Main navigation (1) Jump to search (2) Skip to content (3) Jump to footer (4)

Data privacy

General Privacy Policy Notification

This notification informs you about the type, scope and purpose of the collection and processing of your personal data. The person responsible for data processing within the meaning of the General Data Protection Regulation (hereinafter referred to as “GDPR”) and other national data protection laws of the member states and other data protection provisions is KWB Energiesysteme GmbH, 8321 Sankt Margarethen an der Raab, Industriestraße 235, Austria (“we”, or “us”). 

1. Purpose of data processing

We will process your personal data listed in section 2 for the following purposes: 

  • to carry out pre-contractual measures such as responding to customer queries, production planning, planning of marketing measures, or to fulfil our contractual obligations such as the provision of services or production and delivery of systems, system dimensioning (Art. 6(1)b GDPR),
  • based on your consent (Art. 6(1)a GDPR), in the event that you provided us with your respective consent, or
  • to fulfil our legal obligations (Art. 6(1)c GDPR).

These data are provided to us either by our business partners (partner companies in the field of sanitary and heating system installations), specifically for the purpose of fulfilling offers or orders, or for establishing contact in connection with promotional or marketing measures, or by you or when you visit our website.

The provision of your personal data is voluntary, unless a legal obligation exists on our side to collect and store the data. However, we will not be able to provide our services or fulfil the contractual agreement or we will not be able to do so in sufficient quality if you do not provide us with your personal data.

If consent is required for the processing, we will request it. The consent, however, is given voluntarily. If you gave your consent for the processing of your personal data for certain purposes, the processing will occur based on your consent according to the purposes and scope specified and agreed to in the consent statement. A consent that has been given can be revoked at any time with future effect in writing or via email (datenschutz@kwb.at). This does not affect the legality of the data processing that has occurred up to this time. You are not obliged to provide your consent for the processing of the data that is not relevant or required for the fulfilment of the contract or a specific order.

2. Processed data categories and legal basis for processing

Data from business partners

  • Company data: company name, address, bank information, tax ID
  • Creditworthiness information
  • Contact persons: name, email, telephone number
  • Heating system information: plans, system number, service reports

Data from end customers

  • Contact data: name, address, telephone number, email, bank information
  • Heating system information: plans, service reports
  • System number

Data from applicants

  • Provided documents (e.g. resume, school certificates, etc.) 

Data processing occurs based on Art. 6(1)a (consent), b (required to fulfil the contract), c (required to fulfil a legal obligation or f (legitimate interest) of the GDPR.

3. Transmission of your personal data

For purposes of contract performance or for settlement purposes as well as to fulfil legal obligations, it may become necessary that we disclose your personal data to third parties. Depending on the processing purpose, these may be:

  • payment processing providers commissioned by us: mPAY24 GmbH, please see, respectively, (www.mpay24.com), located in Grüngasse 16, 1050 Wien,
  • printing providers and agencies commissioned by us
  • shipping and delivery companies, distribution partners, service providers, IT service providers commissioned by us
  • as well as public authorities, banks, legal representatives, tax advisors, insurance providers, collection services, experts.

All personal data may be disclosed to our subsidiaries. These include:

  • KWB Deutschland Energiesysteme GmbH, Gewerbepark Ost 41, 86690 Mertingen, Germany
  • KWB Italia srl, 39100 Bolzano, Via Ipazia 2, Italy
  • KWB France S.A.R.L., 67390 Marckolsheim, 1 rue de l’Ortenbourg, France

Some of the above-named recipients are located outside of your country and process your personal data in that country. We transmit your personal data, however, only to EU/EEA countries that are also subject to the GDPR.

We will only transmit your data to the extent that it is necessary to fulfil a specific purpose.

4. Retention time

We store your personal data only for as long as it is necessary to achieve the purposes listed in section 1 and as permitted in accordance with applicable law. We store your personal data at least for the duration of legal retention obligations (e.g. Austrian Corporation Code (UGB), Austrian Federal Fiscal Code (BAO)) or as long as the statutes of limitation of potential legal claims (in some cases up to 30 years) have not expired.

