Skip to main navigation Skip to main content Skip to page footer
Stefan Andres

Privacy Policy

Introduction and Overview

We have created this privacy policy (version 15.01.2025-112932244) to explain, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (referred to as "data") we as the data controller – and the processors we engage (e.g. providers) – process, will process in the future, and what legitimate options you have. The terms used are gender-neutral.
In short: We provide comprehensive information about the data we process about you.

Privacy policies often sound very technical and use legal jargon. This privacy policy, however, aims to describe the most important things as simply and transparently as possible. To aid transparency, technical terms are explained in an easily understandable manner, links to further information are provided, and graphics are used. We aim to inform you in clear and simple language that we only process personal data in the course of our business activities when a legal basis exists. This would not be possible with overly brief, vague, or technical legal explanations, which are often the standard on the internet when it comes to privacy. We hope you find the following explanations interesting and informative, and perhaps some information that you weren't aware of.
If you still have questions, we kindly ask you to contact the responsible entity listed below or in the imprint, follow the available links, and view additional information on third-party websites. Our contact details are, of course, also available in the imprint.

Scope of Application

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies engaged by us (processors). By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as a person's name, email address, and postal address. The processing of personal data enables us to offer and bill our services and products, both online and offline. The scope of this privacy policy covers:

  • All online presences (websites, online shops) operated by us
  • Social media presences and email communication
  • Mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas where personal data is systematically processed within the company via the channels mentioned. If we enter into legal relationships with you outside these channels, we will inform you separately.

Legal Basis

In the following privacy policy, we provide you with transparent information regarding the legal principles and provisions, i.e., the legal bases of the General Data Protection Regulation, that enable us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL of April 27, 2016. This General Data Protection Regulation of the EU can be read online at EUR-Lex, the access point for EU law, at: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We process your data only when at least one of the following conditions is met:

  1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you input into a contact form.
  2. Contract (Article 6(1)(b) GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, when we conclude a purchase contract, we need personal information in advance.
  3. Legal Obligation (Article 6(1)(c) GDPR): We process your data if we are subject to a legal obligation. For example, we are legally required to keep invoices for accounting purposes, which usually contain personal data.
  4. Legitimate Interests (Article 6(1)(f) GDPR): We may process personal data based on legitimate interests, as long as your fundamental rights are not restricted. For example, we need to process certain data to operate our website securely and efficiently, which constitutes a legitimate interest.

Other conditions such as the exercise of public interest functions or the protection of vital interests do not typically apply to us. If such a legal basis does apply, it will be indicated in the relevant section.

In addition to the EU regulation, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act), referred to as the DSG.
  • In Germany, the Federal Data Protection Act (BDSG) applies.

If further regional or national laws come into play, we will inform you about them in the following sections.

Contact Information of the Data Controller

If you have questions regarding data protection or the processing of personal data, you can contact the data controller as specified in Article 4(7) of the EU General Data Protection Regulation (GDPR) at the following contact details:

Stefan Andres
Mühlgasse 44, 9020 Klagenfurt

Email: office@stefan-andres.at
Phone: +43 664 2407232
Imprint: https://www.stefan-andres.at/imprint

Storage Duration

We store personal data only for as long as necessary to provide our services and products. This means that we delete personal data as soon as the purpose for processing is no longer relevant. In some cases, we are legally required to store certain data even after the original purpose has expired, such as for accounting purposes.

If you request the deletion of your data or withdraw your consent for data processing, we will delete the data as soon as possible, provided there is no legal obligation to retain it.

We will provide more detailed information about the specific duration of data processing where available.

