Information in accordance with §5 of the E-Commerce Act, §14 of the Unternehmensgesetzbuch, §63 of the Commercial Code and disclosure requirements under §25 of the Media Act.
Chairwoman: Najwa Duzdar
Chairwoman: Katharina Maly
Chairwoman: Selma Demir
Location: Schönngasse 15-17/2, 1020 Wien
Unfortunately, these subjects sound rather technical due to their nature, but we have put much effort into describing the most important things as simply and clearly as possible.
Automatic Data Retention
Every time you visit a website nowadays, certain information is automatically created and saved, just as it happens on this website.
Whenever you visit our website such as you are doing right now, our webserver (computer on which this website is saved/stored) automatically saves data such as
- the address (URL) of the accessed website
- browser and browser version
- the used operating system
- the address (URL) of the previously visited site (referrer URL)
- the host name and the IP-address of the device the website is accessed from
- date and time
in files (webserver-logfiles).
Generally, webserver-logfiles stay saved for two weeks and then get deleted automatically. We do not pass this information to others, but we cannot exclude the possibility that this data will be looked at in case of illegal conduct.
Our website uses HTTP-cookies to store user-specific data.
What exactly are cookies?
Every time you surf the internet, you use a browser. Common browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.
Cookies save certain parts of your user data, such as e.g. language or personal page settings. When you re-open our website, your browser submits these “user specific” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers every cookie has its own file, in others such as Firefox, all cookies are stored in one single file.
There are both first-party cookies and third-party coookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites (e.g. Google Analytics). Every cookie is individual, since every cookie stores different data. The expiration time of a cookie also varies – it can be a few minutes, or up to a few years. Cookies are no software-programs and contain no computer viruses, trojans or any other malware. Cookies also cannot access your PC’s information.
This is an example of how cookie-files can look:
purpose: differentiation between website visitors
expiration date: after 2 years
A browser should support these minimum sizes:
- at least 4096 bytes per cookie
- at least 50 cookies per domain
- at least 3000 cookies in total
Which types of cookies are there?
There are 4 different types of cookies:
These cookies are necessary to ensure the basic function of a website. They are needed when a user for example puts a product into their shopping cart, then continues surfing on different websites and comes back later in order to proceed to the checkout. Even when the user closed their window priorly, these cookies ensure that the shopping cart does not get deleted.
These cookies collect info about the user behaviour and record if the user potentially receives any error messages. Furthermore, these cookies record the website’s loading time as well as its behaviour within different browsers.
These cookies care for an improved user-friendliness. Thus, information such as previously entered locations, fonts or data in forms stay saved.
These cookies are also known as targeting-Cookies. They serve the purpose of delivering individually adapted advertisements to the user. This can be very practical, but also rather annoying.
Upon your first visit to a website you are usually asked which of these cookie-types you want to accept. Furthermore, this decision will of course also be saved in a cookie.
How can I delete cookies?
If you want change or delete cookie-settings and would like to determine which cookies have been saved to your browser, you can find this info in your browser-settings:
If you generally do not want to allow any cookies at all, you can set up your browser in a way, to notify you whenever a potential cookie is about to be set. This gives you the opportunity to manually decide to either permit or deny the placement of every single cookie. The settings for this differ from browser to browser. Therefore, it might be best for you to search for the instructions in Google. If you are using Chrome, you could for example put the search phrase “delete cookies Chrome” or “deactivate cookies Chrome” into Google.
How is my data protected?
If you want to learn more about cookies and do not mind technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Storage of Personal Data
Any personal data you electronically submit to us on this website, such as your name, email address, home address or other personal information you provide via the transmission of a form or via any comments to the blog, are solely used for the specified purpose and get stored securely along with the respective submission times and IP-address. These data do not get passed on to third parties.
Therefore, we use personal data for the communication with only those users, who have explicitly requested being contacted, as well as for the execution of the services and products offered on this website. We do not pass your personal data to others without your approval, but we cannot exclude the possibility this data will be looked at in case of illegal conduct.
