Privacy Policy

Table of Contents

• Introduction and overview
• Application areas
• Legal basis
• Contact details of the person responsible
• Storage duration
• Rights according to the General Data Protection Regulation
• Data transfer to third countries
• Data processing security
• Communication
• Order processing contract (AVV)
• Cookies
• Web Hosting Introduction
• Social media introduction
• Payment Provider Introduction
• Single Sign-On Logins Introduction
• Online Map Services Introduction

Introduction and overview

We have written this data protection declaration (version 24.08.2022-121682507) in order to provide you in accordance with the requirements of General data protection regulation (EU) 2016/679 and applicable national laws to explain which personal data (data for short) we as the responsible party - and the processors commissioned by us (e.g. providers) - process and will process in the future and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We will provide you with comprehensive information about the data that we process about you.

Data protection declarations usually sound very technical and use legal terminology. However, this data protection declaration is intended to describe the most important things to you as simply and transparently as possible. To the extent that transparency is conducive to it, they are technical Terms explained in a reader-friendly way, links to further information and graphics brought into use. We are informing in clear and simple language that we only process personal data in the context of our business activities if there is a corresponding legal basis. This is certainly not possible if you make as brief, unclear and legal-technical explanations as possible, as they are often standard on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and maybe there is one or the other piece of information that you were not familiar with.
If you still have questions, we would like to ask you to contact the responsible body named below or in the imprint, to follow the links provided and to look at further information on third-party sites. You can of course also find our contact details in the imprint.

Application areas

This data protection declaration applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (contract processors). By personal data we mean information within the meaning of Art. 4 No. 1 GDPR such as the name, email address and postal address of a person. The processing of personal data ensures that we can offer and invoice our services and products, be it online or offline. The scope of this data protection declaration includes:

• all online presences (websites, online shops) that we operate
• Social media appearances and email communication
• mobile apps for smartphones and other devices

In short: The data protection declaration applies to all areas in which personal data is processed in a structured manner in the company via the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following data protection declaration, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course access this EU General Data Protection Regulation online on EUR-Lex, the gateway to the EU -Right, under https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679 ...

We only process your data if at least one of the following conditions applies:

1. consent (Article 6 (1) (a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
2. contract (Article 6 Paragraph 1 lit.b GDPR): We process your data in order to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a sales contract with you, we need personal information in advance.
3. Legal obligation (Article 6 Paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we will process your data. For example, we are legally required to keep invoices for bookkeeping. These usually contain personal data.
4. Legitimate interests (Article 6 Paragraph 1 lit.f GDPR): In the case of legitimate interests that do not restrict your basic rights, we reserve the right to process personal data. For example, we have to process certain data in order to be able to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Further conditions such as the taking of recordings in the public interest and the exercise of official authority as well as the protection of vital interests do not usually apply to us. If such a legal basis should be relevant, it will be shown at the appropriate point.

In addition to the EU regulation, national laws also apply:

• In Austria is this the federal law for the protection of natural persons when processing personal data (Data Protection Act), short DSG.
• In Germany is that valid Federal Data Protection Act, short BDSG.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the person responsible

If you have any questions about data protection or the processing of personal data, you will find the contact details of the person or body responsible below:
GO DIGITAL TEAM OG
Martin Muehl
Korneuburgerstrasse 6/1/20, 2102 Bisamberg, Austria
Authorized to represent: Martin Mühl
Email: martin@ohmygolf.at
Phone: +43 676 6241455
Imprint: https://www.ohmygolf.at/impressum

Storage duration

That we only store personal data for as long as it is absolutely necessary for the provision of our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose no longer exists, for example for accounting purposes.

If you want your data to be deleted or if you revoke your consent to data processing, the data will be deleted as soon as possible and unless there is an obligation to store it.

We will inform you below about the specific duration of the respective data processing, provided we have further information.

Rights according to the General Data Protection Regulation

In accordance with Articles 13 and 14 GDPR, we inform you about the following rights to which you are entitled so that data is processed fairly and transparently:

