Privacy | GO 2 Consult.at

Confidentiality declaration

Introduction and overview
We have drawn up this data protection declaration (version 12.10.2022-122224890) in order to explain to you, in accordance with the provisions ofGeneral Data Protection Regulation (EU) 2016/679and applicable national laws, which personal data (abbreviated as data) we process as controllers - and which processors we have commissioned (e.g. access providers) -, which data will be processed at the future and what legitimate options you have. The terms used should be understood as gender neutral.
In short, we inform you comprehensively about the data we process about you.

Data protection declarations usually have a very technical tone and use legal terms. This data protection declaration aims to describe the most important things to you as simply and transparently as possible. As this promotes transparency, technical terms are explained in a user-friendly manner, links to further information are offered and graphics are used. We thus inform in clear and simple language that, in the context of our business activities, we only process personal data if there is a corresponding legal basis. This is certainly not possible by providing explanations that are as succinct, obscure and legally technical as possible, as is often the case on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and that you may find some information that you did not know before.
If questions remain despite everything, we invite you to contact the responsible department mentioned below or in the legal notices, to follow the existing links and to consult additional information on third-party sites. You will of course find our contact details in the legal notice.

Scope
This data protection declaration applies to all personal data that we process within the company and to all personal data that we have processed by companies commissioned by us (processors). By personal data we mean information within the meaning of Article 4(1) GDPR, such as the name, e-mail address and postal address of a person. The processing of personal data enables us to offer and invoice our services and products, whether online or offline. The scope of this privacy statement includes:

all online presences (websites, online shops) operated by us

social media presences and email communication

mobile applications for smartphones and other devices.

In short: the data protection declaration applies to all areas in which personal data is processed in a structured manner within the company via the channels mentioned. If we enter into a legal relationship with you outside of these channels, we will notify you separately, if applicable.

Legal bases
In the following privacy statement, we provide you with transparent information about the legal principles and rules, i.e. the legal bases of the GDPR, which allow us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course consult this basic EU regulation on the protection of online data on EUR-Lex, access to EU law, athttps://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions is met:

Consent (Art. 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be recording data you have entered into a contact form.

Contract (Art. 6(1)(b) GDPR): In order to perform a contract or pre-contractual obligations with you, we process your data. For example, if we enter into a sales contract with you, we need prior personal information.

Legal obligation (Art. 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to keep invoices for accounting purposes. These generally contain personal data.

Legitimate interests (Article 6(1)(f) GDPR): In case of legitimate interests which do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to be able to operate our website securely and economically. This processing therefore constitutes a legitimate interest.

As a rule, we do not fulfill other conditions such as taking photos in the public interest and exercising public authority as well as protecting vital interests. If such a legal basis should nevertheless be relevant, it is indicated at the corresponding place.

In addition to the EU regulation, national laws also apply:

In Austria, this is the Federal Act for the Protection of Individuals in the Processing of Personal Data (Datenschutzgesetz), abbreviated DSG.

In Germany, the Federal Data Protection Act (BDSG) applies.

If other regional or national laws apply, we inform you in the following paragraphs.

Contact details of the responsible person
If you have any questions regarding data protection or the processing of personal data, you will find the contact details of the person or department responsible below:
GO 2 Consult eU
Mechitaristengasse 3, Top1, Vienna 1070, AT

Email: office@goconsult.at
Phone: 066488529975
Imprint: https://www.goconsult.at/impressum/

Contact details of the data protection officer
Below you will find the contact details of the Data Protection Officer:

GO 2 Consult eU
Olivier GRELLIER, MiM
Mechitaristengasse 3, TOP1, Vienna 1070, AT

Email: office@goconsult.at
Phone: +43 66488529975

The duration of the conversation
The fact that we only store personal data for the time strictly necessary for the provision of our services and products is a general criterion with us. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to keep certain data even after the original purpose has disappeared, for example for accounting purposes.

If you want your data to be deleted or if you revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to retain it.

We will inform you later about the concrete duration of each data processing, insofar as we have more information on this subject.

Rights under GDPR
In accordance with Articles 13 and 14 of the GDPR, we inform you of the following rights that you have in order to guarantee fair and transparent data processing:

In accordance with Article 15 of the GDPR, you have a right of access to know whether we are processing data concerning you. If this is the case, you have the right to receive a copy of the data and to know the following information:

the purpose of the processing we carry out;

the categories, i.e. the types of data that are processed;

who receives this data and, if the data is transferred to third countries, how security can be guaranteed;

the data retention period;

the existence of a right to rectification, erasure or restriction of processing and a right to object to processing;

the fact that you can lodge a complaint with a supervisory authority (you will find links to these authorities below);

the origin of the data, if we did not collect it from you;

if profiling is carried out, i.e. if the data is automatically evaluated in order to obtain a personal profile of you.