5. Confidentiality and data protection

All KWB employees are obliged to uphold data secrecy within the meaning of § 6 of the Austrian Data Protection Act (DSG) 2018 and to maintain confidentiality.

6. Your rights in relation to your personal data

Under applicable law you have the right (under the conditions of the applicable law) you have the right, (i) to check which personal data we have stored regarding your person and to obtain copies of these data, (ii) request the correction, amendment or erasure of your personal data if it was processed incorrectly or not conforming to law, (iii) to request that we limit the processing of your personal data, (iv) under certain circumstances to object to the processing of your personal data or revoke your previously given consent to the processing, (v) to request data transferability, and (vi) to know the identity of third parties to whom your personal data is transmitted.

To the extent that we process data based on your consent you have the right to revoke this consent at any time by sending an email to datenschutz@kwb.at or by postal mail to KWB Energiesysteme GmbH, 8321 Sankt Margarethen an der Raab, Industriestraße 235, Austria. This does not affect the legality of the data processing that has occurred up to this time.

In addition, you have the right to submit a complaint to the Austrian data protection agency or another data protection supervisory authority of the EU, in particular at the location of your residence or work.

7. Our contact data

If you have any questions or requests regarding the processing of your personal data, you can contact us at any time:

KWB Energiesysteme GmbH
Industriestraße 235
A-8321 St. Margarethen/Raab, Austria.

E-Mail: datenschutz@kwb.at

_______________________________________________________

Privacy Policy for the Online Offering

This Privacy Policy explains the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) as part of our online offering and the respectively associated websites, functions and contents as well as external websites such as our social media profile (hereinafter jointly referred to as “online offering”). With regard to the terms used, e.g. “processing” or “controller”, please see the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

KWB Energiesysteme GmbH
Industriestraße 235 
8321 St. Margarethen an der Raab
Austria

Managing Director: DI Dr. Helmut Matschnig
Contact for data-related information: datenschutz@kwb.at

Types of processed data:

  • Personal data (e.g. names, addresses)
  • Contact data (e.g. email, telephone numbers)
  • Content data (e.g. text entries, photos, videos)
  • Usage data (e.g. visited websites, interest in specific contents, access times)
  • Meta/communication data (e.g. device information, IP addresses)

Categories of data subjects

Visitors and users of online offerings (hereinafter we will also refer to all data subjects as “users”).

Purpose of the processing

  • Provision of our online offering, its functions and contents
  • Response to contact requests and communication with users
  • Security measures
  • Measurements of reach/marketing

Terms used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing" means any operation carried out with or without the aid of automated procedures or any such series of operations in connection with personal data. The term is defined very broadly and basically covers any type of data processing.

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal bases

In accordance with Art. 13 GDPR, we inform you of the legal bases of our data processing. If the legal basis is not named in the Privacy Policy, the following applies: The legal basis for obtaining consent are Art. 6(1)a and Art. 7 GDPR; the legal basis for the processing and fulfilling our services and performance of contractual measures as well as responding to queries is Art. 6(1)b GDPR; the legal basis for processing to fulfil our legal obligations is Art. 6(1)c GDPR; and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)f GDPR. Art. 6(1)d GDPR applies as legal basis in the event that vital interests of a data subject or another natural person require the processing of personal data.

Security measures

Subject to Art. 32 GDPR, taking the state of the art, implementation costs and type, scope, circumstances and purpose of the processing into account as well as the various likelihoods of occurrence, gravity of risk for rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a reasonable level of protection in view of the risk.

These measures include in particular ensuring confidentiality, integrity and availability of data by controlling physical access to the data as well as the related access, entry, transmission, ensuring availability and separation. In addition, we have enacted processes which ensure assertion of data subject rights, erasure of data and reaction to threats to the data. Furthermore, we already consider the protection of personal data during development, e.g. selection of hardware, software and processes, according to the principle of data protection by design of technical equipment and data protection-oriented pre-configurations (Art. 25 GDPR).

