Data protection declaration in accordance with Art. 13, 14 GDPR – fulfilment of information obligations

Thank you for visiting our website. We attach great importance to the protection of your data and inform you here in detail about the extent to which we process your data.

All personal designations always refer to all genders. The use of the masculine form is intended solely to simplify readability.

1 Person responsible for data processing

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

Saubermacher Dienstleistungs AG
Hans-Roth-Strasse 1
8073 Feldkirchen near Graz
Tel.: +43 59 800
E-mail: office@saubermacher.at
Website: saubermacher.at

The company has appointed a data protection officer. Birgit von Maurnböck, VMCON OG, Opernring 2, 8010 Graz can be contacted at: datenschutz@saubermacher.at

2 Data processing of persons in the business environment

2.1 Data processing in accordance with Art. 13 GDPR

We process the data that various people provide to us through their own information, for example as part of an enquiry by email, to initiate and conclude a contract or a business relationship.

2.2 Data processing in accordance with Art. 14 GDPR

In addition, we process data of persons who may be part of a contractual relationship, which we have legitimately received in the context of information from third parties (e.g. managing directors provide us with the data of their employees).

2.3 Persons concerned

We process the following data from interested parties: Company, name of contact person and professional contact and address data.

We process the following data from customers: Company, title and names of contact persons, professional address data and contact details, bank details, contract data.

We process the following data from suppliers and business partners: Company, title and names of contact persons, professional address data and contact details, bank details, contract data.

We process the following data from contact persons and representatives of authorities, associations, political parties and the press: Company/authority, title and name of the contact person, professional address data and contact details.

We process the following data from newsletter recipients: E-mail address.

2.4 Forwarding of data

We only pass on personal data to third parties if this is necessary for the purpose of contract processing and fulfilment or due to legal regulations.

2.5 Storage/deletion of data

Expiry of contractual obligations: If there are contractual provisions that stipulate how long personal data must be stored, the controller shall ensure that these deadlines are met. As soon as these periods have expired, the data is deleted or anonymised by the controller.
Withdrawal of consent: If a person withdraws their consent to the processing of their personal data, the controller shall erase this data unless there is another legal basis for the processing.
Expiry of legal obligations: In some cases, there may be exceptions that not only allow, but even oblige the controller to continue to store personal data even after contractual deadlines have expired or consent has been withdrawn. This may be the case if there are statutory deadlines that require the retention of personal data for a defined period of time, such as the storage of tax or accounting records. Once these statutory periods have expired, the controller also ensures that the data is anonymised or deleted.

2.6 Contact by e-mail

When you contact us by e-mail, the data you provide will be stored by us in order to answer your questions. We delete the data arising in this context after processing is no longer necessary, or restrict processing if there are statutory retention obligations.

Legal basis: Art. 6 para. 1 lit. f GDPR

2.7 Publication of the names of authors

We are legally obliged to disclose the names of the authors of image data (photos or videos) each time image data is published. We automatically delete this personal data as soon as we stop using the image data.

2.8 Legal basis

The legal basis for data processing is

the initiation and fulfilment of the contract pursuant to Art. 6 para. 1 lit. b GDPR.
legal obligations pursuant to Art. 6 para. 1 lit. c GDPR (e.g. statutory retention and documentation obligations, publication obligations under copyright law).
legitimate interests of our company within the meaning of Art. 6 para. 1 lit. f GDPR (e.g. use of software)
6 para. 1 lit. a GDPR when obtaining consent (e.g. when processing image data or for advertising purposes).

Please note that national data protection regulations may also apply in addition to the provisions of the GDPR.

3 Data processing when contacting us via our website, callback service, registration for the newsletter, customer portal, application

3.1 Contact and callback service

If you have asked us to contact you via our web form or if you have sent us a message, we will store the data required to contact you. This is your name, your e-mail address, your postcode if applicable and, on a voluntary basis, your additional details if they are personal. The data will be deleted by us as soon as storage is no longer necessary or you object to the processing.

If you make use of our callback service, we store your name, your telephone number and, on a voluntary basis, your additional personal details.

