Privacy policy:
Privacy Policy
Legal Notice:
This English translation is provided for convenience only.
Only the German version is legally binding.
In the event of any discrepancies or interpretation issues, the German version shall prevail.
Introduction and Overview
We have written this privacy policy (version 09.12.2025-113086408) to explain, in accordance with the requirements of the General Data Protection regulation (EU) 2016/679 nd applicable national laws, which personal data (briefly: data) we, as the controller—and the processors commissioned by us (e.g., providers)—process or will process in the future, and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.
Privacy policies usually sound very technical and use legal terminology. However, this privacy policy is intended to describe the most important things to you as simply and transparently as possible. Wherever it promotes transparency, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible if we provide brief, unclear, and technically legal explanations, as is often standard on the internet when it comes to privacy. We hope you find the following explanations interesting and informative, and perhaps you will learn something new.
If you still have questions, we ask you to contact the responsible party listed below or in the imprint, follow the existing links, and consult further information on third-party sites. Our contact details can, of course, also be found in the imprint.
Scope of Application
This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information within the meaning of Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data allows us to offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:
- All online presences (websites, online shops) that we operate
- Social media presences and email communication
- Mobile apps for smartphones and other devices
In short: The privacy policy applies to all areas in which personal data is processed in the company in a structured manner via the mentioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.
Legal Bases
In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which enable us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this EU General Data Protection Regulation online at EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies:#
- Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be storing your entered data from a contact form.
- Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase agreement with you, we need personal information in advance.
- Legal Obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to keep invoices for accounting purposes. These usually contain personal data.
- Legitimate Interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.
Other conditions, such as the performance of tasks in the public interest and the exercise of official authority, as well as the protection of vital interests, do not generally apply to us. If such a legal basis should be relevant, it will be indicated at the appropriate place.
In addition to the EU regulation, national laws also apply:
- In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
(Bundesgesetz zum Schutz natürlicher Personen bei der Verarbeitung personenbezogener Daten (Datenschutzgesetz), kurz DSG). - In Germany, the Federal Data Protection Act, or BDSG for short, applies.
(Bundesdatenschutzgesetz, kurz BDSG).
If other regional or national laws apply, we will inform you in the following sections.
Contact Details of the Controller
If you have any questions about data protection or the processing of personal data, you will find the contact details of the controller below in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR):
CoFit Consulting GmbH
Mag. Manfred Schranzer
Puchbergerstraße 27
A-2732 Willendorf
office@cofitconsult.com
+4369917222427
EMail: office@cofitconsult.com
Phone: +4369917222427
Imprint: https://cofitconsult.com/Impressum/
Storage Duration
As a general criterion, we only store personal data for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased, for example, for accounting purposes.
If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to store it.
We will inform you about the specific duration of the respective data processing below, if we have further information.
Rights under the General Data Protection Regulation
In accordance with Articles 13 and 14 GDPR, we inform you about the following rights to which you are entitled to ensure fair and transparent processing of data:
- You have the right to information according to Article 15 GDPR about whether we process data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:
- The purpose for which we carry out the processing;
- The categories, i.e., the types of data that are processed;
- Who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
- How long the data will be stored;
- The existence of the right to rectification, erasure, or restriction of processing and the right to object to processing;
- That you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
- The source of the data if we did not collect it from you;
- Whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
- You have the right to rectification according to Article 16 GDPR, which means that we must correct data if you find errors.
- You have the right to erasure (“right to be forgotten”) according to Article 17 GDPR, which specifically means that you can request the deletion of your data.
- You have the right to restriction of processing according to Article 18 GDPR, which means that we may only store the data but no longer use it.
- You have the right to data portability according to Article 20 GDPR, which means that we must provide you with your data in a common format upon request.
- You have the right to object according to Article 21 GDPR, which, once exercised, results in a change in processing.
- If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
- If data is used for direct marketing, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
- If data is used for profiling, you can object to this type of data processing at any time. We may then no longer use your data for profiling.
- You have the right not to be subject to a decision based solely on automated processing (e.g., profiling) according to Article 22 GDPR.