Cooperation with processors and third parties

If we provide data access to other persons and companies (processors or third parties) as part of our data processing, or transmit the data to them or permit them access to the data in any other way, this will only occur based on a legal authorization (e.g. if the transmission of data to third parties, e.g. payment service providers, is required to fulfil a contract according to Art. 6(1)b GDPR), if you have given your consent, if a legal obligations provides for it, or based on our legitimate interests (e.g. when using authorized representatives, web hosts, etc.). 

If we commission third parties with the processing of data based on a “data processing agreement”, this will take place based on Art. 28 GDPR.

Data subject rights

You have the right to request a confirmation on whether the respective data are processed and to receive information regarding these data and to receive further information and copies of the data in accordance with Art. 15 GDPR.

According to Art. 16 GDPR you have the right to complete the data relating to you or request the correction of inaccurate data relating to you.

According to Art. 17 GDPR, you have the right to request that relevant data are immediately erased or, alternatively, you have the right to request that the processing of your data is restricted according to Art. 18 GDPR.

You have the right to request that we provide to you the relevant data that you provided to us and also that we transfer the data to other controllers according to Art. 20 GDPR. 

In addition, you have the right to submit a complaint to the competent supervisory authority according to Art. 77 GDPR.

Withdrawal right

You have the right to withdraw your consent according to Art. 7(3) GDPR with effect for the future.

Right to object

You can object to the future processing of your personal data according to Art. 21 GDPR. The objection may be expressed in particular against processing for direct marketing purposes.

Cookies and right to object regarding direct marketing

 “Cookies” are small files that are stored on the users’ computers. Cookies may store various types of information. A cookie is mainly used to store information relating to a user (or the device on which the cookie is stored) during or also after the user's visit of an online offering. Cookies that are erased after the user has left an online offering and closes his/her browser are called temporary cookies, or session cookies or transient cookies. Such a cookie stores, for example, the contents of a shopping cart in an online shop or a login status. Cookies that stay stored on the computer even after shutting down the browser are called permanent or persistent cookies. Such cookies store, e.g., the login status if the user returns to the website a few days later. They can also store aspects the user is interested in which are used for measurements of reach or marketing purposes. “Third-party cookies” are cookies that are offered by other providers than the controller who operates the online offering (if only the controller’s cookies are meant, they are referred to as “first-party cookies”).

We may utilize temporary and permanent cookies and provide respective information in our Privacy Policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the respective option in their browser’s system settings. Stored cookies can be deleted from the browsers’ system settings. Deleting cookies can lead to functional limitations of this online offering.

A general objection against the use of cookies for online marketing can be submitted with various services, particularly in the event of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. In addition, it is possible to switch off stored cookies via the browser settings. Please note that in this case, you may not be able to use all functions of the online offering.

Type and scope of processing by Google reCAPTCHA

Components from Google reCAPTCHA, a service of Google Ireland Limited, are embedded on our website. This technology helps us to differentiate between human users and automated programs, especially when it comes to contact requests. When you access this content, connections to the servers of Google Ireland Limited are established, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. Google reCAPTCHA also records the time spent on the website and mouse movements in order to distinguish human requests from automated requests. This data is processed exclusively for the purposes stated and to ensure the security and functionality of Google reCAPTCHA.

Purpose and legal basis
Google reCAPTCHA is used based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.

In the event that we intend to transmit personal data to third countries outside the European Economic Area, especially to the US, we have agreed on appropriate alternative guarantees with the recipients of the data in the spirit of Art. 44 et seq. GDPR, unless there is an adequacy decision by the European Commission (e.g. in the US). These guarantees generally include the use of standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 from 4 June 2021. You can view a copy of these standard contractual clauses at eur-lex.europa.eu/legal-content/DE/TXT/HTML/. Before such transmission to third countries, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a GDPR, which you can give using the consent manager (or other forms, registrations, etc.). It should be noted that transmission to third countries may involve risks that are unknown in detail, such as data processing by security authorities in the third country, the exact scope and effects of which are unknown to us and over which we have no influence. There is a chance that you will not become aware of these risks.