If you send us personal data via email – and thus not via this website – we cannot guarantee any safe transmission or protection of your data. We recommend you, to never send confidential data via email.
Rights in accordance with the General Data Protection Regulation
- right to rectification (article 16 GDPR)
- right to erasure (“right to be forgotten“) (article 17 GDPR)
- right to restrict processing (article 18 GDPR)
- righ to notification – notification obligation regarding rectification or erasure of personal data or restriction of processing (article 19 GDPR)
- right to data portability (article 20 GDPR)
- Right to object (article 21 GDPR)
- right not to be subject to a decision based solely on automated processing – including profiling – (article 22 GDPR)
If you think that the processing of your data violates the data protection law, or that your data protection rights have been infringed in any other way, you can lodge a complaint with your respective regulatory authority. For Austria this is the data protection authority, whose website you can access at https://www.data-protection-authority.gv.at/.
Evaluation of Visitor Behaviour
TLS encryption with https
We use https to transfer information on the internet in a tap-proof manner (data protection through technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information. You can recognise the use of this safeguarding tool by the little lock-symbol, which is situated in your browser’s top left corner, as well as by the use of the letters https (instead of http) as a part of our web address.
We exclusively want to show our products or services to persons, who are interested in them. With the aid of the Facebook pixel, our advertising measures can get better adjusted to your wishes and interests. Therefore, Facebook users get to see suitable advertisement (if they allowed personalised advertisement). Moreover, Facebook uses the collected data for analytical purposes and for its own advertisements.
In the following we will show you the cookies, which were set on a test page through the integration of the Facebook pixel. Please consider that these cookies are only examples. Depending on the interaction that is made on our website, different cookies are set.
Purpose: Dieses Cookie verwendet Facebook, um Werbeprodukte anzuzeigen.
Expiration date: nach 3 Monaten
Purpose: Dieses Cookie wird verwendet, damit Facebook-Pixel auch ordentlich funktioniert.
Expiration date: nach 3 Monaten
Value: Name of the author
Purpose: This cookie saves the text and name of a user who e.g. leaves a comment.
Expiration date: after 12 months
Value: https%3A%2F%2Fwww.testseite…%2F (URL of the author)
Purpose: This cookie saved the URL of the website that the user types into a text box on our website.
Expiration date: after 12 months
Value: email address of the author
Purpose: This cookie saves the email address of the user, if they provided it on the website.
Expiration date: after 12 months
Note: The above-mentioned cookies relate to an individual user behaviour. Moreover, especially concerning the usage of cookies, changes at Facebook can never be ruled out.
If you are registered at Facebook, you can change the settings for advertisements yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Facebook user, you can manage your user based online advertising at https://www.youronlinechoices.com/uk/your-ad-choices. You have the option to activate or deactivate any providers there.
If you want to learn more about Facebook’s data protection, we recommend you the view the company’s in-house data policies at https://www.facebook.com/policy.php.
Along with Facebook’s pixel function, we have also activated the automatic advanced matching. This function allows us to send hashed emails, names, genders, cities, states, postcodes and dates of birth or telephone numbers as additional information to Facebook, provided you have made them available to us. This activation gives us the opportunity, to customise advertising campaigns even better to persons who are interested in our services or products.
When you subscribe to our Newsletter you submit your personal data and give us the right to contact you via email. We use the data that is stored for the registration for the Newsletter exclusively for our Newsletter and do not pass them on.
If you unsubscribe from the newsletter – for which you can find a link in the bottom of every newsletter – we will delete all data that was saved when you registered for the newsletter.
Like many other websites, we use the services of the newsletter company MailChimp on our website. The operator of MailChimp is the company The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. With the aid of MailChimp we can easily send you interesting news via newsletter. For the use of the service we do not have to install anything but can still access a pool of very efficient features. In the following we will give more details on this email marketing service and will inform you about the most important data protection aspects.