Legal basis: Art. 6 para. 1 lit. f GDPR

3.2 Subscribe to newsletter

You can subscribe to our newsletter by providing us with your e-mail address. You can unsubscribe at any time. After you unsubscribe, we will no longer use your data to send you the newsletter. If we have no business relationship with you and are not subject to any statutory retention obligations, your data will be deleted after you unsubscribe from the newsletter.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

3.3 Customer portal

As an SME, industrial customer or municipality, you have the option of registering on our website with your login details in our customer self-service portal in order to use additional functions (https://kundenportal.saubermacher.at/). To log in, you will be asked for your user name and the password you have chosen.

We require the following data to create a new account: First name, surname, e-mail address, telephone number, RONA customer number and, if applicable, the respective destinations.

In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.

The data will be stored by us for as long as you have an account with us and will be deleted if it is not subject to any statutory retention obligations.

Legal basis: Art. 6 para. 1 lit. b GDPR

3.4 Applicants

3.4.1 General

If you send us your application documents, we will process your personal data contained therein as well as your CV and references for the purpose of personnel selection and recruitment. In the event of a rejection, we will delete your documents 7 months after sending the rejection to you.

Legal basis: Art. 6 para. 1 lit. b GDPR

If we wish to keep you on record for the purpose of contacting you at a later date, we will approach you with a separate request for your consent. If you explicitly give us this consent, we will save your application documents. If there is no further opportunity to fill a position with us within one year, we will delete all your applicant data one year after you have given us your consent.

Legal basis: Art. 6 para. 1 lit. a GDPR

3.4.2 Applicant portal

People who are interested in working for our company have the opportunity to apply directly on our website via the applicant portal. The application process runs via the BITE service of BITE GmbH, Magirus-Deutz-Straße 12, 89077 Ulm, Germany. You will be informed of this by means of a separate data protection declaration for applicants, with which we fulfil our information obligations. In the further application process, you have the opportunity to upload your application documents (e.g. CV). In the event of a rejection, we will delete your documents no later than 7 months after sending you the rejection.

Legal basis: Art. 6 para. 1 lit. b GDPR

Legal basis: Art. 6 para. 1 lit. a GDPR

4 Data processing when visiting our website

4.1 Informational use of the website

When using the website for information purposes only, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect at most the data that is technically necessary for us to display our website to you and to ensure stability and security:

IP address
Date and time of the enquiry
Time zone difference to Coordinated Universal Time (UTC)
Content of the request (specific page)
Access status/HTTP status code
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.

This data is not merged with personal data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use and – if there has been a hacking attack – to pass the data on to the law enforcement authorities. The data will not be passed on to third parties beyond this.

Legal basis: Art. 6 para. 1 lit. f GDPR

4.2 Cookies

Cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the place that sets the cookie (here by us or third-party providers). Cookies cannot execute programmes or transmit viruses to your computer.

The cookie allows you to be recognised when you visit the website without having to re-enter data that you have already entered.

The information contained in the cookies is used, for example, to determine whether you are logged in or what data you have already entered, or to recognise you as a user when a connection is established between our web server and your browser.

We distinguish between technical cookies that are used exclusively to ensure the operation of a website and other cookies that are set by us or third-party providers for the purpose of statistical analyses, tracking or advertising/marketing.

Legal basis: Art. 6 para. 1 lit. f GDPR (for technical cookies), Art. 6 para. 1 lit. a GDPR (for all other cookies)

4.2.1 Cookie declaration

4.3 Data processing in the USA

It cannot be ruled out that personal data will be transmitted to the USA when you visit our website. If this is the case, we will point this out separately in this privacy policy.

The European Commission has adopted an adequacy decision for the exchange of data between European and US companies. This decision stipulates that American companies that have submitted to the EU-US Privacy Framework guarantee an adequate level of protection for personal data. Personal data may be exchanged with these companies without additional guarantees.

In the case of data processing by US data recipients who have not submitted to the regulations of the EU-US Data Privacy Framework , , the following risks in particular cannot currently be ruled out for you as a data subject:

Your personal data could possibly be passed on to other third parties (e.g. US authorities) by the respective service provider beyond the actual purpose of order fulfilment.
You may not be able to assert or enforce your rights to information against the respective service provider in the long term.
There may be a higher probability that incorrect data processing may occur because the technical organisational measures for the protection of personal data do not fully meet the requirements of the GDPR in terms of quantity and quality.

