Our data protection policy (version dated 27 September 2019 – 221102896) explains in compliance with the General Data Protection Regulation (EU) 2016/679 and the DSG [“Datenschutzgesetz”: Austrian Data Protection Act] which information we collect, how we use data and which options are available to you as a visitor to this website.
Although it is hard to provide such explanations without using technical language, we have tried to keep our explanations as plain and simple as possible.
AUTOMATIC DATA STORAGE
Whenever you visit a website, certain information is created and stored automatically. Our website is no different.
When you visit our website, as you are now doing, our web server (computer on which this website is stored) automatically stores data such as
- the address (URL) of the website you visit
- browser and browser version
- the operating system you use
- the address (URL) of the last site you visited (referrer URL)
- the host name and IP address of the device you are using to access the website
- date and time
in files (web server log files).
Web server log files are usually stored for two weeks and are then automatically deleted. We do not share these data, but we cannot guarantee that they will not be accessed illegally.
STORAGE OF PERSONAL DATA
We only use any personal data which you provide to us electronically on this website, such as your name, email address, address or other personal particulars provided on a form or when commenting on a blog together with the time and IP address for the stated purpose. We will store your data securely and will not share it with third parties.
This means we only use your personal data to communicate with visitors who expressly consent to being contacted and to process the services and products offered on this website. We do not share these data without your consent, but we cannot guarantee that they will not be accessed illegally.
We are unable to guarantee the secure transfer and protection of any personal data you send us by email, i.e., outside of this website. We recommend that you encrypt all confidential data you send by email.
YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION
You are entitled to the following rights under the GDPR and the Austria Data Protection Act (DSG):
- Right to rectification (Article 16 GDPR)
- Right to erasure (“right to be forgotten”) (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to notification – notification obligation regarding rectification or erasure of personal data or restriction of processing (Article 19 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR)
If you believe that the processing of your data breaches data protection legislation or otherwise violates your data protection rights, you are entitled to lodge a complaint with the competent supervisory authority. In Austria this is the Data Protection Authority at https://www.dsb.gv.at/.
ANALYSIS OF WEBSITE TRAFFIC
In the data protection policy below we explain whether and how we analyze data collected during your visit to this website. Such data are generally analyzed anonymously and we are unable to determine your identity on the basis of your behavior on this website.
You can find out more about how to object to an analysis of traffic data in the following data protection policy.
TLS ENCRYPTION WITH HTTPS
We use https to transfer data privately over the internet (data protection by design Article 25 (1) GDPR). By using TLS (Transport Layer Security), an encryption protocol to securely transfer data over the internet, we can guarantee the protection of confidential data. The small lock symbol in the top left corner of the browser and the use of the https prefix (instead of http) in our internet address show you that your data have been transferred securely.
Our website uses HTTP cookies to store user-specific data.
Below we explain what cookies are and why they are used so that you can better understand the following data protection policy.
What are cookies?
To surf the internet you have to use a browser, such as Chrome, Safari, Firefox, Internet Explorer or Microsoft Edge. Most websites store small text files in your browser, called cookies.
Cookies store certain pieces of information about you, such as your preferred language or personal page settings. The next time you visit our website, your browser sends this user information back to us. By placing cookies, our website knows who you are and can apply your standard settings. In some browsers each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.
There are two types of cookie: first-party cookies and third-party cookies. First-party cookies are the cookies created directly by our website, whereas third-party cookies are created by partner websites (e.g., Google Analytics). Every cookie is different as it stores a different amount of information. The lifetime of a cookie can range from a few minutes to several years. Cookies are not software programs and do not contain any viruses, Trojans or other type of malware, nor can they access any information on your PC.
Here is an example of the data contained in a cookie:
Value: GA1.2.1326744211.152221102896 Purpose: to identify visitors to a website
Expiry date: after two years
A browser should be able to support these minimum key sizes:
- At least 4096 bytes per cookie
- At least 50 cookies per domain
- At least 3,000 cookies in total
What kinds of cookies are there?
The specific type of cookie we deploy depends on the services used and is explained in the following sections of the data protection policy. Below we briefly describe the different kinds of HTTP cookies.
There are four different types:
Strictly necessary cookies
These are cookies which are vital to ensure the basic functionality of the website. For example, these cookies are needed when a user places a product in the shopping cart and then visits other websites before returning to the checkout. These cookies prevent the products in the shopping cart from being deleted even when the user closes their browser window.
These cookies collect information about user behavior and whether the user receives any error messages. They can also measure the page load time and performance of the website in different browsers.
These cookies help to improve the user experience by storing locations, font sizes or data in forms, for example.
These cookies are also known as targeting cookies and help to show advertisements that are relevant to the user. This can be very useful, but also very annoying.
The first time you visit a website you will usually be asked which types of cookies you wish to allow. And of course, your choice is also stored in a cookie.
How can I delete cookies?
