Data Privacy
Data privacy
We have written this data protection declaration (version 01/28/2021-211140591) in order to explain to you in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 what information we collect, how we use data and what decision-making options you have as a visitor to this website .
Unfortunately, it is in the nature of things that these explanations sound very technical, but we have tried to describe the most important things as simply and clearly as possible when creating them.
Automatic data storage
When you visit websites today, certain information is automatically created and stored, including on this website.
If you visit our website as you are right now, our web server (computer on which this website is stored) automatically saves data such as
- the address (URL) of the accessed website
- Browser and browser version
- the operating system used
- the address (URL) of the previously visited page (referrer URL)
- the hostname and IP address of the device from which access is being made
- Date and Time
in files (web server log files).
As a rule, web server log files are stored for two weeks and then automatically deleted. We do not pass on this data, but cannot rule out that this data will be viewed in the event of illegal behavior.
Cookies
Our website uses HTTP cookies to store user-specific data.
In the following we explain what cookies are and why they are used so that you can better understand the following data protection declaration.
What exactly are cookies?
Whenever you surf the Internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, which is basically the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data from you, such as language or personal page settings. When you visit our site again, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers each cookie has its own file, in others such as Firefox all cookies are stored in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, since each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "pests". Cookies also cannot access information on your PC.
For example, cookie data can look like this:
Name: _ga
Value: GA1.2.1326744211.152211140591-6
Purpose: Differentiation of website visitors
Expiry date: after 2 years
A browser should be able to support these minimum sizes:
- At least 4096 bytes per cookie
- At least 50 cookies per domain
- At least 3000 cookies in total
What types of cookies are there?
The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the data protection declaration. At this point we would like to briefly discuss the different types of HTTP cookies.
There are 4 types of cookies:
Essential cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed if a user puts a product in the shopping cart, then continues surfing on other pages and only goes to the checkout later. These cookies do not delete the shopping cart, even if the user closes their browser window.
Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and behavior of the website in different browsers.
Targeting cookies
These cookies ensure a better user experience. For example, entered locations, font sizes or form data are saved.
Advertising cookies
These cookies are also called targeting cookies. They are used to provide the user with individually tailored advertising. This can be very useful, but also very annoying.
Usually, when you visit a website for the first time, you will be asked which of these types of cookies you would like to allow. And of course this decision is also stored in a cookie.
How can I delete cookies?
You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option of deleting or deactivating cookies or only partially allowing them. For example, you can block third-party cookies but allow all other cookies.
If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:
Chrome: Delete, enable and manage cookies in Chrome
Safari: Managing Cookies and Website Data with Safari
Firefox: Clear cookies to remove data websites have placed on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Deleting and managing cookies
If you generally do not want any cookies, you can set up your browser so that it always informs you when a cookie is to be set. You can decide for each individual cookie whether you allow the cookie or not. The procedure differs depending on the browser. It is best to search for the instructions in Google with the search term “Delete cookies Chrome” or “Deactivate cookies Chrome” in the case of a Chrome browser.
What about my data protection?
The so-called “Cookie Guidelines” have been in place since 2009. It states that the storage of cookies requires your consent. Within the EU countries, however, there are still very different reactions to these directives. In Austria, however, this directive was implemented in Section 96 (3) of the Telecommunications Act (TKG).
If you want to know more about cookies and don't shy away from technical documentation, we recommend https://tools.ietf.org/html/rfc6265 , the Internet Engineering Task Force (IETF) Request for Comments called "HTTP State Management Mechanism".
Rights According to the General Data Protection Regulation
According to the provisions of the GDPR and the Austrian Data Protection Act (DSG) , you have the following rights:
- Right to rectification (Article 16 GDPR)
- Right to erasure (“right to be forgotten”) (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to notification – obligation to notify in connection with rectification or erasure of personal data or restriction of processing (Article 19 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR)
If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority, which is the data protection authority in Austria, whose website you can access at https://www. dsb.gv.at/ .
Evaluation of visitor behavior
In the following data protection declaration we inform you whether and how we evaluate data from your visit to this website. The evaluation of the collected data is usually anonymous and we cannot draw any conclusions about your person from your behavior on this website.
You can find out more about the possibilities of objecting to this evaluation of visit data in the following data protection declaration.
Google Maps Privacy Policy
We use Google Maps from Google Inc. on our website. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. With Google Maps we can show you locations better and thus adapt our service to your needs. By using Google Maps, data is transmitted to Google and stored on the Google servers. Here we want to go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.
What is Google Maps?
Google Maps is an Internet map service from Google. With Google Maps, you can find the exact location of a city, attraction, lodging or business online using a PC, tablet or app. If companies are represented on Google My Business, additional information about the company is displayed in addition to the location. In order to show how to get there, map sections of a location can be integrated into a website using HTML code. Google Maps shows the earth's surface as a street map or as an aerial or satellite image. Thanks to the Street View images and the high-quality satellite images, very precise representations are possible.
Why do we use Google Maps on our website?
All of our efforts on this site aim to offer you a useful and meaningful time on our website. By integrating Google Maps, we can provide you with the most important information about various locations. You can see at a glance where we have our company headquarters. The route description always shows you the best or fastest way to us. You can get directions for routes by car, public transport, on foot or by bike. For us, providing Google Maps is part of our customer service.
What data is stored by Google Maps?
In order for Google Maps to be able to fully offer its service, the company must collect and store data from you. This includes, among other things, the search terms entered, your IP address and also the latitude and longitude coordinates. If you use the route planner function, the start address entered will also be saved. However, this data storage happens on the Google Maps website. We can only inform you about this, but have no influence. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google uses this data primarily to optimize its own services and to provide you with individual, personalized advertising.
The following cookie is set in your browser due to the integration of Google Maps:
Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ211140591-5
Purpose: NID is used by Google to adapt advertisements to your Google search. With the help of the cookie, Google “remembers” your most frequently entered search queries or your previous interaction with ads. So you always get tailor-made advertisements. The cookie contains a unique ID that Google uses to collect your personal preferences for advertising purposes.
Expiry date: after 6 months
Note: We cannot guarantee the completeness of the stored data. Changes can never be ruled out, especially when using cookies. In order to identify the cookie NID, a separate test page was created, where only Google Maps was integrated.
How long and where is the data stored?
Google servers are located in data centers around the world. However, most of the servers are located in America. For this reason, your data is also increasingly stored in the USA. Here you can read exactly where the Google data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de
Google distributes the data on different data carriers. As a result, the data can be called up more quickly and is better protected against any attempts at manipulation. Each data center also has special emergency programs. If, for example, there are problems with the Google hardware or a natural disaster paralyzes the servers, the data will almost certainly remain protected.
Google stores some data for a fixed period of time. For other data, Google only offers the option of manually deleting it. The company also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 and 18 months, respectively.
How can I delete my data or prevent data storage?
