PRIVACY POLICY

Data Protection

We composed this privacy policy (version 23.06.2019-211096540) in accordance with the conditions outlined in the General Data Protection Regulation (EU) 2016/679 and the Datenschutzgesetz (DSG), the ‘Federal data protection act’, to outline what type of data is collected by us, how we use data, and what your rights as the user of this website are.

Due to the very nature of matters described here, this may sound very technical. However, when we composed this privacy policy, we tried to explain all important matters in a clear and concise manner.

Automatic Storage of Data

Nowadays, when you access websites, certain data is automatically generated and stored. This also applies to this website.

When you visit our website, like you are doing right now, our webserver (this means the computer on which this website is hosted) automatically stores data as webserver log files, such as:

  • The address (URL) of the accessed website
  • Browser type and version
  • The used operating system
  • The address (URL) of the website previously accessed (referrer URL)
  • The hostname and IP address of the device you are using to access this website
  • Date and time.

As a rule, webserver log files are stored for two weeks and automatically deleted afterwards. We do not pass this data on to third parties, but your data might be accessed in case of unlawful conduct. The legal provision of this is Article 6 Section 1 f GDPR (‘Rechtmäßigkeit der Verarbeitung’, or ‘Lawfulness of processing of personal data’), as there is a legitimate interest to ensure the error-free operation of this website by using webserver log files.

Cookies

Our website uses HTTP cookies to store user-specific data. In order to allow you to fully understand our privacy policy, please find an explanation regarding what cookies are, and why they are being used, below.

What exactly are cookies?

You are using a browser whenever you use the internet. Common browsers are, for example, Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser – these files are known as cookies.

One thing is clear: cookies are useful little helpers. Almost all websites use cookies. To be exact, they’re using HTTP-cookies, as there are other cookies that serve other purposes. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, which is practically the ‘brain’ of your browser. A cookie consists of a name and a value. Upon defining a cookie, one or more attributes have to be defined.

Cookies remember certain pieces of user-related data, such as your preferred language or personalised page settings. Upon re-visiting our website, your browser sends this ‘user-related’ data to our website. Thanks to these cookies, our website knows who you are, and will be able to display your default settings. In some browsers, cookies each have their own file. However, others like for example Firefox, store all cookies in a single file.

There are first-party cookies, as well as third-party cookies. First-party cookies are created directly by our website, whereas third-party cookies are created by partner websites (for example, Google Analytics). Each and every cookie should be individually looked at, as every cookie stores a different type of data. Even the expiration date of every cookie can vary – ranging from just a few minutes to a few years. Cookies are no software programmes, and they do not contain any viruses, Trojan viruses, or other malware. Cookies are not able to access any data stored on your PC.

Cookies can, for example, look like this:

  • Name: _ga
  • Expiration date: 2 years
  • Purpose: Differentiating between website visitors
  • Example value: GA1.2.1326744211.152211096540

A browser should be able to support the following minimum sizes:

  • A cookie should be able to consist of a minimum of 4096 bytes
  • A minimum of 50 cookies per domain should be able to be stored
  • A total of at least 3000 cookies should be able to be stored

What are the various types of cookies?

Which particular cookies we use really depends on which features are used. In our privacy policy below, we will attempt to explain the various types of cookies. At this point, we would like to quickly define the various types of HTTP cookies further.

One can distinguish between 4 types of cookies:

Strictly necessary cookies

These cookies are essential to run the fundamental features of the website. These cookies are required when, for example, a user places a product into the basket, then continues browsing other websites, and only proceeds to the checkout later on. Thanks to these cookies, the contents of the basket will not be deleted, even if the user closes the browser.

Functional cookies

These cookies collect data concerning the user activity, and whether you encounter potential error messages. Additionally, these cookies help to track loading times and how the website responds to different browsers.

Goal-oriented cookies

These cookies improve user-friendliness. For example, entered locations, font sizes or data entered in forms is saved.

Advertising cookies

These cookies are also known as targeting cookies, and they are used to deliver personalised ads. This can be quite convenient, but occasionally also annoying.