• According to Article 15 GDPR, you have a right to information as to whether we are processing your data. If so, you have the right to receive a copy of the data and the following information:
  • for what purpose we carry out the processing;
  • the categories, i.e. the types of data that are processed;
  • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to correction, deletion or restriction of processing and the right to object to processing;
  • that you can complain to a supervisory authority (links to these authorities can be found below);
  • the origin of the data, if we have not collected it from you;
  • whether profiling is carried out, i.e. whether data is automatically evaluated in order to arrive at a personal profile of you.
• According to Article 16 GDPR, you have the right to correct the data, which means that we have to correct the data if you find errors.
• According to Article 17 GDPR, you have the right to deletion ("right to be forgotten"), which specifically means that you can request the deletion of your data.
• According to Article 18 GDPR, you have the right to restriction of processing, which means that we are only allowed to save the data but no longer use it.
• According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a common format on request.
• According to Article 21 GDPR, you have a right of objection, which will result in a change in processing after enforcement.
  • If the processing of your data is based on Article 6 (1) (e) (public interest, exercise of official authority) or Article 6 (1) (f) (legitimate interest), you can object to the processing. We will then check as soon as possible whether we can legally comply with this contradiction.
  • If data is used to operate direct mail, you can object to this type of data processing at any time. We are then no longer allowed to use your data for direct marketing.
  • If data is used to carry out profiling, you can object to this type of data processing at any time. We are then no longer allowed to use your data for profiling.
• According to Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g. profiling).
• According to Article 77 GDPR, you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights - do not hesitate to contact the person in charge listed above!

If you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you can complain to the supervisory authority. This is the data protection authority for Austria, whose website you can find at https://www.dsb.gv.at/ Find. In Germany there is a data protection officer for each federal state. For more information, please contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) turn around. The following local data protection authority is responsible for our company:

Austria data protection authority

Head: Mag. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Telephone number.: +43 1 52 152-0
E-mail address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data transfer to third countries

We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if this is required by law or is contractually necessary and in any case only to the extent that this is generally permitted. In most cases, your consent is the most important reason why we have data processed in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, can mean that personal data is processed and stored in unexpected ways.

We expressly point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google Analytics) may mean that data may not be processed and stored anonymously. Furthermore, US government authorities may have access to individual data. In addition, it can happen that the data collected is linked to data from other services from the same provider, provided you have a corresponding user account. If possible, we try to use server locations within the EU, provided that this is offered.

At the appropriate places in this data protection declaration, we will provide you with more detailed information about data transfer to third countries, if this applies.

Data processing security

We have implemented both technical and organizational measures to protect personal data. Wherever possible, we encrypt or pseudonymize personal data. As a result, we make it as difficult as possible, as far as possible, for third parties to infer personal information from our data.

Art. 25 GDPR speaks of “data protection through technology design and data protection-friendly default settings” and means that both software (e.g. forms) and hardware (e.g. access to the server room) always think of security and appropriate security Measures. If necessary, we will go into specific measures below.

TLS encryption with https

TLS, encryption and https sound and are very technical. We use HTTPS (the Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transfer data securely on the Internet.
This means that the complete transmission of all data from your browser to our web server is secured - no one can “overhear”.

We have thus introduced an additional security layer and comply with data protection by design (Article 25 paragraph 1 GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission protection by the small lock symbol top left in the browser, to the left of the Internet address (e.g. examplepage.de) and the use of the https scheme (instead of http) as part of our Internet address.
If you want to know more about encryption, we recommend doing a Google search for “Hypertext Transfer Protocol Secure wiki” for good links to further information.

Communication

Communication summary 👥 Affected: Anyone who communicates with us by phone, email or online form 📓 Processed data: e.g. B. Telephone number, name, email address, entered form data. You can find more details on this under the type of contact used 🤝 Purpose: handling communication with customers, business partners, etc. 📅 Storage duration: duration of the business case and the statutory provisions ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. b GDPR (contract), Art. 6 para. 1 lit. f GDPR (legitimate interests)

If you contact us and communicate by phone, email or online form, personal data may be processed.

The data will be processed for the handling and processing of your question and the related business transaction. The data is stored for as long as the law requires.

Affected people

The above-mentioned processes affect everyone who contacts us via the communication channels we have provided.

Phone

When you call us, the call data is stored in pseudonymized form on the respective device and by the telecommunications provider used. In addition, data such as name and telephone number can then be sent by e-mail and saved for answering inquiries. The data will be deleted as soon as the business case has ended and legal requirements allow.

E-mail

If you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone, ...) and data is saved on the e-mail server. The data will be deleted as soon as the business case has ended and legal requirements allow.

Online forms

If you communicate with us using an online form, data is stored on our web server and, if necessary, forwarded to an email address from us. The data will be deleted as soon as the business case has ended and legal requirements allow.

Legal basis

The processing of the data is based on the following legal bases:

• Art. 6 Para. 1 lit. a GDPR (consent): You give us your consent to store your data and continue to use it for the purposes of the business case;
• Art. 6 para. 1 lit. b GDPR (contract): There is a need to fulfill a contract with you or a processor such as B. the telephone provider or we have to provide the data for pre-contractual activities, such as B. the preparation of an offer, process;
• Art. 6 Para. 1 lit. f GDPR (legitimate interests): We want to conduct customer inquiries and business communication in a professional manner. For this purpose, certain technical facilities such. B. e-mail programs, Exchange servers and mobile network operators are necessary to be able to operate communication efficiently.

