Privacy policy.

Introduction and overview


We have created this data protection declaration (version 11.10.2024-112887840) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/67 9 and applicable national laws, to explain which personal data (in short: data) we, as the data controller, and the processors we commission (e.g. providers), process or will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.

In short: We provide you with comprehensive information about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, on the other hand, is intended to describe the most important things as simply and transparently as possible. To the extent that it promotes transparency, technical terms are explained in a reader-friendly way, links to further information are provided and graphics are used. We use clear and simple language to explain that we only process personal data as part of our business activities if there is a corresponding legal basis for doing so. This is certainly not possible by providing the briefest, most unclear and legal-technical explanations, as is often the case on the internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps you will learn something new.

If you still have questions, we would ask you to contact the responsible office named below or in the imprint, follow the links provided and view further information on third-party sites. You can also find our contact details in the imprint.



Scope of application

This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person's name, email address and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

  • all online presences (websites, online shops) that we operate

  • social media presences and e-mail communication

  • mobile apps for smartphones and other devices

In short: the privacy policy applies to all areas in which personal data is processed in a structured way in the company via the channels mentioned. Should we enter into a legal relationship with you outside of these channels, we will inform you separately if necessary.

Legal basis
In the following data protection declaration, we provide you with transparent information on the legal principles and regulations, i.e. the legal basis of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. This General Data Protection Regulation of the EU can, of course, be read online at EUR-Lex, the access to EU law, at .

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6 (1) (a) GDPR): You have given us your consent to process data for a specific purpose. An example would be to store the data you entered in a contact form.
2. Contract (Article 6 (1) (b) GDPR): We process your data in order to fulfil a contract or pre-contractual obligations with you. For example, if we enter into a purchase agreement with you, we require personal information in advance.
3. Legal obligation (Article 6 (1) (c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Article 6 (1) (f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and efficiently. This processing is therefore a legitimate interest.

Other conditions, such as the exercise of public interest and public authority, as well as the protection of vital interests, do not usually arise for us. Insofar as such a legal basis should be relevant, however, this will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.

  • In Germany, the Federal Data Protection Act (BDSG) applies.


If further regional or national laws apply, we will inform you in the following sections.


Contact details of the controller


If you have any questions about data protection or the processing of personal data, you will find the contact details of the responsible person or office below:

ECARUS GmbH
Hannes Reinisch
Kalsdorf 1, 8262 Ilz, Austria
Authorised to represent: Lisa Reinisch
E-mail: contact@ecarus.org
Telephone: +43 6645879591
Imprint:

Storage period
We apply the general criterion of only storing personal data for as long as is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose no longer applies, for example for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and insofar as there is no obligation to store it.
We will inform you below about the specific duration of the respective data processing, provided that we have further information.


Rights under the General Data Protection Regulation


In accordance with Articles 13 and 14 of the GDPR, we are informing you of the following rights to which you are entitled to ensure fair and transparent data processing:

  • According to Article 15 of the GDPR, you have the right to information as to whether we process your data. If this is the case, you have the right to receive a copy of the data and to be informed of the following information:

    • the purpose of the processing;

    • the categories, i.e. the types of data, being processed;

    • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;

    • how long the data is stored;

    • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;

    • that you can complain to a supervisory authority (links to these authorities can be found below);

    • the origin of the data if we have not collected it from you;

    • whether profiling is carried out, i.e. whether data is automatically evaluated to create a personal profile of you.

  • According to Article 16 of the GDPR, you have the right to have your data rectified, which means that we must correct data if you find errors.

  • According to Article 17 of the GDPR, you have the right to erasure (‘right to be forgotten’), which specifically means that you may request the deletion of your data.

  • According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but may not use it further.

  • According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.

  • According to Article 21 of the GDPR, you have the right to object, which, if enforced, will result in a change in processing.

    • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.

    • If data is used for direct marketing, you can object to this type of data processing at any time. We are then no longer allowed to use your data for direct marketing.

    • If data is used for profiling, you can object to this type of data processing at any time. We are then no longer allowed to use your data for profiling.

  • According to Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing (e.g. profiling).