Rights under the General Data Protection Regulation

According to Articles 13 and 14 of the GDPR, we inform you about the following rights that you have in order to ensure fair and transparent data processing:

  • Right of Access (Article 15 GDPR): You have the right to request information about whether we process data about you. If so, you have the right to receive a copy of the data and the following information:
    • The purpose of the processing;
    • The categories (types) of data being processed;
    • Who will receive the data and how the security of data transmission to third countries is ensured;
    • The duration of data storage;
    • The existence of the right to correction, deletion, or restriction of processing, and the right to object to processing;
    • The right to file a complaint with a supervisory authority (links to these authorities are provided below);
    • The origin of the data, if we did not collect it from you;
    • Whether profiling is conducted, i.e., whether data is automatically processed to create a personal profile.
  • Right to Rectification (Article 16 GDPR): You have the right to request the correction of inaccurate data.
  • Right to Erasure ("Right to be Forgotten") (Article 17 GDPR): You have the right to request the deletion of your data.
  • Right to Restriction of Processing (Article 18 GDPR): You have the right to restrict the processing of your data, meaning we may only store the data, but no longer use it.
  • Right to Data Portability (Article 20 GDPR): You have the right to request your data in a commonly used format for transfer to another data controller.
  • Right to Object (Article 21 GDPR): You have the right to object to data processing, which will lead to a change in processing.

If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interest), you can object to processing. We will promptly assess whether we can comply with the objection.

  • If data is used for direct marketing, you may object at any time, and we will stop using your data for this purpose.
  • If data is used for profiling, you may object at any time, and we will stop using your data for profiling.
  • Under certain circumstances, you have the right not to be subject to decisions based solely on automated processing (such as profiling) (Article 22 GDPR).
  • Right to Lodge a Complaint (Article 77 GDPR): You have the right to lodge a complaint with the relevant supervisory authority if you believe that the processing of your personal data violates the GDPR.

In Short: You have rights – don’t hesitate to contact the responsible entity listed above!

If you believe that the processing of your data violates data protection law or that your privacy rights have been otherwise infringed, you can file a complaint with the relevant supervisory authority. In Austria, the responsible authority is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, each federal state has a data protection officer. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the local data protection authority is:

Austrian Data Protection Authority

Head: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Transfers to Third Countries

We transfer or process data outside the scope of the GDPR (third countries) only if you consent to such processing or if there is another legal basis for it. This is particularly true if the processing is legally required or necessary to fulfill a contractual obligation and, in any case, only to the extent permitted by law. Your consent is typically the main reason for processing data in third countries.

Data processing in third countries such as the USA, where many software providers offer services and have server locations, may involve personal data being processed and stored in ways that are not always expected.

We explicitly point out that, according to the European Court of Justice, a data transfer to the USA is only considered to have an adequate level of protection if a U.S. company processing personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. More information can be found here: EU-US Data PrivacyFramework.

The data processing by U.S. services that are not active participants in the EU-US Data Privacy Framework may result in data being processed and stored in non-anonymous ways. Additionally, U.S. government authorities may have access to some of the data. Furthermore, collected data may be linked with data from other services of the same provider if you have an associated user account. Whenever possible, we attempt to use server locations within the EU, if offered.

We will inform you in the relevant sections of this privacy policy about data transfers to third countries, should they apply.

Data Processing Security

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to infer personal information from our data.

Article 25 of the GDPR refers to "data protection by design and by default," meaning that both software (e.g., forms) and hardware (e.g., access to the server room) are always designed with security in mind, and appropriate measures are taken. We will outline specific measures if necessary.

TLS Encryption with HTTPS

TLS encryption and HTTPS may sound very technical, but we use HTTPS (Hypertext Transfer Protocol Secure) to securely transmit data over the internet. This means that all data transmission between your browser and our web server is encrypted—no one can "eavesdrop."

By using TLS (Transport Layer Security), an encryption protocol for secure data transfer over the internet, we ensure the protection of confidential data. You can recognize the secure connection by the small padlock symbol on the left side of your browser, next to the website address (e.g., beispielseite.de), and the use of the HTTPS scheme (instead of HTTP).

If you want to learn more about encryption, we recommend searching Google for "Hypertext Transfer Protocol Secure wiki" for useful links to further information.