With the automatic deletion of location and activity data introduced in 2019, information on location determination and web/app activity is stored for either 3 or 18 months – depending on your decision – and then deleted. You can also manually delete this data from the history at any time via the Google account. If you want to completely prevent your location tracking, you need to pause the "Web and app activity" section in the Google account. Click "Data and Personalization" and then click the "Activity Settings" option. Here you can switch the activities on or off.
You can also deactivate, delete or manage individual cookies in your browser. Depending on which browser you use, this always works a little differently. The following instructions show how to manage cookies in your browser:
Chrome: Delete, enable and manage cookies in Chrome
Safari: Managing Cookies and Website Data with Safari
Firefox: Clear cookies to remove data websites have placed on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Deleting and managing cookies
If you generally do not want any cookies, you can set up your browser so that it always informs you when a cookie is to be set. You can decide for each individual cookie whether you allow it or not.
Google is an active participant in the EU-US Privacy Shield Framework, which regulates the correct and secure data transfer of personal data. For more information, see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI . If you want to find out more about data processing by Google, we recommend the company's own data protection declaration at https://policies.google.com/privacy?hl=de .
Google Fonts Privacy Policy
We use Google Fonts on our website. These are the “Google fonts” from Google Inc. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe.
You do not need to register or enter a password to use Google fonts. Furthermore, no cookies are stored in your browser. The files (CSS, typefaces/fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don't have to worry about your Google account data being transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. How the data storage looks exactly, we will look at in detail.
What are Google Fonts?
Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google makes available to its users free of charge.
Many of these fonts are released under the SIL Open Font License, while others are released under the Apache License. Both are free software licenses.
Why do we use Google Fonts on our website?
With Google Fonts we can use fonts on our own website and do not have to upload them to our own server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web and this saves data volume and is a great advantage especially for use with mobile devices. When you visit our site, the small file size ensures fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can partially distort texts or entire websites. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). So we use Google Fonts so that we can present our entire online service as beautifully and uniformly as possible.
Which data is stored by Google?
When you visit our website, the fonts are reloaded via a Google server. This external call transmits data to the Google servers. In this way, Google also recognizes that you or your IP address is visiting our website. The Google Fonts API was designed to reduce the use, storage and collection of end-user data to what is necessary for proper font delivery. Incidentally, API stands for "Application Programming Interface" and serves, among other things, as a data transmitter in the software sector.
Google Fonts securely stores CSS and font requests on Google and is therefore protected. The collected usage figures allow Google to determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google web service BigQuery to examine and move large amounts of data.
It should be noted, however, that with each Google Font request, information such as language settings, IP address, browser version, browser screen resolution and browser name are automatically transmitted to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google.
How long and where is the data stored?
Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This enables us to use the fonts using a Google style sheet. A style sheet is a template that you can use to change the design or font of a website, for example, quickly and easily.
The font files are stored by Google for one year. Google is thus pursuing the goal of fundamentally improving the loading time of websites. When millions of websites refer to the same fonts, they are cached after the first visit and immediately reappear on all other websites visited later. Sometimes Google updates font files to reduce file size, increase language coverage, and improve design.
How can I delete my data or prevent data storage?
The data that Google stores for a day or a year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. In order to be able to delete this data prematurely, you must contact Google Support at https://support.google.com/?hl=de&tid=211140591 . In this case, you only prevent data storage if you do not visit our site.
Unlike other web fonts, Google allows us unlimited access to all fonts. So we have unlimited access to a sea of fonts and thus get the best out of our website. You can find more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=211140591 . Although Google addresses data protection issues there, it does not contain really detailed information about data storage. It is relatively difficult to get really precise information about stored data from Google.
You can also read about what data Google collects and what this data is used for at https://www.google.com/intl/de/policies/privacy/ .
Google Fonts Local Privacy Policy
On our website we use Google Fonts from Google Inc. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the European area. We have integrated the Google fonts locally, ie on our web server - not on Google's servers. As a result, there is no connection to Google servers and therefore no data transmission or storage.
What are Google Fonts?
Google Fonts used to be called Google Web Fonts. This is an interactive directory of over 800 fonts that Google provides for free. With Google Fonts, you could use fonts without uploading them to your own server. However, in order to prevent any transfer of information to Google servers in this regard, we have downloaded the fonts to our server. In this way, we act in compliance with data protection and do not send any data to Google Fonts.
Unlike other web fonts, Google allows us unlimited access to all fonts. So we have unlimited access to a sea of fonts and thus get the best out of our website. You can find more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=211140591 .
Google Analytics Privacy Policy
We use the Google Analytics (GA) analysis tracking tool from the American company Google Inc. on our website. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics allow us to better tailor our website and service to your needs. In the following we will go into more detail about the tracking tool and, above all, inform you about which data is stored and how you can prevent this.
What is Google Analytics?
Google Analytics is a tracking tool used to analyze traffic on our website. In order for Google Analytics to work, a tracking code is built into the code of our website. When you visit our website, this code records various actions that you take on our website. As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.
Google processes the data and we receive reports on your user behavior. These reports may include the following:
- Target group reports: With target group reports, we get to know our users better and know more precisely who is interested in our service.
- Ad reports: Ad reports make it easier for us to analyze and improve our online advertising.
- Acquisition Reports: Acquisition reports provide us with helpful information on how to attract more people to our service.
- Behavior Reports: Here we learn how you interact with our website. We can understand which path you take on our site and which links you click on.
- Conversion reports: Conversion is a process in which you perform a desired action based on a marketing message. For example, when you go from being a mere website visitor to a buyer or newsletter subscriber. These reports enable us to learn more about how our marketing measures are resonating with you. This is how we want to increase our conversion rate.
- Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are currently reading this text.
Why do we use Google Analytics on our website?
Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal.
The statistically evaluated data give us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that interested people can find it more easily on Google. On the other hand, the data helps us to better understand you as a visitor. We therefore know exactly what we need to improve on our website in order to offer you the best possible service. The data also helps us to carry out our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who care.
What data is stored by Google Analytics?
Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This is how Google Analytics recognizes you as a new user. The next time you visit our site, you will be recognized as a "returning" user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles in the first place.
Identifiers such as cookies and app instance IDs are used to measure your interactions on our website. Interactions are any type of action you take on our website. If you also use other Google systems (such as a Google account), data generated via Google Analytics can be linked to third-party cookies. Google does not pass on Google Analytics data unless we as the website operator authorize this. Exceptions may arise if required by law.
The following cookies are used by Google Analytics:
Name: _ga
Value: 2.1326744211.152211140591-5
Purpose : By default, analytics.js uses the _ga cookie to save the user ID. Basically, it serves to differentiate between website visitors.