Usually you will be asked what type of cookies you wish to enable upon your first visit to a website. And this decision is, of course, saved within a cookie.

How can I delete cookies?

It is up to you to decide whether you would like to use cookies (and to what degree), or not. Unrelated to the service or website of origin of a cookie, you always have the option to either clear cookies, only enable some cookies, or to deactivate them all. For example, you are able to block third-parties cookies whilst still enabling all other cookies.

If you wish to find out which cookies are stored by your browser, or if you wish to change your cookie settings or clear them, please check your browser settings:

Chrome: Clear, enable, and manage cookies in Chrome

Safari: Manage cookies and website data in Safari on Mac

Firefox: Clear cookies and site data in Firefox

Internet Explorer: Delete and Manage cookies

Microsoft Edge: Delete cookies

If you do not wish to enable any cookies at all, you can set up your browser to alert you whenever a cookie is usually set. This way you are able to decide every single time if you wish to enable a cookie or not. This process differs depending on the browser. We suggest searching for instructions by googling the term ‘delete cookies Chrome’ or ‘deactivate cookies Chrome’, if you are using a Chrome browser. In case you are not, simply replace the word ‘Chrome’ with the name of your browser – for example, Edge, Firefox or Safari.

What about Data Protection?

As of 2009, the so-called ‘Cookie Policy’ is in effect. This policy stipulates that the storage of cookies necessitates the consent of the website visitor (meaning, you). However, the actual implementation of this policy varies within EU countries. In Austria, this policy was implemented with the § 96 section 3 of the ‘Telekommunikationsgesetzes (TKG)’, the ‘Telecommunications Act’.

If you wish to read more about cookies, and if you are not afraid of technical documents, we recommend https://tools.ietf.org/html/rfc6265, the request for comments of the Internet Engineering Task Force (IETF) entitled ‘HTTP State Management Mechanism’.

Storage of personal data

Personal data which is electronically transmitted to our website by you, such as, for example, your name, e-mail address, address or other personal data which was entered as part of an online form or blog comment, will only be used by us, in conjunction with a time stamp and the IP address, for the stated purpose. This data is securely stored, and will not be passed on to third parties.

Therefore, we only use personal data to communicate with visitors who clearly stated they wished to be contacted, and to process service features rendered by our website, such as services and transactions. We do not pass this data on without your consent, but your data might be accessed in case of unlawful conduct.

We cannot guarantee the safe transmittance, or the protection of your data, in case you send us personal data via e-mail – meaning using services that are not part of our website. We recommend never communicating your personal data via unencrypted e-mails.

According to the legal provision of Article 6 Section 1 a GDPR (‘Rechtmäßigkeit der Verarbeitung’, or ‘Lawfulness of processing’), you consent to the processing of the data you have entered. You can revoke consent at any time – simply sending us an e-mail is enough.  You can find our contact details on our site notice.

Analysis of Visitor Activity

In the following parts of the privacy policy, we aim to provide information concerning whether, and how, we analyse data related to your visit to our website. As a rule, this analysis of the aggregated data is anonymised, and we will not be able to identify you personally based on how you use our website.

You can find more information regarding how to opt out of this analysis of visitor data below.

TLS encryption through https

We use https to transmit data securely (‘Datenschutz durch Technikgestaltung’, or ‘data protection by design’, Article 25 Section 1 GDPR). By using TLS (Transport Layer Security), a cryptographic protocol designed to provide secure internet data transfers, we can ensure the safety of your personal data. You can tell this secure data transfer protocol is in place if a small lock symbol can be seen in the upper left corner of your browser. Additionally, ‘https’ (instead of ‘http’) will be part of the internet address.

Newsletter Privacy Policy

If you sign up for our newsletter, you transmit the aforementioned personal data and grant us the right to contact you via e-mail. The data stored when you signed up for the newsletter will only be used for the purposes of said newsletter, and we do not pass it on to any third parties.

If you unsubscribe from our newsletter – the required link can be found at the very bottom of every newsletter – then all the data stored when you signed up to the newsletter will be deleted by us.