  • According to Article 77 of the GDPR, you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: you have rights – do not hesitate to contact the responsible office listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. In Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austria Data Protection Authority
Head: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email address: dsb@dsb.gv.at



Data transfer to third countries


We only transfer or process data in countries outside the scope of the GDPR (third countries) if you consent to this processing or if there is some other legal permission to do so. This applies in particular if the processing is required by law or necessary to fulfil a contractual relationship and in any case only to the extent that this is generally permitted. In most cases, your consent is the most important reason for us to have data processed in third countries. The processing of personal data in third countries such as the USA, where many software companies offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.
We would like to explicitly point out that, in the opinion of the European Court of Justice, an adequate level of protection for data transferred to the USA currently only exists if a US company that processes personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. You can find more information at:
Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being processed and stored anonymously. Furthermore, US state authorities may be able to access individual data. In addition, it may happen that the collected data is linked to data from other services of the same provider, provided that you have a corresponding user account. Where possible, we try to use server locations within the EU, provided that this is offered.
We will inform you in more detail about data transmission to third countries, if applicable, at the appropriate points in this data protection declaration.

Security of data processing
We have implemented both technical and organisational measures to protect personal data. Wherever possible, we encrypt or pseudonymise personal data. In doing so, we make it as difficult as possible for third parties to infer personal information from our data.
Art. 25 GDPR refers to ‘data protection through technology design and data protection-friendly default settings’ and means that security is always considered and appropriate measures are taken for both software (e.g. forms) and hardware (e.g. access to the server room). In the following, we will discuss specific measures if necessary.

If you contact us and communicate with us by phone, email or online form, personal data may be processed.
The data is processed for the purpose of handling and processing your question and the related business transaction. The data is stored for just as long as required by law.

Data subjects


The above processes affect anyone who seeks contact with us via the communication channels we provide.

Telephone
When you call us, the call data is stored pseudonymously on the respective end device and at the telecommunications provider used. In addition, data such as name and telephone number can be sent by email and stored to answer the enquiry. The data will be deleted as soon as the business case has been closed and legal requirements permit.

Email
When you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and data is stored on the email server. The data will be deleted as soon as the business case has been closed and legal requirements permit.

Online forms
If you communicate with us using an online form, data is stored on our web server and, if necessary, forwarded to one of our e-mail addresses. The data will be deleted as soon as the business case has been closed and legal requirements permit.

Legal basis
The processing of the data is based on the following legal bases:

  • Art. 6 para. 1 lit. a GDPR (consent): You give us consent to store your data and to use it for the purposes related to the business case;

  • Art. 6 para. 1 lit. b GDPR (contract): there is a need for the fulfilment of a contract with you or a processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;

  • Art. 6 para. 1 lit. f GDPR (legitimate interests): We want to handle customer enquiries and business communication in a professional manner. To do this, certain technical facilities such as e-mail programs, exchange servers and mobile operators are necessary to be able to operate communication efficiently.


Cookies



What are cookies?

Our website uses HTTP cookies to store user-specific data.

To help you understand the following data protection declaration, we will explain below what cookies are and why they are used.
Whenever you surf the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing cannot be denied: cookies are really useful little helpers. Almost all websites use cookies. To be more precise, they are HTTP cookies, as there are other cookies for other applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically stored in the cookie folder, which is the ‘brain’ of your browser, so to speak. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you return to our site, your browser transmits the ‘user-related’ information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are accustomed to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie is to be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other ‘pests’. Cookies also cannot access information on your PC.

For example, cookie data may look like this:
Name: _ga
Value: GA1.2.1326744211.152112887840-9
Purpose: Distinguishing between website visitors
Expiry date: after 2 years
A browser should be able to support these minimum sizes:

  • At least 4096 bytes per cookie

  • At least 50 cookies per domain

  • At least 3000 cookies in total


What types of cookies are there?
The question of which cookies we use in particular depends on the services used and is explained in the following sections of the data protection declaration. At this point, we would like to briefly discuss the different types of HTTP cookies.
There are four types of cookies:

Essential cookies
These cookies are necessary to ensure the basic functionality of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues surfing on other pages and only proceeds to checkout later. These cookies ensure that the shopping cart is not deleted even if the user closes their browser window.

