cookies. To learn exactly what data is stored and processed by you, you should read the privacy statements of the respective tools.

Information on specific web analytics tools, if available, can be found in the following sections.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary 👥 Affected: Visitors of the website 🤝 Purpose: Evaluation of visitor information to optimize the web offer. 📓 Processed Data: Access statistics, which include data such as locations of access, device data, access duration and time, navigation behavior, and click behavior. More details can be found below in this privacy policy. 📅 Duration of Storage: individually adjustable, by default Google Analytics 4 stores data for 14 months ⚖️ Legal Bases: Article 6 Paragraph 1 lit. a GDPR (consent), Article 6 Paragraph 1 lit. f GDPR (legitimate interests)

What is Google Analytics?

We use the analysis tracking tool Google Analytics in the version Google Analytics 4 (GA4) of the American company Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. By combining various technologies such as cookies, device IDs, and login information, you as a user can be identified across multiple devices. Thus, your actions can also be analyzed across platforms.

For example, if you click a link, this event is stored in a cookie and sent to Google Analytics. With the help of the reports we receive from Google Analytics, we can better adapt our website and our service to your wishes. Below, we will go into more detail about the tracking tool and inform you primarily about which data are processed and how you can prevent this.

Google Analytics is a tracking tool that serves the traffic analysis of our website. The basis of these measurements and analyses is a pseudonymous user identification number. This number does not contain any personal data such as name or address, but serves to assign events to an end device. GA4 uses an event-based model that captures detailed information on user interactions such as page views, clicks, scrolling, conversion events. In addition, various machine learning functions have been integrated into GA4 to better understand user behavior and certain trends. GA4 relies on modeling with the help of machine learning functions. Based on the collected data, missing data can also be extrapolated in order to optimize the analysis and also to provide forecasts.

In order for Google Analytics to function in general, a tracking code is built into the code of our website. When you visit our website, this code records various events that you perform on our website. With the event-based data model of GA4, we as website operators can define specific events and track them to obtain analyses of user interactions. Thus, in addition to general information such as clicks or page views, special events that are important for our business can also be tracked. Such special events could be, for example, the submission of a contact form or the purchase of a product.

Once you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports about your user behavior. Among other things, these can be the following reports:

• Audience reports: Audience reports help us get to know our users better and know more precisely who is interested in our service.
• Display reports: Display reports help us analyze and improve our online advertising more easily.
• Acquisition reports: Acquisition reports provide us with helpful information on how we can attract more people to our service.
• Behavior reports: Here we learn how you interact with our website. We can trace the path you take on our site and which links you click.
• Conversions reports: Conversion is the process in which you perform a desired action as a result of a marketing message. For example, when you go from being a mere website visitor to a buyer or newsletter subscriber. Using these reports, we learn more about how our marketing efforts are received by you. We aim to increase our conversion rate.
• Real-time reports: Here we always know immediately what is happening on our website. For example, we see how many users are currently reading this text.

In addition to the above analysis reports, Google Analytics 4 also offers, among other things, the following features:

• Event-based data model: This model captures very specific events that can occur on our website. For example, playing a video, buying a product, or signing up for our newsletter.
• Advanced analysis functions: With these functions, we can better understand your behavior on our website or certain general trends. For example, we can segment user groups, make comparative analyses of target groups, or trace your path on our website.
• Predictive modeling: Based on collected data, missing data can be extrapolated using machine learning, which can predict future events and trends. This can help us develop better marketing strategies.
• Cross-platform analysis: Data collection and analysis are possible both from websites and from apps. This gives us the opportunity to analyze user behavior across platforms, provided you have consented to the data processing.

Why do we use Google Analytics on our website?

Our goal with this website is clear: We want to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically evaluated data show us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our page so that it is more easily found by interested people on Google. On the other hand, the data help us to better understand you as a visitor. Thus, we know very precisely what we need to improve on our website to offer you the best possible service. The data also help us to carry out our advertising and marketing measures in a more individual and cost-effective way. After all, it only makes sense to show our products and services to people who are interested in them.

What data are stored by Google Analytics?

