Data protection

Privacy policy

1) Introduction and contact details of the responsible person

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about how we handle your personal data when you use our website. Personal data is any data with which you can be personally identified.

1.2 The controller of the data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Wilfried Rainer, Hotel SONNBLICK, Plangeross 45, 6481 St. Leonhard im Pitztal, Austria, Tel.: +43541386204, e-mail: hotel@sonnblick-pitztal.at. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data collection when visiting our website

2.1 During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the page server (so-called "server log files"). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (if applicable: in anonymised form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the person responsible). You can recognise an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 Amazon Web Services

For the hosting of our website and the display of the page content we use the system of the following provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA

All data collected on our website is processed on the provider's servers.
We have concluded an order processing contract with the provider, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties. 

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

3.2 AWS CloudFront

We use a content delivery network of the following provider: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA

This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6 (1) lit. f DSGVO. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

3.3 Cloudflare

We use a content delivery network of the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content or scripts more quickly via a network of regionally distributed servers. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6 (1) lit. f DSGVO. We have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

4) Cookies

In order to make visiting our website more attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your terminal device. In some cases, these cookies are automatically deleted again after the browser is closed (so-called "session cookies"), in other cases, these cookies remain on your end device for longer and allow page settings to be saved (so-called "persistent cookies"). In the latter case, you can find the storage period in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a DSGVO in the case of consent given or in accordance with Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

You can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting

Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of the use of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration.

The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f DSGVO. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after your request has been processed. This is the case when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

6) Web analytics services

6.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables an analysis of your use of our website.

By default, Google Analytics sets 4 cookies when you visit the website, which are stored as small text modules on your end device and collect certain information. The scope of this information also includes your IP address, which is, however, shortened by Google by the last digits in order to exclude a direct personal reference.

The information is transferred to Google servers and processed there. In the process, transfers to Google LLC, based in the USA, are also possible.

Google uses the information collected on our behalf to evaluate your use of the website, compile reports on website activity for us and provide other services relating to website activity and internet usage. The IP address transmitted and shortened by your browser as part of Google Analytics will not be merged with other Google data. The data collected in the context of the use of Google Analytics 4 will be stored for a period of two months and then deleted.

All processing described above, in particular the setting of cookies on the end device used, only takes place if you have given us your express consent for this in accordance with Art. 6 Para. 1 lit. a DSGVO.
Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the "Cookie Consent Tool" provided on the website.

We have concluded an order processing agreement with Google, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/en/privacy/, https://policies.google.com/privacy?hl=en&gl=en and under https://policies.google.com/technologies/partner-sites

Demographic characteristics
Google Analytics 4 uses the special "demographic characteristics" function and can use this to create statistics that make statements about the age, gender and interests of site visitors. This is done by analysing advertising and information from third-party providers. This allows target groups to be identified for marketing activities. However, the collected data cannot be assigned to a specific person and is deleted after being stored for a period of two months.

Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to have cross-device reports generated. If you have activated personalised ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics pursuant to Art. 6 (1) lit. a DSGVO, analyse your usage behaviour across devices and create database models, including on cross-device conversions. We do not receive any personal data from Google, only statistics. If you would like to stop the cross-device analysis, you can deactivate the "Personalised advertising" function in the settings of your Google account. To do so, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en You can find more information about Google Signals at the following link: https://support.google.com/analytics/answer/7532985?hl=en

UserIDs
As an extension to Google Analytics 4, the "UserIDs" function can be used on this website. If you have consented to the use of Google Analytics 4 pursuant to Art. 6 (1) lit. a DSGVO, have set up an account on this website and log in with this account on different devices, your activities, including conversions, can be analysed across devices.

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

6.2 Google Tag Manager

This website uses the "Google Tag Manager", a service of the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google").

The Google Tag Manager provides a technical basis for bundling various web applications, including tracking and analysis services, and for calibrating, controlling and attaching conditions to them via a uniform user interface. The Google Tag Manager itself does not store any information on user devices or read them out. The service also does not carry out any independent data analyses. However, the Google Tag Manager transmits your IP address to Google when you access a page and may store it there. Transmission to Google LLC. servers in the USA is also possible. In the USA is possible.

This processing is only carried out if you have given us your express consent to do so in accordance with Art. 6 (1) a DSGVO. Without this consent, Google Tag Manager will not be used during your visit to the website. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website.

We have concluded an order processing contract with the provider, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

Further legal information on Google Tag Manager can be found at https://business.safety.google/intl/en/privacy/ and https://policies.google.com/privacy?hl=en&gl=en

7) Retargeting/ Remarketing and Conversion Tracking

7.1 Meta Pixel with extended data synchronisation

Within our online offering, we use the "Meta Pixel" service of the following provider in extended data synchronisation mode: Meta Platforms Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland ("Meta")

If a user clicks on an advert placed by us on Facebook or Instagram, a parameter is added to the URL of our linked page with the help of "meta pixels". This URL parameter is then entered into the user's browser after redirection by a cookie that our linked page sets itself. In addition, this cookie collects specific customer data such as the email address that we collect on our website linked to the Facebook or Instagram ad during processes such as purchase transactions, account logins or registrations (extended data synchronisation). The cookie is then read and enables the data, including the specific customer data, to be transmitted to Meta.