- You have the right to lodge a complaint according to Article 77 GDPR. This means you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.
In short: You have rights—do not hesitate to contact the responsible party listed above!
f you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated, you can lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, each federal state has a data protection officer. For more information, you can contact the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI). For our company, the following local data protection authority is responsible:
Austrian Data Protection Authority
Head: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Wien
Phone: +43 1 52 152-0
EMail: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/
Data Processing Security
To protect personal data, we have implemented both technical and organizational measures. Wherever possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our means, for third parties to draw personal conclusions from our data.
Article 25 GDPR refers to “data protection by design and by default” and means that both software (e.g., forms) and hardware (e.g., access to the server room) must always consider security and implement appropriate measures. Below, we will go into more detail about specific measures if necessary.
Communication
Communication Summary |
If you contact us and communicate by phone, email, or online form, personal data may be processed.
The data is processed to handle and process your inquiry and the associated business transaction. The data is stored for as long as the business case requires or as long as the law prescribes.
Affected Persons
The aforementioned processes affect everyone who contacts us via the communication channels we provide.
Telephone
When you call us, the call data is stored in a pseudonymized manner on the respective device and with the telecommunications provider used. Additionally, data such as name and phone number may be sent by email afterward and stored to answer your inquiry. The data is deleted as soon as the business case is completed and legal requirements allow it.
When you communicate with us by email, data may be stored on the respective device (computer, laptop, smartphone, etc.), and data is stored on the email server. The data is deleted as soon as the business case is completed and legal requirements allow it.
Online Forms
When you communicate with us via an online form, data is stored on our web server and may be forwarded to one of our email addresses. The data is deleted as soon as the business case is completed and legal requirements allow it.
Legal Bases
The processing of the data is based on the following legal bases:
- Art. 6(1)(a) GDPR (Consent): You give us consent to store and use your data for purposes related to the business case;
- Art. 6(1)(b) GDPR (Contract): There is a necessity for the fulfillment of a contract with you or a processor, such as the telephone provider, or we must process the data for pre-contractual activities, such as preparing an offer;
- Art. 6(1)(f) GDPR (Legitimate Interests): We want to handle customer inquiries and business communication in a professional manner. For this, certain technical facilities such as email programs, Exchange servers, and mobile network operators are necessary to conduct communication efficiently.
Data Processing Agreement (DPA)
In this section, we would like to explain what a data processing agreement is and why it is needed. Since the term “data processing agreement” is quite a tongue twister, we will also often use the acronym DPA in this text. Like most companies, we do not work alone but also use the services of other companies or individuals. By involving various companies or service providers, it may happen that we pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called data processing agreement (DPA). The most important thing for you to know is that the processing of your personal data is carried out exclusively according to our instructions and must be regulated by the DPA.
Who are Processors?
As a company and website operator, we are responsible for all data that we process about you. In addition to the controllers, there can also be so-called processors. This includes any company or person that processes personal data on our behalf. More precisely, and according to the GDPR definition: any natural or legal person, authority, institution, or other body that processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.
For better understanding of the terminology, here is an overview of the three roles in the GDPR:
Data Subject (You as a customer or interested party) → Controller (We as a company and client) → Processor (Service providers such as web hosts or cloud providers)
Content of a Data Processing Agreement
As already mentioned above, we have concluded a DPA with our partners who act as processors. This primarily states that the processor may only process the data to be processed in accordance with the GDPR. The contract must be concluded in writing, although in this context, the electronic conclusion of the contract is also considered “in writing.” Only on the basis of the contract does the processing of personal data take place. The contract must contain the following:
- Binding to us as the controller
- Duties and rights of the controller
- Categories of data subjects
- Type of personal data
- Type and purpose of data processing
- Subject and duration of data processing
- Location of data processing
Furthermore, the contract contains all the obligations of the processor. The most important obligations are:
- Ensuring data security measures
- Taking possible technical and organizational measures to protect the rights of the data subject
- Maintaining a data processing register
- Cooperating with the data protection authority upon request
- Conducting a risk analysis regarding the received personal data
- Sub-Auftragsverarbeiter dürfen nur mit Sub-processors may only be commissioned with the written consent of the controller
Genehmigung des Verantwortlichen beauftragt werden
You can see what such a DPA looks like, for example, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html. A sample contract is presented here.