Google Analytics creates a random, unique ID linked to your browser cookie. This way, Google Analytics recognizes you as a new user and you are assigned a User-ID. If you visit our page again later, you will be recognized as a "returning" user. All collected data are saved together with this User-ID. This makes it possible to evaluate pseudonymous user profiles.

To be able to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data are then stored in the corresponding property. For each newly created property, the Google Analytics 4 property is the default. Depending on the property used, data are stored differently long.

Through identifiers such as cookies, app instance IDs, User-IDs, or custom event parameters, your interactions, if you have consented, are measured across platforms. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google Account), data generated by Google Analytics can be linked to third-party cookies. Google does not share Google Analytics data unless we as website operators authorize it. Exceptions may occur if required by law.

According to Google, no IP addresses are logged or stored in Google Analytics 4. However, Google does use IP address data for deriving location data and deletes them immediately thereafter. Thus, all IP addresses collected from users in the EU are deleted before the data are stored in a data center or on a server.

As Google Analytics 4 focuses on event-based data, the tool uses significantly fewer cookies compared to previous versions (such as Google Universal Analytics). Nevertheless, there are some specific cookies used by GA4. These include, for example:

Name: _ga
Value: 2.1326744211.152112679220-5
Purpose: By default, analytics.js uses the cookie _ga to store the User-ID. Basically, it serves to distinguish website visitors.
Expiration date: after 2 years

Name: _gid
Value: 2.1687193234.152112679220-1
Purpose: The cookie is also used to distinguish website visitors
Expiration date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to reduce the request rate. If Google Analytics is provided via Google Tag Manager, this cookie is named _dc_gtm_ <property-id>.
Expiration date: after 1 minute

Note: This list cannot claim to be complete, as Google changes the choice of their cookies again and again. GA4 also aims to improve privacy. Therefore, the tool offers some options for controlling data collection. For example, we can set the storage duration ourselves and also control data collection.

Here we show you an overview of the most important types of data collected by Google Analytics:

Heatmaps: Google creates so-called heatmaps. Heatmaps show exactly those areas that you click. So we get information about where you are "on the move" on our page.

Session duration: Google calls the time you spend on our site without leaving the page as session duration. If you have been inactive for 20 minutes, the session automatically ends.

Bounce rate (engl. Bouncerate): A bounce is mentioned when you only look at one page on our website and then leave our website again.

Account creation: If you create an account on our website or make an order, Google Analytics collects this data.

Location: IP addresses are not logged or stored in Google Analytics. However, shortly before the deletion of the IP address, derivations for location data are used.

Technical information: The technical information includes, among other things, your browser type, your Internet provider, or your screen resolution.

Source of origin: Google Analytics, or rather we, are of course also interested in which website or which advertisement you came to our page.

Other data include contact data, possible ratings, playing media (e.g., if you play a video via our page), sharing content via social media or adding to your favorites. The list does not claim to be complete and serves only for a general orientation of data storage by Google Analytics.

How long and where are the data stored?

Google has their servers all over the world. Here you can read exactly where Google's data centers are located: https://www.google.com/about/datacenters/locations/?hl=de

Your data are distributed across various physical data carriers. This has the advantage that the data can be retrieved faster and are better protected from manipulation. In every Google data center, there are appropriate emergency programs for your data. For example, if Google's hardware fails or natural disasters paralyze servers, the risk of service interruption at Google remains low.

The duration of data storage depends on the used properties. The storage duration is always set individually for each property. Google Analytics offers us four options for controlling the storage duration:

• 2 months: this is the shortest storage duration.
• 14 months: by default, data remain stored in GA4 for 14 months.
• 26 months: data can also be stored for 26 months.
• Data are deleted only when we delete them manually

There is also the option that data are only deleted when you do not visit our website within the period we have selected. In this case, the retention period is reset each time you visit our website within the specified period.

When the specified period has expired, the data are deleted once a month. This storage duration applies to your data associated with cookies, user recognition, and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data are a combination of individual data into a larger unit.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to obtain information about your data, update it, delete it, or restrict it. With the browser add-on to deactivate Google Analytics JavaScript (analytics.js, gtag.js), you prevent Google Analytics 4 from using your data. The browser add-on can be downloaded and installed at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only disables data collection by Google Analytics.

