Automatic Storage of Data
Nowadays, when you access websites, certain data is automatically generated and stored. This also applies to this website.
When you visit our website, like you are doing right now, our webserver (this means the computer on which this website is hosted) automatically stores data as webserver log files, such as:
- The address (URL) of the accessed website
- Browser type and version
- The used operating system
- The address (URL) of the website previously accessed (referrer URL)
- The hostname and IP address of the device you are using to access this website
- Date and time.
As a rule, webserver log files are stored for two weeks and automatically deleted afterwards. We do not pass this data on to third parties, but your data might be accessed in case of unlawful conduct. The legal provision of this is Article 6 Section 1 f GDPR (‘Rechtmäßigkeit der Verarbeitung’, or ‘Lawfulness of processing of personal data’), as there is a legitimate interest to ensure the error-free operation of this website by using webserver log files.
What exactly are cookies?
You are using a browser whenever you use the internet. Common browsers are, for example, Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser – these files are known as cookies.
Cookies remember certain pieces of user-related data, such as your preferred language or personalised page settings. Upon re-visiting our website, your browser sends this ‘user-related’ data to our website. Thanks to these cookies, our website knows who you are, and will be able to display your default settings. In some browsers, cookies each have their own file. However, others like for example Firefox, store all cookies in a single file.
There are first-party cookies, as well as third-party cookies. First-party cookies are created directly by our website, whereas third-party cookies are created by partner websites (for example, Google Analytics). Each and every cookie should be individually looked at, as every cookie stores a different type of data. Even the expiration date of every cookie can vary – ranging from just a few minutes to a few years. Cookies are no software programmes, and they do not contain any viruses, Trojan viruses, or other malware. Cookies are not able to access any data stored on your PC.
Cookies can, for example, look like this:
- Name: _ga
- Expiration date: 2 years
- Purpose: Differentiating between website visitors
- Example value: GA1.2.1326744211.152211096540
A browser should be able to support the following minimum sizes:
- A cookie should be able to consist of a minimum of 4096 bytes
- A minimum of 50 cookies per domain should be able to be stored
- A total of at least 3000 cookies should be able to be stored
What are the various types of cookies?
One can distinguish between 4 types of cookies:
Strictly necessary cookies
These cookies are essential to run the fundamental features of the website. These cookies are required when, for example, a user places a product into the basket, then continues browsing other websites, and only proceeds to the checkout later on. Thanks to these cookies, the contents of the basket will not be deleted, even if the user closes the browser.
These cookies collect data concerning the user activity, and whether you encounter potential error messages. Additionally, these cookies help to track loading times and how the website responds to different browsers.
These cookies improve user-friendliness. For example, entered locations, font sizes or data entered in forms is saved.
These cookies are also known as targeting cookies, and they are used to deliver personalised ads. This can be quite convenient, but occasionally also annoying.
Usually you will be asked what type of cookies you wish to enable upon your first visit to a website. And this decision is, of course, saved within a cookie.
How can I delete cookies?
If you wish to find out which cookies are stored by your browser, or if you wish to change your cookie settings or clear them, please check your browser settings:
Chrome: Clear, enable, and manage cookies in Chrome
Safari: Manage cookies and website data in Safari on Mac
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and Manage cookies
Microsoft Edge: Delete cookies
If you do not wish to enable any cookies at all, you can set up your browser to alert you whenever a cookie is usually set. This way you are able to decide every single time if you wish to enable a cookie or not. This process differs depending on the browser. We suggest searching for instructions by googling the term ‘delete cookies Chrome’ or ‘deactivate cookies Chrome’, if you are using a Chrome browser. In case you are not, simply replace the word ‘Chrome’ with the name of your browser – for example, Edge, Firefox or Safari.
What about Data Protection?
If you wish to read more about cookies, and if you are not afraid of technical documents, we recommend https://tools.ietf.org/html/rfc6265, the request for comments of the Internet Engineering Task Force (IETF) entitled ‘HTTP State Management Mechanism’.
Storage of personal data
Personal data which is electronically transmitted to our website by you, such as, for example, your name, e-mail address, address or other personal data which was entered as part of an online form or blog comment, will only be used by us, in conjunction with a time stamp and the IP address, for the stated purpose. This data is securely stored, and will not be passed on to third parties.
Therefore, we only use personal data to communicate with visitors who clearly stated they wished to be contacted, and to process service features rendered by our website, such as services and transactions. We do not pass this data on without your consent, but your data might be accessed in case of unlawful conduct.
We cannot guarantee the safe transmittance, or the protection of your data, in case you send us personal data via e-mail – meaning using services that are not part of our website. We recommend never communicating your personal data via unencrypted e-mails.