Communication Summary

Affected Parties: All individuals who communicate with us via phone, email, or online forms.
Processed Data: For example, phone numbers, names, email addresses, form data entered. More details can be found under each communication method used.
Purpose: Processing communication with customers, business partners, etc.
Storage Duration: Duration of the business case and legal requirements.
Legal Basis: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (b) GDPR (Contract), Art. 6 (1) (f) GDPR (Legitimate Interests).

When you contact us via phone, email, or an online form, there may be the processing of personal data.

The data is processed for handling and addressing your inquiry and related business transaction. The data will be stored for as long as the business case lasts or as required by law.

Affected Individuals

All those who reach out to us through the provided communication channels are affected.

Phone

When you call us, call data is pseudonymized and stored on the respective device and with the telecommunications provider used. Additionally, data such as name and phone number may be sent by email and stored for responding to your inquiry. The data will be deleted once the business case is completed and when legally permissible.

Email

When you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and on the email server. The data will be deleted once the business case is completed and when legally permissible.

Online Forms

When you communicate with us using an online form, data is stored on our web server and may be forwarded to one of our email addresses. The data will be deleted once the business case is completed and when legally permissible.

Legal Basis

The processing of data is based on the following legal grounds:

  • Art. 6 (1) (a) GDPR (Consent): You give us consent to store your data and use it for purposes related to the business case.
  • Art. 6 (1) (b) GDPR (Contract): Processing is necessary for the performance of a contract with you or a data processor (e.g., telephone provider), or we need to process data for pre-contractual activities such as preparing an offer.
  • Art. 6 (1) (f) GDPR (Legitimate Interests): We aim to handle customer inquiries and business communication in a professional manner. Certain technical tools, such as email programs, Exchange servers, and mobile carriers, are necessary for efficient communication.

Cookies Summary

Affected Parties: Visitors of the website
Purpose: Dependent on the respective cookie. More details can be found below or with the software provider setting the cookie.
Processed Data: Dependent on the respective cookie used. More details can be found below or with the software provider setting the cookie.
Storage Duration: Dependent on the respective cookie, ranging from hours to years.
Legal Basis: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (f) GDPR (Legitimate Interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data. Below, we explain what cookies are and why they are used, so you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser, which are called cookies.

One thing is clear: cookies are very useful tools. Almost all websites use cookies. More specifically, these are HTTP cookies, as there are other types of cookies for different purposes. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, essentially the "brain" of your browser. A cookie consists of a name and a value, and when defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you revisit our site, your browser sends back the "user-specific" information to our site. Thanks to cookies, our website knows who you are and offers the settings you are familiar with. In some browsers, each cookie has its own file, while in others like Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser (e.g., Chrome) and a web server. The web browser requests a website and receives a cookie back from the server, which the browser then reuses when another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each one stores different data. The expiration time of a cookie also varies, ranging from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans, or other "malicious" software. Cookies also cannot access information on your PC.

For example, cookie data might look like this:

  • Name: _ga
  • Value: GA1.2.1326744211.152112932244-9
  • Purpose: Distinguishing website visitors
  • Expiration Date: After 2 years

The minimum sizes a browser should support include:

  • At least 4096 bytes per cookie
  • At least 50 cookies per domain
  • At least 3000 cookies in total

What Types of Cookies Are There?

The specific cookies we use depend on the services used and are clarified in the following sections of the privacy policy. Here, we briefly explain the different types of HTTP cookies.

There are four types of cookies:

  1. Essential Cookies
    These cookies are necessary to ensure the basic functionality of the website. For example, they are needed when a user adds a product to the cart, continues browsing other pages, and later proceeds to checkout. These cookies ensure that the cart is not emptied even if the user closes the browser window.
  2. Functional Cookies
    These cookies collect information about user behavior and whether the user receives any error messages. They are also used to measure the loading time and behavior of the website across different browsers.
  3. Targeted Cookies
    These cookies enhance user experience by remembering entered locations, font sizes, or form data.
  4. Advertising Cookies
    These cookies are also known as targeting cookies. They are used to deliver personalized advertisements to the user. While this can be convenient, it can also be quite intrusive.