If you generally want to deactivate, delete, or manage cookies, you can find the corresponding links to the instructions for the most popular browsers in the section "Cookies".

Legal Basis

The use of Google Analytics requires your consent, which we have obtained with our cookie popup. This consent constitutes the legal basis according to Art. 6 Abs. 1 lit. a DSGVO (consent) for the processing of personal data, as it may occur during the collection by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus technically and economically improving our offer. With the help of Google Analytics, we recognize errors on the website, can identify attacks, and improve the economy. The legal basis for this is Art. 6 Abs. 1 lit. f DSGVO (legitimate interests). We use Google Analytics, however, only as long as you have given your consent.

Google processes data including in the USA. Google is an active participant of the EU-US Data Privacy Framework, which regulates the correct and secure data transfer of personal data of EU citizens to the USA. More information about this can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Google also uses so-called Standard Contractual Clauses (= Art. 46. Abs. 2 and 3 GDPR). Standard Contractual Clauses (Standard Contractual Clauses – SCC) are template provisions provided by the EU Commission and are intended to ensure that your data also meet European data protection standards when they are transferred to third countries (such as the USA). By the EU-US Data Privacy Framework and through the Standard Contractual Clauses, Google undertakes to maintain the European level of data protection when processing your relevant data, even if the data are stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

We hope we were able to provide you with the most important information about the data processing by Google Analytics. If you want to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

If you want to learn more about data processing, use the Google privacy policy at https://policies.google.com/privacy?hl=de.

Data Processing Agreement (DPA) Google Analytics

We have concluded a Data Processing Agreement (DPA) with Google in the sense of Article 28 of the General Data Protection Regulation (GDPR). What exactly a DPA is and especially what must be contained in a DPA, you can read in our general section "Data Processing Agreement (DPA)".

This contract is legally required because Google processes personal data on our behalf. It clarifies that Google may process data received from us only according to our instructions and must comply with the GDPR. You can find the link to the data processing conditions under https://business.safety.google/intl/de/adsprocessorterms/

E-Mail Marketing Introduction

E-Mail Marketing Summary 👥 Affected: Newsletter subscribers 🤝 Purpose: Direct advertising via email, notification of system-relevant events 📓 Processed Data: Entered data at registration but at least the email address. More details can be found at the used E-Mail Marketing Tool. 📅 Duration of Storage: Duration of the subscription ⚖️ Legal Bases: Article 6 Paragraph 1 lit. a GDPR (consent), Article 6 Paragraph 1 lit. f GDPR (legitimate interests)

What is E-Mail Marketing?

To keep you informed at all times, we also use the option of email marketing. If you have agreed to receive our emails or newsletter, data from you will also be processed and stored. Email marketing is a part of online marketing. News or general information about a company, products, or services are sent via email to a specific group of people who are interested in it.

If you want to participate in our email marketing (usually by newsletter), you usually just need to register with your email address. You fill out an online form and send it off. However, we may also ask for your salutation and your name so that we can address you personally.

In general, the registration for newsletters is done using the so-called "Double Opt-In procedure". After you have registered for our newsletter on our website, you will receive an email in which you can confirm the newsletter subscription. This ensures that the email address belongs to you and that no one has registered with a foreign email address. We or a notification tool used by us logs every single registration. This is necessary so that we can prove the legally correct registration process. Typically, the time of registration, the time of confirmation, and your IP address are stored. In addition, it is also logged when you make changes to your stored data.

Why do we use Email Marketing?

We naturally want to keep in touch with you and always present you with the most important news about our company. We use email marketing – often just called "newsletter" – as an essential part of our online marketing. As long as you agree or it is legally permitted, we send you newsletters, system emails, or other notifications by email. If we use a service provider that offers a professional sending tool, we do it to provide you with fast and secure newsletters. The purpose of our email marketing is generally to inform you about new offers and also to get closer to our business goals.

What data are processed?

If you subscribe to our newsletter via our website, you confirm your membership in an email list by email. Besides your IP address and email address, your salutation, your name, your address, and your telephone number may also be stored. However, only if you agree to this data storage. The marked data are necessary so that you can participate in the offered service. The specification is voluntary, but if you do not provide it, you cannot use the service. Additionally, information about your device or your preferred content on our website may also be stored. More about data storage when visiting a website can be found in the section "Automatic data storage". We record your consent statement so that we can always prove that it complies with our laws.