Functional cookies
These cookies collect information about user behaviour and whether the user receives any error messages. These cookies are also used to measure the loading time and the behaviour of the website in different browsers.

Targeted cookies
These cookies ensure a better user experience. For example, they store information about the locations entered, font sizes or form data.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver customised advertising to the user. This can be very useful, but also very annoying.
Usually, when you visit a website for the first time, you will be asked which of these types of cookies you wish to allow. And, of course, this decision is also stored in a cookie.
If you want to know more about cookies and are not afraid of technical documentation, we recommend the Request for Comments from the Internet Engineering Task Force (IETF) called ‘HTTP State Management Mechanism’.

Purpose of processing via cookies
The purpose ultimately depends on the respective cookie. You can find more details below or from the manufacturer of the software that sets the cookie.

What data is processed?
Cookies are little helpers for a wide range of tasks. Unfortunately, it is not possible to generalise about what data is stored in cookies, but we will inform you about the processed or stored data in the context of the following data protection declaration.

Storage period of cookies
The storage period depends on the respective cookie and is specified below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.
You can also influence the storage duration yourself. You can manually delete all cookies at any time via your browser (see also ‘Right of objection’ below). Furthermore, cookies that are based on consent will be deleted at the latest after you withdraw your consent, although the lawfulness of the storage remains unaffected until then.

Right of objection – how can I delete cookies?
You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.
If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:
Chrome: Delete, activate and manage cookies in Chrome
Safari: Manage cookies and website data with Safari
Firefox: Delete cookies to remove data that websites have stored on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies

If you do not want any cookies, you can set up your browser to always notify you when a cookie is about to be placed. This way, you can decide for each cookie whether you want to allow it or not. The procedure is different for each browser. It is best to search for instructions in Google using the search term ‘delete cookies Chrome’ or ‘disable cookies Chrome’ if you use a Chrome browser.

Legal basis

The so-called ‘Cookie Guidelines’ have been in place since 2009. These state that the storage of cookies requires your consent (Article 6 (1) (a) GDPR). However, there are still very different reactions to these guidelines within EU countries. In Austria, however, this guideline was implemented in § 165 (3) of the Telecommunications Act (2021). In Germany, the cookie guidelines have not been implemented as national law. Instead, the directive was largely implemented in Section 15 (3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024.
There are legitimate interests for cookies that are absolutely necessary, even if consent has not been given (Article 6 (1) (f) GDPR), which in most cases are of an economic nature. We want to provide visitors to our website with a pleasant user experience, and certain cookies are often essential for this.
If cookies that are not absolutely necessary are used, this will only be done with your consent. The legal basis for this is Art. 6 para. 1 lit. a DSGVO.
In the following sections, you will be informed in more detail about the use of cookies, provided that the software used employs cookies.


Web hosting

When you visit websites these days, certain information – including personal data – is automatically created and stored, and this also applies to this website. This data should be processed as sparingly as possible and only with justification. Incidentally, by website we mean the totality of all web pages on a domain, i.e. everything from the home page (homepage) to the very last subpage (like this one). By domain we mean for example example.de or example.com.
If you want to view a website on a computer, tablet or smartphone, you use a programme called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We'll just call them browsers or web browsers for short.

To display the website, the browser has to connect to another computer where the website code is stored: the web server. Operating a web server is a complicated and expensive task, which is why it is usually handled by professional providers. These offer web hosting and ensure that website data is stored reliably and without errors. That was a whole bunch of technical terms, but please bear with us, it gets even better!

When the browser connects to your computer (desktop, laptop, tablet or smartphone) and during the data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must also store data for a while to ensure proper operation.

Why do we process personal data?
The purposes of data processing are:
1. professional hosting of the website and safeguarding of operations
2. to maintain operational and IT security
3. anonymous evaluation of access behaviour to improve our services and, if necessary, for criminal prosecution or the pursuit of claims.