Duration of storage
The specific duration of storage of the processed data is determined by Google Ireland Limited and is beyond our control. More information on this topic can be found in the privacy policy for Google reCAPTCHA: policies.google.com/privacy.

Erasure of data 

The data processed by us are erased according to Art. 17 and 18 GDPR or the data processing is restricted. Unless explicitly stated in this Privacy Policy, we erase stored data as soon as we no longer need them for the respective purpose and if there are no statutory retention obligations prohibiting the erasure. If the data is not erased because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for any other purposes. This, for example, applies to data stored for commercial or tax-related reasons.

According to statutory requirements in Germany, retention occurs in particular for 10 years according to §§ 147(1) German Tax Code (AO), 257(1) nos. 1 and 4, (4) German Commercial Code (HGB) (books, records, status reports, accounting documents, trading books, tax-relevant documents, etc.), and 6 years according to § 257(1) nos. 2 and 3, (4) HGB (business letters). 

According to legal stipulations in Austria, data must be retained in particular for 7 years according to § 132 (1) BAO (accounting documents, receipts/invoices, accounts, supporting documents, business documents, income and expense reports, etc.), 22 years in relation with real properties, and for 10 years in relation to documents regarding electronically provided services, telecommunications, radio and tv services, which were provided to private parties in EU member states and for which the mini-one-stop shop (MOSS) was used.

Business management analyses and market research

To operate our business in an economically sound manner, detect market tendencies, demands of contractual partners and users, we analyse the data available to us with regard to business processes, contracts, queries etc. We thereby process directly provided data, communication data, contractual data, payment information, usage information, meta data based on Art. 6(1)f GDPR; the data subjects in this respect include contractual partners, visitors and users of our online offering. 

The analyses are performed for business management, marketing and market research purposes. In this respect, we can take into account profiles of registered users with information relating, e.g., to the services they used. The analyses help us to improve user-friendliness, optimize our offering and for business economic purposes. The analyses are only for our own use and are not disclosed externally unless they are anonymous analyses with aggregated values. 

To the extent that these analyses or profiles contain personal data, they are erased or pseudonymised when the user de-registers, otherwise they are erased two years after expiration of the contract. Furthermore, all overall business economics-related analyses and general trend determinations are prepared using pseudonymised data.

Comments and contributions

 If users leave comments or other contributions, their IP addresses can be saved for 7 days based on our legitimate interests within the meaning of Art. 6(1)f GDPR. This is done to ensure our safety in the event that a person leaves comments and contributions with illegal contents (with offensive content or illegal political propaganda, etc.). In this case, we may be prosecuted for the comment or contribution and therefore have an interest in knowing the author’s identity.

In addition, we reserve the right, based on our legitimate interests according to Art. 6(1)f GDPR, to process the user data for the purpose of detecting spam.

On the same legal basis, if surveys are conducted, we reserve the right to store the user IP addresses for the duration of the survey and to use cookies to prevent multiple responses by one party.

Establishment of contact

If a person establishes contact with us (e.g. via our contact form, email, telephone or social media), the user data for processing the contact request and our response is processed in accordance with Art. 6(1)b GDPR. The user data can be stored in a customer relationship system (“CRM system”) or similar query processing system.

We erase the queries as soon as they are no longer required. We review the respective requirements every two years; furthermore, statutory archiving obligations apply.

We permanently store the data provided to us as part of comments or contributions until the user withdraws the respective consent.

Newsletter - mailworx

We use the email marketing software mailworx to send and analyze our newsletters. mailworx records the opening and clicking behavior. Specifically, the following information is tracked: time of delivery, time of opening, duration of opening, IP address of opening, e-mail program used (mail client), which link was clicked and the time of the click. These data are processed exclusively within the European Union and are not passed on to third parties.

By subscribing to the newsletter, you agree that all data provided may be processed for advertising purposes in the course of sending the newsletter. You can revoke this consent at any time and without giving reasons by clicking the unsubscribe link in every newsletter. If you want to change your data, you can use the corresponding change data link in the newsletter.