Expiry date: after 2 years
Name: _gid
Value: 2.1687193234.152211140591-1
Purpose: The cookie is also used to distinguish between website visitors
Expiry date: after 24 hours
Name: _gat_gtag_UA_
value: 1
Purpose: Used to lower the request rate. If Google Analytics is provided via Google Tag Manager, this cookie is given the name _dc_gtm_ .
Expiry date: after 1 minute
Name: AMP_TOKEN
Value: no information
Purpose: The cookie has a token that can be used to retrieve a user ID from the AMP Client ID service. Other possible values indicate an opt-out, a request, or an error.
Expiry date: after 30 seconds to a year
Name: __utma
Value: 1564498958.1564498958.1564498958.1
Purpose: This cookie can be used to track your behavior on the website and measure performance. The cookie is updated each time information is sent to Google Analytics.
Expiry date: after 2 years
Name: __utmt
value: 1
Purpose : Like _gat_gtag_UA_, the cookie is used to throttle the request rate.
Expiry date: after 10 minutes
Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.
Expiry date: after 30 minutes
Name: __utmc
Value: 167421564
Purpose: This cookie is used to set new sessions for returning visitors. This is a session cookie and is only stored until you close the browser.
Expiry date: After closing the browser
Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: The cookie is used to identify the source of traffic to our website. This means that the cookie stores where you came from on our website. That could have been another page or an advertisement.
Expiry date: after 6 months
Name: __utmv
Value: not specified
Purpose: The cookie is used to store user-defined user data. It is always updated when information is sent to Google Analytics.
Expiry date: after 2 years
Note: This list cannot claim to be complete, since Google is constantly changing the choice of its cookies.
Here we show you an overview of the most important data that is collected with Google Analytics:
Heatmaps: Google creates so-called heatmaps. Heatmaps show exactly those areas that you click on. This is how we get information about where you are on our site.
Session duration: Google defines the session duration as the time you spend on our site without leaving the site. If you have been inactive for 20 minutes, the session ends automatically.
Bounce rate: A bounce is when you only view one page on our website and then leave our website again.
Account creation : If you create an account or place an order on our website, Google Analytics collects this data.
IP address: The IP address is only shown in abbreviated form so that no clear assignment is possible.
Location: The country and your approximate location can be determined via the IP address. This process is also referred to as IP location determination.
Technical information: The technical information includes, among other things, your browser type, your Internet provider or your screen resolution.
Source of origin: Google Analytics or we are of course also interested in which website or which advertisement you came to our site from.
Other data are contact details, any ratings, playing media (e.g. if you play a video on our site), sharing content via social media or adding it to your favorites. The list does not claim to be complete and only serves as a general guide to data storage by Google Analytics.
How long and where is the data stored?
Google has distributed their servers all over the world. Most of the servers are located in America and consequently your data is mostly stored on American servers. Here you can read exactly where the Google data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de
Your data is distributed across different physical media. This has the advantage that the data can be called up more quickly and is better protected against manipulation. Every Google data center has emergency programs for your data. For example, if Google's hardware fails or natural disasters paralyze servers, the risk of a service interruption at Google remains low.
A standard storage period for your user data of 26 months is set for Google Analytics. Then your user data will be deleted. However, we have the option of choosing the retention period for user data ourselves. We have five options available for this:
- Deletion after 14 months
- Deletion after 26 months
- Deletion after 38 months
- Deletion after 50 months
- No automatic deletion
When the specified period has expired, the data will be deleted once a month. This retention period applies to your data associated with cookies, user recognition and advertising IDs (e.g. cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a merging of individual data into a larger unit.
How can I delete my data or prevent data storage?
Under European Union data protection law, you have the right to access, update, delete or restrict your data. You can prevent Google Analytics from using your data by using the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can download and install the browser add-on from https://tools.google.com/dlpage/gaoptout?hl=de . Please note that this add-on only disables data collection by Google Analytics.
If you generally want to deactivate, delete or manage cookies (regardless of Google Analytics), there are separate instructions for each browser:
Chrome: Delete, enable and manage cookies in Chrome
Safari: Managing Cookies and Website Data with Safari
Firefox: Clear cookies to remove data websites have placed on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Deleting and managing cookies
Google Analytics is an active participant in the EU-US Privacy Shield Framework, which regulates the correct and secure data transfer of personal data. For more information, see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=211140591 . We hope we were able to provide you with the most important information about data processing by Google Analytics. If you want to learn more about the tracking service, we recommend these two links: http://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245 ?hl=de .
Google Analytics IP anonymization
We have implemented Google Analytics IP address anonymization on this website. This function was developed by Google so that this website can comply with applicable data protection regulations and recommendations from local data protection authorities if they prohibit the storage of the full IP address. The IP is anonymized or masked as soon as the IP addresses arrive in the Google Analytics data collection network and before the data is stored or processed.
You can find more information on IP anonymization at https://support.google.com/analytics/answer/2763052?hl=de .
Google Analytics reports on demographics and interests
We have activated the functions for advertising reports in Google Analytics. The Demographics and Interests reports include information about age, gender, and interests. This enables us to get a better picture of our users without being able to assign this data to individual persons. You can find out more about the advertising functions at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad .
You can end the use of the activities and information from your Google account under “Advertising settings” at https://adssettings.google.com/authenticated by checking the box.
Google Analytics deactivation link
If you click on the following deactivation link, you can prevent Google from recording further visits to this website. Attention: Deleting cookies, using the incognito/private mode of your browser, or using a different browser will result in data being collected again.
Google Analytics Google Signals Privacy Policy
We have activated the Google signals in Google Analytics. The existing Google Analytics functions (advertising reports, remarketing, cross-device reports and reports on interests and demographic characteristics) are updated to receive aggregated and anonymous data from you, provided you have allowed personalized ads in your Google account.
The special thing about it is that it is a cross-device tracking. That means your data can be analyzed across devices. By activating Google signals, data is collected and linked to the Google account. This allows Google to recognize, for example, when you view a product on our website using a smartphone and only later buy the product using a laptop. Thanks to the activation of Google signals, we can start cross-device remarketing campaigns that would otherwise not be possible in this form. Remarketing means that we can also show you our offer on other websites.
Google Analytics also collects additional visitor data such as location, search history, YouTube history and data about your actions on our website through the Google signals. This gives us better advertising reports and more useful information about your interests and demographics from Google. This includes your age, what language you speak, where you live or what gender you belong to. There are also social criteria such as your job, your marital status or your income. All of these features help Google Analytics to define groups of people or target groups.
The reports also help us to better assess your behavior, your wishes and interests. This enables us to optimize and adapt our services and products for you. By default, this data expires after 26 months. Please note that this data collection only takes place if you have allowed personalized advertising in your Google account. This is always aggregated and anonymous data and never personal data. You can manage or delete this data in your Google account.
Google Analytics Addendum to Data Processing
We have entered into a direct customer agreement with Google for the use of Google Analytics by accepting the “Data Processing Amendment” in Google Analytics.