We use "Meta Pixel" with advanced data matching to make our adverts (so-called "Ads") on Facebook and/or Instagram more effective and to ensure that they correspond to the interests of users or have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Meta (so-called "Custom Audiences").

In addition, we analyse the effectiveness of our advertisements by tracking whether users were redirected to our website after clicking on an advertisement (conversion). Compared to the standard version of "Meta Pixel", the extended data synchronisation function helps us to better measure the effectiveness of our advertising campaigns by recording more associated conversions.

All transmitted data is stored and processed by Meta so that an assignment to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with Meta's data usage guidelines (https://www.facebook.com/about/privacy/) can use. The data can enable Meta and its partners to place adverts on and off Facebook.

All processing described above, in particular the setting of cookies for reading out information on the end device used, is only carried out if you have given us your express consent to do so in accordance with Art. 6 (1) lit. a DSGVO. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

We have concluded an order processing contract with the provider, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

The information generated by Meta is usually transmitted to a Meta server and stored there; in this context, it may also be transmitted to Meta Platforms Inc. servers in the USA.

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

7.2 Google Ads conversion tracking

This website uses the online advertising programme "Google Ads" and, as part of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

We use Google Ads to draw attention to our attractive offers on external websites with the help of advertising material (so-called Google Adwords). We can determine how successful the individual advertising measures are in relation to the advertising campaign data. Our aim is to show you adverts that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of the advertising costs incurred.

The cookie for conversion tracking is set when a user clicks on an ad placed by Google. Cookies are small text files that are stored on your terminal device. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Therefore, cookies cannot be tracked across Google Ads customers' websites. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted in to conversion tracking. Clients will learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users.

In the context of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC. in the USA.

Details on the processing triggered by Google Ads Conversion Tracking and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites

All processing described above, in particular the setting of cookies for reading out information on the end device used, is only carried out if you have given us your express consent to do so in accordance with Art. 6 (1) lit. a DSGVO. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

You can also permanently object to the setting of cookies by Google Ads Conversion Tracking by downloading and installing the Google browser plug-in available at the following link:
https://www.google.com/settings/ads/plugin?hl=en

In order to target users whose data we have received in the context of business or business-like relationships even more effectively, we use a customer matching function as part of Google Ads. For this purpose, we transmit one or more files with aggregated customer data (primarily e-mail addresses and telephone numbers) to Google electronically. Google does not have access to clear data, but automatically encrypts the information in the customer files during the transmission process using a special algorithm. The encrypted information can then only be used by Google to assign it to existing Google accounts that the data subjects have set up. This enables the display of personalised advertising across all Google services linked to the respective Google account.

Customer data will only be transmitted to Google if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time with effect for the future. Further information on Google's data protection measures in relation to the customer matching function can be found here: https://support.google.com/google-ads/answer/6334160?hl=en&ref_topic=10550182
Google's privacy policy can be viewed here: https://business.safety.google/intl/en/privacy/ and https://www.google.de/policies/privacy/

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

7.3 Google Ads conversion tracking without cookies

This website uses the online advertising programme "Google Ads" and, as part of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

We use Google Ads to draw attention to our attractive offers on external websites with the help of advertising material (so-called Google Adwords). We can determine how successful the individual advertising measures are in relation to the advertising campaign data. Our aim is to show you adverts that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of the advertising costs incurred.

This website uses Google Ads Conversion Tracking exclusively without the use of cookies, which means that the service does not set cookies on your end device at any time.

Instead, the local memory of your browser is used to store an individual ID assigned by Google, which enables your use of the website to be analysed. For this purpose, certain user information is processed via the ID.

The ID is set when a user clicks on an ad placed by Google. If the user visits certain pages of this website, Google and we can recognise that the user has clicked on the ad and has been redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Google Ads customers. The information collected in this way is used to create conversion statistics for Google Ads customers who have opted for conversion tracking. The customers find out the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag.

However, they do not receive any information with which users can be personally identified. When using Google Ads, personal data may also be transmitted to the servers of Google LLC. in the USA. Details on the processing triggered by Google Ads Conversion Tracking and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites

If the information collected has a personal reference, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical evaluation of the success of our advertising campaigns.
Google's privacy policy can be viewed here: https://business.safety.google/intl/en/privacy/ and https://www.google.de/policies/privacy/

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

8) Page functionalities

8.1 Youtube

This website uses plugins for the display and playback of videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Data may also be transmitted to: Google LLC., USA

When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the provider's servers in order to load the plugin. In this process, certain information, including your IP address, is transmitted to the provider.