Typically, when you visit a website for the first time, you will be asked which types of cookies you would like to allow. This decision is then stored in a cookie.

If you would like to learn more about cookies and don't mind technical documentation, we recommend visiting https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments (RFC) from the Internet Engineering Task Force (IETF) titled "HTTP State Management Mechanism".

Purpose of Data Processing through Cookies

The purpose ultimately depends on the specific cookie. More details can be found below or with the software provider that sets the cookie.

What Data is Processed?

Cookies are small helpers for many different tasks. What data is stored in cookies cannot be generalized, but we will inform you about the processed or stored data within the framework of the following privacy policy.

Storage Duration of Cookies

The storage duration depends on the specific cookie and is specified further below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage duration. You can manually delete all cookies at any time via your browser (see also "Right to Object" below). Furthermore, cookies based on consent will be deleted at the latest after the revocation of your consent, with the legality of the storage remaining unaffected until that point.

Right to Object – How Can I Delete Cookies?

You decide how and whether you want to use cookies. Regardless of the service or website from which the cookies originate, you always have the option to delete, disable, or only partially allow cookies. For example, you can block third-party cookies while allowing all other cookies.

If you want to find out which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:

  • Chrome: Delete, enable, and manage cookies in Chrome
  • Safari: Manage cookies and website data with Safari
  • Firefox: Delete cookies to remove data websites have stored on your computer
  • Internet Explorer: Delete and manage cookies
  • Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set your browser to inform you every time a cookie is about to be set. This way, you can decide for each cookie whether to allow it or not. The procedure differs depending on the browser. It is best to search for instructions on Google with search terms like “Delete cookies Chrome” or “Disable cookies Chrome” if you are using the Chrome browser.

Legal Basis

Since 2009, the so-called "Cookie Guidelines" have been in place. These regulations stipulate that storing cookies requires your consent (Article 6(1)(a) GDPR). However, there are varying responses to these guidelines within EU countries. In Austria, this directive was implemented in § 165(3) of the Telecommunications Act (2021). In Germany, the cookie guidelines were not implemented as national law. Instead, they were largely implemented in § 15(3) of the Telemedia Act (TMG), which was replaced in May 2024 by the Digital Services Act (DSA).

For cookies that are strictly necessary, even if no consent is given, there are legitimate interests (Article 6(1)(f) GDPR), which are often of an economic nature. We aim to provide website visitors with a pleasant user experience, and certain cookies are often essential for this purpose.

For cookies that are not strictly necessary, their use occurs only with your consent. The legal basis in this case is Article 6(1)(a) GDPR.

The following sections will provide more detailed information about the use of cookies, should the employed software utilize cookies.

Web Analytics Introduction

Web Analytics Privacy Policy Summary
Affected Parties: All who communicate with us via phone, email, or online form
Processed Data: For example, phone number, name, email address, entered form data. More details can be found under the respective contact method used.
Purpose: Handling communication with customers, business partners, etc.
Storage Duration: Duration of the business case and statutory requirements
Legal Basis: Art. 6 (1)(a) GDPR (Consent), Art. 6 (1)(b) GDPR (Contract), Art. 6 (1)(f) GDPR (Legitimate Interests)

What is Web Analytics?

We use software on our website to evaluate the behavior of website visitors, commonly referred to as Web Analytics or Web Analysis. Data is collected and stored by the respective analytics tool provider (also called a tracking tool), which manages and processes it. With this data, analyses are made about user behavior on our website, and these are made available to us as website operators. Additionally, most tools offer various testing options. For instance, we can test which offers or content are most appealing to our visitors. In such tests (called A/B tests), we show two different offers for a limited time. After the test, we can determine which product or content our website visitors find more interesting. For such tests, as well as for other analytics procedures, user profiles can be created, and the data can be stored in cookies.