By consenting to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to the USA. You can remove cookies stored on your PC yourself at any time by deleting the temporary internet files.

Legal basis: Art. 6 para. 1 lit. a GDPR

5 Social media presence

We operate the social media sites LinkedIn, Xing, YouTube, Facebook, Instagram and Flickr. When you visit our social media presence, personal data, including the IP address of the respective provider, is processed and cookies are used for data collection. Please refer to the privacy policy of the respective service to find out exactly what information is transmitted. There you will also find information about contact options and various settings.

We focus on comprehensive customer satisfaction and use these services primarily to be able to get in touch and communicate with you. We also see it as an additional option to our other existing information offerings.

In the case of US-based services, the data collected is generally sent to a server in the USA and stored there. We have no influence or control over the type and scope of the data processed by these services, the type of processing and use or the transfer of this data to third parties. For options to restrict the processing of this data in the respective settings of these services, please refer to the detailed descriptions in the privacy policies of the respective providers.

We would also like to point out that you use the respective services and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, commenting or rating).

The providers of the social media services have provided us with corresponding agreements – in most cases these are agreements on joint responsibility for data processing. The use of social media is based on our legitimate business interests.

Legal basis: Art. 6 para. 1 lit. f GDPR

6 Whistleblower system – Whistleblowing online portal

6.1 Purpose of the processing

We have set up a whistleblowing online portal on our website. The whistleblowing system makes it possible to contact us and report information on compliance and legal violations without having to fear reprisals. Provided this is legally permissible, the report can also be made without providing personal data. We process personal data, provided that it is disclosed to us, in order to check the report made via the reporting centre and to investigate the suspected compliance and legal violations. We may have queries in this regard. We use communication via this whistleblower system for this purpose.

6.2 Data processing in accordance with Art. 13 GDPR

We process the data that the whistleblower provides to us in the context of the report.

6.3 Data processing in accordance with Art. 14 GDPR

In addition, we process data of persons named by the whistleblower in the course of reporting violations (e.g. name data or functions of the persons who caused the violation, name data or functions of the persons who are also affected by a violation, description of behaviour or actions of the person concerned in connection with the reported misconduct that could contribute to their identification).

6.4 Personal data, forwarding and legal basis

In principle, it is possible to use the whistleblowing system – as far as legally permissible – without providing personal data. However, personal data may be provided voluntarily as part of the whistleblowing process, in particular details of identity, first name and surname, country of residence, telephone number or email address.

When using anonymous communication with us, the IP address and current location are not stored at any time. After sending a report, the person sending the report receives access data to the mailbox of the online portal so that they can continue to communicate with us in a protected manner.

In order to fulfil the stated purpose, it may also be necessary for us to transfer the personal data to external bodies such as law firms, criminal or competition authorities, within or outside the European Union.

We process personal data, insofar as we have received it, insofar as this is necessary to fulfil legal obligations in terms of whistleblower protection on the basis of Art. 6 para. 1 lit. c GDPR and local data protection laws.

6.5 Responsible body

We use the whistleblowing online portal as a member of the Saubermacher Group.

The whistleblowing system is operated by the management consultants commissioned by us, who act as independent controllers within the meaning of the EU General Data Protection Regulation. The company in question is VMCON OG, Opernring 2, 8010 Graz.

For data protection questions concerning VMCON OG, please contact “datenschutz@meineberater.at”.

The whistleblowing system (.LOUPE) is provided by our processor, the software provider.fobi solutions GmbH, Steinsiedlung 11, 4222 St. Georgen an der Gusen, Austria, with whom a corresponding data processing agreement has been concluded.

6.6 Duration of storage

We only store personal data for as long as is necessary to process your information or for as long as we have a legitimate interest in storing your personal data. Data may be stored for longer if this is required by national or European legislation to fulfil legal obligations, such as retention obligations.

We neither collect nor store personal data that is not required for processing a notification. They will be deleted immediately if necessary.

Once the investigation has been completed, all reports and associated data are archived for a period of 5 years. After this period, we guarantee the irretrievable deletion or anonymisation of all data. In addition, the data will be stored for as long as is necessary for official or legal proceedings that have already been initiated.