According to Article 16 of the GDPR, you have a right to rectification of data, which means that we must rectify the data if you find errors.

Under Article 17 of the GDPR, you have the right to erasure ("right to be forgotten"), which concretely means that you can request the deletion of your data.

Under Article 18 of the GDPR, you have the right to restrict processing, which means that we can only store the data, but not use it further.

In accordance with Article 20 of the GDPR, you have the right to data portability, which means that we provide you with your data in a common format on request.

In accordance with Article 21 of the GDPR, you have a right of opposition which, once applied, leads to a modification of the processing.

If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then examine as soon as possible whether we can legally follow up on this objection.

If data is used for direct advertising, you can object to this type of processing at any time. We will then no longer be able to use your data for direct marketing purposes.

If the data is used for profiling purposes, you can object to this type of processing at any time. We will then no longer be able to use your data for profiling purposes.

In accordance with Article 22 of the GDPR, you have the right, under certain circumstances, not to be subject to a decision based exclusively on automated processing (eg profiling).

You have the right to lodge a complaint under Article 77 of the GDPR. This means that you can lodge a complaint with the data protection authority at any time if you believe that the processing of personal data infringes the GDPR.

In short, you have rights - do not hesitate to contact the responsible department listed above with us!

If you believe that the processing of your data violates data protection legislation or that your data protection rights have been violated in some other way, you can lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each Land. For more information, you can contact the cFederal Commissioner for Data Protection and Freedom of Information (BfDI).The following local data protection authority is responsible for our company:

Austria Data Protection Authority
Director: Andrea Jelinek, Doctor of Laws
Address: Barichgasse 40-42, 1030 Vienna
Telephone number: +43 1 52 152-0
E-mail address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Transfer of data to third countries
We only transfer or process data outside the EU (third country) if you consent to such processing, if required by law or if contractually required and in any case only to the extent that is generally allowed. In most cases, your consent is the main reason why we process data in third countries. The processing of personal data in third countries such as the United States, where many software manufacturers provide services and where their servers are located, may involve personal data being processed and stored in unexpected ways.

We expressly draw your attention to the fact that, according to the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. The processing of data by US services (such as Google Analytics) may result in the data not being processed and stored anonymously. In addition, US government authorities may possibly have access to certain data. In addition, it may happen that the data collected is combined with data from other services of the same provider, provided you have a corresponding user account. Whenever possible, we try to use servers located in the EU, where offered.

We inform you more specifically at the appropriate places of this data protection declaration about the transfer of data to third countries, insofar as this applies.

Security of data processing
In order to protect personal data, we have implemented technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. Thus, it is as difficult as possible, within our possibilities, that third parties can derive personal information from our data.

Article 25 of the GDPR speaks here of "data protection by technical design and by privacy-friendly default settings" and means always thinking about security and taking the necessary measures, both for software (eg forms) and for hardware (eg access to the server room). If necessary, we discuss concrete measures below.

TLS encryption with https
TLS, encryption and https sound very technical and indeed they are. We use HTTPS (Hypertext Transfer Protocol Secure means "secure hypertext transfer protocol") to transmit data over the Internet without risk of interception.
This means that the complete transmission of all data from your browser to our web server is secure - no one can "eavesdrop".

We have thus introduced an additional layer of security and comply with data protection by technical design (Art. 25 (1) GDPR). The use of TLS (Transport Layer Security), an encryption protocol for the secure transmission of data over the Internet, allows us to guarantee the protection of confidential data.
You acknowledge the use of this data transmission security by the small padlock symbol at the top left of the browser, to the left of the Internet address (e.g. beispielseite.de) and by the use of the https scheme (instead of http) as part of our Internet address.
If you want to learn more about encryption, we recommend using the Google search "Hypertext Transfer Protocol Secure wiki" for good links to further information.