Visitor Counting with WP Statistics
This website uses the WP Statistics plugin to collect and evaluate anonymous visitor data. No personal data is stored:
- IP addresses are truncated and hashed (192.168.xxx.xxx), so no conclusions can be drawn about individuals.
- No cookies are set.
- No user data (such as browser information or referring pages) is collected.
- The geolocation function is disabled (no location data).
- The data is used solely for statistical evaluation of website usage and is automatically deleted after 180 days.
- The data is not passed on to third parties.
Legal Basis: The processing is based on Art. 6(1)(f) GDPR (legitimate interest in analyzing user behavior to optimize the website).
Right to Object: You can object to data collection by sending us an email at office@cofitconsult.com. The data collected so far will then be deleted.
Cookies
Cookies Summary |
What are Cookies?
Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used so that you can better understand the following privacy policy.
Whenever you surf the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing is certain: Cookies are very useful helpers. Almost all websites use cookies. More specifically, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically stored in the cookie folder, so to speak, the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified
Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.
The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie from the server, which the browser uses again when another page is requested.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site; third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other “malware.” Cookies also cannot access information on your PC.
Here is an example of what cookie data might look like:
Name: _ga
Value: GA1.2.1326744211.152113086408-9
Purpose: Distinguishing website visitors
Expiry Date: after 2 years
A browser should be able to support these minimum sizes:
- At least 4096 bytes per cookie
- At least 50 cookies per domain
- At least 3000 cookies in total
What Types of Cookies Are There?
The question of which cookies we use specifically depends on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.
Four types of cookies can be distinguished:
Essential Cookies:
These cookies are necessary to ensure the basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues browsing on other pages, and only later goes to the checkout. These cookies ensure that the shopping cart is not deleted, even if the user closes their browser window.
Zweckmäßige Cookies
Functional Cookies:
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies measure the loading time and the behavior of the website with different browsers.
Targeting Cookies:
These cookies improve user-friendliness. For example, entered locations, font sizes, or form data are stored.
Advertising Cookies:
These cookies are also called targeting cookies. They are used to provide the user with individually tailored advertising. This can be very practical but also very annoying.
Usually, when you visit a website for the first time, you are asked which of these types of cookies you want to allow. And of course, this decision is also stored in a cookie.
If you want to learn more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism.
Purpose of Processing via Cookies
The purpose ultimately depends on the respective cookie. More details can be found below or with the manufacturer of the software that sets the cookie.
What Data Is Processed?
Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize what data is stored in cookies, but in the following privacy policy, we will inform you about the data processed or stored.
Storage Duration of Cookies
The storage duration depends on the respective cookie and will be specified further below. Some cookies are deleted after less than an hour, while others can be stored on a computer for several years.
You also have control over the storage duration yourself. You can manually delete all cookies at any time via your browser (see also below “Right to Object”). Furthermore, cookies that are based on consent are deleted no later than after revoking your consent, although the lawfulness of the storage until then remains unaffected.
Right to Object – How Can I Delete Cookies?
How and whether you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.
If you want to find out which cookies are stored in your browser, change or delete cookie settings, you can do this in your browser settings:
Chrome: Delete, activate, and manage cookies in Chrome
Safari: Manage cookies and website data with Safari
Firefox: Delete cookies to remove data that websites have stored on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete and manage cookies
If you generally do not want cookies, you can set your browser to always inform you when a cookie is to be set. This way, you can decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. It is best to search for instructions on Google using the search term “Delete cookies Chrome” or “Disable cookies Chrome” in the case of a Chrome browser.