Hosting and email transmissions

The hosting services used by us are used for the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, email transmissions, security services and technical maintenance services that we use to operate this online offering.

In this respect, we or our hosting provider process personal data, contact data, content data, contractual data, usage data, meta and communication data from customers, interested parties and visitors of this online offering based on our legitimate interests in an efficient and secure provision of this online offering according to Art. 6(1)f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

Collection of access data and logfiles

We or our hosting provider collect data relating to every access to the server on which this service is provided (server logfiles) based on our legitimate interests within the meaning of Art. 6(1)f GDPR. These access data include the name of the called-up website, file, date and time of the visit, transmitted data amount, report regarding a successful call-up, browser type and version, operating system of the user, referrer URL (the previously visited website), IP address and the querying provider.

Logfile data is stored for a maximum of 7 days and then erased for security reasons (e.g. to clarify misuse or fraudulent activities). Data for which further retention is required for evidence purposes are excluded from erasure until the final clarification of the respective event.

Google Tag Manager

Google Tag Manager is a solution which helps us to manage so-called website tags via an interface (and in this way integrate, e.g., Google Analytics or other Google Marketing Services). The Tag Manager itself (which implements the tags) does not process personal user data. With regard to the processing of personal user data, we refer to the following information relating to Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

Google Analytics

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6(1)f GDPR), we use Google Analytics, a web analysis service of Google LLC (“Google”). Google uses cookies The information generated by the cookie regarding your use of the online offering by the users are generally transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to analyse how users use our online offering, to put together reports about activities within the online offering and to provide additional services to us in relation to online offering use and internet use. In this process, it may be possible to create pseudonymised user profiles.

We only use Google Analytics with activated IP anonymisation. This means that Google will first shorten the user IP address within the EU member states or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

The IP address which is transmitted by the browser is not combined with any other Google data. Users can prevent the placement of cookies with a specific setting in their browser software; users can also prevent the collection of the data generated by the cookie and relating to their use of the online offering by Google and the processing of these data by Google by downloading and installing a browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on data use by Google, options for settings and objections can be found in the Google privacy policy (https://policies.google.com/technologies/ads) and in the settings for advertising (ad settings) by Google (https://adssettings.google.com/authenticated).

The personal data of the users are erased or anonymised after 14 months.

You can switch off data collection for this domain and for the currently used browser by Google Analytics via the following link: Deactivate the collection of data by Google Analytics for this domain.

Note: If you click on the link, nothing will happen. This is normal. But it prevents collection of the data.

Google Universal Analytics

We use Google Analytics in the form of "Universal-Analytics”. “Universal Analytics” refers to a process in Google Analytics where the user analysis occurs based on a pseudonymised user ID which leads to the creation of a pseudonymised user profile containing information from the use of various devices (“cross-device tracking”). We do not use the active user ID functionality. 

Google Analytics target group creation

We use Google Analytics to show ads placed within Google and its partners’ advertising services only to those users who have expressed an interest in our online offering or who have certain characteristics (e.g. interest in certain topics or products determined by their visiting certain websites) that we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). Using the remarketing audiences, we want to make sure that our ads correspond to the potential user interest.

Google AdWords and conversion measurement

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6(1)f GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, („Google“).

Google is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use Google’s online marketing process “AdWords” to place ads in the Google marketing network (e.g. in search results, in videos, on websites, etc.) to show them to users that may have an interest in the ads. This allows us to show ads for and within our online offering in a more targeted manner to present only those ads to users that potentially match their interests. If a user is shown, e.g., ads for products that he/she has expressed an interest in on other websites, this is called “remarketing”. For this reason, a Google code is executed by Google directly if our and other websites, on which the Google advertising network is active, are called up and so-called (re)marketing tags (invisible graphics or codes, also called “web beacons”) are integrated in the websites. With their help, an individual cookie, meaning a small file (instead of cookies it is also possible to use comparable technologies) is placed on the user device. This file stores information on the websites visited by the user, which contents the user was interested in and which offerings the users has clicked on, and, in addition, information on the browser and operating system, referral websites, time of the visit as well as additional information on the use of the online offering.