Duration of data processing

If you unsubscribe from our email/newsletter distribution list, we may store your address for up to three years based on our legitimate interests, so we can prove your prior consent. We may only process this data if we need to defend against potential claims.

If you confirm that you gave us consent for the newsletter subscription, you can submit an individual deletion request at any time. If you permanently object to the consent, we reserve the right to store your email address in a block list. As long as you voluntarily subscribe to our newsletter, we will of course keep your email address.

Right to object

You always have the option to cancel your newsletter subscription. You just need to revoke your consent to the newsletter subscription. This usually takes only a few seconds or one or two clicks. Usually, you will find a link at the end of each email to unsubscribe from the newsletter subscription. If the link is really not to be found in the newsletter, please contact us by mail, and we will cancel your newsletter subscription immediately.

Legal Basis

The sending of our newsletter is based on your consent (Article 6 Paragraph 1 lit. a GDPR). This means that we may only send you a newsletter if you have actively registered for it beforehand. We may also send you advertising messages if you have become our customer and have not objected to the use of your email address for direct advertising.

Information on specific email marketing services and how they process personal data can be found – if available – in the following sections.

Chatbots Introduction

Chatbots Privacy Policy Summary 👥 Affected: Website visitors 🤝 Purpose: Inquiry requests and general communication between us and you 📓 Processed Data: Data such as name, address, email address, telephone number, general content data, possibly IP address More details can be found at the used tools. 📅 Duration of Storage: dependent on the used chatbots & chat functions ⚖️ Legal Bases: Article 6 Paragraph 1 lit. a GDPR (consent), Article 6 Paragraph 1 lit. f GDPR (legitimate interests), Article 6 Paragraph 1 S. 1 lit. b. GDPR (contractual or pre-contractual obligations)

What are Chatbots?

You can also communicate with us using chatbots or similar chat functions. A chat offers the possibility to write or talk to each other with only a very short delay. A chatbot is software that tries to answer your question and may also inform you about news. By using these communication means, personal data from you can also be processed and stored.

Why do we use Chatbots?

Communication options with you are important to us. After all, we want to talk to you and answer all possible questions about our service as best as possible. Good communication is an important part of our service. Chatbots have the great advantage that we can answer frequently asked questions with the help of this software automatically. This saves us time, and you still receive detailed and helpful answers. If the chatbot cannot help, you always have the option to contact us personally.

Please note that when using our integrated elements, data from you may also be processed outside the European Union, as many providers are American companies. As a result, you may not be able to assert your rights concerning your personal data as easily.

What data are processed?

It is possible that you use the chat services on other websites/platforms as well. In this case, your user ID is also stored on the servers of this website. We can also be informed about which user has used the chat at what time. The contents are also stored. What data exactly are stored depends on the respective service. Typically, however, it involves contact data such as email address or telephone number, IP address, and various usage data.

If you have consented to the application of the chat function, this consent and a possible registration are also stored and logged. We do this so that we can show the registration or consent if legally required.

The provider of a chat platform may also find out when you chat and also receive technical information about your device used. What information exactly is stored and processed also depends on your PC settings. In many cases, data about your approximate location can be collected, for example. This is done partly to optimize the chat services and partly to ensure more security. Furthermore, the information can also be used to set personalized advertising and marketing measures.

If you have consented that a chatbot can send you messages, you can of course also deactivate this activation at any time. The chatbot also serves as a help and shows you how you can unsubscribe from this function. All your related data will be deleted from the recipient directory afterwards.

The above data are used by us to possibly address you personally in the chat, to be able to answer your questions and requests, or also to send you possible contents. Additionally, we can use this data to improve our chat services in general.

How long are data stored?

