Data privacy policy pursuant to Art. 13, 14 GDPR – fulfilment of the information obligations

Thank you for visiting our website. We attach great importance to the protection of your data and inform you here in detail about the extent to which we process your data.

All personal designations always refer to all genders. The use of the masculine form is intended solely to simplify readability.

1 Person responsible for data processing

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

Saubermacher Dienstleistungs AG
Hans-Roth-Straße 1
8073 Feldkirchen bei Graz
Tel.: +43 59 800
E-mail: office@saubermacher.at
Website: saubermacher.at

The company has appointed a data protection officer. Birgit von Maurnböck, VMCON OG, Opernring 2, 8010 Graz can be contacted at: datenschutz@saubermacher.at

2 Data processing of persons in the business environment

2.1 Data processing in accordance with Art. 13 GDPR

We process the data of individuals that are provided to us as part of an enquiry by e-mail or to initiate and conclude a contract or business relationship.

2.2 Data processing in accordance with Art. 14 GDPR

In addition, we also process data from persons who are part of a contractual relationship which we have received as part of disclosures from third parties (e.g. managing directors send us data about their employees).

2.3 Persons concerned

We process the following data of interested parties: Company, name of contact person and business contact and address details.

We process the following data of customers: Company, title and name of contact persons, business address and contact details, bank details, contract data.

We process the following data of suppliers and business partners: Company, title and name of contact persons, business address and contact details, bank details, contract data.

2.4 Forwarding of data

We only pass on personal data to third parties if this is necessary for the purpose of contract processing and fulfilment or due to legal regulations.

2.5 Storage/deletion of data

Elapsing of contractual obligations: In the event that there are contractual provisions that prescribe for how long personal data must be retained, the data controller shall ensure that these retention periods are adhered to. Once these periods have elapsed, the data shall be deleted or anonymised by the data controller.
Revocation of consent: In the event that a data subject revokes consent for the processing of personal data, the data controller shall delete the data, provided that there is no other legal basis for processing.
Elapsing of statutory obligations: In some cases, there may be exceptions that not only permit but obligate a data controller to continue to retain personal data after statutory retention periods elapse or upon revocation of consent. This may be the case if there are legally prescribed retention periods that require retention of personal data for a defined period of time, e.g. retention of tax-related or accounting records. Once these statutory periods have elapsed, the data controller shall ensure that the data are anonymised or deleted.

2.6 Contact by email

When you make contact with us by e-mail, the data you have provided is stored by us on the basis of your consent in order to answer your questions. We erase the data gathered in this context after processing is no longer required, or we restrict the processing if there are legal obligations to preserve records.

Legal basis: Art. 6 para. 1 lit. f GDPR

2.7 Publication of the names of authors

We are legally obligated to disclose the names of the authors of image data (photographs or videos) whenever image data are published. We delete these personal data automatically as soon as we discontinue use of the image data.

2.8 Legal basis

Legal bases of data processing are

the initiation and fulfilment of the contract pursuant to Art. 6 para. 1 lit. b GDPR.
legal obligations pursuant to Art. 6 para. 1 lit. c GDPR (e.g. statutory retention and documentation obligations, publication obligations under copyright law).
legitimate interests of our company within the meaning of Art. 6 para. 1 lit. f GDPR (e.g. use of software)
6 para. 1 lit. a GDPR when obtaining consent (e.g. when processing image data or for advertising purposes).

Please note that national data protection regulations may also apply in addition to the provisions of the GDPR.

3 Data processing when contacting us via our website, callback service, registration for the newsletter, customer portal, application

3.1 Contact and callback service

If you have asked us to contact you via our web form or if you have sent us a message, we will store the data required to contact you. This is your name, your e-mail address, your postcode if applicable and, on a voluntary basis, your additional details if they are personal. The data will be deleted by us as soon as storage is no longer necessary or you object to the processing.

If you make use of our callback service, we store your name, your telephone number and, on a voluntary basis, your additional personal details.