According to the legal provision of Article 6 Section 1 a GDPR (‘Rechtmäßigkeit der Verarbeitung’, or ‘Lawfulness of processing’), you consent to the processing of the data you have entered. You can revoke consent at any time – simply sending us an e-mail is enough. You can find our contact details on our site notice.
Analysis of Visitor Activity
You can find more information regarding how to opt out of this analysis of visitor data below.
TLS encryption through https
We use https to transmit data securely (‘Datenschutz durch Technikgestaltung’, or ‘data protection by design’, Article 25 Section 1 GDPR). By using TLS (Transport Layer Security), a cryptographic protocol designed to provide secure internet data transfers, we can ensure the safety of your personal data. You can tell this secure data transfer protocol is in place if a small lock symbol can be seen in the upper left corner of your browser. Additionally, ‘https’ (instead of ‘http’) will be part of the internet address.
If you sign up for our newsletter, you transmit the aforementioned personal data and grant us the right to contact you via e-mail. The data stored when you signed up for the newsletter will only be used for the purposes of said newsletter, and we do not pass it on to any third parties.
If you unsubscribe from our newsletter – the required link can be found at the very bottom of every newsletter – then all the data stored when you signed up to the newsletter will be deleted by us.
Our website uses Google Maps (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA).
By using these maps, data will be transmitted to Google. For further information on what type of data is collected by Google, and what this data may be used for, please see https://www.google.com/intl/en/policies/privacy/.
Your rights according to the Data Protection Act
According to the conditions of the GDPR and of the Austrian Datenschutzgesetzes (DSG) (or ‘Data Protection Act’), you can exercise the following rights:
- Right to rectification (Article 16 GDPR)
- Right to erasure (‘right to be forgotten’) (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Notification obligation regarding rectification or erasure of personal data or restriction of processing (Article 19 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to Object (Article 21 GDPR)
- Automated individual decision-making, including profiling (Article 22 GDPR)
If you think the processing of your data violates the Data Protection Act, or if you think your data protection rights are violated in any other way, you can contact the regulatory authority. In Austria, this is the ‘Datenschutzbehörde’ (‘Data Protection Authority’), and you can find their website here: https://www.dsb.gv.at/.
Our website uses embedded elements by social media services to host pictures, videos and texts.
By visiting sites depicting these elements, data is transmitted from your browser to the social media services and stored by them. We do not have access to this data.
The following links lead to the websites of the respective social media services, and you can find explanations concerning the use of your data there:
Our website uses functions of the social media network Facebook (Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland).
To find which functions (social plug-ins) are provided by Facebook, please see https://developers.facebook.com/docs/plugins/.
By accessing our websites, data may be transmitted to Facebook. If you have a Facebook account, Facebook will be able to map said data to your personal account. Please log off Facebook if you wish to avoid this.
Our website hosts embedded videos from the video-sharing website YouTube (YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA).
By accessing sites of our websites which host integrated YouTube videos, data will be transmitted to YouTube, as well as stored and processed by YouTube.
If you have a YouTube account and if you are signed into said account, this data will be mapped to your personal account and any therein stored data.
For further information on what type of data is collected by Google, and what this data may be used for, please see https://www.google.com/intl/en/policies/privacy/.
Our website uses functions of the social network Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland).
By accessing these functions, personal data may be transmitted to Twitter. We do not monitor or store anything regarding this transmittance of data.
If you own a Twitter account, you can change your privacy settings by accessing account settings at https://twitter.com/settings/account.
Our website uses functions of the social network Google+ (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA).
Please note that a Google account is necessary in order to fully use all offered features.
Upon using certain features (such as Google +1 buttons, Google+ badges, follow buttons, Google+ share and link buttons, sign-in buttons, and hangout buttons), data will be transmitted to Google, even if you do not have a Google account.
If you are signed into your Google account whilst using the aforementioned features, your data may, depending on your settings at https://plus.google.com/settings/, be internationally published, aggregated and analysed by Google.
For further information on what type of data is collected by Google, and what this data may be used for, please see https://www.google.com/intl/en/policies/privacy/.
Our website uses functions of the social media network SoundCloud (SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany).
Upon using SoundCloud features, such as activating the playback of music, data (IP address, browser data, date and time, cookies) will be transmitted to SoundCloud, as well as stored and analysed.
If you have a SoundCloud account and if you are signed into said account, this data will be mapped to your personal account and any therein stored data.
This is permitted due to legal provision of Article 6 (1) f (‘Rechtmäßigkeit der Verarbeitung’, or ‘Lawfulness of processing’), as there is a legitimate interest to protect this website from bots and spam software.
What is reCAPTCHA?
Why do we use reCAPTCHA on our website?