Why Do We Use Web Analytics?

With our website, we have a clear goal in mind: we want to provide the best online offering in our industry. To achieve this goal, we want to offer the best and most interesting content while ensuring that you feel comfortable on our website. By using web analytics tools, we can closely examine the behavior of our website visitors and subsequently improve our online offering for both you and us. For example, we can learn the average age of our visitors, where they come from, when our website receives the most traffic, or which content or products are particularly popular. All this information helps us optimize the website and better tailor it to your needs, interests, and desires.

What Data is Processed?

The specific data stored depends on the analytics tools used. However, generally, data such as which content you view on our website, which buttons or links you click, when you visit a page, which browser you use, what device (PC, tablet, smartphone, etc.) you use to visit the website, or which computer system you have, may be stored. If you have agreed to allow location data to be collected, these may also be processed by the web analytics tool provider.

Your IP address is also stored. According to the GDPR, IP addresses are considered personal data. However, in most cases, your IP address is pseudonymized (i.e., stored in an anonymous and truncated form). For the purposes of tests, web analysis, and web optimization, no direct data such as your name, age, address, or email address are typically stored. All these data, if collected, are stored pseudonymously, meaning you cannot be personally identified.

The following example schematically shows how Google Analytics works as an example of client-based web tracking with JavaScript code.

The length of time the respective data is stored depends on the provider. Some cookies store data for only a few minutes or until you leave the website, while others may store data for several years.

Duration of Data Processing

We will inform you about the duration of data processing below, where applicable. In general, we process personal data only for as long as it is necessary to provide our services and products. If required by law, such as in the case of accounting, the retention period may be exceeded.

Right to Object

You also have the right and opportunity to withdraw your consent to the use of cookies or third-party providers at any time. This can be done either via our cookie management tool or other opt-out features. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser settings.

Legal Basis

The use of web analytics requires your consent, which we have obtained through our cookie pop-up. This consent constitutes the legal basis for processing personal data as outlined in Article 6 (1)(a) of the GDPR (consent).

In addition to consent, we also have a legitimate interest in analyzing website visitor behavior to improve our services both technically and economically. Through web analytics, we can identify website errors, detect attacks, and enhance efficiency. The legal basis for this is Article 6 (1)(f) of the GDPR (legitimate interests). However, we will only use these tools if you have provided consent.

Since cookies are used in web analytics tools, we also recommend reading our general privacy policy regarding cookies. To learn more about the specific data collected and processed, you should read the privacy policies of the respective tools.

Information about specific web analytics tools is provided in the following sections, where available.

Google Analytics Privacy Policy

Google Analytics Privacy Policy Summary

  • Affected parties: Website visitors
  • Purpose: Evaluation of visitor data to optimize the website offering.
  • Processed Data: Access statistics such as the location of visits, device data, duration and timing of access, navigation behavior, and click behavior. More details can be found below in this privacy policy.
  • Storage Duration: Individually configurable, by default, Google Analytics 4 stores data for 14 months.
  • Legal Basis: Article 6 (1)(a) of the GDPR (consent), Article 6 (1)(f) of the GDPR (legitimate interests).

What is Google Analytics?

We use the Google Analytics tracking tool (version Google Analytics 4, GA4) by the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. By combining various technologies such as cookies, device IDs, and login information, Google can identify you across devices. This allows for cross-platform analysis of your actions.

For example, when you click on a link, this event is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us improve our website and services to better meet your needs.

Google Analytics is a tracking tool used to analyze traffic on our website. The basis for these measurements and analyses is a pseudonymous user identification number. This number does not contain personal data such as name or address but is used to associate events with a specific device. GA4 utilizes an event-based model that captures detailed information about user interactions, such as page views, clicks, scrolling, and conversion events. Additionally, machine learning features have been incorporated into GA4 to better understand user behavior and trends.

Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to provide you with the best possible service. The statistics and data from Google Analytics help us achieve this goal.