Legal Basis
Since 2009, there have been the so-called “Cookie Guidelines.” These state that storing cookies requires your consent (Article 6(1)(a) GDPR). However, within the EU countries, there are still very different reactions to these guidelines. In Austria, however, this directive was implemented in § 165(3) of the Telecommunications Act (2021). In Germany, the cookie guidelines were not implemented as national law. Instead, this directive was largely implemented in § 15(3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024.
For absolutely necessary cookies, even if no consent is given, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide website visitors with a pleasant user experience, and for this, certain cookies are often absolutely necessary
If non-essential cookies are used, this only happens if you have given your consent. The legal basis in this case is Art. 6(1)(a) GDPR.
In the following sections, you will be informed in more detail about the use of cookies, provided that the software used sets cookies.
Web Hosting Introduction
Web Hosting Summary |
What Is Web Hosting?
When you visit websites today, certain information—including personal data—is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By “website,” we mean the entirety of all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By “domain,” we mean, for example, beispiel.de or musterbeispiel.com.
If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply call it a browser or web browser.
To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complicated and time-consuming task, which is why it is usually handled by professional providers, the providers. They offer web hosting and thus ensure reliable and error-free storage of website data. A lot of technical terms, but please stay with us—it will get better!
When your browser connects to our computer (desktop, laptop, tablet, or smartphone) and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must also store data for a while to ensure smooth operation.
A picture is worth a thousand words, so the following graphic illustrates the interaction between the browser, the internet, and the hosting provider.
Why Do We Process Personal Data?
The purposes of data processing are:
- Professional hosting of the website and securing operations
- Maintaining operational and IT security
- Anonymous evaluation of access behavior to improve our offering and, if necessary, for law enforcement or the pursuit of claims
What Data Is Processed?
Even while you are visiting our website right now, our web server, the computer on which this website is stored, usually automatically stores data such as:
- The complete internet address (URL) of the accessed website
- Browser and browser version (e.g., Chrome 87)
- The operating system used (e.g., Windows 10)
- The address (URL) of the previously visited page (referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen/)
- The hostname and IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
- Date and time
- In files, the so-called web server log files
How Long Is Data Stored?
As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass on this data but cannot exclude the possibility that this data may be viewed by authorities in the event of unlawful behavior.
In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not pass on your data without consent!
Legal Basis
The lawfulness of the processing of personal data in the context of web hosting arises from Art. 6(1)(f) GDPR (protection of legitimate interests), as the use of professional hosting with a provider is necessary to present the company on the internet in a secure and user-friendly manner and to be able to pursue attacks and claims arising from it, if necessary.
There is usually a data processing agreement between us and the hosting provider in accordance with Art. 28 et seq. GDPR, which ensures compliance with data protection and guarantees data security.
1&1 IONOS Web Hosting Privacy Policy
11&1 IONOS Web Hosting Privacy Policy Summary |
What Is 1&1 IONOS Web Hosting?
To host our website, we use the web hosting services of the company IONOS by 1&1. In Germany, 1&1 IONOS SE is headquartered at Elgendorfer Str. 57 in 56410 Montabaur. In Austria, you can find 1&1 IONOS SE at Gumpendorfer Straße 142/PF 266 in 1060 Vienna.
IONOS offers the following services related to web hosting: Domain, Website & Shop, Hosting & WordPress, Marketing, Email & Office, IONOS Cloud, and Server. With over 22 million domains, nearly 9 million customer contracts, and 100,000 servers, IONOS is one of the largest German players in the web hosting sector.
We have already mentioned in our introductory words on web hosting: through hosting, data from you or your device is also stored on the IONOS servers. Above all, your IP address, which is known to be personal data, is stored. In addition, technical data such as the URL of our website, the name of the internet browser, or which operating system you are using is also stored.
Why Do We Use 1&1 IONOS Web Hosting?
IONOS was founded in Germany in 1988 and thus has over 30 years of experience. However, this does not mean that the company has not continued to develop technologically. Precisely this combination of experience and innovative spirit offers, in our view, a good basis for our website. After all, we want our website to function smoothly 24 hours a day while ensuring a high level of security. Since IONOS does not limit monthly data traffic and provides plenty of storage space, our website remains powerful even with many visitors. We are very satisfied with the speed of the website, and the price-performance ratio currently meets our requirements.