You can find out more about the data processing addendum for Google Analytics here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad
Mapbox API Privacy Policy
On our website we use the Mapbox API of the American software company Mapbox Inc., 740 15th Street NW, 5th Floor, District of Columbia 20005, USA. Mapbox is an online map tool (open source mapping) that is accessed via an interface (API). By using this tool, among other things, your IP address will be forwarded to Mapbox and stored. In this data protection declaration you will learn more about the functions of the tool, why we use it and, above all, which data is stored and how you can prevent this.
What is Mapbox API?
Mapbox is an American software company providing custom online maps for websites. Mapbox can be used to illustrate content on our website or, for example, to graphically display directions. The maps can be easily integrated into our website with small code snippets (JavaScript code). Among other things, Mapbox offers a mobile-friendly environment, route information is provided in real time and data is visualized.
Why do we use Mapbox API on our website?
We also want to offer you a comprehensive service on our website and this should not simply end with our services or products. No, all of our content should also be of use to you. And that includes, for example, access maps that show you the way to our company.
What data is stored by Mapbox API?
If you call up one of our subpages that has an online map from Mapbox integrated, data about your user behavior can be collected and stored. This has to be so that the integrated online maps work properly. It is also possible that Mapbox will pass on data collected to third parties, but no personal data. This happens either if this is necessary for legal reasons or if Mapbox explicitly commissions another company. The map content is transmitted directly to your browser and integrated into our website.
Mapbox automatically collects certain technical information when requests are made to the APIs. In addition to your IP address, this includes browser information, your operating system, content of the request, limited location and usage data, the URL of the website visited and the date and time of the website visit. According to Mapbox, the data is only used to improve its own products. In addition, Mapbox also collects randomly generated IDs to analyze user behavior and determine the number of active users.
If you use one of our subpages and interact with an online map, Mapbox sets the following cookie in your browser:
Name: ppcbb-enable-content-mapbox_js
Value: 1605795587211140591-4
Purpose: We have not yet been able to find out more detailed information about the purpose of the cookie.
Expiry date: after one year
Note: In our tests, we did not find a cookie in the Chrome browser, but we found it in other browsers.
Where and for how long is data stored?
The data collected is stored and processed on Mapbox's American servers. For security reasons, your IP address will be kept for 30 days and then deleted. Randomly generated IDs (no personal data) that analyze the use of the APIs are deleted after 36 months.
How can I delete my data or prevent data storage?
If you do not want Mapbox to process data about you or your user behavior, you can disable JavaScript in your browser settings. Of course, you can then no longer use the corresponding functions to their full extent.
You always have the right to access your personal data and to object to its use and processing. You can manage, delete or disable cookies that may be set by Mapbox API in your browser at any time. As a result, however, the service may no longer function fully. Each browser manages, deletes or disables cookies a little differently. Below you will find links to the instructions for the most popular browsers:
Chrome: Delete, enable and manage cookies in Chrome
Safari: Managing Cookies and Website Data with Safari
Firefox: Clear cookies to remove data websites have placed on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Deleting and managing cookies
If you want to learn more about how Mapbox processes data, we recommend the company's data protection declaration at https://www.mapbox.com/legal/privacy .
Embedded Social Media Elements Privacy Policy
We integrate elements of social media services on our website to display images, videos and texts.
By visiting pages that display these elements, data is transferred from your browser to the respective social media service and stored there. We have no access to this data.
The following links take you to the pages of the respective social media services, where it is explained how they handle your data:
- Instagram Privacy Policy: https://help.instagram.com/519522125107875
- The Google data protection declaration applies to YouTube: https://policies.google.com/privacy?hl=de
- Facebook data policy: https://www.facebook.com/about/privacy
- Twitter privacy policy: https://twitter.com/de/privacy
Newsletter Privacy Policy
If you subscribe to our newsletter, you submit the above personal data and give us the right to contact you by email. We use the data stored when registering for the newsletter exclusively for our newsletter and do not pass it on.
If you unsubscribe from the newsletter - you will find the link for this at the bottom of every newsletter - we will delete all data that was saved when you registered for the newsletter.
MailChimp Privacy Policy
Like many other websites, we also use the services of the newsletter company MailChimp on our website. MailChimp is operated by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. Thanks to MailChimp, we can send you interesting news very easily via newsletter. With MailChimp we don't have to install anything and can still draw from a pool of really useful functions. In the following we will go into more detail about this e-mail marketing service and inform you about the most important aspects relevant to data protection.
What is MailChimp?
MailChimp is a cloud-based newsletter management service. "Cloud-based" means that we don't have to install MailChimp on our own computer or server. Instead, we use the service via an IT infrastructure - which is available via the Internet - on an external server. This way of using software is also called SaaS (Software as a Service).
With MailChimp we can choose from a wide range of different email types. Depending on what we want to achieve with our newsletter, we can run single campaigns, regular campaigns, autoresponders (automatic emails), A/B tests, RSS campaigns (sending at a predefined time and frequency) and follow-up campaigns .
Why do we use MailChimp on our website?
Basically, we use a newsletter service so that we can keep in touch with you. We want to tell you what's new with us or what attractive offers we currently have in our program. We are always looking for the simplest and best solutions for our marketing measures. And that's also why we chose Mailchimp's newsletter management service. Although the software is very easy to use, it offers a large number of helpful features. In this way, we can create interesting and beautiful newsletters in just a short time. With the design templates offered, we design each newsletter individually and thanks to the "responsive design" our content is also displayed legibly and beautifully on your smartphone (or other mobile end device).
With tools such as the A/B test or the extensive analysis options, we can see very quickly how our newsletter is received by you. This enables us to react if necessary and improve our offer or our services.
Another advantage is Mailchimp's "cloud system". The data is not stored and processed directly on our server. We can retrieve the data from external servers and in this way save our storage space. In addition, the maintenance effort is significantly lower.
What data is stored by MailChimp?
Rocket Science Group LLC (MailChimp) maintains online platforms that enable us to get in touch with you (if you have subscribed to our newsletter). If you become a subscriber to our newsletter through our website, you confirm by email that you are a member of a MailChimp email list. So that MailChimp can also prove that you have entered the "list provider", the date of entry and your IP address are saved. Furthermore, MailChimp stores your e-mail address, your name, physical address and demographic information such as language or location.
This information is used to send you emails and to enable certain other MailChimp functions (such as evaluating the newsletter).
MailChimp also shares information with third parties to provide better services. MailChimp also shares some data with third-party advertising partners to better understand the interests and concerns of its customers so that more relevant content and targeted advertising can be provided.
With so-called "web beacons" (small graphics in HTML e-mails), MailChimp can determine whether the e-mail has arrived, whether it has been opened and whether links have been clicked on. All of this information is stored on the MailChimp servers. This gives us statistical evaluations and allows us to see exactly how well you received our newsletter. In this way we can adapt our offer much better to your wishes and improve our service.