In addition, we receive an individual “conversion cookie”. The data collected using the cookie help Google prepare conversion statistics for us. We only receive the anonymous total number of users that have clicked on the ad and were transferred to a conversion tracking tag. However, we do not receive any information with which the users can be personally identified.

The user data is processed pseudonymised as part of the Google advertising network. This means that Google, e.g., not only stores the name or email address of the users, but also processes the relevant data in relation to the cookie within pseudonymised user profiles. This means that from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but instead for the cookie owner regardless of who the cookie owner is. This does not apply if a user has given Google the express permission to process these data without pseudonymisation. The information collected about the user are transmitted to Google and processed on Google servers in the U.S.

Further information on data use by Google, options for settings and objections can be found in the Google privacy policy (https://policies.google.com/technologies/ads) and in the settings for advertising (ad settings) by Google (https://adssettings.google.com/authenticated).

Google Doubleclick

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6(1)f GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, („Google“).

Google is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use Google’s online marketing process “Doubleclick” to place ads in the Google marketing network (e.g. in search results, in videos, on websites, etc.). Double Click is characterised by the aspect that ads are shown in real time based on perceived user interests. This allows us to show ads for and within our online offering in a more targeted manner to present only those ads to users that potentially match their interests. If a user is shown, e.g., ads for products that he/she has expressed an interest in on other websites, this is called “remarketing”. For this reason, a Google code is executed by Google directly if our and other websites, on which the Google advertising network is active, are called up and so-called (re)marketing tags (invisible graphics or codes, also called “web beacons”) are integrated in the websites. With their help, an individual cookie, meaning a small file (instead of cookies it is also possible to use comparable technologies) is placed on the user device. This file stores information on the websites visited by the user, which contents the user was interested in and which offerings the users has clicked on, and, in addition, information on the browser and operating system, referral websites, time of the visit as well as additional information on the use of the online offering.

The IP address of the user is also collected, but it is shortened within the member states of the European Union or other contracting states to the Agreement on the European Economic Area and only in exceptional cases, they are sent unshortened to Google servers in the U.S. and are shortened there. Google may link the above-mentioned information with information from other sources. If the user subsequently visits other websites, it is possible that he/she is shown ads matching his/her perceived interests based on his/her user profile.

The user data is processed pseudonymised as part of the Google advertising network. This means that Google, e.g., not only stores the name or email address of the users, but also processes the relevant data in relation to the cookie within pseudonymised user profiles. This means that from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but instead for the cookie owner regardless of who the cookie owner is. This does not apply if a user has given Google the express permission to process these data without pseudonymisation. The information collected about the user by Google Marketing Services are transmitted to Google and processed on Google servers in the USA.

Further information on data use by Google, options for settings and objections can be found in the Google privacy policy (https://policies.google.com/technologies/ads) and in the settings for advertising (ad settings) by Google (https://adssettings.google.com/authenticated).

Cloudflare privacy policy

To make this website faster and more secure, we use Cloudflare provided by Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA). Cloudflare uses cookies and processes visitor data with regard to which we will provide information to you below.

The Cloudflare cookie (__cfduid) is used to identify the individual visitors behind one commonly used IP address and to use security settings for each individual user. If a visitor of this website, for example, is at a location containing a number of infected computers, but the computer of the respective visitor is trustworthy, we can detect this with the help of the cookie. The cookie does not correspond to a user ID and does not store personal data.

The cookie is absolutely required for the Cloudflare security function and cannot be deactivated.

Cloudflare cookies

  • __cfduid
    • Expiration: 1 year
    • Use: Security settings for every single visitor
    • Example value: d798bf7df9c1ad5b7583eda5cc5e78211079662

Cloudflare offers web optimisation and security services to improve and protect websites. These include a reverse proxy, a passthrough security service and a content distribution network. Cloudflare collects information regarding website visitors. The information may include IP addresses, system configuration information and other information about the traffic from and to the website but is not limited to that. Cloudflare collects and uses logdata to operate, maintain and improve their services in accordance with customer agreements. Logdata may help Cloudflare, for example, to detect new threats, identify malicious third parties and to offer to this website stable security protection.