The duration of data processing and storage depends primarily on our used tools. You can learn more about data processing of individual tools further below. In the privacy policies of the providers, it is usually stated exactly which data are stored and processed for how long. In general, personal data are only processed as long as necessary for the provision of our services. If data are stored in cookies, the storage duration can vary greatly. The data can be deleted immediately after leaving a website, or they can be stored for several years. Therefore, you should look at each individual cookie in detail if you want to know more about data storage. In most cases, you can also find informative information about individual cookies in the privacy policies of the respective providers.

Right to object

You also always have the right and the possibility to revoke your consent to the use of cookies or third-party providers. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent the collection of data by cookies by managing, deactivating, or deleting cookies in your browser.

Since chat services can also use cookies, we recommend you also read our general privacy policy on cookies. To learn exactly what data about you are stored and processed, you should read the privacy statements of the respective tools.

Legal basis

We ask for your permission via a popup window to process data from you as part of the chat services. If you consent, this consent also serves as the legal basis (Art. 6 Abs. 1 lit. a DSGVO) for data processing. We also process your requests and manage your data as part of contractual or pre-contractual relationships in order to fulfill our pre-contractual and contractual obligations or to answer inquiries. The basis for this is Art. 6 Abs. 1 S. 1 lit. b. DSGVO. In general, your data are also stored and processed based on our legitimate interest (Art. 6 Abs. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners. We use the tools, however, only as long as you have given your consent.

Explanation of used terms

We always strive to write our privacy policy as clearly and understandably as possible. Especially with technical and legal topics, this is not always completely simple. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). We do not want to use these without explanation. Below you will find an alphabetical list of important terms used that we may not have sufficiently addressed in the previous privacy policy. If these terms were taken from the GDPR and are definitions, we will also present the GDPR texts here and possibly add our own explanations.

Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: We, as a company and website owner, are responsible for all data that we process from you. Besides the controllers, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. Processors may therefore include, in addition to service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: Usually, such consent is obtained via a cookie-consent-tool on websites. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you consent to data processing. You can usually also make individual settings and thus decide for yourself which data processing you allow and which not. If you do not consent, no personal data about you may be processed. In principle, consent can of course also be given in writing, i.e. not via a tool.

Personal Data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

"personal data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data are therefore all data that can identify you as a person. These are usually data such as:

• Name
• Address
• E-mail address
• Postal address
• Phone number
• Date of birth
• Identification numbers such as social security number, tax identification number, identity card number or enrollment number
• Bank data such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can determine at least the approximate location of your device based on your IP address and subsequently you as the connection owner. Therefore, even storing an IP address requires a legal basis under the GDPR. There are also so-called "special categories" of personal data that are also particularly worthy of protection. These include:

• racial and ethnic origin
• political opinions
• religious or philosophical beliefs
• trade union membership
• genetic data such as data obtained from blood or saliva samples
• biometric data (these are information about psychological, physical or behavior-typical features that can identify a person). Health data
• data concerning a person's sex life or sexual orientation

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

"profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Explanation: Profiling involves gathering various information about a person in order to learn more about that person. In the web area, profiling is often used for advertising purposes or also for credit checks. For example, web or advertising analysis programs collect data about your behavior and your interests on a website. This results in a special user profile, with the help of which advertising can be specifically played out to a target group.

 

Controller

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

"controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for the processing of your personal data and are therefore the "controller". If we pass on collected data for processing to other service providers, they are "processors". A "Data Processing Agreement (DPA)" must be signed for this.

 

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation:

"processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Explanation: When we refer to processing in our privacy policy, we mean any type of data processing. This includes, as mentioned in the original GDPR definition, not only the collection but also the storage and processing of data.

Final Word

Congratulations! If you are reading this, you have really made your way through our entire privacy policy or at least scrolled down to here. As you can see from the extent of our privacy policy, we take the protection of your personal data very seriously.
It is important to us to inform you about the processing of personal data to the best of our knowledge and belief. We not only want to inform you about what data is processed, but also about the reasons for using various software programs. In general, privacy policies sound very technical and legal. However, since most of you are neither web developers nor lawyers, we wanted to take a different linguistic approach and explain the matter in simple and clear language. This is, of course, not always possible due to the nature of the topic. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible person mentioned. We hope you have a good time and hope to welcome you to our website soon again.

All texts are copyright protected.

Source: Created with the Data Protection Generator by AdSimple