What Data Is Processed by 1&1 IONOS Web Hosting?
1&1 IONOS Web Hosting may also process personal data from you. When you visit our website, the following data from you or your computer is stored at IONOS:
- The previously visited website (also called referrer)
- The requested website (in this case, our website)
- Browser type and browser version
- Your operating system and device type
- Time of page access
- Your IP address in anonymized form
The collected data is used to increase the security of the website, detect possible errors, and also to carry out anonymous statistical analyses. According to IONOS, the anonymized IP address is only used to determine the location of access.
How Long and Where Is the Data Stored?
The data is stored on IONOS’s own servers. In principle, IONOS stores the data for as long as is necessary to fulfill its obligations. Visitor data is stored for 8 weeks. However, it may also happen that data is stored for longer, for example, to have evidence for possible legal disputes. Visitor data is not passed on to third parties and is not transferred to a country outside the EU.
How Can I Delete My Data or Prevent Data Storage?
You have the right to information, correction, deletion, and restriction of the processing of your personal data at any time. You can also revoke your consent to data processing at any time.
If you generally want to disable, delete, or manage cookies, you will find the corresponding links to the instructions for the most well-known browsers in the “Cookies” section.
Legal Basis
On our part, there is a legitimate interest in using IONOS to be able to offer our online service. Professional hosting with a provider is necessary to present our company on the internet in a secure and user-friendly manner and to be able to pursue possible cyberattacks. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests).
You can find much more information about data protection at IONOS in the privacy policy at https://www.ionos.de/terms-gtc/datenschutzerklaerung/. If you have any further questions about data protection, you can also contact the IONOS data protection team by email at datenschutz@ionos.de.
Data Processing Agreement (DPA) IONOS
In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have concluded a data processing agreement (DPA) with IONOS. What exactly a DPA is and, above all, what must be included in a DPA can be found in our general section “Data Processing Agreement (DPA).”
This contract is legally required because IONOS processes personal data on our behalf. It clarifies that IONOS may only process data that it receives from us according to our instructions and must comply with the GDPR. You can find the link to the data processing agreement (DPA) at https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.
Website Builder Systems Introduction
Website Builder Systems Privacy Policy Summary |
What Are Website Builder Systems?
We use a website builder system for our website. Builder systems are special forms of a content management system (CMS). With a builder system, website operators can very easily and without programming knowledge create a website. In many cases, web hosts also offer builder systems. By using a builder system, personal data from you can also be collected, stored, and processed. In this privacy text, we provide you with general information about data processing by builder systems. More detailed information can be found in the privacy policies of the provider.
Why Do We Use Website Builder Systems for Our Website?
The biggest advantage of a builder system is its ease of use. We want to offer you a clear, simple, and user-friendly website that we can operate and maintain ourselves without external support. A builder system now offers many helpful features that we can use without programming knowledge. This allows us to design our web presence according to our wishes and offer you an informative and pleasant time on our website.
What Data Is Stored by a Website Builder System?
What data is stored depends, of course, on the website builder system used. Each provider processes and collects different data from website visitors. However, as a rule, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are collected. Tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) can also be processed. In addition, personal data can also be collected and stored. This usually involves contact data such as email address, phone number (if you have provided it), IP address, and geographic location data. You can find out exactly what data is stored in the provider’s privacy policy.
How Long and Where Is the Data Stored?
We will inform you about the duration of data processing below in connection with the website builder system used, if we have further information on this. In the provider’s privacy policy, you will find detailed information about this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It may be that the provider stores data from you according to its own standards, over which we have no influence.
Right to Object
You always have the right to information, correction, and deletion of your personal data. If you have any questions, you can also contact the responsible parties of the website builder system used at any time. You can find contact details either in our privacy policy or on the website of the respective provider.
Cookies that providers use for their functions can be deleted, disabled, or managed in your browser. Depending on which browser you use, this works in different ways. However, please note that some functions may no longer work as usual.