If the playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behaviour, create playback statistics and prevent abusive behaviour.

If you are logged into a user account with the provider during your visit to the site, your data will be assigned directly to your account when you click on a video. If you do not wish your data to be associated with your account, you must log out before clicking the play button.

All of the aforementioned processing, in particular the setting of cookies for reading out information on the end device used, only takes place if you have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future by deactivating this service via the "Cookie Consent Tool" provided on the website.

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

8.2 Google Maps

This website uses an online mapping service provided by the following provider: Google Maps (API) by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Maps is a web service for displaying interactive (land) maps in order to visually present geographical information. By using this service, you will be shown our location and it will be easier for you to find us.

Information about your use of our website (such as your IP address) is transmitted to Google servers and stored there when you call up those sub-pages in which the Google Maps map is integrated; this information may also be transmitted to Google LLC servers in the USA. This occurs regardless of whether Google provides a user account via which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to have your data associated with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.

The collection, storage and analysis are carried out in accordance with Art. 6 (1) lit. f DSGVO on the basis of Google's legitimate interest in the display of personalised advertising, market research and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.

As far as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 (1) lit. a DSGVO. You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please follow the option described above for making an objection.

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

8.3 FontAwesome

This site uses so-called web fonts from the following provider for the standardised display of fonts: Fonticons, Inc, 710 Blackhorn Dr, Carl Junction, 64834, MO, USA

When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly and establishes a direct connection to the provider's servers. In the process, certain browser information, including your IP address, is transmitted to the provider.

The processing of personal data in the course of establishing a connection with the provider of the fonts is only carried out if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future by deactivating this service via the "cookie consent tool" provided on the website. If your browser does not support web fonts, a standard font will be used by your computer.

For the transfer of data to the USA, the provider invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

8.4 Google Web Fonts

This site uses so-called web fonts from the following provider for the uniform display of fonts: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly and establishes a direct connection to the provider's servers. In the process, certain browser information, including your IP address, is transmitted to the provider.

Data may also be transmitted to: Google LLC, USA

The processing of personal data in the course of establishing a connection with the provider of the fonts is only carried out if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future by deactivating this service via the "cookie consent tool" provided on the website. If your browser does not support web fonts, a standard font will be used by your computer.

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/en/privacy/

8.5 Google reCAPTCHA

On this website we use the CAPTCHA service of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transmitted to: Google LLC, USA. The provider uses "Google Fonts", i.e. fonts downloaded from the Internet by Google, for the visual design of the Captcha window. No information other than that already transmitted to Google via the ReCaptcha functionality will be processed.

The service checks whether an input is made by a natural person or abusively by machine and automated processing, and blocks spam, DDoS attacks and similar automated malicious access. To ensure that an action is carried out by a person and not by an automated bot, the provider collects the IP address of the end device used, identification data of the browser and operating system type used as well as the date and duration of the visit and transmits these to the provider's servers for evaluation.

The legal basis is our legitimate interest in determining individual responsibility on the Internet and the prevention of misuse and spam in accordance with Art. 6 para. 1 lit. f GDPR.

We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorised disclosure to third parties.

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/en/privacy/

8.6 Applications to job advertisements by e-mail

We advertise current vacancies on our website in a separate section, for which interested parties can apply by e-mail to the contact address provided.

Applicants must provide all personal data necessary for an informed assessment, including general information such as name, address and contact details, as well as performance-related evidence and health-related information, if applicable. Details of how to apply can be found in the vacancy notice.

After receipt of the application by e-mail, the data is stored and evaluated exclusively for the purpose of processing the application. In the event of queries, we use either the e-mail address or telephone number of the applicant. The processing is carried out on the basis of Art. 6 Para. 1 lit. b DSGVO (or § 26 Para. 1 BDSG), in the sense of which going through the application process is considered to be the initiation of an employment contract.

Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO (e.g. health data such as information on severely disabled status) are requested from applicants as part of the application process, the processing is carried out in accordance with Art. 9 (2) lit. b. DSGVO. DSGVO so that we can exercise the rights arising from labour law and social security and social protection law and fulfil our obligations in this regard.

Cumulatively or alternatively, the processing of the special categories of data may also be based on Article 9(1)(h) of the GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant's fitness for work, for medical diagnosis, health or social care or treatment, or for the management of health or social care systems and services.

If the applicant is not selected or if an applicant withdraws his or her application prematurely, his or her transmitted data and all electronic correspondence, including the application e-mail, will be deleted at the latest after 6 months following appropriate notification. This period is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, to be able to comply with our obligations to provide evidence under the regulations on equal treatment of applicants.