Communication
Summary of the communication
👥 Persons concerned: all persons who communicate with us by telephone, e-mail or online form.
📓 Data processed: e.g. telephone number, name, email address, form data entered. You can find more details about this in the type of contact used.
🤝 Purpose: processing communication with customers, business partners, etc.
📅 Duration of storage: duration of the commercial transaction and legal provisions.
⚖️ Legal bases: art. 6 para. 1 let. a, GDPR (consent), Art. 6 para. 1 let. b, GDPR (contract), art. 6 para. 1 let. f, GDPR (legitimate interests).

If you contact us and communicate by telephone, e-mail or online form, it is possible that personal data will be processed.

The data is processed for the execution and processing of your question and the related business transaction. Data is retained for as long as required by law.

Persons concerned
All persons who seek to contact us through the means of communication that we make available to them are concerned by the operations mentioned.

Telephone
When you call us, the call data is saved pseudonymised on the terminal concerned and with the telecommunications operator used. In addition, data such as name and telephone number can then be sent by e-mail and saved to respond to the request. The data is erased as soon as the transaction is completed and the legal requirements allow it.

E-mail
When you communicate with us by e-mail, data is possibly recorded on the terminal concerned (computer, laptop, smartphone, etc.) and there is storage of data on the mail server. The data is deleted as soon as the transaction is completed and the legal provisions allow it.

Online forms
If you communicate with us by means of an online form, data is stored on our web server and, if necessary, transmitted to an e-mail address from us. The data is erased as soon as the transaction is completed and the legal provisions allow it.

Legal bases
Data processing is based on the following legal bases:

Art. 6, paragraph 1, letter a of the GDPR (consent): You give us your consent to the storage of your data and their further use for transaction-related purposes;

Art. 6(1)(b) GDPR (contract): It is necessary to perform a contract with you or a processor such as the telephone company, or we need to process the data for pre-contractual activities, such as preparation of an estimate;

Article 6(1)(f) GDPR (legitimate interests): We want to process customer inquiries and commercial communication in a business-like manner. To do this, certain technical equipment, such as e-mail programs, Exchange servers and mobile telephone operators, are necessary in order to be able to manage the communication effectively.

Order Processing Agreement (CAT)
In this section, we want to explain to you what a subcontract is and why it is necessary. As the word "subcontract" is quite difficult to pronounce, we will often use the acronym CUP in this text. Like most companies, we do not work alone, but also use the services of other companies or people. By using different companies or service providers, we may be required to transmit personal data for processing. These partners then act as subcontractors, with whom we conclude a contract, called subcontracting contract (CST). The most important thing for you is to know that the processing of your personal data is carried out exclusively according to our instructions and must be governed by the GCU.

Who are the subcontractors?
As a business and website owner, we are responsible for all data we process about you. In addition to controllers, there may also be so-called processors. This is any company or person that processes personal data on our behalf. More specifically and according to the definition of the GDPR, any natural or legal person, public authority, institution or other body which processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter service providers or large companies such as Google or Microsoft, for example.

For a better understanding of the concepts, here is an overview of the three roles in the GDPR:

Data subject (you as a customer or interested party) → Controller (we as a company and client) → Processor (service provider such as a web host or cloud provider).

Content of a subcontract
As already mentioned above, we have entered into a CUV with our partners who act as processors. This stipulates in the first place that the processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, but in this context the conclusion of the contract electronically is also considered "written". Only on the basis of the contract does the processing of personal data take place. The contract must contain the following elements:

Link to us as controller

Obligations and rights of the controller

Categories of data subjects

Type of personal data

Nature and purpose of data processing

Purpose and duration of data processing

Place of performance of data processing

In addition, the contract contains all the obligations of the subcontractor. The main obligations are as follows:

ensure data security measures

take the possible technical and organizational measures to protect the rights of the data subject

keep a data processing register

cooperate with the data protection supervisory authority if requested to do so

carry out a risk analysis of the personal data received

use subcontractors only with the written authorization of the controller.

For example, you can see what such a GCU actually looks like at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html. A standard contract is presented there.

Cookies
Summary of cookies
👥 Data subjects: website visitors.
🤝 Purpose: depends on the cookie concerned. Further details can be found below or from the manufacturer of the software placing the cookie.
📓 Data processed: Depending on the cookie used. You can find more details about this below or from the manufacturer of the software placing the cookie.
📅 Storage period: depends on the cookie in question, can vary from a few hours to several years.
⚖️ Legal bases: art. 6 para. 1 let. a GDPR (consent), Art. 6 para. 1 let. f GDPR (legitimate interests)

What are cookies ?
Our website uses HTTP cookies to store user-specific data.
We explain below what cookies are and why they are used, so that you can better understand the following privacy statement.