Legal Basis
We have a legitimate interest in using a website builder system to optimize our online service and present it to you in an efficient and user-friendly manner. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). We only use the builder if you have given your consent.
If the processing of data is not absolutely necessary for the operation of the website, the data is only processed on the basis of your consent. This particularly applies to tracking activities. The legal basis in this case is Art. 6(1)(a) GDPR.
With this privacy policy, we have provided you with the most important general information about data processing. If you would like more detailed information, you can find further information—if available—in the following section or in the provider’s privacy policy.
Content-Management-System WordPress
This website uses WordPress.org, an open-source content management system, which is operated on our own webspace.
WordPress itself does not process any personal data from website visitors. Data processing is carried out exclusively via our web hosting provider (see Web Hosting section).
WordPress itself does not process any personal data from website visitors.
Data processing is carried out exclusively via our web hosting provider
(see Web Hosting section).
Web Analytics Introduction
WWeb Analytics Privacy Policy Summary |
What Is Web Analytics?
We use software on our website to evaluate the behavior of website visitors, known as web analytics or web analysis. The respective analytics tool provider (also called a tracking tool) stores, manages, and processes the data collected. With the help of this data, analyses of user behavior on our website are created and made available to us as website operators. Additionally, most tools offer various testing options. For example, we can test which offers or content are most popular with our visitors. To do this, we show you two different offers for a limited period. After the test (known as an A/B test), we know which product or content our website visitors find more interesting. For such test procedures, as well as for other analytics procedures, user profiles can be created, and data can be stored in cookies.
Why Do We Use Web Analytics?
With our website, we have a clear goal in mind: we want to provide the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting content on the one hand and ensure that you feel completely comfortable on our website on the other. With the help of web analysis tools, we can take a closer look at the behavior of our website visitors and then improve our web offering for you and us accordingly. For example, we can see how old our visitors are on average, where they come from, when our website is visited the most, or which content or products are particularly popular. All this information helps us optimize the website and thus tailor it perfectly to your needs, interests, and wishes.
What Data Is Processed?
What data is stored depends, of course, on the analysis tools used. However, as a rule, for example, it is stored which content you view on our website, which buttons or links you click, when you call up a page, which browser you use, with which device (PC, tablet, smartphone, etc.) you visit the website, or which computer system you use. If you have agreed that location data may also be collected, this can also be processed by the web analysis tool provider.
In addition, your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored in a pseudonymized (i.e., unrecognizable and truncated) form. For the purpose of testing, web analysis, and web optimization, no direct data such as your name, age, address, or email address is generally stored. All this data, if collected, is stored in pseudonymized form. This means you cannot be identified as a person.
The following diagram schematically shows how Google Analytics works as an example of client-based web tracking with JavaScript code.
How long the respective data is stored depends on the provider. Some cookies store data for only a few minutes or until you leave the website again, while other cookies can store data for several years.
Duration of Data Processing
We will inform you about the duration of data processing below, if we have further information. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is legally required, as in the case of accounting, this storage period can also be exceeded.
Right to Object
Sie haben auch jederzeit das Recht und die Möglichkeit Ihre Einwilligung zur Verwendung von Cookies bzw. Drittanbietern zu widerrufen. Das funktioniert entweder über unser Cookie-Management-Tool oder über andere Opt-Out-Funktionen. Zum Beispiel können Sie auch die Datenerfassung durch Cookies verhindern, indem Sie in Ihrem Browser die Cookies verwalten, deaktivieren oder löschen.
Rechtsgrundlage
The use of web analytics requires your consent, which we have obtained with our cookie popup. This consent constitutes the legal basis for the processing of personal data as may occur during collection by web analytics tools, in accordance with Art. 6(1)(a) GDPR (Consent).
In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. With the help of web analytics, we can identify website errors, detect attacks, and improve profitability. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use the tools if you have given your consent.
Da bei Web-Analytics-Tools Cookies zum Einsatz kommen, empfehlen wir Ihnen auch das Lesen unserer allgemeinen Datenschutzerklärung zu Cookies. Um zu erfahren, welche Daten von Ihnen genau gespeichert und verarbeitet werden, sollten Sie die Datenschutzerklärungen der jeweiligen Tools durchlesen.