Legal basis: Art. 6 para. 1 lit. f GDPR

3.2 Subscribe to newsletter

You have the option of subscribing to our newsletter. For this we need at least your first and last name and your e-mail address. You are welcome to provide us with further data voluntarily, e.g. gender, title, company, sector, department, number of employees, address, telephone number. You can unsubscribe from the newsletter at any time. Once you have cancelled your subscription, we will no longer use your data to send you the newsletter. If we have no business relationship with you and we are subject to statutory retention obligations, your data will be deleted after you unsubscribe from the newsletter.

Legal basis: Art. 6 para. 1 lit. a GDPR

3.3 Customer portal

As an SME, industry customer or corporation, on our website you have the option to sign in to our customer self-service portal using your login details in order to make use of additional functions (https://kundenportal.saubermacher.at/). To sign in, you need to provide your username and the password you have chosen.

To set up a new account, we require the following details: first name, surname, email address, phone number, RONA customer number and, if applicable, the respective destinations.

To notify you of any important changes to the scope of our portfolio or in the event of technical modifications, we shall use the email address provided during the registration process.

The data are stored by us for as long as you have an account with us, and are deleted unless they are subject to any statutory retention obligations.

Legal basis: Art. 6 par. 1 line b GDPR

3.4 Applicants

3.4.1 General

In the event that you send us your application documents, we process your personal data contained in those documents as well as your CV and your certificates for the purpose of personnel selection and recruitment. If your application is rejected, we will delete your documents 7 months after informing you of the rejection.

Legal basis: Art. 6 par. 1 line b GDPR

If we wish to keep your data on file so that we may contact you at a later point in time, we will contact you with our own request for consent. If you expressly grant your consent, we will store your application documents. If there is no further opportunity for recruitment with us within a period of a year, we will delete all of your application data one year after you have granted your consent.

Legal basis: Art. 6 para. 1 lit. a GDPR

3.4.2 Applicant portal

People who are interested in working for our company have the opportunity to apply directly on our website via the applicant portal. The application process runs via the BITE service of BITE GmbH, Magirus-Deutz-Straße 12, 89077 Ulm, Germany. You will be informed of this by means of a separate data protection declaration for applicants, with which we fulfil our information obligations. In the further application process, you have the opportunity to upload your application documents (e.g. CV). In the event of a rejection, we will delete your documents no later than 7 months after sending you the rejection.

Legal basis: Art. 6 par. 1 line b GDPR

Legal basis: Art. 6 para. 1 lit. a GDPR

4 Data processing when visiting our website

4.1 Informational use of the website

In case of a purely informational use of the website, we collect only the personal data that your browser transmits to our server. If you would like to view our website, we at most collect the data that is technically necessary for us to display our website to you and to ensure stability and security:

IP address
Date and time of the enquiry
Time Zone Difference to Coordinated Universal Time (UTC)
Content of the requirement (concrete page)
Access Status / HTTP status code
Website from which the enquiry is made
Browser
Operating system and its interface
Language and version of the browser software.

This data is not merged with personal data sources. We reserve the right to check this data retrospectively if concrete indications of illegitimate use come to our knowledge and to pass on the data – if there has been a hacker attack – to law enforcement authorities. There is no passing on to third parties beyond this.

Legal basis: Art. 6 par. 1 line f GDPR

4.2 Cookies

During the use of our website, cookies will be stored on your computer. Cookies are small text files that are deposited on your hard drive by your browser and through which certain information flows to the party placing the cookie (in this case us or the service provider). Cookies cannot carry out programmes or transmit viruses to your computer.

Through the cookie, you can be identified when revisiting the website, without data that you previously entered needing to be entered again.

The information contained in the cookies is used for example to establish whether you are logged in, or what data you have already entered, or to recognise you as a user when a connection is established between our web server and your browser.

We distinguish between technical cookies, which are used solely to ensure operation of a website, and other cookies, which are saved to your device by us or by third parties for the purpose of statistical analysis, tracking or advertising/marketing.

Legal basis: Art. 6 para. 1 line f GDPR (for technical cookies), Art. 6 para. 1 line a GDPR (for all other cookies)

4.2.1 Cookie declaration

4.3 Data processing in the USA

It cannot be ruled out that personal data will be transmitted to the USA when you visit our website. If this is the case, we will point this out separately in this privacy policy.