Whenever you browse the Internet, you use a browser. Known browsers are, for example, Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites save small text files in your browser. These files are called cookies.

There is one thing that cannot be denied: Cookies are really useful tools. Almost all websites use cookies. Specifically, these are HTTP cookies, as there are also other cookies for other application domains. HTTP cookies are small files that are saved on your computer by our website. These cookie files are automatically placed in the cookies folder, practically the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store some of your user data, such as language or personal page settings. When you visit our site again, your browser transmits "user-related" information back to our site. Thanks to cookies, our site knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, in others, like Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. In this case, the web browser requests a website and receives a cookie from the server in return, which the browser reuses as soon as another page is requested.

There are first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner sites (eg Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. Similarly, the expiration time of a cookie varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojan horses or other "parasites". Cookies also cannot access information on your PC.

Here is, for example, what cookie data may look like:

Name: _ga
Wert: GA1.2.1326744211.152122224890-9
Purpose of use: to distinguish website visitors
Expiry date: after 2 years

A browser must be able to support these minimum sizes:

At least 4096 bytes per cookie

At least 50 cookies per domain

At least 3000 cookies in total

What are the different types of cookies?
Which cookies we use in particular depends on the services used and will be clarified in the following sections of the privacy statement. At this point, we want to briefly discuss the different types of HTTP cookies.

We can distinguish 4 types of cookies:

Necessary cookies.
These cookies are necessary to ensure the basic functions of the website. For example, these cookies are needed when a user places a product in the shopping cart, continues browsing other pages, and does not checkout until later. Thanks to these cookies, the basket is not deleted, even if the user closes his browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. In addition, these cookies make it possible to measure the loading time and the behavior of the website with different browsers.

Targeted cookies
These cookies improve the user-friendliness of the site. For example, the sites entered, the character size or the form data are saved.

Advertising cookies
These cookies are also called targeting cookies. They serve to provide the user with individually tailored advertisements. This can be very convenient, but also very annoying.

Usually, when you first visit a website, you are asked which of these types of cookies you want to allow. And of course, this decision is also stored in a cookie.

If you want to learn more about cookies and don't mind the technical documentation, we recommend that you visit https://datatracker.ietf.org/doc/html/rfc6265, the Internet Engineering Task Force's Request for Comments ( IETF) called "HTTP State Management Mechanism".

Purpose of processing via cookies
The purpose ultimately depends on the particular cookie. You can find more details about this below or from the manufacturer of the software placing the cookie.

What data is processed?
Cookies are small helpers for a multitude of different tasks. Unfortunately, it is not possible to generalize the data that is stored in cookies, but we will inform you about the data processed or stored within the scope of the following data protection declaration.

Duration of cookie storage
The storage period depends on the cookie concerned and is specified below. Some cookies are deleted after less than an hour, others may remain stored on a computer for several years.

You also have an influence on the storage duration. You can manually delete all cookies at any time via your browser (see also "Right to object" below). Furthermore, consent-based cookies are deleted at the latest after the revocation of your consent, the legality of the storage remaining unaffected until this date.

Right to object - how can I delete cookies?
You decide how and if you want to use cookies. Regardless of the service or website from which the cookies originate, you always have the option of deleting, deactivating or only partially allowing them. For example, you can block third-party cookies, but allow all other cookies.

If you want to know which cookies have been saved in your browser, if you want to change or delete cookie settings, you can find it in your browser settings:

Chrome: delete, enable and manage cookies in Chrome.

Safari: manage cookies and website data with Safari

Firefox: delete cookies to eliminate the data that websites have deposited on your computer.

Internet Explorer: delete and manage cookies

Microsoft Edge: delete and manage cookies.

If you do not want cookies in principle, you can configure your browser so that it always informs you when a cookie needs to be set. You can thus decide for each individual cookie whether or not you allow the cookie. The procedure varies by browser. It is best to search for the instructions in Google with the search term "Delete Chrome cookies" or "Disable Chrome cookies" in the case of a Chrome browser.

Legal basis
Since 2009, there are so-called "cookie guidelines". It is stipulated there that the storage of cookies requires your consent (Article 6, paragraph 1, point a of the GDPR). Within EU countries, reactions to these directives are still very different. In Austria, however, this directive has been transposed in Section 96(3) of the Telecommunications Act (TKG). In Germany, the cookie guidelines have not been transposed into national law. Instead, the transposition of this directive took place largely in § 15 paragraph 3 of the Telemedia Act (TMG).