MailChimp may also use this data to improve its own service. This means, for example, that the dispatch can be technically optimized or the location (country) of the recipient can be determined.
The following cookies may be set by Mailchimp. This is not a complete list of cookies, but rather an exemplary selection:
Name : AVESTA_ENVIRONMENT
Value: Prod
Purpose : This cookie is necessary to provide the Mailchimp services. It is always set when a user registers for a newsletter mailing list.
Expiry date: after the end of the session
Name : ak_bmsc
Value: F1766FA98C9BB9DE4A39F70A9E5EEAB55F6517348A7000001211140591-3
Purpose: The cookie is used to distinguish a human from a bot. This allows secure reports to be generated on the use of a website.
Expiry date: after 2 hours
Name : bm_sv
Value: A5A322305B4401C2451FC22FFF547486~FEsKGvX8eovCwTeFTzb8//I3ak2Au…
Purpose : The cookie is from MasterPass Digital Wallet (a MasterCard service) and is used to offer a visitor a secure and easy virtual payment transaction. For this purpose, the user is identified anonymously on the website.
Expiry date: after 2 hours
Name : _abck
Value: 8D545C8CCA4C3A50579014C449B045211140591-9
Purpose : We were not able to find out any further information about the purpose of this cookie
Expiry date: after one year
Sometimes it can happen that you open our newsletter for a better display via a given link. This is the case, for example, if your e-mail program does not work or the newsletter is not displayed properly. The newsletter is then displayed on a MailChimp website. MailChimp also uses cookies (small text files that store data on your browser) on its own websites. Personal data can be processed by MailChimp and its partners (e.g. Google Analytics). This data collection is the responsibility of MailChimp and we have no control over it. MailChimp's "Cookie Statement" (located at: https://mailchimp.com/legal/cookies/ ) explains exactly how and why the company uses cookies.
How long and where is the data stored?
Since MailChimp is an American company, all data collected is also stored on American servers.
In principle, the data is permanently stored on the Mailchimp servers and is only deleted when you request it. You can have your contact deleted by us. This permanently removes all of your personal information for us and makes you anonymous in Mailchimp reports. However, you can also request the deletion of your data directly from MailChimp. Then all your data will be removed there and we will receive a notification from MailChimp. After receiving the email, we have 30 days to delete your contact from all connected integrations.
How can I delete my data or prevent data storage?
You can withdraw your consent to receive our newsletter at any time by clicking on the link at the bottom of the email received. If you have unsubscribed by clicking on the unsubscribe link, your data will be deleted from MailChimp.
If you access a MailChimp website via a link in our newsletter and cookies are set in your browser, you can delete or deactivate these cookies at any time.
Depending on the browser, deactivating or deleting works a little differently. The following instructions show how to manage cookies in your browser:
Chrome: Delete, enable and manage cookies in Chrome
Safari: Managing Cookies and Website Data with Safari
Firefox: Clear cookies to remove data websites have placed on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Deleting and managing cookies
If you generally do not want any cookies, you can set up your browser so that it always informs you when a cookie is to be set. You can decide for each individual cookie whether you allow it or not.
MailChimp is an active participant in the EU-US Privacy Shield Framework, which regulates the correct and secure data transfer of personal data. For more information, see https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&tid=211140591 . You can find out more about the use of cookies at MailChimp at https://mailchimp.com/legal/cookies/ , information on data protection at MailChimp (privacy) can be found at https://mailchimp.com/legal/privacy/ .
MailChimp order data processing contract
We have concluded a contract with MailChimp for order data processing (Data Processing Addendum). This contract serves to secure your personal data and ensures that MailChimp adheres to the applicable data protection regulations and does not pass on your personal data to third parties.
More information about this contract can be found at https://mailchimp.com/legal/data-processing-addendum/ .
YouTube Privacy Policy
We have embedded YouTube videos on our website. This allows us to present you with interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you call up a page on our website that has an embedded YouTube video, your browser automatically connects to the YouTube or Google servers. Various data are transmitted (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in Europe.
In the following we would like to explain to you in more detail which data is processed, why we have integrated YouTube videos and how you can manage or delete your data.
What is YouTube?
On YouTube, users can view videos, rate them, comment on them and upload them themselves free of charge. Over the past few years, YouTube has become one of the most important social media channels worldwide. In order for us to be able to display videos on our website, YouTube provides a code snippet that we have embedded on our site.
Why do we use YouTube videos on our website?
YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course interesting videos should not be missing. With the help of our embedded videos, we provide you with additional helpful content in addition to our texts and images. In addition, our website can be found more easily on the Google search engine thanks to the embedded videos. Even if we place advertisements via Google Ads, thanks to the data collected, Google can really only show these advertisements to people who are interested in our offers.
Which data is stored by YouTube?
As soon as you visit one of our pages that has a YouTube video installed, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can mostly use cookies to associate your interactions on our website with your profile. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your Internet provider. Other data can be contact details, any ratings, sharing content via social media or adding it to your favorites on YouTube.
If you are not signed into a Google account or a Youtube account, Google stores data with a unique identifier associated with your device, browser or app. For example, your preferred language setting is retained. But a lot of interaction data cannot be saved because fewer cookies are set.
In the following list we show cookies that were set in a test in the browser. On the one hand, we show cookies that are set without a registered YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be complete because the user data always depends on the interactions on YouTube.
Name: YSC
Value: b9-CV6ojI5Y211140591-1
Purpose: This cookie registers a unique ID to save statistics of the video viewed.
Expiry date: after the end of the session
Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics from PREF on how you use YouTube videos on our website.
Expiry date: after 8 months
Name: GPS
value: 1
Purpose: This cookie registers your unique ID on mobile devices to track GPS location.
Expiry date: after 30 minutes
Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie tries to estimate the bandwidth of the user on our websites (with built-in YouTube video).
Expiry date: after 8 months
Other cookies that are set when you are logged in to your YouTube account:
Name: APISID
Value: zILlvClZSkqGsSwI/AU1aZI6HY7211140591-
Purpose: This cookie is used to create a profile of your interests. The data is used for personalized advertisements.
Expiry date: after 2 years
Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user's consent to the use of various Google services. CONSENT is also used for security, to check users and protect user data from unauthorized attacks.
Expiry date: after 19 years
Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile of your interests. This data helps to display personalized advertising.
Expiry date: after 2 years
Name: LOGIN_INFO
Value: AFmmF2swRQIhALLl6aL…
Purpose: This cookie stores information about your login data.
Expiry date: after 2 years
Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile of your interests.
Expiry date: after 2 years
Name: SID
Value: oQfNKjAsI211140591-
Purpose: This cookie stores your Google account ID and your last login time in digitally signed and encrypted form.
Expiry date: after 2 years
Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information on how you use the website and which advertisements you may have seen before visiting our site.