The European Commission has adopted an adequacy decision for the exchange of data between European and US companies. This decision stipulates that US companies that have submitted to the EU-US Privacy Framework guarantee an adequate level of protection for personal data. Personal data may be exchanged with these companies without additional guarantees.

In the case of data processing by US data recipients who have not submitted to the regulations of the EU-US Data Privacy Framework , , the following risks in particular cannot currently be ruled out for you as a data subject:

Your personal data could possibly be passed on to other third parties (e.g. US authorities) by the respective service provider beyond the actual purpose of order fulfilment.
You may not be able to assert or enforce your rights to information against the respective service provider in the long term.
There may be a higher probability that incorrect data processing may occur because the technical organisational measures for the protection of personal data do not fully meet the requirements of the GDPR in terms of quantity and quality.

By consenting to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to the USA. You can remove cookies stored on your PC yourself at any time by deleting the temporary internet files.

Legal basis: Art. 6 para. 1 lit. a GDPR

5 Social media presence

We maintain the social media sites LinkedIn, Xing, YouTube, Facebook, Instagram and Flickr. When you visit our social media presence, personal data, including the IP address of the respective provider, are processed and cookies are used to collect data. To find out exactly what information is transferred, please refer to the data privacy policy of the respective service provider. There you will also find information on possibilities for getting in contact as well as various settings.

We set store by comprehensive customer satisfaction, and use these services primarily in order to be able to get in contact i.e. communicate with you. Furthermore, we also view them as an additional option alongside our other existing information offers.

For services with a link to the USA, as a general rule the data collected are sent to a server in the USA and stored there. We have no influence over or possibility to monitor the nature and extent of the data processed by these services, the nature of processing and use or the passing on of these data to third parties. For options to limit the processing of these data within the respective settings of these services, please refer to the precise descriptions in the data privacy policies of the respective providers.

Furthermore, we would like to point out that your use of the respective services and their functions are your own responsibility. This applies in particular to the use of the interactive functions (for example sharing, commenting or reviewing).

The providers of the social media services have provided us with corresponding agreements – in the majority of cases, these are agreements regarding the joint responsibility of data processing. The use of social media is based on our legitimate business interest.

Legal basis: Art. 6 par. 1 line f GDPR

6 Whistleblower system – Whistleblowing online portal

6.1 Purpose of the processing

We have set up a whistleblowing online portal on our website. The whistleblowing system makes it possible to contact us and report information on compliance and legal violations without having to fear reprisals. Provided this is legally permissible, the report can also be made without providing personal data. We process personal data, provided that it is disclosed to us, in order to check the report made via the reporting centre and to investigate the suspected compliance and legal violations. We may have queries in this regard. We use communication via this whistleblower system for this purpose.

6.2 Data processing in accordance with Art. 13 GDPR

We process the data that the whistleblower provides to us in the context of the report.

6.3 Data processing in accordance with Art. 14 GDPR

In addition, we process data of persons named by the whistleblower in the course of reporting violations (e.g. name data or functions of the persons who caused the violation, name data or functions of the persons who are also affected by a violation, description of behaviour or actions of the person concerned in connection with the reported misconduct that could contribute to their identification).

6.4 Personal data, forwarding and legal basis

In principle, it is possible to use the whistleblowing system – as far as legally permissible – without providing personal data. However, personal data may be provided voluntarily as part of the whistleblowing process, in particular details of identity, first name and surname, country of residence, telephone number or email address.

When using anonymous communication with us, the IP address and current location are not stored at any time. After sending a report, the person sending the report receives access data to the mailbox of the online portal so that they can continue to communicate with us in a protected manner.

In order to fulfil the stated purpose, it may also be necessary for us to transfer the personal data to external bodies such as law firms, criminal or competition authorities, within or outside the European Union.

We process personal data, insofar as we have received it, insofar as this is necessary to fulfil legal obligations in terms of whistleblower protection on the basis of Art. 6 para. 1 lit. c GDPR and local data protection laws.