For absolutely necessary cookies, even in the absence of consent, there are legitimate interests (Article 6(1) of the Data Protection Act).

In the following paragraphs you will find more detailed information on the use of cookies, insofar as the software used uses cookies.

Introduction to web hosting
Summary of web hosting
👥 Data subjects: website visitors.
🤝 Objective: professional hosting of the website and securing its operation.
📓 Data processed: IP address, time of site visit, browser used and other data. You will find more details about this below or from the web hosting provider used in each case.
📅 Storage duration: depends on the respective host, but generally 2 weeks.
⚖️ Legal bases: art. 6 para. 1 let. f GDPR (legitimate interests).

What is web hosting?
Nowadays, when you visit websites, certain information - including personal data - is automatically created and saved, including on this website. These data must be treated with the greatest possible parsimony and only if they are justified. By website, we mean all the web pages of a domain, that is to say everything, from the home page (homepage) to the very last sub-page (like this one ). By domain, we mean for example example example.fr or example.com.

If you want to view a website on a computer, tablet or smartphone, you use a program called a web browser for this. You probably know a few web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We call them briefly browsers or web browsers.

To display the website, the browser must connect to another computer where the website code is stored: the web server. Operating a web server is a complicated and costly task, which is why it is generally entrusted to professional service providers, the access providers. These offer web hosting and thus ensure reliable and error-free storage of website data. A whole bunch of technical terms, but stay tuned, it will get better!

When connecting the browser to your computer (desktop, laptop, tablet or smartphone) and during data transmission to and from the web server, there may be processing of personal data. On the one hand, your computer saves data, on the other hand, the web server must also save data for a certain period of time in order to guarantee correct operation.

With a picture worth a thousand words, the following graphic illustrates the interaction between the browser, the Internet, and the hosting provider.

Why do we process personal data?
The purposes of data processing are:

professional hosting of the website and securing its operation

to maintain operational safety and IT security

Anonymous evaluation of access behavior to improve our offer and, if necessary, for criminal prosecution or the pursuit of claims.

What data is processed?
Even if you are visiting our website at the moment, our web server, i.e. the computer on which this website is stored, generally automatically records data such as

the full Internet address (URL) of the website visited

browser and browser version (e.g. Chrome 87)

the operating system used (e.g. Windows 10)

the address (URL) of the previously visited page (Referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/)

the hostname and IP address of the device from which the access took place (e.g. COMPUTERNAME and 194.23.43.121)

date and time

in files, called web server log files.

How long is the data kept?
As a rule, the aforementioned data is stored for two weeks, after which it is automatically deleted. We do not pass this data on, but we cannot exclude that it will be consulted by the authorities in the event of illegal behavior.

In short: your visit is recorded by our access provider (company that runs our website on special computers (servers)), but we do not pass on your data without your consent!

Legal basis
The legitimacy of the processing of personal data in the context of web hosting derives from Article 6, paragraph 1, point f of the GDPR (safeguarding legitimate interests), because the use of professional hosting with a provider is necessary to present the company on the Internet in a safe and user-friendly manner and to be able to pursue attacks and claims arising therefrom if necessary.

Between us and the hosting provider there is usually an order processing contract according to article 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

Data protection declaration of 1&1 IONOS Webhosting
We use IONOS by 1&1 to host our website. In Germany, 1&1 IONOS SE is headquartered at Elgendorfer Str. 57, 56410 Montabaur. In Austria you can find 1&1 IONOS SE at Gumpendorfer Strasse 142/PF 266, 1060 Vienna. IONOS offers the following web hosting services: Domain, Website & Shop, Hosting & WordPress, Marketing, Email & Office, IONOS Cloud and Servers.

As explained in the section "Automatic data storage", web servers such as those of IONOS record data from each website visit.

If you would like to know more about data protection for the IONOS website, please consult the privacy statement on ionos.fr.

IONOS Order Processing Agreement (CTP)
In accordance with Article 28 of the GDPR, we have concluded a data processing contract (CTP) with IONOS. You can read what exactly a CUV is and especially what should be contained in a CUV in our general section "Order Processing Agreement (CTD)".

This contract is required by law because IONOS processes personal data on our behalf. It is specified there that IONOS can only process the data it receives from us according to our instructions and that it must comply with the GDPR. You can find the link to the Order Processing Agreement (CTA) at https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.