What data is processed?
Even as you visit our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as

  • the complete Internet address (URL) of the website accessed

  • browser and browser version (e.g. Chrome 87)

  • the operating system used (e.g. Windows 10)

  • the address (URL) of the previously visited page (referrer URL) (e.g. )

  • the host name and the IP address of the device from which access is made (e.g. computer name and 194.23.43.121)

  • date and time

  • in files, the so-called web server log files

How long is data stored?
In general, the above data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that it may be viewed by the authorities in the event of unlawful conduct.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not pass on your data without consent!

Legal basis
The lawfulness of the processing of personal data in the context of web hosting arises from Art. 6 para. 1 lit. f DSGVO (protection of legitimate interests), because the use of professional hosting with a provider is necessary to present the company securely and user-friendly on the Internet and to be able to track attacks and claims arising from this if necessary.
As a rule, a contract for order processing exists between us and the hosting provider in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.


Squarespace



Sparespace is a website builder and content management system (CMS). It allows companies to create a website very easily and without programming knowledge. In this data protection text, we provide you with general information about data processing by Squarespace. You can find more detailed information in the data protection declarations of the provider.


What data is stored by Squarespace?
Technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider and the date of your website visit are collected. Furthermore, tracking data (e.g. browser activity, clickstream activities, session heat maps, etc.) may also be processed. Personal data is also collected and stored. This includes contact details such as your email address, telephone number (if you have provided it), IP address and geographical location data. You can find out exactly which data is stored in the provider's privacy policy.

Right of objection
You always have the right to information, correction and deletion of your personal data. You can find contact details either in our privacy policy or on the Squarespace website.

You can delete, disable or manage cookies that providers use for their functions in your browser. This works in different ways depending on which browser you use. Please note, however, that if you do this, not all functions may work as usual.

Legal basis
We have a legitimate interest in using a service like Squarespace to optimise our online service and to present it to you in an efficient and user-friendly way. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (legitimate interests). However, we only use the tool if you have given your consent.
Insofar as the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This applies in particular to tracking activities. The legal basis in this respect is Art. 6 para. 1 lit. a DSGVO.
With this data protection declaration, we have provided you with the most important general information about data processing. If you would like more detailed information in this regard, you will find further information – if available – in the following section or in the provider's data protection declaration.


Google Analytics



We use Google Analytics on our website to analyse the behaviour of our website visitors. This involves collecting, storing, managing and processing data. The data is used to create analyses of user behaviour on our website and made available to us as the website operator.

Why do we use web analytics?
We have a clear goal in mind with our website: we want to provide the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting range on the one hand, while also making sure that you feel completely at home on our website. With the help of web analysis tools, we can take a closer look at the behaviour of our website visitors and then improve our web offering for you and for us. For example, we can see the average age of our visitors, where they come from, when our website is most frequently visited and which content or products are particularly popular. All this information helps us to optimise the website and thus adapt it to your needs, interests and wishes.

What data is processed?
Exactly which data is stored depends, of course, on the analysis tools used. However, as a rule, the following information is stored, for example: what content you view on our website, which buttons or links you click on, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website or which computer system you use. If you have given your consent for location data to be collected as well, this data can also be processed by the web analysis tool provider.

Your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored in pseudonymised form (i.e. in an unrecognisable and abbreviated form). In principle, no direct data, such as your name, age, address or email address, is stored for the purposes of testing, web analysis and web optimisation. All this data, if collected at all, is stored in pseudonymised form. This means that you cannot be identified as a person.
Right to object
You also have the right and the option at any time to revoke your consent to the use of cookies or third-party providers. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

Legal basis
The use of web analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by web analytics tools.
In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors and thus improving our offering both technically and economically. With the help of web analytics, we can detect website errors, identify attacks and improve efficiency. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (legitimate interests). However, we only use the tools if you have given your consent.
Since cookies are used for web analytics tools, we also recommend that you read our general data protection declaration on cookies. To find out exactly which of your data are stored and processed, you should read the data protection declarations of the respective tools.
Information on special web analytics tools, if available, can be found in the following sections.


E-mail marketing



We also use email marketing to keep you up to date. If you have agreed to receive our emails or newsletter, your data will also be processed and stored. Email marketing is a subfield of online marketing. It involves sending news or general information about a company, products or services by email to a specific group of people who are interested in it.

