PRIVACY POLICY
Introduction and Overview
We have drafted this privacy policy (version 03.09.2024-112867394) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, what personal data (referred to as “data” for short) we, as the data controllers, and the processors we employ (e.g., providers) process, will process in the future, and what legal rights you have. The terms used are to be understood as gender-neutral. In short: We provide you with comprehensive information about the data we process about you.
Privacy policies typically sound very technical and use legal jargon. This privacy policy is designed to describe the most important things as simply and transparently as possible. Wherever possible, we explain technical terms in a reader-friendly manner, provide links to additional information, and include graphics. We aim to inform you clearly and straightforwardly that we only process personal data within the framework of our business activities if there is a legal basis for doing so. This clarity isn’t possible if we use brief, unclear, and legalistic explanations, which are often the standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative, and perhaps there is information here that you were not previously aware of. If any questions remain, we encourage you to contact the responsible person listed below or in the imprint, follow the available links, and review additional information on third-party websites. Our contact details are also provided in the imprint.
Scope of Application
This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies we commission (processors). By personal data, we mean information as defined by Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this privacy policy includes:
• all online presences (websites, online shops) we operate
• social media presences and email communication
• mobile apps for smartphones and other devices
In short: This privacy policy applies to all areas where personal data is processed in the company via the mentioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately as necessary.
Legal Basis
In this privacy policy, we provide transparent information about the legal principles and regulations, i.e., the legal basis of the General Data Protection Regulation, that allow us to process personal data. Regarding EU law, we refer to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can review this EU General Data Protection Regulation online on EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies:
• Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data you enter in a contact form.
• Contract (Article 6(1)(b) GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For instance, if we conclude a purchase contract with you, we need personal information beforehand.
• Legal obligation (Article 6(1)(c) GDPR): We process your data if we are legally obliged to do so. For example, we are legally required to retain invoices for accounting purposes, which typically contain personal data.
• Legitimate interests (Article 6(1)(f) GDPR): In cases of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and efficiently. This processing is therefore in our legitimate interest.
Other conditions, such as performing tasks in the public interest or exercising public authority, as well as protecting vital interests, generally do not apply to us. If such a legal basis is relevant, it will be indicated at the appropriate place.
In addition to the EU Regulation, national laws also apply:
• In Austria, this is the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act), abbreviated DSG.
• In Germany, the Federal Data Protection Act (BDSG) applies.
If other regional or national laws apply, we will inform you in the following sections.
Contact Details of the Responsible Party
If you have any questions about data protection or the processing of personal data, you can find the contact details of the responsible person or office below:
Mag. Andreas Steinbüchler
Blindendorf 207
4312 Ried
Austria
Email: andreas@steinbuechler.at
Phone: +436642154056
Imprint: https://www.steinbuechler.at/impressum
Retention Period
As a general criterion, we only store personal data as long as it is absolutely necessary to provide our services and products. This means we delete personal data as soon as the reason for processing no longer exists. In some cases, we are legally obliged to retain certain data even after the original purpose has ceased, such as for accounting purposes.
If you request the deletion of your data or revoke your consent to data processing, the data will be deleted as quickly as possible unless a legal retention obligation exists.
We will inform you further below about the specific duration of the respective data processing if we have additional information on this.
Rights Under the General Data Protection Regulation
In accordance with Articles 13 and 14 of the GDPR, we inform you of the following rights you have to ensure fair and transparent processing of data:
You have the right to request information under Article 15 of the GDPR about whether we process data about you. If this is the case, you have the right to receive a copy of the data and to know the following:
• The purpose of the processing;
• The categories of data being processed;
• Who receives the data and how the security of the data is guaranteed if it is transferred to third countries;
• The storage period of the data;
• The existence of the right to rectification, deletion, restriction of processing, and the right to object to processing;
• That you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
• The source of the data if we did not collect it from you;
• Whether profiling is carried out, meaning if data is automatically evaluated to create a personal profile of you.
You have the right under Article 16 of the GDPR to rectification of your data, which means we must correct any mistakes you find.