Web Analytics Introduction
Web Analytics Privacy Statement Summary
👥 Data subjects: website visitors
🤝 Purpose: to evaluate visitor information in order to optimize the web offer.
📓 Data processed: Access statistics, which contain data such as locations of accesses, device data, duration and time of access, browsing behavior, click behavior and addresses IP. You will find more details about this in the web analysis tool used.
📅 Storage duration: depends on the web analytics tool used.
⚖️ Legal bases: art. 6 para. 1 let. a GDPR (consent), Art. 6 para. 1 let. f GDPR (legitimate interests).

What is Web Analytics?
We use software on our website to evaluate the behavior of website visitors, briefly called Web Analytics or web analysis. In this context, data is collected, which is stored, managed and processed by the provider of the respective analysis tool (also called tracking tool). This data enables analyzes of user behavior on our website to be compiled and made available to us as the website operator. In addition, most tools offer different testing possibilities. We can thus test which offers or which content are most appreciated by our visitors. For this, we present you two different offers for a limited period. After the test (called A/B testing), we know which product or content is most interesting for visitors to our website. For such test procedures, as for other analysis procedures, user profiles can also be created and data can be stored in cookies.

Why do we use Web Analytics?
With our website, we have a clear goal in mind: we want to provide the best web offer on the market for our sector. To achieve this goal, we want to offer the best and most interesting offer on the one hand and to ensure that you feel completely comfortable on our site on the other. Web analysis tools allow us to take a closer look at the behavior of visitors to our website and to improve our web offer accordingly, both for you and for us. For example, we may know the age of our visitors.

What data is processed?
The exact data that is recorded depends of course on the analysis tools used. But as a rule, we record, for example, the content you visit on our website, the buttons or links you click on, the time you visit a page, the browser you use, the device (PC, tablet , smartphone, etc.) with which you visit the website or the computer system you use. If you have agreed to location data also being collected, these may also be processed by the web analysis tool provider.

In addition, your IP address is also saved. In accordance with the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored as a pseudonym (i.e. in an unrecognizable and abbreviated form). In principle, no direct data, such as your name, age, address or e-mail address, is stored for the purposes of testing, web analysis and web optimization. All of this data, if collected, is stored in pseudonymous form. Thus, you cannot be identified as a person.

The following example schematically shows how Google Analytics works as a client-based web tracking example with Java-Script code.

The retention period of the data always depends on the provider. Some cookies only store data for a few minutes or until you leave the website, other cookies may store data for several years.

Duration of data processing
We inform you below about the duration of the data processing, insofar as we have more information on this subject. As a general rule, we only process personal data for as long as is strictly necessary to provide our services and products. If, as for example in the case of accounting, the law requires it, this storage period can also be exceeded.

Right of opposition
You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling or deleting cookies in your browser.

Legal basis
The use of Web-Analytics presupposes your consent, which we obtained with our cookie popup. Pursuant to GDPR Article 6(1)(a) (consent), this consent forms the legal basis for the processing of personal data, as may occur when collected by the analytics tools. web.

In addition to consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus to improve our offer technically and economically. Using Web-Analytics, we detect website errors, can identify attacks and improve profitability. The legal basis is Article 6(1) point f GDPR (legitimate interests). However, we only use these tools if you have given your consent.

As web analysis tools use cookies, we also recommend that you read our general data protection declaration on cookies. To find out exactly what data about you is stored and processed, you should read the data protection declarations of the respective tools.

For more information on specific web analytics tools, please see the following sections, if they exist.

Google Analytics Privacy Statement
Google Analytics Privacy Statement Summary
👥 Data subjects: website visitors.
🤝 Purpose: to evaluate visitor information in order to optimize the web offer.
📓 Data processed: Access statistics, which contain data such as locations of accesses, device data, duration and time of access, browsing behavior, click behavior and addresses IP. You will find more details on this later in this privacy statement.
📅 Storage duration: depends on the properties used.
⚖️ Legal bases: art. 6 para. 1 let. a GDPR (consent), Art. 6 para. 1 let. f GDPR (legitimate interests).

What is Google Analytics?
On our website, we use the analysis and tracking tool Google Analytics (GA) from the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland ) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, when you click on a link, this action is recorded in a cookie and sent to Google Analytics. The reports we receive from Google Analytics allow us to better adapt our website and our services to your wishes. In the following we will explain the tracking tool to you in more detail and inform you above all about what data is stored and how you can prevent this.