The statistically analyzed data gives us a clear picture of the strengths and weaknesses of our website. On one hand, we can optimize our site so that it can be more easily found by interested people on Google. On the other hand, the data helps us better understand you as a visitor. This way, we know exactly what we need to improve on our website to offer you the best possible service. The data also allows us to make our advertising and marketing efforts more targeted and cost-effective. After all, it makes sense to show our products and services to people who are interested in them.

What Data is Collected by Google Analytics?

Google Analytics creates a random, unique ID linked to your browser cookie. This allows Google Analytics to recognize you as a new user and assigns you a user ID. When you visit our site again, you are recognized as a "returning" user. All collected data is stored along with this user ID, enabling pseudonymous user profiles to be evaluated.

To analyze our website with Google Analytics, a property ID is embedded into the tracking code. Data is then stored in the respective property. For each newly created property, the Google Analytics 4 property is used by default. Depending on the property used, data is stored for different durations.

By using identifiers like cookies, app instance IDs, user IDs, or custom event parameters, your interactions (if you have consented) are measured across platforms. Interactions are any actions you take on our website. If you also use other Google systems (such as a Google account), data generated by Google Analytics can be linked with third-party cookies. Google does not share Google Analytics data unless we, as the website operator, approve it. Exceptions may apply if required by law.

How Long and Where is Data Stored?

Google has distributed its servers worldwide. You can find out exactly where Google data centers are located here: https://www.google.com/about/datacenters/locations/?hl=en.

Your data is spread across various physical storage devices. This has the advantage of faster retrieval and better protection against manipulation. In each Google data center, there are disaster recovery programs in place for your data. Even if hardware fails or natural disasters cause server outages, the risk of service disruption at Google remains low.

The retention period of data depends on the properties used. The retention period is always set individually for each property. Google Analytics offers four options for controlling the retention period:

  • 2 months: the shortest retention period.
  • 14 months: by default, data in GA4 is stored for 14 months.
  • 26 months: data can be stored for 26 months.
  • Data will only be deleted if we delete it manually.

Additionally, there is an option to delete data only if you do not visit our website within the chosen period. In this case, the retention period is reset each time you visit the site within the designated period.

Once the designated period expires, data is deleted once a month. This retention period applies to your data linked to cookies, user recognition, and advertising IDs (such as DoubleClick domain cookies). Reporting results are based on aggregated data and are stored independently of user data. Aggregated data refers to the combination of individual data into a larger unit.

How can I delete my data or prevent data storage?

Under the data protection laws of the European Union, you have the right to request information about your data, update it, delete it, or restrict its processing. You can prevent Google Analytics 4 from using your data by using the browser add-on to disable Google Analytics JavaScript (analytics.js, gtag.js). You can download and install the add-on from here. Please note that this add-on only disables data collection by Google Analytics.

If you wish to generally disable, delete, or manage cookies, you will find links to the relevant instructions for the most popular browsers in the "Cookies" section.

Legal Basis

The use of Google Analytics requires your consent, which we have obtained through our cookie popup. According to Article 6(1)(a) of the GDPR (consent), this consent forms the legal basis for processing personal data as it pertains to web analytics tools.

In addition to your consent, we have a legitimate interest in analyzing website visitor behavior to improve our technical and economic offering. With Google Analytics, we can detect errors on the website, identify attacks, and improve economic efficiency. The legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). We use Google Analytics only to the extent that you have given consent.

Google processes your data, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, which ensures proper and secure data transfer of personal data from EU citizens to the USA. For more information, visit this page.

Additionally, Google uses Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR). These clauses, provided by the EU Commission, ensure that your data continues to comply with European data protection standards even if transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and Standard Contractual Clauses, Google commits to upholding European data protection standards when processing your data in the USA. You can find the decision and relevant Standard Contractual Clauses here.

The Google Ads Data Processing Terms, which refer to Standard Contractual Clauses, can be found at this link.

We hope we have provided you with important information regarding the data processing by Google Analytics. For more details on the tracking service, we recommend these links: Terms and Support.