Information on specific web analytics tools can be found—if available—in the following sections.
Blogs and Publication Media Introduction
Blogs and Publication Media Privacy Policy Summary |
What Are Blogs and Publication Media?
We use blogs or other communication tools on our website that allow us to communicate with you and you with us. This can also involve storing and processing data about you. This may be necessary to present content appropriately, ensure communication works, and increase security. In our privacy text, we generally explain what data about you can be processed. Exact details on data processing always depend on the tools and functions used. In the privacy notices of the individual providers, you will find precise information about data processing.
Why Do We Use Blogs and Publication Media?
Our main concern with our website is to offer you interesting and exciting content, and at the same time, your opinions and content are important to us. Therefore, we want to create good interactive exchange between us and you. With various blogs and publication options, we can achieve exactly that. For example, you can comment on our content, comment on other comments, or even write posts yourself in some cases.
What Data Is Processed?
What data is processed always depends on the communication functions we use. Very often, the IP address, username, and published content are stored. This is primarily done to ensure security, prevent spam, and take action against illegal content. Cookies may also be used for data storage. These are small text files that are stored with information in your browser. For more details on the data collected and stored, see our individual sections and the privacy policy of the respective provider.
Duration of Data Processing
We will inform you about the duration of data processing below, if we have further information. For example, comment and post functions store data until you revoke data storage. In general, personal data is only stored for as long as is absolutely necessary for the provision of our services.
Right to Object
You also have the right and the option to revoke your consent to the use of cookies or third-party communication tools at any time. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.
Since cookies may also be used in publication media, we also recommend reading our general privacy policy on cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.
Rechtsgrundlage
We use communication tools primarily on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in fast and good communication with you or other customers, business partners, and visitors. If the use serves the execution of contractual relationships or their initiation, the legal basis is also Art. 6(1)(b) GDPR.
Certain processing, in particular the use of cookies as well as the use of comment or message functions, requires your consent. If and to the extent you have consented to data being processed and stored by integrated publication media, this consent is the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the communication functions we use set cookies in your browser to store data. Therefore, we recommend that you read our privacy text on cookies carefully and look at the privacy policy or cookie guidelines of the respective service provider.
Information on specific tools can be found—if available—in the following sections.
Blog Posts and Comment Functions Privacy Policy
Es gibt verschiedenen Online-Kommunikationsmittel, die wir auf unsere Website verwenden können. So nutzen wir beispielweise Blogbeiträge und Kommentarfunktionen. So haben Sie die Möglichkeit, Inhalte auch zu kommentieren bzw. Beiträge zu verfassen. Wenn Sie diese Funktion nutzen, kann aus Sicherheitsgründen etwa Ihre IP-Adresse gespeichert werden. So schützen wir uns vor widerrechtlichen Inhalten wie beispielsweise Beleidigungen, unerlaubte Werbung oder verbotene politische Propaganda. Um zu erkennen, ob es sich bei Kommentaren um Spam handelt, können wir auch auf Grundlage unseres berechtigten Interesses User-Angaben speichern und verarbeiten. Falls wir eine Umfrage starten, speichern wir auch für die Dauer der Umfrage Ihre IP-Adresse, damit wir sicher gehen können, dass alle Beteiligten auch wirklich nur einmal abstimmen. Es können zum Zweck der Speicherung auch Cookies zum Einsatz kommen. Alle Daten, die wir von Ihnen speichern (etwa Inhalte oder Informationen zu Ihrer Person), bleiben bis zu Ihrem Widerspruch gespeichert.
Explanation of Terms Used
We always strive to write our privacy policy as clearly and understandably as possible. However, especially with technical and legal topics, this is not always easy. It often makes sense to use legal terms (such as personal data) or certain technical expressions (such as cookies, IP address). However, we do not want to use these without explanation. Below you will find an alphabetical list of important terms used, which we may not have sufficiently addressed in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also cite the GDPR texts here and, if necessary, add our own explanations.