Cloudflare is an active member of the EU-U.S. Privacy Shield Framework, which regulates the accurate and safe data transmission of personal data. More information about this is available on 

https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0.
More information regarding data protection at Cloudflare you can find on https://www.cloudflare.com/de-de/privacypolicy/.

Online presence in social media

We maintain an online presence in social networks and platforms to communicate with customers, potential customers and users and be able to inform them about our services. When calling up the respective networks and platforms, the general terms and conditions and privacy policy of the respective operator apply. 

Unless stated otherwise in our Privacy Policy, we process user data if they communicate with us in the social networks and platforms, e.g. if they post contributions at the location of our online presence or send us messages.

Integration of third-party services and contents

We use third-party contents and service offerings in our online offering based on our legitimate interests (i.e. interest in analysis, optimisation and economic operation of our online offering within the meaning of Art. 6(1)f GDPR) to integrate their contents and services such as videos or fonts (hereinafter generally referred to as “contents”).

This always presupposes that the third-party providers of these contents see the user IP address since they cannot send contents to the browser of the user without the IP address. The IP address is therefore required for the display of these contents. We try to only use contents whose respective providers use the IP address only to deliver contents. Third-party providers can use so-called pixel tags (invisible graphics files, also called “web beacons”) for statistical or marketing purposes. With the pixel tags, it is possible to analyse information such as the visitor traffic on the pages of this website. The pseudonymised information can also be stored in cookies on the user device and contain, among other things, technical information regarding the browser and operating system, referral websites, time of visit and further information on the use of our online offering as well as be linked with such information from other sources.

Youtube

We integrate videos of the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google Fonts

We integrate fonts (“Google Fonts”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google Maps

We integrate maps of the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data to be processed may in particular include user IP addresses and location data, but they may not be collected without their consent (as a rule provided during the configuration of their mobile devices). These data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Adobe typekit fonts

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6(1)f GDPR), we use external “typekit” fonts by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law 
(www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).

Utilization of Facebook social plugins

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6(1)f GDPR), we use the social plugins (“plugins”) of the social network facebook.com operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins may represent interaction elements or contents (e.g. videos, graphics or text contributions) and can be recognised by their Facebook logo (white “f” on a blue tile, the terms “like”, “i like it” or a “thumbs up” symbol) or are identified by the addition “Facebook social plugin”. The list and the appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

If a user calls up a function of this online offering which contains such a plugin, the user's device establishes a direct connection with the Facebook servers. The plugin content is transmitted directly to the user’s device by Facebook and integrated into the online offering. In this process, it is possible to create user profiles based on the processed data. We have therefore no influence on the scope of data that Facebook collects using this plugin and inform the user based on our own level of knowledge.

By integrating the plugin, Facebook receives the information that a user has called up the respective page of the online offering. If the user is logged in on Facebook, Facebook can assign the visit to the user's Facebook account. If the user interacts with the plugins, e.g. by clicking on the “like” button or leaving a comment, the respective information is directly transmitted to Facebook from your device and stored there. If a user is not a Facebook member, there is still a possibility that Facebook finds out and stores his/her IP address. According to Facebook, only an anonymised IP address is saved in Germany.

The purpose and scope of data collection and further processing and use of the data by Facebook as well as any associated rights and setting options to protect the users’ privacy can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about him/her via this online offering and link it to his/her user data stored at Facebook, he/she has to log out of Facebook and delete all Facebook cookies before using this online offering. Additional settings and objections against the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings occur regardless of platform, i.e. they are transferred to all devices such as desktop computers and mobile devices.

Utilization of Facebook Pixel 

We use on this website Facebook Pixel by Facebook, a Social Media Network owned by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

The code implemented on this website can analyse user behaviour of users who reached this website via a Facebook ad. This may lead to an improvement of Facebook ads and these data are collected and stored by Facebook. We cannot view these data and can only use them if we have placed the ads. Cookies are also placed when using Facebook pixel codes.