In the event of a successful application, the data provided will be processed on the basis of Art. 6 para. 1 lit. b DSGVO (for processing in Germany in conjunction with § 26 para. 1 BDSG) for the purpose of implementing the employment relationship.

9) Tools and miscellaneous

9.1 Cookie consent tool

This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "cookie consent tool" is displayed to users when they access the website in the form of an interactive user interface on which consent for certain cookies and/or cookie-based applications can be given by ticking a box. By using the tool, all cookies/services requiring consent are only loaded if the respective user gives their consent by ticking the appropriate box. This ensures that such cookies are only set on the user's end device if consent has been granted.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is not processed in this process.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

Further legal basis for the processing is Art. 6 para. 1 lit. c DSGVO. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

Where necessary, we have concluded an order processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

You can find further information on the operator and the setting options of the cookie consent tool directly in the corresponding user interface on our website.

9.2 Cloudflare

For security purposes, this website uses the service of the following provider: Cloudflare, Inc, 101 Townsend St. San Francisco, CA 94107, USA

The provider protects the website and the associated IT infrastructure against unauthorised third-party access, cyber attacks, viruses and malware. The provider collects the IP addresses of users and, if necessary, other data on your behaviour on our website (in particular URLs accessed and header information) in order to detect and ward off illegitimate page access and threats. The recorded IP address is compared with a list of known attackers. If the recorded IP address is recognised as a security risk, the provider can automatically block it from accessing the site. The information collected in this way is transferred to a server of the provider and stored there.

The data processing described is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interests in protecting the website from harmful cyber attacks and in maintaining structural and data integrity and security.

We have concluded an order processing contract with the provider, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

9.3 Wordfence

For security purposes, this website uses the service of the following provider: Defiant Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA.

The provider protects the website and the associated IT infrastructure against unauthorised third-party access, cyber attacks, viruses and malware. The provider collects the IP addresses of users and, if necessary, other data on your behaviour on our website (in particular URLs accessed and header information) in order to detect and ward off illegitimate page access and threats. The recorded IP address is compared with a list of known attackers. If the recorded IP address is recognised as a security risk, the provider can automatically block it from accessing the site. The information collected in this way is transferred to a server of the provider and stored there.

The data processing described is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interests in protecting the website from harmful cyber attacks and in maintaining structural and data integrity and security.

If visitors to the website have login rights, the provider also sets cookies (= small text files) on the respective end device of the visitor. With the help of the cookies, certain location and device information can be read, which enables an assessment of whether the login-authorised access originates from a legitimate person. At the same time, access rights can be evaluated via the cookies and released via a site-internal firewall according to the authorisation level. Finally, the cookies are used to register irregular access by site administrators from new devices or new locations and to notify other administrators of this.
These cookies are only set if a user has login rights. The provider does not set cookies for site visitors without login authorisation.
If personal data is processed via the cookies, the processing is carried out in accordance with Art. 6 para. 1 lit f. DSGVO on the basis of our legitimate interest in preventing illegitimate access to the site administration and the defense against unauthorized administrator access.

We have concluded an order processing contract with the provider, which ensures the protection of our site visitors' data and prohibits unauthorised disclosure to third parties.

For the transfer of data to the USA, the provider invokes standard contractual clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

10) Rights of the data subject

10.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective prerequisites for exercising these rights:

  • Right to information pursuant to Art. 15 DSGVO;
  • Right to rectification pursuant to Art. 16 DSGVO;
  • Right to erasure pursuant to Art. 17 DSGVO;
  • Right to restriction of processing pursuant to Art. 18 DSGVO;
  • Right to information pursuant to Article 19 of the GDPR;
  • Right to data portability pursuant to Art. 20 DSGVO;
  • Right to revoke consent given in accordance with Art. 7 (3) DSGVO;
  • Right to lodge a complaint pursuant to Article 77 of the GDPR.

10.2 RIGHT OF OBJECTION

IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

11) Duration of the storage of personal data

The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of processing and - if relevant - additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).

When processing personal data on the basis of explicit consent pursuant to Art. 6 (1) a DSGVO, the data concerned will be stored until you revoke your consent.

If there are legal retention periods for data that is processed within the framework of legal business or similar obligations on the basis of Art. 6 Para. 1 lit. b DSGVO, this data will be routinely deleted after expiry of the retention periods, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract and/or there is no justified interest on our part in the continued storage.

When processing personal data on the basis of Art. 6(1)(f) DSGVO, this data is stored until you exercise your right to object pursuant to Art. 21(1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct marketing based on Art. 6 (1) lit. f DSGVO, this data will be stored until you exercise your right to object in accordance with Art. 21 (2) DSGVO.

Moreover, unless otherwise specified in the other information on specific processing situations in this statement, stored personal data are deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

Subscribe to the newsletter