Order processing contract (AVV)

In this section we would like to explain what a data processing agreement is and why it is needed. Because the word "order processing contract" is quite a tongue twister, we will often only use the acronym AVV here in the text. Like most companies, we do not work alone, but also use the services of other companies or individuals ourselves. By involving various companies or service providers, it may be that we pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called data processing contract (AVV). The most important thing for you to know is that the processing of your personal data takes place exclusively according to our instructions and must be regulated by the AVV.

Who are processors?

As a company and website owner, we are responsible for all data that we process from you. In addition to those responsible, there may also be so-called processors. This includes any company or person who processes personal data on our behalf. More precisely and according to the GDPR definition: any natural or legal person, authority, institution or other body that processes personal data on our behalf is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.

To make the terminology easier to understand, here is an overview of the three roles in the GDPR:

Affected (You as a customer or prospect) → Controller (we as company and client) → processors (Service providers such as web hosts or cloud providers)

Content of an order processing contract

As already mentioned above, we have concluded an AVV with our partners who act as processors. First and foremost, it states that the processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, although in this context the electronic conclusion of the contract is also considered “in writing”. The processing of personal data only takes place on the basis of the contract. The contract must contain the following:

• Binding to us as responsible
• Obligations and rights of the controller
• Categories of affected persons
• Type of personal data
• Type and purpose of data processing
• Subject and duration of data processing
• Place of execution of the data processing

Furthermore, the contract contains all the obligations of the processor. The most important obligations are:

• Measures to ensure data security
• take possible technical and organizational measures to protect the rights of the data subject
• to keep a data processing register
• to cooperate with the data protection supervisory authority upon request
• carry out a risk analysis in relation to the personal data received
• Sub-processors may only be commissioned with the written consent of the person responsible

You can find out what such a GCU looks like in concrete terms, for example, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html look at. A sample contract is presented here.

Cookies

Cookies summary 👥 Affected: visitors to the website 🤝 Purpose: depending on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie. 📓 Processed data: Depending on the cookie used. More details can be found below or from the manufacturer of the software that sets the cookie. 📅 Storage duration: depending on the respective cookie, can vary from hours to years ⚖️ Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit.f GDPR (legitimate interests)

What are cookies?

Our website uses HTTP cookies to save user-specific data.
Below we explain what cookies are and why they are used so that you can better understand the following data protection declaration.

Whenever you surf the Internet, you are using a browser. Well-known browsers are, for example, Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites save small text files in your browser. These files are called cookies.

One thing cannot be dismissed out of hand: Cookies are really useful little helpers. Almost all websites use cookies. To be more precise, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, which is the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies save certain user data about you, such as language or personal page settings. When you call up our site again, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings that you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as B. Chrome and the web server. The web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly from our side, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "pests". Cookies cannot access information on your PC either.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152121682507-9
Usage: Differentiation of website visitors
Expiry Date: after 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the data protection declaration. At this point we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies:

Essential cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are required if a user places a product in the shopping cart, then surfs on other pages and only later checks out. These cookies do not delete the shopping cart, even if the user closes his browser window.

Appropriate cookies
These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and behavior of the website in different browsers.

Targeted cookies
These cookies make it easier to use. For example, entered locations, font sizes or form data are saved.

Advertising cookies
These cookies are also called targeting cookies. They serve to deliver customized advertising to the user. This can be very practical, but it can also be very annoying.

Usually, when you visit a website for the first time, you will be asked which of these types of cookies you would like to allow. And of course this decision is also saved in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Internet Engineering Task Force (IETF) Request for Comments called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. You can find more details on this below or from the manufacturer of the software that sets the cookie.

Which data are processed?

Cookies are little helpers for a wide variety of tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data in the context of the following data protection declaration.

Storage duration of cookies

The storage duration depends on the respective cookie and is further specified under. Some cookies are deleted after less than an hour, others can remain on a computer for several years.

You also have an influence on the storage duration yourself. You can manually delete all cookies at any time using your browser (see also “Right of objection” below). Furthermore, cookies based on consent will be deleted at the latest after you withdraw your consent, whereby the legality of storage remains unaffected until then.

Right of objection - how can I delete cookies?

You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option of deleting, deactivating or only partially accepting cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to determine which cookies have been saved in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: delete, activate and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: delete and manage cookies

Microsoft Edge: delete and manage cookies

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether or not to allow the cookie. The procedure is different depending on the browser. It is best to search for the instructions in Google with the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser.