If you want to participate in our email marketing, you normally just have to register with your email address. To do this, you fill out an online form and send it to us. However, we may also ask you for your title and name so that we can address you personally.

Generally, newsletter subscriptions work by means of a process known as the ‘double opt-in procedure’. After you have registered for our newsletter on our website, you will receive an e-mail asking you to confirm your newsletter subscription. This ensures that the e-mail address belongs to you and that no one has registered with a third-party e-mail address. We or a notification tool used by us logs every single registration. This is necessary so that we can also prove the legally correct registration process. As a rule, the time of registration, the time of registration confirmation and your IP address are stored. In addition, a log is also created when you make changes to your stored data.

Why do we use email marketing?
We naturally want to stay in contact with you and always keep you up to date with the most important news about our company. To do this, we use email marketing – often just referred to as ‘newsletters’ – as an essential part of our online marketing. If you agree or it is legally permitted, we will send you newsletters, system e-mails or other notifications by e-mail. When we use the term ‘newsletter’ in the following text, we mainly mean regularly sent e-mails. Of course, we don't want to bother you with our newsletter in any way. That's why we always try to offer only relevant and interesting content. This way you can learn more about our company, our services or products. As we are constantly improving our offers, you will also always find out about our newsletter when there is news or we are currently offering special, lucrative promotions. If we commission a service provider that offers a professional delivery tool for our email marketing, we do so in order to be able to offer you fast and secure newsletters. The purpose of our email marketing is basically to inform you about new offers and also to get closer to our business goals.

What data is processed?
When you subscribe to our newsletter via our website, you confirm your membership of an email list by email. In addition to your IP address and email address, your title, name, address and telephone number may also be stored. However, this only occurs if you consent to this data storage. The data marked as such is necessary for you to participate in the offered service. The information is provided voluntarily, but if you do not provide it, you will not be able to use the service. In addition, information about your device or your preferred content may also be stored on our website. You can find out more about the storage of data when you visit a website in the ‘Automatic data storage’ section. We record your declaration of consent so that we can always prove that it complies with our laws.

Right to object
You have the option to cancel your newsletter subscription at any time. To do so, you simply have to revoke your consent to subscribe to the newsletter. This normally takes only a few seconds or one or two clicks. In most cases, you will find a link to cancel your newsletter subscription right at the end of each email. If there is no link in the newsletter, please contact us by email and we will cancel your newsletter subscription immediately.

Legal basis
We send our newsletter on the basis of your consent (Article 6 (1) (a) GDPR). This means that we may only send you a newsletter if you have actively registered for it beforehand. We may also send you advertising messages if you have become our customer and have not objected to the use of your email address for direct advertising.



Social media


In addition to our website, we are also active on various social media platforms. This means that user data may be processed so that we can address users who are interested in us via social networks. Furthermore, elements of a social media platform can be embedded directly into our website. This is the case, for example, if you click on a social button on our website and are redirected directly to our social media page. Social media refers to websites and apps that registered members can use to produce content, share content openly or in specific groups, and network with other members.

Why do we use social media?
For years, social media platforms have been the place where people communicate and connect online. With our social media sites, we can bring our products and services to interested parties. The social media elements integrated on our website help you to quickly and easily switch to our social media content.

The data stored and processed through your use of a social media channel is primarily used for the purpose of conducting web analyses. The aim of these analyses is to develop more accurate and personalised marketing and advertising strategies. Depending on your behaviour on a social media platform, the evaluated data can be used to draw appropriate conclusions about your interests and create user profiles. This also enables the platforms to present you with customised advertisements. In most cases, cookies are set in your browser for this purpose, which store data about your usage behaviour.

We generally assume that we remain responsible for data protection even if we use the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform can be jointly responsible with us within the meaning of Art. 26 GDPR. Insofar as this is the case, we point this out separately and work on the basis of an agreement in this regard. The essence of the agreement is then set out below for the platform concerned.

Please note that when you use social media platforms or our integrated elements, your data may also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. This may make it more difficult for you to exercise or enforce your rights in relation to your personal data.