6.5 Responsible body

We use the whistleblowing online portal as a member of the Saubermacher Group.

The whistleblower system is operated by the management consultants commissioned by us, who act as independent controllers within the meaning of the EU General Data Protection Regulation. The company in question is VMCON OG, Opernring 2, 8010 Graz.

For data protection questions concerning VMCON OG, please contact “datenschutz@meineberater.at“.

The whistleblowing system (.LOUPE) is provided by our processor, the software provider.fobi solutions GmbH, Steinsiedlung 11, 4222 St. Georgen an der Gusen, Austria, with whom a corresponding data processing agreement has been concluded.

6.6 Duration of storage

We only store personal data for as long as is necessary to process your information or for as long as we have a legitimate interest in storing your personal data. Data may be stored for longer if this is required by national or European legislation to fulfil legal obligations, such as retention obligations.

We neither collect nor store personal data that is not required for processing a notification. They will be deleted immediately if necessary.

Once the investigation has been completed, all reports and associated data are archived for a period of 5 years. After this period, we guarantee the irretrievable deletion or anonymisation of all data. In addition, the data will be stored for as long as is necessary for official or legal proceedings that have already been initiated.

6.7 Your rights

Data subject rights in accordance with Art. 13 to 21 GDPR do not apply to persons affected by a tip-off in accordance with Section 8 (9) HSchG if this is necessary to protect the whistleblower or to investigate tip-offs (e.g: Right to information, right to access, right to erasure, right to object). The general data protection regulations apply to reports outside the scope of the HSchG.

If you are of the opinion that we have violated Austrian or European data protection law when processing your data and have thereby violated your rights, you have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40 – 42, 1030 Vienna, telephone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at

7 Data processing for Facebook services

7.1 Facebook plug-ins

We have integrated social plugins from Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on our website. The use of social plugins enables website users to share or like content from our website on Facebook.

We have concluded a contract with Meta Ireland, but it is nevertheless possible that Meta Ireland may transfer personal data to Meta USA. Meta Platforms, Inc. has certified itself in accordance with the adequacy decision for the transfer of personal data to the USA. The European Commission concludes that there is an adequate level of protection for personal data transferred from the EU to a company certified under the EU-US data protection framework in the USA, which is why data transfer is permitted under Art 45 GDPR.

Together with Facebook/Meta Ireland, we are joint controllers within the meaning of Art. 26 GDPR for the data processing that takes place in the context of the integration of the plugin. Art 26 GDPR.

Data is not transmitted to Facebook/Meta Ireland as soon as the website is accessed. Only when a user interacts with a post, i.e. shares or likes a post, will your IP address be transmitted to Facebook/Meta Ireland and stored on Facebook’s servers.

If you are logged in to Facebook as a website user, Facebook/Meta Ireland can assign your profile directly when you visit our website. If you interact with our website, this information will also be displayed on your Facebook profile. Facebook/Meta Ireland may use this information to analyse your behaviour on our website in connection with the advertisements displayed on Facebook, to inform other Facebook users of your activities and to provide other services.

For more information, please refer to the Facebook/Meta Ireland privacy policy at https://www.facebook.com/about/privacy/. In your profile settings on Facebook, you can make individual settings for data processing by Facebook/ Meta Ireland: https://www.facebook.com/settings?tab=ads.

Legal basis: Art. 6 para. 1 lit. a GDPR

7.2 Facebook Pixel

Our website uses Facebook Pixels (“Pixels”) provided by the social networking service Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grant Canal Harbour, Dublin 2, Ireland) for the purpose of analysis, optimisation and economic operation of our online presence.

Facebook can use the Pixels to determine website visitors as a target group for the display of advertisements (“Facebook Ads”). Accordingly, we use the Pixels to display the Facebook Ads that we have configured only to those Facebook users who have shown an interest in our online presence or who have certain characteristics (such as an interest in certain topics or products, determined according to websites visited) that we transmit to Facebook (‘Custom Audiences’). The objective is to ensure that our Facebook Ads are consistent with user interest and do not become irritating. With the aid of Pixels, we can monitor the effectiveness of Facebook Ads for statistical purposes and market research, by seeing whether users were forwarded to our website after clicking on a Facebook Ad (‘Conversion’).