If you want to find out which cookies have been stored in your browser or if you want to change or delete your cookie settings, you can go to your browser settings:
If you do not want to have any cookies at all, you can set up your browser to notify you each time a website wants to place a cookie. Then you can decide whether or not you want to allow that cookie. The procedure will depend on your browser. We recommend that you search for instructions in Google by entering the search term “delete cookies Chrome” or “disable cookies Chrome” if you have a Chrome browser, replacing “Chrome” with the name of your browser, e.g., Edge, Firefox, Safari, instead you use a different browser.
How is my data privacy ensured?
The EU Cookie Directive was issued in 2009. It specifies that the visitor to a website (you, that is) has to give their consent before cookies can be stored. However, this Directive has met with very different responses in the various EU member states. In Austria, it is implemented in Sec. 96 (3) TKG [“Telekommunikationsgesetz”: Austrian Telecommunications Act].
If you want to learn more about cookies and are not put off by technical documentation, we recommend you read the request for comments by the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism” at https://tools.ietf.org/html/rfc6265.
DATA PROTECTION POLICY – NEWSLETTER
If you sign up for our newsletter, you transmit the aforementioned personal data and permit us to contact you by email. We use the data we store when you sign up for a newsletter for our newsletter only. We do not share these data.
If you cancel your subscription to the newsletter – each newsletter features an unsubscribe link at the bottom – we delete all data that were stored when you first signed up for the newsletter.
DATA PROTECTION POLICY – GOOGLE MAPS
On our website we use Google Maps provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Maps allows us to improve the way we display locations and thereby enhance our service. When using Google Maps, data are transferred to Google and stored on Google’s servers. Below we explore in more detail what Google Maps is, why we use this Google service, which data are stored and how you can prevent your data from being stored.
What is Google Maps?
Google Maps is an online map service provided by Google Inc. Google Maps allows you to search for the exact location of cities, landmarks, accommodation or businesses on the internet using a PC or an app. If companies are listed on Google My Business, information about the company is shown in addition to the location. To provide directions, maps of a location can be embedded in a website using HTML code. Google Maps depicts the surface of the Earth as a road map or as an aerial or satellite image. Its Street View pictures and high resolution satellite imagery allow very precise maps.
Why do we use Google Maps on our website?
We do our very best to make the time you spend on our website useful and meaningful. Google Maps allows us to deliver to you the most important information about various locations. It also enables you to see at a glance where we have our head office. The directions always show you the best and fastest way to get to us, either by car, public transport, on foot or by bike. Offering Google Maps is an integral part of our customer service.
Which data does Google Maps store?
Google Maps has to request and store data from you so that it can offer its full service. These include the search terms you enter, your IP address and your coordinates. If you use the trip planner function, your start address is also stored – but only on the Google Maps websites. We can only inform you of this; we have no control over it. As we have embedded Google Maps in our website, Google will place at least one cookie (“NID”) in your browser. This cookie stores data about your user history. Google uses these data mainly to optimize its own services and show you customized advertising.
Google Maps puts the following cookie in your browser:
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ221102896 Purpose: Google uses NID to tailor advertising to your Google search. With the help of cookies, Google “remembers” your most frequent search requests or your past interaction with advertisements so that you are always shown tailor-made ads. The cookie contains a unique ID which Google uses to collect the user’s personal settings for advertising purposes.
Expiry date: after six months
Note: We are unable to guarantee that the data stored by Google are complete. In particular, we have no way of ensuring that Google does not modify the data when cookies are used. To isolate the cookie NID we created a test site whose sole content was an embedded instance of Google Maps.
For how long and where are the data stored?
Google’s servers are located in data centers all over the world, but most of them are in the United States. This means that much of your data is stored in the US. You can find out where Google’s data centers are located here: https://www.google.com/about/datacenters/inside/locations/?hl=de
Google stores data in different locations so that they can be accessed faster and better protected against manipulation. Every data center has dedicated contingency programs. If there are problems with the Google hardware, for example, or if a natural disaster damages the servers, the data will highly likely be preserved.
Google stores some data for a defined period, while it only provides the option of manual deletion for other data. It also anonymizes certain information (such as advertising data) in server log files by deleting part of the IP address and cookie information after 9 or 18 months.
How can I delete my data or prevent my data from being stored?
The auto-delete function for location and activity histories introduced in 2019 means that information on your location and web or app activity is stored for either 3 or 18 months, depending on your choice, and then deleted. You can also delete your data manually at any time by accessing your Google account. If you want to prevent Google from tracking your location altogether, you will need to pause web and app activity in your Google account. Select “Manage your data & personalization” and then “Manage activity” where you can turn activities on or off.
In your browser you can also disable, delete or manage specific cookies. How to do this depends on the browser you use. The following instructions explain how you can manage cookies in your browser:
If you do not want to have any cookies at all, you can set up your browser to notify you each time a website wants to place a cookie. This gives you the freedom to decide whether or not you want to allow a cookie.
Google is an active participant in the EU-US Privacy Shield Framework designed to ensure the correct and secure transfer of personal data. See https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG for more information. If you want to find out more about how Google processes data, we recommend that you read Google’s own data protection policy at https://policies.google.com/privacy?hl=de.