You have the right to deletion under Article 17 of the GDPR (“right to be forgotten”), meaning you may request that your data be deleted.
You have the right to restrict processing under Article 18 of the GDPR, meaning that we may only store your data but not further use it.
You have the right to data portability under Article 20 of the GDPR, meaning we will provide your data to you in a commonly used format upon request.
You have the right to object under Article 21 of the GDPR, which will lead to a change in processing.
If your data is processed on the basis of Article 6(1)(e) (public interest, official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will review as quickly as possible whether we can legally comply with your objection.
If data is used for direct marketing purposes, you may object to this form of data processing at any time. We may no longer use your data for direct marketing thereafter.
If data is used for profiling purposes, you may object to this form of data processing at any time. We may no longer use your data for profiling thereafter.
Under certain circumstances, you have the right under Article 22 of the GDPR not to be subject to a decision based solely on automated processing (e.g., profiling).
You have the right under Article 77 of the GDPR to lodge a complaint. This means you can contact the data protection authority if you believe the processing of your personal data violates the GDPR.
In short: You have rights – do not hesitate to contact the responsible party listed above!
If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, each federal state has its own data protection commissioner. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible: (specific details follow).
Website Builder Systems
Introduction to Website Builder Systems
Website Builder Systems Privacy Policy Summary
👥 Affected parties: Visitors to the website
🤝 Purpose: To optimize our service
📓 Processed data: Data such as technical usage information like browser activity, clickstream activity, session heatmaps, contact details, IP address, or your geographic location. More details can be found below in this privacy policy and in the provider’s privacy policy.
📅 Retention period: Depends on the provider
⚖️ Legal basis: Article 6(1)(f) GDPR (legitimate interests), Article 6(1)(a) GDPR (consent)
What are Website Builder Systems?
We use a website builder system for our website. Website builder systems are special forms of content management systems (CMS). These systems allow website operators to easily create a website without programming knowledge. In many cases, web hosts also offer website builder systems. By using a builder system, personal data can also be collected, stored, and processed. In this section, we provide general information on data processing by website builder systems. For more details, please refer to the provider’s privacy policy.
Why do we use Website Builder Systems?
The main advantage of a website builder system is its ease of use. We want to offer you a clear, simple, and well-structured website that we can manage and maintain ourselves without external support. A builder system offers many useful functions that we can apply without programming skills. This allows us to design our web presence according to our preferences and provide you with an informative and enjoyable experience on our website.
Which Data is Stored by a Website Builder System?
The exact data stored depends on the website builder system used. Each provider processes and collects different data from website visitors. Typically, technical usage information, such as the operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit, is collected. Tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) may also be processed. Personal data, such as contact details (email address, phone number if provided), IP address, and geographic location, may also be collected and stored. Detailed information on which data is stored can be found in the provider’s privacy policy.
How Long and Where is the Data Stored?
We inform you about the duration of data processing in connection with the website builder system below if we have further information. Detailed information is available in the provider’s privacy policy. In general, we process personal data only as long as necessary to provide our services and products. The provider may store data according to their own policies, over which we have no influence.
Right to Object
You always have the right to request information, rectification, and deletion of your personal data. If you have any questions, you can also contact the responsible parties of the website builder system used. Contact details can be found either in our privacy policy or on the provider’s website.
Cookies used by providers for their functions can be deleted, disabled, or managed in your browser. Depending on the browser you are using, this works differently. However, please note that not all functions may work as intended afterward.
Legal Basis
We have a legitimate interest in using a website builder system to optimize our online service and present it efficiently and user-friendly. The relevant legal basis is Article 6(1)(f) GDPR (legitimate interests). However, we only use the builder to the extent that you have given your consent.
If the processing of data is not strictly necessary for the operation of the website, data will only be processed based on your consent. This particularly concerns tracking activities. The legal basis is then Article 6(1)(a) GDPR.
With this privacy policy, we have provided you with the most important general information about data processing. For more detailed information, please refer to the next section or the provider’s privacy policy.