6.7 Your rights

Data subject rights in accordance with Art. 13 to 21 GDPR do not apply to persons affected by a tip-off in accordance with Section 8 (9) HSchG if this is necessary to protect the whistleblower or to investigate tip-offs (e.g: Right to information, right to access, right to erasure, right to object). The general data protection regulations apply to reports outside the scope of the HSchG.

If you are of the opinion that we have violated Austrian or European data protection law when processing your data and thereby infringed your rights, you have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40 – 42, 1030 Vienna, telephone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at

7 Data processing for Facebook services

7.1 Facebook social plugins

We have integrated social plugins from Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on our website. The use of social plugins enables website users to share or like content from our website on Facebook.

We have concluded a contract with Meta Ireland, but it is nevertheless possible that Meta Ireland may transfer personal data to Meta USA. Meta Platforms, Inc. has certified itself in accordance with the adequacy decision for the transfer of personal data to the USA. The European Commission concludes that there is an adequate level of protection for personal data transferred from the EU to a company certified under the EU-US data protection framework in the USA, which is why data transfer is permitted under Art 45 GDPR.

Together with Facebook/Meta Ireland, we are joint controllers within the meaning of Art. 26 GDPR for the data processing that takes place in the context of the integration of the plugin. Art 26 GDPR.

Data is not transmitted to Facebook/Meta Ireland as soon as the website is accessed. Only when a user interacts with a post, i.e. shares or likes a post, will your IP address be transmitted to Facebook/Meta Ireland and stored on Facebook’s servers.

If you are logged in to Facebook as a website user, Facebook/Meta Ireland can assign your profile directly when you visit our website. If you interact with our website, this information will also be displayed on your Facebook profile. Facebook/Meta Ireland may use this information to analyse your behaviour on our website in connection with the advertisements displayed on Facebook, to inform other Facebook users of your activities and to provide other services.

For more information, please refer to the Facebook/Meta Ireland privacy policy at https://www.facebook.com/about/privacy/. In your profile settings on Facebook, you can make individual settings for data processing by Facebook/ Meta Ireland: https://www.facebook.com/settings?tab=ads.

Legal basis: Art. 6 para. 1 lit. a GDPR

7.2 Facebook pixel

Our website uses Facebook pixels (“pixels”) from the social network Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland) for the analysis, optimisation and economic operation of our online offering.

Facebook can use the pixels to determine the website visitors as a target group for the display of adverts (so-called “Facebook ads”). Accordingly, we use them to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “custom audiences”). The aim is to ensure that our Facebook ads correspond to the user’s interests and are not annoying. With the help of pixels, we can also track the effectiveness of Facebook adverts for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook advert (so-called “conversion”).

Your actions are stored in one or more cookies. These cookies enable Facebook to match your user data (such as IP address, user ID) with the data of your Facebook account. The data that is collected is anonymous and not visible to us and can only be used in the context of adverts. If you wish to prevent the link to your Facebook account, you have the option of logging out before taking any action.

For more information, please refer to Facebook’s data policy at https://de-de.facebook.com/policy.php.

For specific information on Facebook pixels, please refer to https://de-de.facebook.com/business/help/651294705016616.

Legal basis: Art. 6 para. 1 lit. a GDPR

8 Data processing for Microsoft services

We have entered into a contract with Microsoft Ireland Operations Limited (“Microsoft”), a company incorporated and operated under the laws of Ireland (registration number: 256796) with its registered office at One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Nevertheless, it is possible that data may be transferred from Europe to the USA, over which we as a company have no influence.

Microsoft has certified itself in accordance with the adequacy decision for the transfer of personal data to the USA. The European Commission concludes that there is an adequate level of protection for personal data transferred from the EU to a company certified under the EU-US data protection framework in the USA, which is why data transfer is permitted in accordance with Art. 45 GDPR.

In principle, all of the Microsoft cloud services we use are operated in the data centres in the geographical region of Europe. This includes locations such as Germany and France.