Expiry date: after 3 months
How long and where is the data stored?
The data that YouTube receives from you and processes is stored on the Google servers. Most of these servers are located in America. At https://www.google.com/about/datacenters/inside/locations/?hl=de you can see exactly where the Google data centers are located. Your data is distributed on the servers. This means that the data can be called up more quickly and is better protected against manipulation.
Google stores the collected data for different lengths of time. You can delete some data at any time, others are automatically deleted after a limited period of time and others are stored by Google for a longer period of time. Some data (such as My Activity items, photos or documents, products) stored in your Google Account will remain stored until you delete it. Even if you're not signed into a Google Account, you can delete some data associated with your device, browser, or app.
How can I delete my data or prevent data storage?
In principle, you can delete data in the Google account manually. With the automatic deletion of location and activity data introduced in 2019, information is stored for either 3 or 18 months and then deleted, depending on your decision.
Regardless of whether you have a Google account or not, you can configure your browser in such a way that Google cookies are deleted or deactivated. Depending on which browser you use, this works in different ways. The following instructions show how to manage cookies in your browser:
Chrome: Delete, enable and manage cookies in Chrome
Safari: Managing Cookies and Website Data with Safari
Firefox: Clear cookies to remove data websites have placed on your computer
Internet Explorer: Delete and manage cookies
Microsoft Edge: Deleting and managing cookies
If you generally do not want any cookies, you can set up your browser so that it always informs you when a cookie is to be set. You can decide for each individual cookie whether you allow it or not. Since YouTube is a subsidiary of Google, there is a common privacy policy. If you want to find out more about how your data is handled, we recommend the data protection declaration at https://policies.google.com/privacy?hl=de.
YouTube Subscribe Button Privacy Policy
We have installed the YouTube subscribe button on our website. You can usually recognize the button by the classic YouTube logo. The logo shows the words "Subscribe" or "YouTube" in white letters on a red background and the white "Play" symbol to the left of it. However, the button can also be shown in a different design.
Our YouTube channel always offers you funny, interesting or exciting videos. With the built-in "subscribe button" you can subscribe to our channel directly from our website and do not have to call up the YouTube website separately. We want to make it as easy as possible for you to access our comprehensive content. Please note that this allows YouTube to store and process data from you.
If you see a built-in subscribe button on our site, YouTube sets at least one cookie, according to Google. This cookie stores your IP address and our URL. YouTube can also find out information about your browser, your approximate location and your default language in this way. In our test, the following four cookies were set without being logged in to YouTube:
Name: YSC
Value: b9-CV6ojI5211140591Y
Purpose: This cookie registers a unique ID to save statistics of the video viewed.
Expiry date: after the end of the session
Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics from PREF on how you use YouTube videos on our website.
Expiry date: after 8 months
Name: GPS
value: 1
Purpose: This cookie registers your unique ID on mobile devices to track GPS location.
Expiry date: after 30 minutes
Name: VISITOR_INFO1_LIVE
Value: 21114059195Chz8bagyU
Purpose: This cookie tries to estimate the bandwidth of the user on our websites (with built-in YouTube video).
Expiry date: after 8 months
Note: These cookies were set after a test and cannot claim to be complete.
If you are logged into your YouTube account, YouTube can store many of your actions/interactions on our website using cookies and assign them to your YouTube account. This gives YouTube information, for example, on how long you surf our site, what type of browser you use, what screen resolution you prefer or what actions you take.
YouTube uses this data on the one hand to improve its own services and offers and on the other hand to provide analyzes and statistics for advertisers (who use Google Ads).
Mouseflow and its uses
We use the "Mouseflow" tool to record individual sessions anonymously. Mouseflow's platform is 100% GDPR (DSGVO) compliant as required by the European Union. We do our best to protect you and your visitors and rely on the highest standards. We anonymize all IP addresses within the EU and do not track any typing behavior of visitors within the EU (fields that do not fall under PII can also be anonymized). Your data is always isolated, whether in our data centers in the EU or the US, depending on where you log in from. The data never leaves the data centers and is not transferred between the data centers. Read more about Mouseflow's compliance with GDPR (DSGVO) below.
What is mouse flow?
Mouseflow is a web analytics tool used by more than 190,000 customers to analyze user behavior on a website and optimize the user experience accordingly. Our offer includes session replays/recordings, heat maps, funnel and form analysis, as well as feedback campaigns. If you want to learn more about our features, visit the tour page .
What information is collected?
When you visit a website that uses Mouseflow, this information is collected:
Clicks, mouse movements, hovering, scrolling
browsers
Device (desktop/tablet/mobile)
language
operating system
screen resolution
visit duration
Navigation (URLs)
Page Content (HTML)
ISP & Location (City, State/Region, Country)
Keystrokes (only for non-EU/EEA data subjects in non-EU/EEA accounts and never for passwords, numbers or excluded fields.
Referrer URL
Visitor type (first-time visitors/returners)
Individual tags or variables
Answers in the feedback tool
The data is stored for 1-12 months depending on the customer's plan .
What can I do?
Data access
If you would like a copy of your data*, please contact the operator of the website where the data was collected/collected (the data controller). If they are unable to process the request or do not respond within a reasonable time, please contact us at datenschutz@mouseflow.com .
Data correction
If you wish to have your data corrected*, please contact the operator of the website on which the data was collected/collected (the data controller). If they are unable to process the request or do not respond within a reasonable time, please contact us at datenschutz@mouseflow.com .
Data erasure
If you wish to have your data* deleted, please contact the operator of the website on which the data was collected/collected (the data controller). If they are unable to process the request or do not respond within a reasonable time, please contact us at datenschutz@mouseflow.com .
Withdrawal of Consent
If you have given consent for information to be processed by Mouseflow (in our feedback widget) and wish to withdraw it, please contact the operator of the website on which the data was collected/collected (the data controller) and us at datenschutz@mouseflow .com .
Opt out
If you do not wish to be tracked, you can use the following opt-out:
By using the opt-out, a corresponding cookie will be set on your device until it is deleted.
* Our customers contractually agree not to collect personally identifiable information. Therefore, the data stored at Mouseflow is basically anonymous. This could change your rights above and/or limit our ability to provide, correct or delete your information as there is no way to trace it back to you.
Use of SalesViewer® technology
On this website, data for marketing, market research and optimization purposes is collected and stored using SalesViewer® technology from SalesViewer® GmbH on the basis of the legitimate interests of the website operator (Art. 6 Para.1 lit.f GDPR).
A javascript-based code is used for this purpose, which is used to collect company-related data and use it accordingly. The data collected with this technology is encrypted using a non-recalculated one-way function (so-called hashing). The data is immediately pseudonymised and not used to personally identify the visitor to this website.
The data stored in Salesviewer will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage requirements.