Your actions are then stored in one or multiple cookies. These cookies enable Facebook to compare your user data (such as IP address, user ID) with the data from your Facebook account. The collected data remain anonymous and cannot be viewed by us, and can only be used within the context of placing Facebook Ads. If you would like to prevent a link to your Facebook account, you can log out before taking any action.

For further information, please see Facebook’s privacy policy at https://de-de.facebook.com/policy.php.
For specific information on Facebook Pixels, please see https://de-de.facebook.com/business/help/651294705016616.

Legal basis: Art. 6 para. 1 lit. a GDPR

8 Data processing for Microsoft services

We have entered into a contract with Microsoft Ireland Operations Limited (“Microsoft”), a company incorporated and operated under the laws of Ireland (registration number: 256796) with its registered office at One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Nevertheless, it is possible that data may be transferred from Europe to the USA, over which we as a company have no influence.

Microsoft has certified itself in accordance with the adequacy decision for the transfer of personal data to the USA. The European Commission concludes that there is an adequate level of protection for personal data transferred from the EU to a company certified under the EU-US data protection framework in the USA, which is why data transfer is permitted in accordance with Art. 45 GDPR.

In principle, all of the Microsoft cloud services we use are operated in the data centres in the geographical region of Europe. This includes locations such as Germany and France.

We use Microsoft’s cloud services and its software-as-a-service offerings, such as Microsoft Azure, for various purposes. These include the publication of websites, forms and other content as well as the storage and management of documents and the sending of emails. In the course of this processing, the personal data of the respective users are processed if they are part of the content or part of the communication processes within the services described. This may include, for example, user contact data, contract data, process data and metadata of the corresponding documents. Microsoft itself processes usage and metadata for security reasons and to optimise the services.

When using publicly accessible documents, websites or other content, Microsoft may place cookies on users’ computers in order to fulfil web analysis purposes or to save user settings.

You can find Microsoft’s privacy policy here:
https://privacy.microsoft.com/de-de/privacystatement

8.1 Microsoft Clarity

We also use the web analytics service Microsoft Clarity. The provider is Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399 USA.

Through the use of this service, a transfer of personal data to the USA takes place or cannot be ruled out

This tool enables us to analyse user behaviour on our website in order to improve the user experience. Microsoft Clarity uses cookies and other tracking technologies to collect information such as user interactions, mouse movements, scrolling activity and keystrokes. This data is anonymised and aggregated to help us improve the performance and effectiveness of our website.

Legal basis: Art. 6 para. 1 lit. a GDPR

9 Data processing when using Hotjar

We use Hotjar, an analysis software from Hotjar Ltd (“Hotjar”) (https://www.hotjar.com, Malta, Europe), to better understand the needs of our users and to optimise the offer on this website. Hotjar’s technology helps us to gain a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and this helps us to tailor our offering to our users’ feedback. Hotjar works with cookies and other technologies to collect information about the behaviour of our users and their end devices (in particular IP address of the device (is only recorded and stored in anonymised form), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for displaying our website). Hotjar stores this information in a pseudonymised user profile. The information is not used by Hotjar or by us to identify individual users or merged with other data about individual users. You can prevent the collection of data by Hotjar by clicking on the following link and following the instructions there: https://www.hotjar.com/opt-out.

Further information can be found in Hotjar’s privacy policy https://www.hotjar.com/legal/policies/privacy

Legal basis: Art. 6 para. 1 lit. a GDPR

10 Data processing when using Matomo

For statistical analysis of user behaviour and for optimisation and marketing purposes, we have integrated the web analysis service Matomo (www.matomo.org), previously Piwik, provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”) into our website. The EU Commission has certified an adequate level of data protection for New Zealand, on the basis of which data transmission is permitted in accordance with Art. 45 GDPR.