For more information on data processing, please refer to Google's Privacy Policy here.

Google Optimize Privacy Policy

We use Google Optimize, a website optimization tool, on our website. The service provider is Google Inc., based in the USA. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.

Google processes your data, including in the USA. Google is an active participant in the EU-US Data Privacy Framework, ensuring proper and secure data transfer of personal data from EU citizens to the USA. More information can be found here.

Additionally, Google uses Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR), ensuring that your data remains in line with European data protection standards, even when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and Standard Contractual Clauses, Google ensures that the European data protection level is maintained when processing your data in the USA. You can find the decision and relevant Standard Contractual Clauses here.

For more details on data processed by Google Optimize, refer to Google's Privacy Policy here.

Glossary of Terms Used

We strive to make our privacy statement as clear and understandable as possible. However, particularly with technical and legal topics, this is not always straightforward. It often makes sense to use legal terms (such as personal data) or specific technical terms (like cookies, IP addresses). We do not want to use these terms without explanation. Below is an alphabetical list of important terms we use in the privacy statement, which we may not have sufficiently explained earlier. If these terms are taken from the GDPR and refer to definitions, we will also include the GDPR text and provide additional explanations where needed.

Data Processor

Definition under Article 4 of the GDPR:

A "Data Processor" means any natural or legal person, authority, agency, or other body that processes personal data on behalf of the Data Controller.

Explanation: We, as a company and website owner, are responsible for all data we process from you. In addition to the Data Controller, there may also be so-called Data Processors. These are companies or individuals that process personal data on our behalf. Data Processors can include service providers such as accountants, hosting or cloud providers, payment providers, or large companies like Google or Microsoft.

Consent

Definition under Article 4 of the GDPR:

"Consent" of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Explanation: Typically, consent on websites is obtained through a cookie consent tool. You are often asked, upon first visiting a website, whether you agree to the processing of your data or not. You may also make individual choices, deciding which data processing is permitted and which is not. Without consent, personal data cannot be processed.

Personal Data

Definition under Article 4 of the GDPR:

"Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, especially by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Explanation: Personal data includes any information that can identify you as a person. Typically, these are details like:

  • Name
  • Address
  • Email address
  • Phone number
  • Date of birth
  • Identification numbers like social security number, tax ID number, or personal ID number
  • Financial data such as bank account number, credit information, balance, etc.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to identify at least the approximate location of your device and potentially identify you as the account holder. Therefore, storing an IP address requires a legal basis under the GDPR.

There are also "special categories" of personal data that require additional protection, including:

  • Racial and ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Union membership
  • Genetic data, such as data from blood or saliva samples
  • Biometric data (information about physical, behavioral, or psychological traits that can identify a person)
  • Health data
  • Data about sexual orientation or sexual life

Profiling

Definition under Article 4 of the GDPR:

"Profiling" means any form of automated processing of personal data that involves the use of personal data to evaluate certain personal aspects related to a natural person, especially to analyze or predict aspects regarding work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

Explanation: Profiling involves gathering various information about a person to learn more about them. On the web, profiling is often used for advertising purposes or credit checks. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile, which is then used to target advertisements to a particular audience.

Data Controller

Definition under Article 4 of the GDPR:

"Data Controller" refers to the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of Member States, the controller or the specific criteria for their designation may be provided for in Union or Member State law.

Explanation: In our case, we are responsible for processing your personal data, and therefore, we are the "Data Controller." If we pass the collected data on to other service providers for processing, those entities are considered "Data Processors." A "Data Processing Agreement" (DPA) must be signed in such cases.

Processing

Definition under Article 4 of the GDPR:

"Processing" means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Note: When we refer to "processing" in our privacy statement, we mean any type of data processing. As mentioned in the original GDPR description, this includes not only the collection but also the storage and processing of data.

All texts are copyright protected.

Source: Privacy policy created with the privacy generator for Austria by AdSimple.