What data is processed?
Exactly which data is stored and processed depends on the respective social media platform provider. However, it usually includes data such as phone numbers, email addresses, data that you enter in a contact form, user data such as which buttons you click, who you like or follow, when you visited which pages, information about your device and your IP address. Most of this data is stored in cookies. In particular, if you have a profile on the social media channel you are visiting and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers' servers. This means that only the providers have access to the data and can provide you with the appropriate information or make changes.
If you want to know exactly which data is stored and processed by the social media providers and how you can object to the data processing, you should carefully read the company's privacy policy. If you have any questions about data storage and data processing or want to assert corresponding rights, we recommend that you contact the provider directly.

Right of objection
You also have the right and the option at any time to revoke your consent to the use of cookies or third-party providers such as embedded social media elements. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend reading our general data protection statement about cookies. To find out exactly which of your data are stored and processed, you should read the data protection statements of the respective tools.

Legal basis
If you have consented to the processing and storage of your data by integrated social media elements, this consent is the legal basis for the data processing (Art. 6 para. 1 lit. a GDPR). In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in communicating quickly and effectively with you or other customers and business partners if consent has been obtained. However, we only use the tools if you have given your consent. Most social media platforms also set cookies in your browser to store data. Therefore, we recommend that you read our data protection text about cookies carefully and view the data protection declaration or the cookie guidelines of the respective service provider.
Information on specific social media platforms can be found in the following sections, if available.



Blog posts and comments



There are various online communication tools that we can use on our website. For example, we use blog posts and comment functions. This gives you the opportunity to comment on content or write posts. If you use this function, your IP address may be stored for security reasons. This is how we protect ourselves from illegal content such as insults, unauthorised advertising or forbidden political propaganda. In order to recognise whether comments are spam, we may also store and process user information on the basis of our legitimate interest. If we start a survey, we also store your IP address for the duration of the survey so that we can be sure that all participants only vote once. Cookies may also be used for storage purposes. All the data we store about you (such as content or information about you as an individual) will remain stored until you object.



Google Marketing Platform



Online marketing refers to all measures carried out online to achieve marketing goals such as increasing brand awareness or closing a business deal. Furthermore, our online marketing measures are aimed at drawing people's attention to our website. We use online marketing to show our services to as many interested people as possible. This is usually done through online advertising, content marketing or search engine optimisation. We also store and process personal data so that we can use online marketing efficiently and in a targeted manner. The data helps us to show our content only to those people who are really interested in it, and also allows us to measure the advertising success of our online marketing measures.

Why do we use Google Marketing Platform?
We want to show our website to everyone who is interested in what we have to offer. We are aware that this is not possible without consciously taking action. That is why we do online marketing. There are various tools that make our online marketing activities easier and also provide suggestions for improvement based on data. This allows us to tailor our campaigns more precisely to our target group. The purpose of these online marketing tools is ultimately to optimise our offering.

What data is processed?
In order for our online marketing to work and for the success of the measures to be measured, user profiles are created and data is stored in cookies (small text files), for example. With the help of this data, we can not only place advertising in the traditional sense, but also display our content in the way you prefer, directly on our website. There are various third-party tools that offer these functions and also collect and store data from you. The cookies mentioned, for example, store which web pages you have visited on our website, how long you have viewed these pages, which links or buttons you click or from which website you came to us. In addition, technical information may also be stored. For example, your IP address, which browser you are using, from which device you are visiting our website or the time when you accessed our website and when you left it. If you have given your consent for us to determine your location as well, we can also store and process this.

Your IP address is stored in pseudonymised form (i.e. abbreviated). Unique data that can directly identify you as a person, such as your name, address or email address, is only stored in pseudonymised form as part of advertising and online marketing procedures. This means that we cannot identify you as a person; we only have the pseudonymised, stored information stored in the user profiles.

Under certain circumstances, the cookies can also be used, analysed and used for advertising purposes on other websites that work with the same advertising tools. The data can then also be stored on the servers of the advertising tool providers.