We use Microsoft’s cloud services and its software-as-a-service offerings, such as Microsoft Azure, for various purposes. These include the publication of websites, forms and other content as well as the storage and management of documents and the sending of emails. In the course of this processing, the personal data of the respective users are processed if they are part of the content or part of the communication processes within the services described. This may include, for example, user contact data, contract data, process data and metadata of the corresponding documents. Microsoft itself processes usage and metadata for security reasons and to optimise the services.

When using publicly accessible documents, websites or other content, Microsoft may place cookies on users’ computers in order to fulfil web analysis purposes or to save user settings.

You can find Microsoft’s privacy policy here:
https://privacy.microsoft.com/de-de/privacystatement

8.1 Microsoft Clarity

We also use the web analytics service Microsoft Clarity. The provider is Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399 USA.

Through the use of this service, a transfer of personal data to the USA takes place or cannot be ruled out

This tool enables us to analyse user behaviour on our website in order to improve the user experience. Microsoft Clarity uses cookies and other tracking technologies to collect information such as user interactions, mouse movements, scrolling activity and keystrokes. This data is anonymised and aggregated to help us improve the performance and effectiveness of our website.

Legal basis: Art. 6 para. 1 lit. a GDPR

9 Data processing when using Hotjar

We use Hotjar, an analysis software from Hotjar Ltd (“Hotjar”) (http://www.hotjar.com, Malta, Europe), to better understand the needs of our users and to optimise the offer on this website. Hotjar’s technology helps us to gain a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and this helps us to tailor our offering to our users’ feedback. Hotjar works with cookies and other technologies to collect information about the behaviour of our users and their end devices (in particular IP address of the device (is only recorded and stored in anonymised form), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for displaying our website). Hotjar stores this information in a pseudonymised user profile. The information is not used by Hotjar or by us to identify individual users or merged with other data about individual users. You can prevent the collection of data by Hotjar by clicking on the following link and following the instructions there: https://www.hotjar.com/opt-out.

Further information can be found in Hotjar’s privacy policy https://www.hotjar.com/legal/policies/privacy

Legal basis: Art. 6 para. 1 lit. a GDPR

10 Data processing when using Matomo

We have integrated the web analysis service Matomo (www.matomo.org), formerly Piwik, from the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”) on our website for the statistical analysis of user behaviour and for optimisation and marketing purposes. The EU Commission has certified an adequate level of data protection for New Zealand, which is why data transfer is permitted in accordance with Art. 45 GDPR.

The following data is processed: Browser type, browser version, operating system, country of origin, date and time of the server enquiry, number of visits, time spent on the website and the external links you click on. The IP address is anonymised before it is saved. Pseudonymised user profiles can be created and evaluated from this data. The data collected is processed on our servers and is not passed on to third parties.

The information generated in the pseudonymised user profile is not used to personally identify the website visitor and is not merged with personal data about the bearer of the pseudonym.

For more information, please refer to Matomo’s privacy policy at https://matomo.org/gdpr/.

Legal basis: Art. 6 para. 1 lit. a GDPR

11 Data processing when using Usercentrics (Cookiebot)

We use the Consent Banner Cookiebot from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, to obtain data protection-compliant consent for the use of cookies and services requiring consent on our website.

The consent banner records and stores the selection of cookies and services requiring consent of the respective user of our website. The explicit consent of the website visitor ensures that statistical and marketing cookies and services requiring consent are only then set.

The consent tool records, logs and stores the website visitor’s settings for the duration of the session. Cookiebot collects, transmits and stores certain user information (including the IP address) so that the selected settings can be clearly assigned to the respective website visitor.

For more information, please refer to Cookiebot’s privacy policy
https://www.cookiebot.com/de/privacy-policy/

Legal basis: Art. 6 para. 1 lit. f GDPR

12 Data processing when using YouTube

We operate a YouTube channel and have integrated YouTube videos into our website, which are stored on http://www.YouTube.com. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube videos in extended data protection mode. With this setting, YouTube does not store any cookies when you visit our website. A connection to YouTube’s servers is only established when you start playing the embedded videos. YouTube uses cookies for data collection and statistical data analysis. YouTube is informed which pages you visit. If you are logged in to YouTube, your data will be assigned directly to your account. YouTube uses your data for advertising and market research purposes.