Processor
Definition according to Article 4 of the GDPR
In the sense of this regulation, the term:
“Processor” means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;
Explanation: We are responsible as a company and website operator for all data that we process about you. In addition to the controllers, there can also be so-called processors. This includes any company or person that processes personal data on our behalf. Processors can therefore be service providers such as tax consultants, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.
Consent
Definition according to Article 4 of the GDPR
In the sense of this regulation, the term:
“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Erläuterung: In der Regel erfolgt bei Websites eine solche Einwilligung über ein Cookie-Consent-Tool. Sie kennen das bestimmt. Immer wenn Sie erstmals eine Website besuchen, werden Sie meist über einen Banner gefragt, ob Sie der Datenverarbeitung zustimmen bzw. einwilligen. Meist können Sie auch individuelle Einstellungen treffen und so selbst entscheiden, welche Datenverarbeitung Sie erlauben und welche nicht. Wenn Sie nicht einwilligen, dürfen auch keine personenbezogene Daten von Ihnen verarbeitet werden. Grundsätzlich kann eine Einwilligung natürlich auch schriftlich, also nicht über ein Tool, erfolgen.
Personal Data
Definition according to Article 4 of the GDPR
In the sense of this regulation, the term:
„personenbezogene Daten“ alle Informationen, die sich auf eine identifizierte oder identifizierbare natürliche Person (im Folgenden „betroffene Person“) beziehen; als identifizierbar wird eine natürliche Person angesehen, die direkt oder indirekt, insbesondere mittels Zuordnung zu einer Kennung wie einem Namen, zu einer Kennnummer, zu Standortdaten, zu einer Online-Kennung oder zu einem oder mehreren besonderen Merkmalen, die Ausdruck der physischen, physiologischen, genetischen, psychischen, wirtschaftlichen, kulturellen oder sozialen Identität dieser natürlichen Person sind, identifiziert werden kann;
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
- Name
- Address
- Email address
- Postal address
- Phone number
- Date of birth
- Identification numbers such as social security number, tax identification number, ID card number, or student ID number
- Bank details such as account number, credit information, account balances, etc.
According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can at least determine the approximate location of your device and, consequently, you as the connection owner based on your IP address. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called “special categories” of personal data that are particularly worthy of protection. These include:
- Racial and ethnic origin
- Political opinions
- Religious or ideological beliefs
- Trade union membership
- Genetic data, such as data obtained from blood or saliva samples
- Biometric data (this is information about psychological, physical, or behavioral characteristics that can identify a person).
Health data - Data on sexual orientation or sex life
Profiling
Definition according to Article 4 of the GDPR
In the sense of this regulation, the term:
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;
Explanation: Profiling involves collecting various information about a person to learn more about them. In the web sector, profiling is often used for advertising purposes or for credit checks. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a special user profile, with which advertising can be specifically targeted to a target group.
Controller
Definition according to Article 4 of the GDPR
In the sense of this regulation, the term:
“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Explanation: In our case, we are responsible for the processing of your personal data and thus the “controller.” If we pass on collected data to other service providers for processing, they are “processors.” For this, a “data processing agreement (DPA)” must be signed.
Processing
Definition according to Article 4 of the GDPR
In the sense of this regulation, the term:
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
Note: When we talk about processing in our privacy policy, we mean any kind of data processing. This includes, as mentioned above in the original GDPR explanation, not only collection but also storage and processing of data.
Conclusion
Congratulations! If you are reading these lines, you have truly “fought” your way through our entire privacy policy—or at least scrolled this far. As you can see from the scope of our privacy policy, we do not take the protection of your personal data lightly.
It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. However, we not only want to tell you what data is processed but also explain the reasons for using various software programs. Usually, privacy policies sound very technical and legal. Since most of you are not web developers or lawyers, we wanted to take a different approach linguistically and explain the facts in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the privacy policy.
If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible body. We wish you a pleasant time and hope to welcome you back to our website soon.
Note: All texts are protected by copyright.
Source: Datenschutzerklärung created with the Privacy Generator for Austria by AdSimple.