Google Analytics is a tracking tool that is used to analyze our website traffic. For Google Analytics to work, a tracking code is integrated into the code of our website. When you visit our website, this code registers various actions you perform on our website. As soon as you leave our site, this data is sent to the servers of Google Analytics and stored there.

Google processes the data and we receive reports on your user behavior. This may include, among others, the following reports:

Target group reports: Target group reports allow us to get to know our users better and to know more precisely who is interested in our service.

Ads reports: Ads reports make it easier for us to analyze and improve our online advertising.

Acquisition reports: Acquisition reports provide us with useful information on how we can attract more people to our service.

Behavioral reports: they allow us to know how you interact with our website. We may track the path you take through our site and the links you click on.

Conversion reports: A conversion is the process by which you take a desired action following a marketing message. For example, when you go from being a simple site visitor to being a buyer or subscriber to a newsletter. These reports allow us to learn more about the impact of our marketing measures on you. We want to improve our conversion rate.

Real-time reports: Here we are always informed immediately about what is happening on our website. For example, we see how many users are currently reading this text.

Why do we use Google Analytics on our website?
Our goal with this website is clear: we want to offer you the best possible service. Statistics and data from Google Analytics help us achieve this goal.

The statistically analyzed data gives us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that interested persons can find it more easily on Google. On the other hand, the data helps us to better understand you as a visitor. We know very precisely what we need to improve on our site in order to offer you the best possible service. The data also serves us to implement our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.

What data is recorded by Google Analytics?
Google Analytics creates, using a tracking code, a unique and random identifier linked to your browser's cookie. This way, Google Analytics recognizes you as a new user. The next time you visit our site, you will be recognized as a "recurring" user. All data collected is saved with this user ID. This makes it possible to evaluate pseudonymous user profiles.

In order to be able to analyze our website with Google Analytics, a Property-ID must be inserted in the tracking code. The data is then saved in the corresponding property. For each new Property created, the Google Analytics 4-Property is standard. But it is also possible to create a Universal Analytics Property. Depending on the property used, the data is stored for a different duration.

Identifiers such as cookies and application instance IDs are used to measure your interactions on our website. Interactions are all types of actions you take on our website. If you also use other Google systems (such as a Google account), the data generated by Google Analytics may be associated with third-party cookies. Google does not share Google Analytics data unless we as the site operator allow it. Exceptions may occur where required by law.

The following cookies are used by Google Analytics:

Name: _ga
Wert: 2.1326744211.152122224890-5
Intended use: By default, analytics.js uses the _ga cookie to save the user ID. In principle, it serves to distinguish visitors to the website.
Expiry date: after 2 years

Name: _gid
Wert: 2.1687193234.152122224890-1
Intended use: The cookie is also used to distinguish visitors to the website.
Expiration date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose of use: is used to reduce the request rate. If Google Analytics is provided through the Google Tag Manager, this cookie is named _dc_gtm_ <property-id>.
Expiry date: after 1 minute

Name: AMP_TOKEN
Value: no indication
Intended use: The cookie has a token that allows retrieving a user ID from the AMP client identification service. Other possible values indicate disconnection, request, or error.
Expiry date: after 30 seconds and up to one year.

Name: __utma
Wert: 1564498958.1564498958.1564498958.1
Use: this cookie is used to track your behavior on the website and to measure its performance. The cookie is updated each time information is sent to Google Analytics.
Expiry date: after 2 years

Name: __utmt
Value: 1
Intended use: The cookie is used as _gat_gtag_UA_<property-id> to limit the request rate.
Expiration date: after 10 minutes

Name: __utmb
Value: 3.10.1564498958
Usage: This cookie is used to determine new sessions. It is updated each time new data or information is sent to Google Analytics.
Expiration date: after 30 minutes

Name: __utmc
Value: 167421564
Usage: This cookie is used to set up new sessions for returning visitors. This is a session cookie that is only stored until you close the browser.
Expiry date: after closing the browser

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Usage: the cookie is used to identify the source of traffic to our website. In other words, the cookie records where you came to our site from. It can be another page or an advertisement.
Expiration date: after 6 months

Name: __utmv
Value: no indication
Usage: the cookie is used to store personalized user data. It is always updated when information is sent to Google Analytics.
Expiry date: after 2 years

Note: this list cannot be exhaustive, as Google regularly modifies the choice of its cookies.