The following data is processed: Browser type, browser version, operating system, country of origin, date and time of the server request, number of visits, length of stay on the website and the external links you have clicked. The IP address is anonymised before it is saved. Pseudonymised usage profiles can be created and evaluated using this data. The collected data is processed on our servers and is not passed on to third parties.

The information generated in the pseudonymous user profile is never used to personally identify website visitors and is never combined with personal data concerning the holder of the pseudonym.

For further information, please see the privacy policy of Matomo at https://matomo.org/gdpr/.

Legal basis: Art. 6 para. 1 lit. a GDPR

11 Data processing when using Usercentrics (Cookiebot)

We use the Consent Banner Cookiebot from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, to obtain data protection-compliant consent for the use of cookies and services requiring consent on our website.

The consent banner records and stores the selection of cookies and services requiring consent of the respective user of our website. The explicit consent of the website visitor ensures that statistical and marketing cookies and services requiring consent are only then set.

The consent tool records, logs and stores the website visitor’s settings for the duration of the session. Cookiebot collects, transmits and stores certain user information (including the IP address) so that the selected settings can be clearly assigned to the respective website visitor.

For more information, please refer to Cookiebot’s privacy policy
https://www.cookiebot.com/de/privacy-policy/

Legal basis: Art. 6 para. 1 lit. f GDPR

12 Data processing when using YouTube

We operate a YouTube channel and have integrated YouTube videos into our website, which are stored on https://www.youtube.com/. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited., Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube videos in privacy-enhanced mode. With this setting, YouTube does not store cookies when you call up our website. A connection to YouTube servers is only established when you start the playback of the embedded videos. YouTube uses cookies for data collection and statistical data analysis. In the process, YouTube is notified which pages you are visiting. If you are logged in to YouTube, your data are directly associated with your account. YouTube uses your data for advertising and market research purposes.

By using this service, personal data is transferred to the USA or such a transfer cannot be ruled out. Google has certified itself in accordance with the adequacy decision for the transfer of personal data to the USA. The European Commission concludes that there is an adequate level of protection for personal data transferred from the EU to a company certified under the EU-US data protection framework in the USA, which is why data transfer is permitted under Art 45 GDPR.

The integration of YouTube leads to the reloading of Google services on our website, in particular Google Doubleclick, Google APIs, Google Video, Google Photos, Google Static and Google Fonts.

Further information about data privacy at “YouTube” is available in the data privacy statement of the provider under: https://www.google.de/intl/de/policies/privacy/

Legal basis: Art. 6 para. 1 lit. a GDPR

13 Data usage for Google services

We have concluded a contract with Google Ireland Limited (“Google”), a company registered and operated according to Irish law (register number: 368047) with its head office at Gordon House, Barrow Street, Dublin 4, Ireland. It can happen even so that data from Europe is transmitted to the USA, which we as a company cannot influence.

Google has certified itself in accordance with the adequacy decision for the transfer of personal data to the USA. The European Commission concludes that there is an adequate level of protection for personal data transferred from the EU to a company certified under the EU-US data protection framework in the USA, which is why data transfer is permitted in accordance with Art. 45 GDPR.

13.1 Google Analytics & IPmeta

This website uses the function “Activation of IP anonymisation” (i.e. that Google Analytics has been extended by the code “gat._anonymizeIp();”, in order to ensure an anonymised collection of IP addresses, so-called IP masking) This means that your IP address will be stored by Google in shortened form within Member States of the European Union or in other states that are contracting parties to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and shortened there in exceptional cases.

According to Google, Google will use the gained information to evaluate your use of the website, to compile reports about website activity and to provide further services to us relating to website usage and Internet usage. The IP address transmitted from your browser as part of Google Analytics is not merged with other Google data. Google may, however, transmit this information to third parties, insofar as this is legally mandatory or third parties are processing this data on behalf of Google. You can disable cookies using the relevant settings in your browser. We would like to point out, however, that in this case you may not be able to use all the functions of the websites to the full extent. Furthermore, you can prevent the collection of the data generated by the cookie relating to your website use (incl. your anonymised IP address), as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

You can find further information about usage conditions and data privacy under https://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de.