We only want to welcome humans made of flesh and blood to our website. Bots or spam software of any kind can happily stay away. This is why we pull out all the stops to protect ourselves, and to offer you the most user-friendly experience. This is why we use Google reCAPTCHA by Google. By doing so, we can be safe in the knowledge that our website remains free of bots. By using reCAPTCHA, data is transmitted to Google, and this data is then used by Google to ascertain that you are truly a human being. reCAPTCHA therefore provides security for our website – and, in turn, also for you. Without reCAPTCHA, for example, a bot could register accounts with as many e-mail addresses as possible, simply to spam our forum or blog with unwanted ads afterwards. We can avoid these attacks by using reCAPTCHA.
What kind of data is stored by reCAPTCHA?
reCAPTCHA collects personal user data to ascertain whether any activity on our website is actually thanks to humans. This means IP addresses and other data, which is needed by Google to ensure reCAPTCHA works, can also be sent to Google. Within the member states of the EU or other countries that are part of the Agreement of the European Economic Area, IP addresses are usually shortened, before they end up on a server in the US. IP addresses are not combined with other data by Google, as long as you are not signed into your Google account whilst using reCAPTCHA. The reCAPTCHA algorithm first checks whether your browser already stores any cookies of other Google services (YouTube, Gmail, etc.). Afterwards, reCAPTCHA sets an additional cookie in your browser, and takes a screenshot of your browser window.
The following list of collected browser and user data is not exhaustive. They are meant to be examples of data which is, based on our experience and knowledge, processed by Google.
- Referrer URL (the address of the page where you clicked a link that sent you to this page)
- IP address (for example, 218.104.22.168)
- Information regarding the operating system (software that supports your computer’s functions; common operating systems are Windows, Mac OS X or Linux)
- Cookies (small text files which store data in your browser)
- Mouse and keyboard activity (all the actions executed by your mouse or keyboard are stored)
- Date and language setting (the language and date you have pre-set on your PC will be stored)
- Screen resolution (shows how many pixels your screen resolution consists of)
It’s undisputed that Google uses and analyses this data even before you tick the ‘I am not a robot’ box. With invisible reCAPTCHA, you do not even have to tick this box – the entire detection process is automatically running in the background. Google isn’t very forthcoming when it comes to answering the question regarding how much data, and what kind of, is stored by them.
The following cookies are used by reCAPTCHA: we are referring to the demo version of reCAPTCHA by Google, which can be found at https://www.google.com/recaptcha/api2/demo. All of these cookies require a unique identification marker to enable tracking. You can find a list of cookies set by Google in their demo version of reCAPTCHA here:
Expiration date: After one year
Purpose: This cookie is set by the company DoubleClick (a subsidiary of Google) to track how users interact with ads on a website. This allows DoubleClick to track the efficiency of ads, and to optimise them accordingly. IDE is stored in browsers under the domain doubleclick.net.
Example value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-211096540
Expiration date: After one month
Purpose: This cookie collects statistics concerning your use of the website and tracks conversions rates. A conversion is created when, for example, a user becomes a buyer. This cookie is also utilised to show users relevant ads. This cookie also allows the prevention of showing the user the same ad more than once.
Example value: 2019-5-14-12
Expiration date: After 9 months
Example value: U7j1v3dZa2110965400xgZFmiqWppRWKOr
Expiration date: After 19 years
Purpose: This cookie stores whether a user has consented to the use of various Google services. CONSENT is also intended to provide security – to verify users, prevent log-in data fraud, and to protect user data from unauthorised access.
Example value: YES+AT.de+20150628-20-0
Expiration date: After 6 months
Purpose: NID is utilised by Google to tailor and match ads based on your past Google searches. With this cookie, Google ‘remembers’ your most frequent search requests, as well as previous interactions with ads. This way you will always see targeted ads. This cookie contains a unique ID Google uses to collect data concerning your preferences for marketing purposes.
Example value: 0WmuWqy211096540zILzqV_nmt3sDXwPeM5Q
Expiration: After 10 minutes
Purpose: This cookie is set as soon as you tick the ‘I am not a robot’ box. This cookie is used by Google Analytics to show targeted ads. DV collects anonymised data, and is additionally used to differentiate between, and to categorise, users.
Example value: gEAABBCjJMXcI0dSAAAANbqc211096540
Please note: This list is by no means exhaustive, as Google tends to alter and change their selection of cookies.
For how long, and where, is my data stored?
How can I delete my data, or how do I prevent my data is stored?
If you wish to avoid sending any data concerning you and your activity level to Google, you will have to – before even visiting our website or using reCAPTCHA software – completely sign out of Google accounts and delete all Google cookies. Generally data is automatically sent to Google as soon as you visit our website. Please contact Google support at https://support.google.com/?hl=en&tid=211096540 if you wish to delete this data.
Upon using our website, you consent to Google LLC and their representatives automatically collecting, processing and using data.