Here is an overview of the main data collected by Google Analytics:

Heatmaps: Google creates so-called heatmaps. Thanks to the heatmaps, we see exactly the areas on which you click. This gives us information about the places you "visit" on our site.

Session duration: Google refers to session duration as the time you spend on our site without leaving it. If you have been inactive for 20 minutes, the session ends automatically.

Bounce rate (engl. bouncerate): We speak of a bounce when you visit only one page on our site and then leave it.

Account creation: when you create an account or place an order on our site, Google Analytics collects this data.

IP address: The IP address is only shown in abbreviated form so that no clear assignment is possible.

Location: The IP address is used to determine the country and your approximate location. This process is also called IP tracking.

Technical information: Technical information includes, among other things, your browser type, your Internet service provider or your screen resolution.

Source of origin: Google Analytics or we are naturally interested in the website or advertisement that brought you to our site.

Other data are contact data, possible ratings, media playback (eg when you play a video via our site), content sharing via social media or adding to your favorites. This list does not claim to be exhaustive and only serves to give general guidance on the recording of data by Google Analytics.

Where and how long is the data stored?
Google has its servers spread all over the world. Most of the servers are in America, so your data is usually stored on US servers. You can read here exactly where Google's data centers are located: https://www.google.com/about/datacenters/locations/?hl=de

Your data is distributed on different physical data carriers. The advantage is that the data can be accessed more quickly and is better protected against manipulation. In each Google data center, there are appropriate rescue programs for your data. If, for example, Google's IT equipment breaks down or if natural disasters cripple servers, the risk of service interruption at Google remains low.

The retention period of the data depends on the properties used. If you use the new Google Analytics 4 properties, the retention period for your user data is set at 14 months. For other so-called event data, we have the option of choosing a retention period of 2 months or 14 months.

For Universal Analytics properties, the retention period for your user data is set by default to 26 months. Then your user data is deleted. However, we have the option of choosing the retention period for useful data ourselves. We have five variants for this:

Deletion after 14 months

Deletion after 26 months

Deletion after 38 months

Deletion after 50 months

No automatic deletion

In addition, there is also the option that the data is only deleted if you no longer visit our website for the period chosen by us. In this case, the retention period is reset each time you visit our website again during the defined period.

After the set period has elapsed, the data is deleted once a month. This retention period applies to your data associated with cookies, user identification and advertising identifiers (eg cookies from the DoubleClick domain). Report results are based on aggregated data and are kept separate from user data. Aggregate data is a merging of individual data into a larger unit.

How can I delete my data or prevent it from being stored?
In accordance with European Union data protection legislation, you have the right to access, update, delete or restrict your data. Using the Google Analytics-JavaScript Opt-out Browser Add-on (ga.js, analytics.js, dc.js) you prevent Google Analytics from using your data. You can download and install the browser add-on from https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only allows you to opt out of data collection by Google Analytics.

If you wish to deactivate, delete or manage cookies in principle, you will find in the "Cookies" section the links to the corresponding instructions of the most well-known browsers.

Legal basis
The use of Google Analytics presupposes your consent, which we have obtained with our cookie popup. Pursuant to GDPR Article 6(1)(a) (consent), this consent forms the legal basis for the processing of personal data, as may occur when collected by analytics tools web.

In addition to consent, there is a legitimate interest on our part to analyze the behavior of website visitors and thus to improve our offer technically and economically. Google Analytics allows us to detect website errors, identify attacks and improve profitability. The legal basis is Article 6(1) point f GDPR (legitimate interests). However, we only use Google Analytics insofar as you have given your consent.

Google processes your data, among other places, in the United States. We draw your attention to the fact that, according to the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the United States. This may come with various risks to the legality and security of data processing.

As the basis for data processing at recipients domiciled in third countries (outside the European Union, Iceland, Liechtenstein, Norway, therefore in particular in the USA) or a transfer data to these countries, Google uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are models made available by the European Commission and aim to ensure that your data complies with European data protection standards, even if it is transferred and stored in third countries (such as United States). Through these clauses, Google undertakes to respect the European level of data protection when processing your relevant data, even if this data is stored, processed and managed in the United States. These clauses are based on an implementing decision of the European Commission. You will find the decision and the corresponding standard contractual clauses among others here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find the Google Ads Data Processing Terms, which refer to standard contractual clauses, at https://business.safety.google/intl/de/adsprocessorterms/.

We hope we have been able to provide you with the most important information regarding the processing of Google Analytics data. If you want to know more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/ answer/6004245?hl=de.