Google Maps Privacy Policy

Our website uses Google Maps (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

By using these maps, data will be transmitted to Google. For further information on what type of data is collected by Google, and what this data may be used for, please see https://www.google.com/intl/en/policies/privacy/.

Your rights according to the Data Protection Act

According to the conditions of the GDPR and of the Austrian Datenschutzgesetzes (DSG) (or ‘Data Protection Act’), you can exercise the following rights:

  • Right to rectification (Article 16 GDPR)
  • Right to erasure (‘right to be forgotten’) (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Notification obligation regarding rectification or erasure of personal data or restriction of processing (Article 19 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to Object (Article 21 GDPR)
  • Automated individual decision-making, including profiling (Article 22 GDPR)

If you think the processing of your data violates the Data Protection Act, or if you think your data protection rights are violated in any other way, you can contact the regulatory authority. In Austria, this is the ‘Datenschutzbehörde’ (‘Data Protection Authority’), and you can find their website here: https://www.dsb.gv.at/.

Imbedded social media elements – privacy policy

Our website uses embedded elements by social media services to host pictures, videos and texts.

By visiting sites depicting these elements, data is transmitted from your browser to the social media services and stored by them. We do not have access to this data.

The following links lead to the websites of the respective social media services, and you can find explanations concerning the use of your data there:

Facebook Privacy Policy

Our website uses functions of the social media network Facebook (Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland).

To find which functions (social plug-ins) are provided by Facebook, please see https://developers.facebook.com/docs/plugins/.

By accessing our websites, data may be transmitted to Facebook. If you have a Facebook account, Facebook will be able to map said data to your personal account. Please log off Facebook if you wish to avoid this.

For further information on what type of data is collected by Facebook, as well as their privacy policy, please see https://www.facebook.com/policy.php.

YouTube privacy policy

Our website hosts embedded videos from the video-sharing website YouTube (YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA).

By accessing sites of our websites which host integrated YouTube videos, data will be transmitted to YouTube, as well as stored and processed by YouTube.

If you have a YouTube account and if you are signed into said account, this data will be mapped to your personal account and any therein stored data.

For further information on what type of data is collected by Google, and what this data may be used for, please see https://www.google.com/intl/en/policies/privacy/.

Twitter Privacy Policy

Our website uses functions of the social network Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland).

By accessing these functions, personal data may be transmitted to Twitter. We do not monitor or store anything regarding this transmittance of data.

For further information on what this data may be used for by Twitter, please see Twitter Privacy Policy at https://twitter.com/en/privacy.

If you own a Twitter account, you can change your privacy settings by accessing account settings at https://twitter.com/settings/account.

Google+ Privacy Policy

Our website uses functions of the social network Google+ (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA).

Please note that a Google account is necessary in order to fully use all offered features.

Upon using certain features (such as Google +1 buttons, Google+ badges, follow buttons, Google+ share and link buttons, sign-in buttons, and hangout buttons), data will be transmitted to Google, even if you do not have a Google account.

If you are signed into your Google account whilst using the aforementioned features, your data may, depending on your settings at https://plus.google.com/settings/, be internationally published, aggregated and analysed by Google.

For further information on what type of data is collected by Google, and what this data may be used for, please see https://www.google.com/intl/en/policies/privacy/.

SoundCloud Privacy Policy

Our website uses functions of the social media network SoundCloud (SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany).

Upon using SoundCloud features, such as activating the playback of music, data (IP address, browser data, date and time, cookies) will be transmitted to SoundCloud, as well as stored and analysed.

If you have a SoundCloud account and if you are signed into said account, this data will be mapped to your personal account and any therein stored data.

For further information on what type of data is collected by SoundCloud, as well as how said data is used, and their privacy policy, please see https://soundcloud.com/pages/privacy.