What is MailChimp?
MailChimp is a cloud-based newsletter management service. “Cloud-based“ means that we do not need to install MailChimp on our own computer or server. Instead, we use the service on an external server, or more specifically via an IT infrastructure, which is available via the internet. Using a software this way is also called SaaS (software as a service).
MailChimp allows us to chose from a wide range of different email types. Depending on what goal we want to reach with our newsletter, we can run individual campaigns, regular campaigns, auto responders (automated emails), A/B tests, RSS campaigns (mailings at pre-set times and frequencies) and follow-up campaigns.
Why do we use MailChimp on our website?
The reason we would use any newsletter service is so we can stay in contact with you. We want to keep you on the loop what news or attractive offers we have for you at the time. As we constantly seek out the easiest and best solutions for our marketing measures, we have decided on MailChimp as our newsletter management service. While the software is very easy to use, it offers many helpful features. For example, it allows us to create interesting and attractive newsletters in only a short time. With integrated design templates we can create every newsletter in an individual way. Due to the “responsive design” feature, our contents are also presented in a readable and pleasant way on your smartphone (or any other mobile device).
With tools such as A/B testing or the extensive analysis options, we can swiftly tell how you like our newsletters. This means that we can react if necessary and improve our offer or our services.
Another advantage is MailChimp’s “cloud system”. The data is not stored and processed directly on our server. We can retrieve the datafrom external servers and therefore save our memory space and also decrease maintenance effort.
What data is saved by MailChimp?
Rocket Science Group LLC (MailChimp) operate online platforms which enable us to get in contact with you, provided you subscribed to our newsletter. If you become a subscriber of our newsletter via our website, by email you agree to become a member of a MailChimp email list. Then, MailChimp saves your subscription data and your IP address, so it can verify your entry into the list provider. Moreover, MailChimp stores your email address, your name, your physical address and demographic information, such as language or location.
This information is used to send emails to you and to allow certain other MailChimp functions (e.g. the evaluation of newsletters).
MailChimp also shares information with third parties to improve its services. Moreover, MailChimp shares certain data with advertising partners of third parties to get a better understanding of its clients’ interests, in order to provide relevant contents and target-oriented advertising.
With so-called “web beacons” (small graphics in HTML emails), MailChimp can determine if an email has arrived, has been opened or if links have been clicked. This information is then stored on MailChimp’s servers. That way we receive statistical evaluations and can see how you liked our newsletter. Therefore, we can tailor our offer better to your wishes and improve our service.
Moreover, MailChimp are allowed to use this data for improving their own service. Thus, they can for example technically optimise the distribution or determine the location (or the country) of the recipient.
The following cookies can be set by MailChimp. The list is not exhaustive and is merely an exemplary selection:
Purpose: This cookie is necessary to provide the services of Mailchimp. It is always set when a user registers for a newsletter mailing list.
Expiry date: at the end of the session
Purpose: The cookie is used to differentiate a human from a bot. That way secure reports on the use of a website can be created.
Expiry date: after 2 hours
Purpose: This cookie comes from MasterPass Digital Wallet (a MasterCard service) and is used to offer a secure and easy virtual payment process to visitors. For this purpose, the user is anonymously identified on the website.
Expiry date: after 2 hours
Purpose: We could not find any further information about the purpose of this cookie.
Expiry date: after one year
How long and where is the data saved?
Since MailChimp is an American company, all retained data is stored on American servers.
Generally, the data stays permanently saved on MailChimp’s servers and is deleted only when you request it. You can have your contact information with us deleted. This permanently removes all your personal data for us and anonymises you in MailChimp’s reports. However, you can also request the deletion of your data permanently at MailChimp. Then all your data are removed from there and we receive a notification from MailChimp. After we receive the email we have 30 days to delete your contact from all integrations.
How can I delete my data or prevent data retention?
You can withdraw your approval for the receipt of our newsletters anytime, by clicking the link in the lower area of the received newsletter email. When you click on the unsubscribe link, your data with MailChimp gets deleted.