Google Fonts Privacy Policy
Google Fonts Privacy Policy Summary
👥 Affected parties: Visitors to the website
🤝 Purpose: Optimization of our service
📓 Processed data: Data such as IP address and CSS and font requests
📅 Retention period: Font files are stored by Google for one year
⚖️ Legal basis: Article 6(1)(a) GDPR (consent), Article 6(1)(f) GDPR (legitimate interests)
What are Google Fonts?
We use Google Fonts on our website, which are the “Google Fonts” provided by Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.
You do not need to sign in or provide a password to use Google Fonts. Additionally, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, these requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don’t need to worry that your Google account information will be transmitted to Google while using Google Fonts. Google collects and securely stores the use of CSS (Cascading Style Sheets) and the fonts used. We will take a closer look at how the data storage works.
Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google provides free of charge.
Many of these fonts are published under the SIL Open Font License, while others are published under the Apache License. Both are free software licenses.
Why Do We Use Google Fonts on Our Website?
With Google Fonts, we can use fonts on our website without uploading them to our server. Google Fonts is a key component in maintaining the quality of our website. All Google fonts are optimized for the web and help save data volume, which is particularly advantageous for use on mobile devices. When you visit our site, the low file size ensures quick loading times. Furthermore, Google Fonts are secure web fonts. Different rendering systems in various browsers, operating systems, and mobile devices can sometimes cause errors that may visually distort texts or entire websites. Thanks to Google Fonts’ fast Content Delivery Network (CDN), there are no cross-platform issues. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts to present our entire online service as visually appealing and uniform as possible.
Which Data Does Google Store?
When you visit our website, the fonts are retrieved from a Google server. Through this external call, data is transmitted to Google’s servers. Google thereby recognizes that you (or your IP address) have visited our website. The Google Fonts API is designed to reduce the collection, storage, and use of end-user data to what is necessary for the proper provision of fonts. API stands for “Application Programming Interface,” which is used as a data transmitter in software development.
Google Fonts securely stores CSS and font requests with Google, ensuring the protection of the collected data. Through the usage statistics, Google can determine how well the individual fonts are received. The results are published on internal analytics pages, such as Google Analytics. Furthermore, Google uses data from its web crawler to determine which websites use Google fonts. These data are published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google Web Service BigQuery to examine and move large data volumes.
However, keep in mind that every Google Font request automatically transmits information such as language settings, IP address, browser version, screen resolution, and the name of the browser to Google servers. Whether this data is also stored is not clearly determined or clearly communicated by Google.
How Long and Where is the Data Stored?
Requests for CSS assets are stored on Google’s servers for one day, primarily located outside the EU. This enables us to use Google Fonts via a Google stylesheet. A stylesheet is a template that allows you to quickly and easily change the design or fonts of a website.
Font files are stored by Google for one year. Google’s goal is to improve the load time of websites. When millions of websites reference the same fonts, they are cached after the first visit and will immediately appear on all other subsequently visited websites. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.
How Can I Delete or Prevent My Data From Being Stored?
The data that Google stores for one day or one year cannot be simply deleted. The data is automatically transmitted to Google when the page is loaded. To delete this data prematurely, you must contact Google Support at https://support.google.com/?hl=en&tid=112867394. The only way to prevent data storage in this case is by not visiting our site.
Unlike other web fonts, Google allows us unrestricted access to all fonts. This allows us to access an extensive collection of fonts and optimize our website. For more information on Google Fonts and other questions, visit https://developers.google.com/fonts/faq?tid=112867394. While Google addresses privacy-related topics, detailed information about data storage is not always available. It is relatively difficult to get precise information from Google regarding stored data.
Legal Basis
If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. This consent represents the legal foundation under Article 6(1)(a) GDPR for the processing of personal data, as can occur during the use of Google Fonts.
We also have a legitimate interest in using Google Fonts to optimize our online service. The corresponding legal basis for this is Article 6(1)(f) GDPR (legitimate interests). We only use Google Fonts with your consent.
Google processes data in the USA. Google is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information is available at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Additionally, Google uses Standard Contractual Clauses (SCC) (= Article 46(2) and (3) GDPR). These are model contracts provided by the EU Commission to ensure that your data complies with European data protection standards, even when transferred and stored in third countries like the USA. Through the EU-US Data Privacy Framework and the SCCs, Google commits to adhering to European data protection standards even when processing your relevant data in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.