You can object to the collection and storage of data at any time with effect for the future by clicking this link https://www.salesviewer.com/opt-out Click to prevent future acquisition by SalesViewer® within this website. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you must click this link again.
Hotjar
Personal data collected from customers and users of Hotjar
This section applies to personal data that Hotjar collects from our customers and users of our software when they use Hotjar's services.
When an individual creates an account with Hotjar, contacts our customer support for assistance, or signs up for our content or special offers, we may ask for additional personal information, such as name, email address, and other information about the individual or company organization she represents.
As explained in more detail elsewhere in this data protection declaration, we process this personal data in accordance with Article 6 (1) (b) GDPR exclusively for the provision of our software. With regard to users of our software on behalf of a Hotjar customer who has entered into this agreement with Hotjar, the legal basis for Hotjar to process your personal data is Article 6(1)(f) GDPR. For more information on registering for and using the software offered by Hotjar, see our Terms of Service .
We temporarily store IP addresses of our customers and users of our software for related performance metrics (ie, data about how well our software is performing) and to control and track application errors. We never access these IP addresses without an operational or security need. We will automatically delete these IP addresses within thirty (30) calendar days. The legal basis for this data processing is Article 6 Paragraph 1 Letter f) GDPR.
a customer can his Hotjar account delete at any time. After the account has been deleted, we may process personal data relating to the customer (in full or in part) for the duration of the statutory periods to comply with legal requirements and reporting obligations and for customer support purposes. Other personal data that we have processed in relation to our customer and/or user of that Hotjar account will be permanently deleted within thirty (30) calendar days.
We may use personal and other data about our customers and/or users (including demographic data, location data, information about the computer or device used to access our software) to create anonymous and aggregated information and analysis. The legal basis for this data processing is Article 6 Paragraph 1 Letter f) GDPR.
Disclosures of the information we collect from our customers and/or users will be made solely in accordance with the Agreement and applicable law.
Use of personal data by Hotjar
Access and Disclosure to Third Parties
For the purpose of analyzing certain technical data and for data processing and/or storage functions (e.g. IT and similar services), we work together with a limited number of trustworthy external service providers. These third-party service providers are carefully selected and meet high data protection and security standards. Data is only disclosed to the third-party service providers to the extent that this is necessary for the provision of the services offered and we contractually oblige them to keep all data disclosed by us confidential and to process personal data only in accordance with our instructions. The legal basis for this processing is Article 6 (1) (f) GDPR.
In addition to service providers, there are other categories of third parties to whom data may be disclosed:
-
Suppliers/government institutions. Insofar as this is necessary for the use of certain services that require special expertise (such as legal, accounting or auditing services), we may pass on personal data to providers of such services or to state institutions that offer them (e.g. courts). The legal basis for this data processing is Article 6 Paragraph 1 Letter f) GDPR.
-
Disclosure in the Event of a Merger, Divestment or Other Asset Transfer. If we are the subject of a merger, acquisition, financing, due diligence, reorganization, bankruptcy, receivership, or acquisition or sale of assets or transition of services to another provider, data may be disclosed as part of such transaction as required by law and/or sold or transferred to the contractually permissible extent. The legal basis for this processing is Article 6 Paragraph 1 Letter f) GDPR.
Apart from the cases mentioned above, we only transfer personal data to third parties with your express consent in accordance with Article 6 (1) (a) GDPR or if we are obliged to do so by law or due to an official or court order, as in our Terms of Service described.
Communication purposes
We may occasionally send email notifications for product updates, legal documentation, customer support, or for marketing purposes. To the extent required by applicable law, we will only send such notifications if we have consent in accordance with Article 6(1)(a) GDPR. In all other cases, the legal basis for this data processing is Article 6 Paragraph 1 Letter f) GDPR.
Except where we are required to do so by law (e.g., a notice of data breach), recipients of our communications may unsubscribe from receiving them at no charge. We process requests to be placed on do not contact lists in accordance with the requirements of applicable law.
Marketing purposes
We use personal information provided to us by Hotjar customers, users and/or visitors to our website to tailor advertisements to Hotjar customers, users and/or visitors to our website to inform them about Hotjar and notify any product changes; and for potential new customers who appear to have common interests or similar demographics. The legal basis for this data processing is Article 6 Paragraph 1 Letter f) GDPR.
We do this by sharing personal information with third party marketing platforms that have high standards of data protection and confidentiality and have undergone legal and security screening by Hotjar. This ensures that these third-party service providers can only use the personal data they receive from us for the express purpose of providing us with the commissioned marketing services.
This personal data is only passed on to these third-party service providers in a secure and encrypted way. If you wish to opt out of this processing activity, please contact us at dpo@hotjar.com with the subject "Opt-Out of Marketing".
Compliance and Protection
We may use personal data for the following purposes (legal basis for the respective processing in brackets):
-
to protect our rights, privacy, safety or property or the rights, privacy, safety or property of our customers/users, visitors to our website or third parties, which also includes the assertion and defense of legal claims (Art. 6 para. 1, lit. b), c) or f) GDPR);
-
to review our internal processes to ensure compliance with legal and contractual requirements and internal guidelines (Art. 6 Para. 1 lit. f) GDPR);
-
to enforce our Terms of Service (Art. 6 para. 1 lit. b) or f) GDPR);
-
to protect against, investigate and deter against fraudulent, harmful, unauthorized, indecent or illegal activities, including cyberattacks and identity theft (Article 6 (1) (f) GDPR); such as
-
to comply with applicable law, to comply with lawful requests and to comply with legal procedures, for example to comply with summonses or requests from authorities (Art. 6 Para. 1 lit. c) or f) GDPR).
Benchmarking
Hotjar reserves the right to use anonymized and/or anonymised data to improve our website and/or software and for statistical and benchmarking purposes, including to enable comparisons within the same industry to improve insights gained through our website and software use and store in aggregated form. Benchmarks look at all metrics collected and compare them to other metrics of the same type. These anonymized and/or aggregated benchmarks may be published or shared publicly within our software or other content published by us, which may summarize results for a particular Show a category or a specific question type.
Data that individually identifies our customers or their end users will never appear in this statistical or benchmark data.
The legal basis for the aggregation/anonymization of this personal data is Art. 6 (1) lit. f GDPR.
Group-internal exchange of user and visitor data
Hotjar is part of the Content Square SaaS group (“ Contentsquare ”) headquartered in Paris, France. As part of our usual processes, Hotjar may share data (e.g. names and contact details) of users of Hotjar accounts and visitors to our website (hotjar.com) with Contentsquare.
The purpose of this data exchange is to achieve synergies in sales strategies, which is in the legitimate interests of Hotjar and Contentsquare. The legal basis for this data processing is Article 6 (1) (f) GDPR. Data that can individually identify end users of a Hotjar-based website is not shared with Contentsquare.