We also use the ipmeta.io service, which is a freely available plugin from Google Analytics. We use the plugin to analyse and implement “service provider”, “network domain” and “network type” in Google Analytics in order to see who has visited our websites and to obtain statistics about this. The retrieval of data for the network-related dimensions is based on your IP address. The plugin is only used to convert it into the network data. The data collected for this purpose is then deleted immediately.

You can find more information at: https://ipmeta.io/#how-network-type-works

13.2 Google Tag Manager

To identify your user behaviour, we use the so-called Google Tag Manager. The Google Tag Manager is a solution with which the marketer can manage website tags through an interface. The tool itself processes the following personal data: IP address of the user. The tool triggers other tags, which may in certain circumstances collect data. Google Tag Manager does not access this data. Google Tag Manager can install cookies, in any event in the administrator’s preview and debug modes, as well as outside of these modes. If there has been a deactivation at a domain or cookie level, this remains in place for all tracking tags that were implemented with the Google Tag Manager.

Further information is available here: https://www.google.com/intl/de/tagmanager/faq.html.

Legal basis: Art. 6 para. 1 lit. a GDPR

13.3 Google AdWords Conversion (Google Ads)

Our website also uses Google Conversion Tracking, Google Ads thereby places a cookie on your device if you accessed our website through a Google advert. These cookies lose their validity after 30 days and do not serve the purpose of personal identification. If the user visits certain pages of the website of an Ads customer and the cookie has not yet expired, Google and the customer can identify that the user has clicked on the advert and was forwarded to this page. Every Ads customer receives a different cookie. Cookies can therefore not be traced through the websites of Ads customers. The information gathered with the help of the conversion cookie serves the purpose of compiling conversion statistics for Ads customers who have chosen conversion tracking. The Ads customers can find out the total number of users who have clicked on their advert and were transferred to a page with a conversion tracking tag. However, they do not receive any information with which users could be personally identified. If you do not wish to participate in the tracking procedure, you also have the option to reject the placement of the cookie necessary for this procedure by changing your browser settings to deactivate the automatic placement of cookies in general. You can also deactivate cookies for conversion tracking by configuring your browser to block cookies from the domain “www.googleadservices.com”. You can find Google’s data privacy policy here.

If you use the SSL search, the encrypted search function of Google, the search words are usually not sent as part of the URL in the reference URL. There are, however, some exceptions, for example if you use certain less common browsers. You can find further information about SSL search here. Search enquiries or information in the reference URL may also in certain circumstances be viewed by Google Analytics or an Application Programming Interface (API). In addition, advertisers may receive information about the exact search words through which a click on an advertisement was prompted. https://policies.google.com/faq?hl=de

13.4 Google Doubleclick

The website uses the online marketing tool DoubleClick. The Google advertising network and certain Google services can be used to support AdWords customers and publishers in placing and managing adverts on the web. DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which adverts are displayed in which browser and can thus prevent them from being displayed more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick advert and later visits the advertiser’s website with the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain any personal information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advert from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and store it.

Legal basis: Art. 6 para. 1 lit. a GDPR

13.5 Google Fonts

We use Google Fonts. To ensure a uniform and appealing display of the fonts and icons, your browser loads the required fonts into your browser cache. To do this, it is necessary for the browser you are using to contact the Google Fonts servers, which means that Google Fonts becomes aware that our website has been accessed via your IP address.

You can find out what data is collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

Legal basis: Art. 6 para. 1 lit. a GDPR

13.6 Google Maps

On this website we use the services of Google Maps. This allows us to show you interactive maps, after you provide your consent, directly on the website and enables convenient use of the map function. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data already stated under the point “Informational use of the website” is transmitted. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as a user profile and uses it for the purposes of advertising, market research and/or designing its website according to requirements. Such an evaluation takes place in particular (even for users who are not logged in) to carry out targeted advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the formation of these user profiles, and you must contact Google to exercise this right.