Google reCAPTCHA Privacy Policy

Our first priority is to design our website in a way that guarantees the highest level of security for you and for ourselves. We use Google reCAPTCHA (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to ensure this. reCAPTCHA allows us to find out whether you are really a human being, made of flesh and blood, instead of a bot or a different kind of spam software. We define ‘spam’ as any kind of unwelcome and unwanted electronically communicated information we may receive. Classical CAPTCHAS prompted users to prove they are human by first solving text or picture puzzles. reCAPTCHA by Google means we do not have to bother you the same way – in most cases, you can now simply tick a box to confirm you are not a bot. The new version of invisible reCAPTCHA means you do not even have to tick a box anymore. How this works, and what kind of data is required for this process, is explained in the following parts of our privacy policy.

This is permitted due to legal provision of Article 6 (1) f (‘Rechtmäßigkeit der Verarbeitung’, or ‘Lawfulness of processing’), as there is a legitimate interest to protect this website from bots and spam software.

What is reCAPTCHA?

reCAPTCHA is a free Captcha-service by Google, which protects websites from spam software and improper use by non-human visitors. This service is most commonly used upon filling out forms on the internet. A Captcha-service is an automatic Turing test, which is supposed to ascertain whether an action on the internet was performed by a human, and not a bot. The classic Turing test (named after the computer scientist Alan Turing) uses another human being to differentiate between bot and human. Captchas, however, use a computer or software programme to take on this role. Classic Captchas employ small tasks that are easily solved by humans, but cause tremendous difficulties for bots or machines. reCAPTCHA instead does not prompt you to solve any puzzles. This tool employs modern risk technologies to differentiate between human beings and bots. You simply have to tick the ‘I am not a robot’ box, and even this simple step isn’t required when using invisible reCAPTCHA. reCAPTCHA incorporates a JavaScript element into the source code; and the tool automatically runs in the background to analyse your user behaviour and activity. Based on the user’s actions, a so-called Captcha score is calculated by the software. Google uses this score, even before you interact with Captcha, to calculate the probability of you being a human. reCAPTCHAS, or Captchas in general, are used when bots could possibly manipulate or abuse certain features (for example, creating accounts, polls, etc.).

Why do we use reCAPTCHA on our website?

We only want to welcome humans made of flesh and blood to our website. Bots or spam software of any kind can happily stay away. This is why we pull out all the stops to protect ourselves, and to offer you the most user-friendly experience. This is why we use Google reCAPTCHA by Google. By doing so, we can be safe in the knowledge that our website remains free of bots. By using reCAPTCHA, data is transmitted to Google, and this data is then used by Google to ascertain that you are truly a human being. reCAPTCHA therefore provides security for our website – and, in turn, also for you. Without reCAPTCHA, for example, a bot could register accounts with as many e-mail addresses as possible, simply to spam our forum or blog with unwanted ads afterwards. We can avoid these attacks by using reCAPTCHA.

What kind of data is stored by reCAPTCHA?

reCAPTCHA collects personal user data to ascertain whether any activity on our website is actually thanks to humans. This means IP addresses and other data, which is needed by Google to ensure reCAPTCHA works, can also be sent to Google. Within the member states of the EU or other countries that are part of the Agreement of the European Economic Area, IP addresses are usually shortened, before they end up on a server in the US. IP addresses are not combined with other data by Google, as long as you are not signed into your Google account whilst using reCAPTCHA. The reCAPTCHA algorithm first checks whether your browser already stores any cookies of other Google services (YouTube, Gmail, etc.). Afterwards, reCAPTCHA sets an additional cookie in your browser, and takes a screenshot of your browser window.

The following list of collected browser and user data is not exhaustive. They are meant to be examples of data which is, based on our experience and knowledge, processed by Google.

  • Referrer URL (the address of the page where you clicked a link that sent you to this page)
  • IP address (for example, 256.123.123.1)
  • Information regarding the operating system (software that supports your computer’s functions; common operating systems are Windows, Mac OS X or Linux)
  • Cookies (small text files which store data in your browser)
  • Mouse and keyboard activity (all the actions executed by your mouse or keyboard are stored)
  • Date and language setting (the language and date you have pre-set on your PC will be stored)
  • All JavaScript objects (JavaScript is a programming language, which enables interactive websites; JavaScript objects can collect all kind of data under just one name)
  • Screen resolution (shows how many pixels your screen resolution consists of)

It’s undisputed that Google uses and analyses this data even before you tick the ‘I am not a robot’ box. With invisible reCAPTCHA, you do not even have to tick this box – the entire detection process is automatically running in the background. Google isn’t very forthcoming when it comes to answering the question regarding how much data, and what kind of, is stored by them.