By using the Facebook pixel, Facebook is informed of the visit to this website so that the visitor is shown suitable ads on Facebook. If you have a Facebook account and are logged in, your visit on this website is assigned to your Facebook user account.

How the Facebook pixel is used for advertising campaigns is described here https://www.facebook.com/business/learn/facebook-ads-pixel.

You can change your settings for ads in Facebook on https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen if you are logged in on Facebook. On http://www.youronlinechoices.com/de/praferenzmanagement/, you can manage your preferences regarding usage-based online advertising. On this site, you can deactivate or activate many providers at once or change the settings for individual providers.

More information regarding Facebook’s privacy policy you can find on https://www.facebook.com/policy.php.

Use of the customer support platform "Zendesk"

We use Zendesk's Zendesk web-based ticketing system, 1019 Market St., San Francisco, California 94103, USA ("Zendesk"), to provide you with effective customer support.

We carefully control these external service providers and the processing of the data. Zendesk is certified under the EU-US Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000TOjeAAG). The service manages requests placed on our site.

If you do not agree with Zendesk's data processing, alternative contact options are available, in particular by telephone or by post. When using Zendesk, the IP address and visited page are also recorded. The IP address is anonymized. Zendesk also uses cookies and similar technologies. The information generated by cookies on the use of this website (including the anonymized IP address) is transmitted to and stored by a Zendesk server in the USA. Performed chats are logged and saved. You can prevent the storage of cookies by setting your browser accordingly; However, we point out that in this case you may not be able to fully use all functions of our website. For more information, see the Zendesk Privacy Policy (https://www.zendesk.com/company/customers-partners/ # privacy-policy).

Twitter

As part of our online offering, we may integrate Twitter functions and contents, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. These include, e.g., contents such as images, videos or texts and buttons with which users can share contents of this online offering on Twitter.
If users are Twitter users, Twitter is able to assign the call-up of the above-mentioned contents and functions to the respective user profiles. Twitter is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.

Instagram

As part of our online offering, we may integrate Instagram functions and contents, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. These include, e.g., contents such as images, videos or texts and buttons with which users can share contents of this online offering on Instagram. If users are Instagram users, Instagram is able to assign the call-up of the above-mentioned contents and functions to the respective user profiles. Instagram privacy policy: http://instagram.com/about/legal/privacy/.

Xing

As part of our online offering, we may integrate Xing functions and contents, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. These include, e.g., contents such as images, videos or texts and buttons with which users can share contents of this online offering on Xing. If users are Xing users, Xing is able to assign the call-up of the above-mentioned contents and functions to the respective user profiles. Xing privacy policy: https://www.xing.com/app/share?op=data_protection.

LinkedIn

As part of our online offering, we may integrate LinkedIn functions and contents, offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. These include, e.g., contents such as images, videos or texts and buttons with which users can share contents of this online offering on LinkedIn. If users are LinkedIn users, LinkedIn is able to assign the call-up of the above-mentioned contents and functions to the respective user profiles. LinkedIn Privacy policy: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Google+

As part of our online offering, we may integrate Google+ functions and contents, offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). These include, e.g., contents such as images, videos or texts and buttons with which users can share contents of this online offering on Twitter. If users are Google+ users, Google+ is able to assign the call-up of the above-mentioned contents and functions to the respective user profiles.

Google is certified under the Privacy Shield Agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Further information on data use by Google, options for settings and objections can be found in the Google privacy policy (https://policies.google.com/technologies/ads) and in the settings for advertising (ad settings) by Google (https://adssettings.google.com/authenticated).

Shariff sharing functions

We use the data protection-safe “shariff” buttons. “Shariff” was developed to enable more privacy on the internet and to replace the usual "share” buttons of social networks. Here, it is not the users’ browser, but instead the server on which the online offering is located, which establishes a connection with the server of the respective social media platforms and queries, e.g., the number of “likes”. The user remains anonymous. More information on the Shariff project is available from the developers of the c't magazine: www.ct.de.

+43 3115 6116