Through the use of this service, a transfer of personal data to the USA takes place or cannot be ruled out. Google has certified itself in accordance with the adequacy decision for the transfer of personal data to the USA. The European Commission concludes that there is an adequate level of protection for personal data transferred from the EU to a company certified under the EU-US data protection framework in the USA, which is why data transfer is permitted under Art 45 GDPR.

The integration of YouTube leads to the reloading of Google services on our website, in particular Google Doubleclick, Google APIs, Google Video, Google Photos, Google Static and Google Fonts.

Further information on data protection at “YouTube” can be found in the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy/

Legal basis: Art. 6 para. 1 lit. a GDPR

13 Use of data for Google services

We have entered into a contract with Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. Nevertheless, it is possible that data may be transferred from Europe to the USA, over which we as a company have no influence.

Google has certified itself in accordance with the adequacy decision for the transfer of personal data to the USA. The European Commission concludes that there is an adequate level of protection for personal data transferred from the EU to a company certified under the EU-US data protection framework in the USA, which is why data transfer is permitted in accordance with Art. 45 GDPR.

13.1 Google Analytics & IPmeta

This website uses the function “Activation of IP anonymisation” (i.e. Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure anonymised collection of IP addresses (so-called IP masking)). As a result, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

According to Google, Google will use the information obtained to analyse your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. However, Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. You can prevent the storage of cookies by selecting the appropriate settings in your browser software. However, we would like to point out that in this case you may not be able to use all functions of the website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the websites (including your anonymised IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html or at https://support.google.com/analytics/answer/6004245?hl=de.

We also use the ipmeta.io service, which is a freely available plugin from Google Analytics. We use the plugin to analyse and implement “service provider”, “network domain” and “network type” in Google Analytics in order to see who has visited our websites and to obtain statistics about this. The retrieval of data for the network-related dimensions is based on your IP address. The plugin is only used to convert it into the network data. The data collected for this purpose is then deleted immediately.

You can find more information at: https://ipmeta.io/#how-network-type-works

13.2 Google Tag Manager

We use Google Tag Manager to recognise your user behaviour. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The tool itself processes the following personal data IP address of the user. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. Google Tag Manager can set cookies, at least in the administrator’s preview and debug mode, but also outside of it. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

You can find more detailed information here: https://www.google.com/intl/de/tagmanager/faq.html.

Legal basis: Art. 6 para. 1 lit. a GDPR

13.3 Google AdWords Conversion (Google Ads)

This website also uses Google Conversion Tracking. Google Ads places a cookie on your computer if you have reached our website via a Google advert. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Ads customer’s website and the cookie has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page. Each Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Ads customers are informed of the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”. You can find Google’s privacy policy here.

If you use SSL search, Google’s encrypted search function, the search terms are usually not sent as part of the URL in the referral URL. However, there are some exceptions to this, for example if you use certain less common browsers. Further information on SSL searches can be found here. Search queries or information in the referral URL may also be viewed via Google Analytics or an Application Programming Interface (API). In addition, advertisers may receive information about the exact search terms that triggered a click on an advert. https://policies.google.com/faq?hl=de

13.4 Google Doubleclick

The website uses the online marketing tool DoubleClick. The Google advertising network and certain Google services can be used to support AdWords customers and publishers in placing and managing adverts on the web. DoubleClick uses cookies to display adverts that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same adverts more than once. Google uses a cookie ID to record which adverts are displayed in which browser and can thus prevent them from being displayed more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a DoubleClick advert and later visits the advertiser’s website with the same browser and makes a purchase there. According to Google, DoubleClick cookies do not contain any personal information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advert from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and store it.

Legal basis: Art. 6 para. 1 lit. a GDPR

13.5 Google Fonts

We use Google Fonts. To ensure that the fonts and icons are displayed in a uniform and appealing manner, your browser loads the required fonts into your browser cache. To do this, it is necessary for the browser you are using to contact the Google Fonts servers, which means that Google Fonts becomes aware that our website has been accessed via your IP address.

You can find out what data is collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.

Legal basis: Art. 6 para. 1 lit. a GDPR

13.6 Google Maps

We use the Google Maps service on this website. This allows us to display interactive maps directly on the website after you have given your consent and enables you to use the map function conveniently. When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data already mentioned under “Informational use of the website” is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customising its website. Such an analysis is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy.