When you land on a MailChimp website via a link in our newsletter and cookies are consequently set in your browser, you can delete or deactivate these cookies anytime.
Depending on the browser, the deactivation or deletion differs slightly. The following instructions show how to manage cookies in your browser:
If you generally do not want to allow any cookies, you can set up your browser in a way so it would notify you whenever a potential cookie is about to be set. This lets you decide upon the placement of every single cookie.
We have embedded elements from social media services on our website, to display pictures, videos and texts. By visiting pages that present such elements, data is transferred from your browser to the respective social media service, where it is stored. We do not have access to this data.
The following links lead to the respective social media services’ sites, where you can find a declaration on how they handle your data:
- Instagram Data Policy: https://help.instagram.com/519522125107875
- Facebook Data Policy: https://www.facebook.com/about/privacy
Facebook Data Policy
We use selected Facebook tools on our website. Facebook is a social media network of the company Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. With the aid of this tool we can provide the best possible offers to you and anyone interested in our products and services. In the following we will give you an overview on the different Facebook tools, as well as on what data is sent to Facebook and how you can delete these data.
What are Facebook tools?
Along with many other products, Facebook also offers so called “Facebook Business Tools”. This is Facebook’s official name for the tools, but it is not very common. Therefore, we decided to merely call them “Facebook tools”. They include the following:
- social plugins (e.g. the “Like” or “Share“ button)
- Facebook Login
- Account Kit
- APIs (application programming interface)
- SDKs (Softwart developmept kits)
- Technologies and Services
With these tools Facebook can extend its services and is able to receive information on user activities outside of Facebook.
Why do we use Facebook tools on our website?
We only want to show our services and products to people who are genuinely interested in them. With the help of advertisements (Facebook Ads) we can reach exactly these people. However, to be able to show suitable adverts to users, Facebook requires additional information on people’s needs and wishes. Therefore, information on the user behaviour (and contact details) on our website, are provided to Facebook. Consequently, Facebook can collect better user data and is able to display suitable adverts for our products or services. Thanks to the tools it is possible to create targeted, customised ad campaigns of Facebook.
Facebook calls data about your behaviour on our website “event data” and uses them for analytics services. That way, Facebook can create “campaign reports” about our ad campaigns’ effectiveness on our behalf. Moreover, by analyses we can get a better insight in how you use our services, our website or our products. Therefore, some of these tools help us optimise your user experience on our website. With the social plugins for instance, you can share our site’s contents directly on Facebook.
What data is saved by the Facebook tools?
With the use of the Facebook tools, personal data (customer data) may be sent to Facebook. Depending on the tools used, customer data such as name, address, telephone number and IP address may be transmitted.
Facebook uses this information to match the data with the data it has on you (if you are a Facebook member). However, before the customer data is transferred to Facebook, a so called “Hashing” takes place. This means, that a data record of any size is transformed into a string of characters, which also has the purpose of encrypting data.
Moreover, not only contact data, but also “event data“ is transferred. These data are the information we receive about you on our website. To give an example, it allows us to see what subpages you visit or what products you buy from us. Facebook does not disclose the obtained information to third parties (such as advertisers), unless the company has an explicit permission or is legally obliged to do so. Also, “event data“ can be linked to contact information, which helps Facebook to offer improved, customised adverts. Finally, after the previously mentioned matching process, Facebook deletes the contact data.
To deliver optimised advertisements, Facebook only uses event data, if they have been combined with other data (that have been collected by Facebook in other ways). Facebook also uses event data for the purposes of security, protection, development and research. Many of these data are transmitted to Facebook via cookies. Cookies are little text files, that are used for storing data or information in browsers. Depending on the tools used, and on whether you are a Facebook member, a different number of cookies are placed in your browser. In the descriptions of the individual Facebook tools we will go into more detail on Facebook cookies. You can also find general information about the use of Facebook cookies at https://www.facebook.com/policies/cookies.