The use of personal data for marketing purposes requires the consent of the data subject, ie the natural person to whom the marketing message is to be sent. You can revoke your consent at any time with effect for the future. The legal basis for this data processing is your consent in accordance with Article 6 (1) (a) GDPR.
Hotjar and Contentsquare are jointly responsible for these processing activities (so-called joint responsibility). If you would like more information about this or would like to assert your rights as set out in this data protection declaration, please contact us using the contact details provided
Other purposes with your consent
We may ask for your consent to collect, use or transfer personal information for other purposes. For example, we may ask for your consent to send you marketing emails where required by law, or to post testimonials or recommendations. You can refuse or withdraw such consent at any time. The legal basis for this data processing is Article 6 (1) (a) GDPR.
Duration of processing
Unless a different period is expressly stated in this Privacy Policy or on our Pricing Page, personal information will be retained for as long as is necessary for the purpose(s) for which it was originally collected or to provide our software, to resolve disputes, establish a legal defense, conduct audits, pursue legitimate business purposes, and enforce our agreement. In addition, we also store the information to be stored under applicable law.
International Transfers of Personal Data
In most cases, the personal data we collect is stored in the EU. In a few cases, however, customer data may be accessed from countries outside the EU or other personal data (e.g. e-mails) may be transmitted to such countries. These countries may have different data protection laws. Hotjar will use its best endeavors to ensure appropriate safeguards to protect personal data. Hotjar has standard contractual clauses in place with companies or entities to which we transfer personal data outside of the EU. See our article about for details data storage .
Data from children
Hotjar's software is not intended for children under the age of 13 (or such other age as may be required by local law). We do not knowingly collect personally identifiable information from children. If you become aware that your child has provided us with personal information without your consent, please contact us using the contact details below. If we learn that we have collected personal information from a child in violation of applicable law, we will promptly delete that information and the child's account. We will further ensure that appropriate measures are taken to prevent this from happening in the future.
Rights in relation to personal data
If you are a visitor to our website or a customer and/or a user of our software and we have collected personal data about you, you have a right to access and information about the personal data processed by Hotjar, subject to certain legal exceptions and requirements , a right to rectification, erasure/anonymization and restriction of processing. You also have the right to receive the personal data you have provided to us in a structured, common and machine-readable format.
If you have given your consent, you can revoke it at any time without affecting the legality of the processing carried out before your revocation. If you withdraw your consent, you acknowledge and accept that this may negatively impact the quality of our website and/or software. Please note that if you withdraw your consent, we may delete and no longer store the personal data previously processed on the basis of your consent, which means that they will no longer be accessible to you or downloaded or otherwise secured by you be able.
In addition, you have the right to lodge a complaint with the competent data protection authority.
Before we comply with your request, we will verify your identity to protect your privacy. We can only identify you based on your e-mail address and only fulfill your request and provide you with information if we have personal data about you because you have contacted us directly and/or through the use of our website and/or software .
If you are a California resident.
This section relates solely to our processing of personal information under the California Consumer Privacy Act (CCPA).
Under the CCPA, California residents have the right to know which Categories of Personal Data Hotjar has collected about you and whether Hotjar has transferred this personal data for a business purpose (e.g. to a service provider) in the previous twelve (12) months.
If you are a California resident and wish to exercise any of your rights under the CCPA, please contact us at dpo@hotiar.com . We will process your request in accordance with applicable law.
Sale of Personal Information Under the CCPA. For purposes of the CCPA, we would like to note that Hotjar does not “sell” any personal information and that we have no positive knowledge of any “sale” of personal information from anyone under the age of 16.
No discrimination. California residents have the right to exercise their rights under the CCPA.
Authorized representative. Only you or someone legally authorized to act on your behalf can make a verifiable customer request under the CCPA. If you have a minor child, you may also submit a verifiable Client Application on behalf of your child. To appoint an authorized representative, please contact us at dpo@hotiar.com .
Examination. Before we comply with customer requests under the CCPA, we will verify your identity to protect your privacy. If you send us a request or inquiry, we will ask you for information, such as your email address, that reasonably enables us to verify that you are the individual whose personal information we have collected or a Authorized representative.
If you are based in Brazil.
This section only relates to our processing of personal data under the Brazilian Lei Geral de Protegao de Dados (LGPD).
In addition to the rights described above, you also have the right:
-
Access your personal data processed by Hotjar;
-
To the extent permitted by law, obtain information about the public and private companies or entities to which we have shared your personal information;
-
to object to the processing carried out; and or
-
Receive information about the possibility to refuse your consent and the consequences of such a refusal.
If you are a Brazilian resident or have resided in Brazil at the time your Personal Information was collected and wish to exercise any of your rights under the LGPD, please contact us at dpo@hotjar.com . We will process your request in accordance with applicable law.
Personal data collected from a visitor to a Hotjar-based website
This section applies to personal information we have received from our customers about visitors to their website that uses our software (ie a Hotjar-based website).
When an End User visits a Hotjar-based website, the privacy statement of the Hotjar-based website governs the personal data collected and not this privacy statement.
This section should always be read in conjunction with the specific privacy statement of the Hotjar-based website, which provides further details on the processing of your personal data by the Hotjar-based website.
When using our software, in addition to our data protection declaration, our Terms of Service and our Terms of Use binding for our customers. For more information about Hotjar, visit our site.
When you visit a Hotjar-based website, Hotjar may temporarily process your IP address to ensure that our service works properly and to improve the quality of our software. IP addresses processed by us are used solely for related performance metrics (ie data on how well our software is performing on the Hotjar-based website) and to control and track application errors. For this purpose, we may store your IP address with Hotjar's sub-processors who are subject to strict confidentiality obligations and will only process your data in accordance with our instructions. We never access these IP addresses without an operational or security need. IP addresses processed or stored by us are automatically deleted within thirty (30) calendar days. The legal basis for this data processing is Art. 6 Para. 1 lit. f GDPR.
Some of Hotjar's customers may integrate data collected from them through our software with other end-user data they have (e.g. their customer data).
Depending on the web browser you use, you may be able to prevent Hotjar from collecting your information when you visit a Hotjar-based website. On our Do Not Track page you can find out whether your web browser offers this function.
We would like to inform you that we cannot respond to requests from end users of Hotjar-based websites in relation to their personal data, including requests for correction or deletion of their personal data. All requests from end users of Hotjar-based websites regarding their personal data collected or submitted by the customer should be sent to the relevant Hotjar customer.
Contact Details
Hotjar Ltd.
Dragonara Business Centre,
5th Floor, Dragonara Road,
Paceville St Julian's STJ 3141 Malta,
Europe
+1 (855) 464-6788
support@hotiar.com
Previous versions of this privacy policy
version 6 ( Markup comparison between version 6 and 6.1 )
Source: Created with the data protection generator from firmenwebseiten.at in cooperation withaugenlaserinfo.com
Expanded by Chrisabel Prischl. Last update 17.10.2022