Legal basis: Art. 6 para. 1 lit. a GDPR

13.7 Google Photos

For a user-friendly experience, we use the cloud-based storage service Google Photos. When you access images on our website, your browser establishes a connection to Google’s servers. Your IP address is transmitted to Google for this purpose. In order to display the images correctly, the required pages are loaded into your browser cache.

You can find more detailed information here: https://www.google.com/photos/
The privacy policy and terms of use can be found here: https://policies.google.com/

Legal basis: Art. 6 para. 1 lit. a GDPR

14 Data processing for hosting from AWS

Our website uses a cloud web hosting solution from the US provider Amazon Web Services, Inc. (AWS), 410 Terry Avenue North, Seattle WA 98109. AWS provides the infrastructure and resources required for the operation and provision of the website. As AWS acts as a cloud provider, data is stored and processed on AWS servers.

When using AWS, certain data such as IP addresses and access times may be logged in order to ensure the security and operation of the website.

For more information, please read the Amazon Cloud Services privacy policy: https://aws.amazon.com/de/compliance/data-privacy/.

Legal basis: Art. 6 para. 1 lit. f GDPR

15 Integration of Flickr – image hoster

Components (web albums) of the Flickr web service are linked on this website. Flickr is a service of SmugMug, Inc. and since 2018 has been owned by the company headquartered at 67 E. Evelyn Ave, Suite 200 Mountain View, California.

Flickr sets cookies each time you call up or click on the Flickr component. Cookies are small text files that are stored on your computer and enable your use of Flickr’s services to be analysed. We do not know exactly what user information and user behaviour is collected and transmitted to the web servers of Flick and the associated companies in America for further processing.

By using this service, personal data is transferred to the USA or such a transfer cannot be ruled out.

With your consent to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to the USA.

If you as a user do not agree with this processing of your data, it is possible to deactivate the Flickr service and in this way prevent the transfer of data to the Flickr servers and the associated companies. To do this, you must deactivate JavaScript in your browser. However, we would like to point out that in this case you will not be able to use Flickr or only to a limited extent.

Legal basis: Art. 6 para. 1 lit. a GDPR

16 Use of the ONLIM chat service

On our website, we use chat functions provided by Onlim (Onlim GmbH, Weintraubengasse 22, 1020, Vienna, Austria), which acts as our processor. When you use our chat functions, your data entries are transmitted to the Onlim servers. This data includes the information you enter as well as the date and time of the chat process.

We process this data in order to improve our customer service and our services.

Your data will be deleted or completely anonymised after 30 days at the latest. You also have the option of adjusting the storage period of your data directly in the chat. Your personal data will then be deleted within 24 hours.

You can find Onlim’s privacy policy at https://onlim.com/de/datenschutzerklaerung/.

Legal basis: Art. 6 para. 1 lit. a GDPR

ONLIM uses the cloud web hosting solution of the US provider Amazon Web Services, Inc. (AWS), 410 Terry Avenue North, Seattle WA 98109. As AWS acts as a cloud provider, data is stored and processed on AWS servers. When using the ONLIM chat service, your IP addresses and access times may therefore be logged by AWS in order to ensure the security and operation of the website.

For more information, please read the Amazon Cloud Services privacy policy: https://aws.amazon.com/de/compliance/data-privacy/.

17 Your rights

You have the following rights vis-à-vis us with regard to your personal data:

Right to information, rectification and erasure
Right to restriction of processing
Right to object to the processing
Right to data portability
Right to lodge a complaint with the Austrian data protection authority

Barichgasse 40 – 42, 1030 Vienna, Telephone: +43 1 52 152-0

E-mail: dsb@dsb.gv.at

If you are of the opinion that we have violated Austrian or European data protection law when processing your data and thereby infringed your rights, please contact us so that we can clarify any questions you may have.

Please send your enquiries and requests by e-mail to datenschutz@saubermacher.at or contact us using the contact details provided.

18 Changes to this privacy policy

We reserve the right to make changes to our privacy policy from time to time. We will publish all changes to the privacy policy on this page. Please refer to the latest version of our privacy policy in this regard.