How long and where are the data saved?
Facebook fundamentally stores data, until they are no longer of use for their own services and products. Facebook has servers for storing their data all around the world. However, customer data is cleared within 48 hours after they have been matched with their own user data.
How can I delete my data or prevent data retention?
In accordance with the General Data Protection Regulation (GDPR) you have the right of information, rectification, transfer and deletion of your data.
The collected data is only fully deleted, when you delete your entire Facebook account. Deleting your Facebook account works as follows:
1) Click on settings in the top right side in Facebook.
2) Then, click “Your Facebook information“ in the left column.
3) Now click on “Deactivation and deletion”.
4) Choose “Permanently delete account“ and then click on “Continue to account deletion“.
5) Enter your password, click on “continue“ and then on “Delete account“.
The retention of data Facebook receives via our site is done via cookies (e.g. with social plugins), among others. You can deactivate, clear or manage both all and individual cookies in your browser. How this can be done differs depending on the browser you use. The following instructions show, how to manage cookies in your browser:
If you generally do not want to allow any cookies at all, you can set up your browser to notify you whenever a cookie is about to be set. This gives you the opportunity to decide upon the permission or deletion of every single cookie.
Facebook is an active participant in the EU-U.S. Privacy Shield Framework, which regulates correct and secure transfer of personal data. You can find more information at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC. We hope we could give you an understanding of the most important information about the use of Facebook tools and data processing. If you want to find out more on how Facebook use your data, we recommend reading the data policies at https://www.facebook.com/about/privacy/update.
We installed so-called social plugins from Facebook Inc. to our website. You can recognise these buttons by the classic Facebook logo, the “Like” button (hand with raised thumb) or by a “Facebook plugin” label. A social plugin is a small part of Facebook that is integrated into our page. Each plugin has its own function. The most used functions are the well-known “Like” and “Share” buttons.
Facebook offers the following social plugins:
- “Save” button
- “Like” button, Share, Send and Quote
- Page plugin
- Messenger plugin
- Embedded posts and video player
- Group Plugin
At https://developers.facebook.com/docs/plugins you will find more information on how the individual plugins are used. On the one hand, we use the social plug-ins to offer you a better user experience on our site, and on the other hand because Facebook can optimise our advertisements with it.
If you have a Facebook account or have already visited facebook.com, Facebook has already placed at least one cookie in your browser. In this case, your browser sends information to Facebook via this cookie as soon as you visit our website or interact with social plugins (e.g. the “Like” button).
The received information will be deleted or anonymised within 90 days. According to Facebook, this data includes your IP address, the websites you have visited, the date, time and other information relating to your browser.
In order to prevent Facebook from collecting much data and matching it with your Facebook data during your visit to our website, you must log out of Facebook while you visit our website.
If you are not logged in to Facebook or do not have a Facebook account, your browser sends less information to Facebook because you have fewer Facebook cookies. Nevertheless, data such as your IP address or which website you are visiting can be transmitted to Facebook. We would like to explicitly point out that we do not know what exact data is collected. However, based on our current knowledge, we want to try informing you as best we can about data processing. You can also read about how Facebook uses the data in the company’s data policy at https://www.facebook.com/about/privacy/update.
At least the following cookies are set in your browser when you visit a website with social plugins from Facebook:
Value: no information
Purpose:This cookie is used to make the social plugins work on our website.
Expiry date: after end of session
Purpose:The cookie is also necessary for the plugins to function properly
Expiry date: after 3 months
Note: These cookies were set after our test and may be placed even if you are not a Facebook member.
If you are registered with Facebook, you can change your settings for advertisements yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Facebook user, you can go to https://www.youronlinechoices.com/uk/your-ad-choices/ and manage your usage-based online advertising. There you have the option to deactivate or activate providers.
If you want to learn more about Facebook’s data protection, we recommend the company’s own data policies at https://www.facebook.com/policy.php.