The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.
You can also read about which data is collected by Google and how it is used at https://policies.google.com/privacy.
Google Fonts Local Privacy Policy
On our website, we use Google Fonts from Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible. We have embedded the Google fonts locally, i.e., on our web server, not on Google’s servers. This means there is no connection to Google servers, and therefore, no data is transmitted or stored.
What Are Google Fonts?
Google Fonts, formerly known as Google Web Fonts, is an interactive directory of over 800 fonts that Google provides free of charge. With Google Fonts, you can use fonts without uploading them to your own server. To prevent any data transfer to Google servers, we have downloaded the fonts to our server. In this way, we comply with data protection laws and avoid sending any data to Google Fonts.
Explanation of Terms Used
We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially with technical and legal topics. Sometimes it makes sense to use legal terms (e.g., “personal data”) or specific technical expressions (e.g., “cookies,” “IP address”). We do not want to use these terms without explanation. Below is an alphabetical list of important terms used in this privacy policy. If these terms are derived from the GDPR and are legal definitions, we will also provide the relevant text from the GDPR and, where appropriate, add our explanations.
Processor
Definition according to Article 4 of the GDPR:
For the purposes of this Regulation:
“Processor” means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;
Explanation:
As a company and website owner, we are responsible for all the data we process from you. In addition to the data controller, there can also be so-called processors. This includes any company or person that processes personal data on our behalf. Processors may include service providers like accountants, hosting providers, or cloud providers, payment providers, newsletter providers, or large companies like Google or Microsoft.
Consent
Definition according to Article 4 of the GDPR:
For the purposes of this Regulation:
“Consent” means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them;
Explanation:
Typically, on websites, such consent is obtained through a cookie consent tool. You’re probably familiar with this. When you first visit a website, you are usually asked via a banner whether you consent to data processing or not. You can also usually make individual settings to decide which data processing you allow and which you do not. If you do not consent, no personal data about you may be processed. Of course, consent can also be provided in written form rather than through an online tool.
Personal Data
Definition according to Article 4 of the GDPR:
For the purposes of this Regulation:
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
Explanation:
Personal data refers to all data that can identify you as a person. Typically, this includes data such as:
• Name
• Address
• Email address
• Postal address
• Telephone number
• Date of birth
• Identification numbers like social security number, tax identification number, passport number, or student ID number
• Bank details like account number, credit information, account balances, etc.
According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine the approximate location of your device and, in turn, identify you as the owner of the internet connection. Thus, the storage of an IP address also requires a legal basis under the GDPR. There are also special categories of personal data that are particularly sensitive and deserving of greater protection. These include:
• Racial and ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Union membership
• Genetic data, such as those derived from blood or saliva samples
• Biometric data (this refers to physical, physiological, or behavioral characteristics that can be used to identify a person)
• Health data
• Data concerning sexual orientation or sexual activity
Profiling
Definition according to Article 4 of the GDPR:
For the purposes of this Regulation:
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;
Explanation:
Profiling refers to the collection of various information about a person to learn more about them. In the web context, profiling is often used for advertising purposes or credit checks. Web or advertising analytics programs, for example, collect data about your behavior and interests on a website, from which a specific user profile is created. This profile can then be used to target advertising to a particular audience.
Controller
Definition according to Article 4 of the GDPR:
For the purposes of this Regulation:
“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Explanation:
In our case, we are responsible for processing your personal data and are thus the “controller.” If we pass on collected data to other service providers for processing, they are referred to as “processors.” A Data Processing Agreement (DPA) must be signed for this.
Processing
Definition according to Article 4 of the GDPR:
For the purposes of this Regulation:
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;
Explanation:
When we talk about processing in this privacy policy, we mean any form of handling data. This includes, as mentioned in the original GDPR definition, not only collection but also storage and processing of data.
All texts are copyright protected.
Source: Created with the Privacy Policy Generator from AdSimple.