The following cookies are used by reCAPTCHA: we are referring to the demo version of reCAPTCHA by Google, which can be found at https://www.google.com/recaptcha/api2/demo. All of these cookies require a unique identification marker to enable tracking. You can find a list of cookies set by Google in their demo version of reCAPTCHA here:

Name: IDE

Expiration date: After one year

Purpose: This cookie is set by the company DoubleClick (a subsidiary of Google) to track how users interact with ads on a website. This allows DoubleClick to track the efficiency of ads, and to optimise them accordingly. IDE is stored in browsers under the domain doubleclick.net.

Example value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-211096540

Name: 1P_JAR

Expiration date: After one month

Purpose: This cookie collects statistics concerning your use of the website and tracks conversions rates. A conversion is created when, for example, a user becomes a buyer. This cookie is also utilised to show users relevant ads. This cookie also allows the prevention of showing the user the same ad more than once. 

Example value: 2019-5-14-12

Name: ANID

Expiration date: After 9 months

Purpose: We were not able to locate a lot of information concerning this cookie. In Google’s privacy policy, this cookie is mentioned in conjunction with ‘advertising cookies’, such as ‘DSID’, ‘FLC’, ‘AID’, ‘TAiD’. ANID is stored under the domain google.com.

Example value: U7j1v3dZa2110965400xgZFmiqWppRWKOr

Name: CONSENT

Expiration date: After 19 years

Purpose: This cookie stores whether a user has consented to the use of various Google services. CONSENT is also intended to provide security – to verify users, prevent log-in data fraud, and to protect user data from unauthorised access.

Example value: YES+AT.de+20150628-20-0

Name: NID

Expiration date: After 6 months

Purpose: NID is utilised by Google to tailor and match ads based on your past Google searches. With this cookie, Google ‘remembers’ your most frequent search requests, as well as previous interactions with ads. This way you will always see targeted ads. This cookie contains a unique ID Google uses to collect data concerning your preferences for marketing purposes.

Example value: 0WmuWqy211096540zILzqV_nmt3sDXwPeM5Q

Name: DV

Expiration: After 10 minutes

Purpose: This cookie is set as soon as you tick the ‘I am not a robot’ box. This cookie is used by Google Analytics to show targeted ads. DV collects anonymised data, and is additionally used to differentiate between, and to categorise, users.

Example value: gEAABBCjJMXcI0dSAAAANbqc211096540

Please note: This list is by no means exhaustive, as Google tends to alter and change their selection of cookies.

For how long, and where, is my data stored?

Data is transmitted to the Google server by interacting with reCAPTCHA. Google did not answer any repeated questions concerning where exactly this data is stored. Without having received a confirmation by Google, it can be assumed that this data, such as mouse activity, length of time spent on website or language settings, is stored on European or American Google servers. The IP address, which your browser sends to Google, is principally not combined with any other Google data received from other Google services. If you are signed into your Google account whilst using the reCAPTCHA plug-in, your data will be combined. Please see the deviating privacy policy of Google.

How can I delete my data, or how do I prevent my data is stored?

If you wish to avoid sending any data concerning you and your activity level to Google, you will have to – before even visiting our website or using reCAPTCHA software – completely sign out of Google accounts and delete all Google cookies. Generally data is automatically sent to Google as soon as you visit our website. Please contact Google support at https://support.google.com/?hl=en&tid=211096540 if you wish to delete this data.

Upon using our website, you consent to Google LLC and their representatives automatically collecting, processing and using data.

You can find more information regarding reCAPTCHA on the developer’s site by Google at https://developers.google.com/recaptcha/. Google further explains the technical development of reCAPTCHA there, but searching for precise information concerning data storage and data protection is in vain. A good overview of their fundamental use of data by Google can be found in their own privacy policy here: https://www.google.com/intl/en/policies/privacy/.