In exceptional cases, unique data (names, email addresses, etc.) may also be stored in the user profiles. This storage occurs, for example, if you are a member of a social media channel that we use for our online marketing measures and the network connects data that has already been entered with the user profile.
For all the advertising tools we use that store your data on their servers, we only ever receive summarised information and never data that makes you recognisable as an individual. The data merely shows how well advertising measures worked. For example, we see which measures have prompted you or other users to come to our website and purchase a service or product there. Based on the analyses, we can improve our advertising offer in the future and adapt it even more precisely to the needs and wishes of interested persons.

Right of objection
You also have the right and the option at any time to revoke your consent to the use of cookies or third-party providers. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. The lawfulness of the processing up to the point of revocation remains unaffected.
Since cookies can generally be used with online marketing tools, we also recommend that you read our general data protection statement about cookies. To find out exactly which of your data are stored and processed, you should read the data protection statements of the respective tools.

Legal basis
If you have given your consent for third-party providers to be used, this consent forms the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when it is collected by online marketing tools.
We also have a legitimate interest in measuring online marketing measures in anonymised form in order to optimise our services and measures with the help of the data obtained. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). However, we only use the tools if you have given your consent.
Information on specific online marketing tools can be found in the following sections, if available.



Explanation of terms used


We always try to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used, which we may not have yet sufficiently addressed in the previous data protection declaration. If these terms have been taken from the GDPR and are definitions, we will also quote the GDPR texts here and, if necessary, add our own explanations.

Contracted data processor
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term
‘contracted data processor’ refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Explanation: As a company and website owner, we are responsible for all the data we process about you. In addition to the controllers, there may also be so-called processors. These include any company or person that processes personal data on our behalf. Consequently, processors can be, in addition to service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.

Consent
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term:
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Explanation: As a rule, consent of this kind is given on websites using a cookie consent tool. You are bound to be familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to or consent to the data processing. In most cases, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not consent, none of your personal data may be processed. In principle, consent can of course also be given in writing, i.e. not via a tool.

Personal data
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term
‘personal data’ shall mean any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Explanation: Personal data is therefore all data that can identify you as a person. This is usually data such as:

  • Name

  • Address

  • Email address

  • Postal address

  • Telephone number

  • Date of birth

  • Identification numbers such as social security number, tax identification number, ID card number or matriculation number

  • Bank data such as account number, credit information, account balances and much more.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and subsequently you as the subscriber. Therefore, the storage of an IP address also requires a legal basis in accordance with the GDPR. There are also so-called ‘special categories’ of personal data that are particularly worthy of protection. These include:

  • racial and ethnic origin

  • political opinions

  • religious or philosophical beliefs

  • trade union membership

  • genetic data, such as data obtained from blood or saliva samples

  • biometric data (this is information about psychological, physical or behavioural characteristics that can identify a person).
    health data

  • data on sexual orientation or sex life


profiling
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the following definitions shall apply:
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Explanation: Profiling involves collecting various information about a person in order to learn more about that person. In the online sphere, profiling is often used for advertising purposes or for credit checks. For example, web or advertising analysis programmes collect data about your behaviour and interests on a website. This results in a specific user profile that can be used to target advertising to a specific group.

Controller
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term ‘controller’ shall mean the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Explanation: In our case, we are responsible for the processing of your personal data and are therefore the ‘controller’. If we pass on collected data to other service providers for processing, these are ‘processors’. For this, a ‘data processing agreement’ must be signed.

Processing
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the following definition applies:
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Note: When we talk about processing in our privacy policy, we mean any kind of data processing. As mentioned above in the original GDPR declaration, this includes not only collecting but also storing and processing data.



Final word


Congratulations! If you are reading this, you have either made it all the way through our entire privacy policy or at least scrolled this far. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously.

It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. However, we not only want to tell you which data is processed, but also to explain the reasons for using various software programmes. As a rule, data protection declarations sound very technical and legal. However, since most of you are neither web developers nor lawyers, we wanted to take a different approach linguistically and explain the facts in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the data protection declaration.

If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible office. We hope you enjoy the rest of your visit and hope to see you again soon on our website.

All texts are protected by copyright.
Source: Adapted from a version generated with the Data Protection Generator from AdSimple