For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the provider’s privacy policy. There you will also find further information about your rights and settings options with regard to the protection of your privacy: http://www.google.de/intl/de/policies/privacy.

Legal basis: Art. 6 para. 1 lit. a GDPR

13.7 Google Photos

For a user-friendly experience, we use the cloud-based storage service Google Photos. When you access images on our website, your browser establishes a connection to Google’s servers. Your IP address is transmitted to Google for this purpose. In order to display the images correctly, the required pages are loaded into your browser cache.

You can find more detailed information here: https://www.google.com/photos/
The privacy policy and terms of use can be found here: https://policies.google.com/

Legal basis: Art. 6 para. 1 lit. a GDPR

14 Data processing for hosting from AWS

Our website uses a cloud web hosting solution from the US provider Amazon Web Services, Inc. (AWS), 410 Terry Avenue North, Seattle WA 98109. AWS provides the infrastructure and resources required for the operation and provision of the website. As AWS acts as a cloud provider, data is stored and processed on AWS servers.

When using AWS, certain data such as IP addresses and access times may be logged in order to ensure the security and operation of the website.

For more information, please read the Amazon Cloud Services privacy policy: https://aws.amazon.com/de/compliance/data-privacy/.

Legal basis: Art. 6 para. 1 lit. f GDPR

15 Incorporation of Flickr image host

Components (web albums) of the Flickr web service are linked on this website. Flickr is a service of SmugMug, Inc. and since 2018 has been owned by the company headquartered at 67 E. Evelyn Ave, Suite 200 Mountain View, California.

Flickr sets cookies each time you call up or click on the Flickr component. Cookies are small text files that are stored on your computer and enable your use of Flickr’s services to be analysed. We do not know exactly what user information and user behaviour is collected and transmitted to the web servers of Flick and the associated companies in America for further processing.

By using this service, personal data is transferred to the USA or such a transfer cannot be ruled out.

With your consent to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to the USA.

If you as a user do not agree with this processing of your data, it is possible to deactivate the Flickr service and in this way prevent the transfer of data to the Flickr servers and the associated companies. To do this, you must deactivate JavaScript in your browser. However, we would like to point out that in this case you will not be able to use Flickr or only to a limited extent.

Legal basis: Art. 6 para. 1 lit. a GDPR

16 Use of the chat service ONLIM

On our website, we use chat functions from the company Onlim (Onlim GmbH, Weintraubengasse 22, 1020, Vienna, Austria) who act as our data processor. When you use our chat functions, your data entries are transmitted to the Onlim servers. This data includes the information you input such as the data and time of the chat.

We process these data to improve our customer service and other services.

Your data are deleted or made completely anonymous at the latest after 30 days. You also have the option of adjusting the storage period of your data directly on the chat service. Your personal data is then erased within 24 hours.

You can find the data privacy policy of Onlim at https://onlim.com/de/datenschutzerklaerung/.

Legal basis: Art. 6 para. 1 lit. a GDPR

ONLIM uses the cloud web hosting solution of the US provider Amazon Web Services, Inc. (AWS), 410 Terry Avenue North, Seattle WA 98109. As AWS acts as a cloud provider, data is stored and processed on AWS servers. When using the ONLIM chat service, your IP addresses and access times may therefore be logged by AWS in order to ensure the security and operation of the website.

For more information, please read the Amazon Cloud Services privacy policy: https://aws.amazon.com/de/compliance/data-privacy/.

17 Your rights

You have the following rights with respect to the personal data concerning you:

Right to access, rectification and erasure
Right to restriction of the processing
Right to objection to the processing
Right to data portability
Right to lodge a complaint with the Austrian data protection authority
Barichgasse 40 – 42, 1030 Vienna, telephone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at

If you believe that we are contravening Austrian or European data protection law during the processing of data and have therefore infringed your rights, please contact us to clarify any questions.

To do so, please direct your enquiries and concerns by email to datenschutz@saubermacher.at or use the given contact details.

18 Changes to this data privacy policy

We reserve the right to make adjustments to our data privacy policy from time to time. We publish all changes to the privacy policy on this page. Please note the current version of our privacy policy.