Legal basis

The so-called “cookie guidelines” have existed since 2009. It states that the storage of cookies is a consent (Article 6 Paragraph 1 lit. a GDPR) requested from you. Within the EU countries, however, there are still very different reactions to these guidelines. In Austria, however, this directive was implemented in Section 96 (3) of the Telecommunications Act (TKG). In Germany, the cookie guidelines have not been implemented as national law. Instead, this guideline was largely implemented in Section 15 (3) of the Telemedia Act (TMG).

Absolutely necessary cookies exist, even if no consent has been given legitimate interests (Article 6 Paragraph 1 lit.f GDPR), which in most cases are of an economic nature. We want to provide visitors to the website with a pleasant user experience and for this certain cookies are often absolutely necessary.

Unless absolutely necessary cookies are used, this will only be done with your consent. The legal basis for this is Article 6 (1) (a) GDPR.

In the following sections you will be informed in more detail about the use of cookies, provided that the software used uses cookies.

Web Hosting Introduction

Web hosting summary 👥 Affected: visitors to the website 🤝 Purpose: professional hosting of the website and security of operation 📓 Processed data: IP address, time of website visit, browser used and other data. You can find more details on this below or at the respective web hosting provider used. 📅 Storage period: depending on the respective provider, but usually 2 weeks ⚖️ Legal basis: Article 6 (1) (f) GDPR (legitimate interests)

What is web hosting?

When you visit websites these days, certain information - including personal data - is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website we mean the entirety of all websites on a domain, ie everything from the start page (homepage) to the very last subpage (like this one here). By domain we mean example.de or musterbeispiel.com.

When you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser to do so. You probably know a few web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We call it browser or web browser for short.

To view the website, the browser needs to connect to another computer where the website's code is stored: the web server. The operation of a web server is a complicated and time-consuming task, which is why this is usually taken on by professional providers, the providers. These offer web hosting and thus ensure reliable and error-free storage of website data. A whole lot of jargon, but please stay tuned, it gets even better!

Personal data may be processed when the browser on your computer (desktop, laptop, tablet or smartphone) connects and during data transfer to and from the web server. On the one hand, your computer stores data, on the other hand, the web server also has to store data for a period of time in order to ensure proper operation.

A picture says more than a thousand words, so the following graphic shows the interaction between the browser, the Internet and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and security of operation
2. to maintain operational and IT security
3. Anonymous evaluation of the access behavior to improve our offer and, if necessary, to prosecute or prosecute claims

Which data are processed?

Even while you are visiting our website, our web server, that is the computer on which this website is saved, usually automatically saves data such as

• the complete internet address (URL) of the accessed website
• Browser and browser version (e.g. Chrome 87)
• the operating system used (e.g. Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g. https://www.beispielquellsite.de/vondabinichgekommen/)
• the host name and the IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
• Date and Time
• in files, the so-called web server log files

How long will data be stored?

As a rule, the above data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out that this data will be viewed by authorities in the event of illegal behavior.

In short: Your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not pass on your data without your consent!

Legal basis

The legality of the processing of personal data in the context of web hosting results from Art. 6 Para. 1 lit.f GDPR (safeguarding legitimate interests), because the use of professional hosting with a provider is necessary to keep the company on the Internet safe and user-friendly and to be able to track attacks and claims from them if necessary.

There is usually a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

1&1 IONOS web hosting data protection declaration

We use IONOS by 1&1 to host our website. In Germany, 1&1 IONOS SE has its registered office at Elgendorfer Str. 57, 56410 Montabaur, in Austria you will find 1&1 IONOS SE at Gumpendorfer Straße 142/PF 266, 1060 Vienna. IONOS offers the following web hosting services: domain, website & shop, hosting & WordPress, marketing, email & office, IONOS cloud and server.

As explained in the “Automatic data storage” section, web servers such as those from IONOS store data from every website visit.

If you would like to learn more about data protection for the IONOS website, please visit the Data protection declaration on ionos.de.

Order processing contract (AVV) IONOS

We have concluded an order processing contract (AVV) with IONOS in accordance with Article 28 of the General Data Protection Regulation (GDPR). You can read about exactly what an AVV is and, above all, what must be contained in an AVV in our general section "Order Processing Agreement (AVV)".

This contract is required by law because IONOS processes personal data on our behalf. This clarifies that IONOS may only process data that you receive from us according to our instructions and must comply with the GDPR. The link to the order processing contract (AVV) can be found under https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.

Social media introduction

Social Media Privacy Policy Summary 👥 Affected: visitors to the website 🤝 Purpose: Presentation and optimization of our services, contact with visitors, interested parties, etc., advertising 📓 Processed data: data such as telephone numbers, e-mail addresses, contact data, data on user behavior, information about your device and your IP address. You can find more details on this with the respective social media tool used. 📅 Storage period: depending on the social media platforms used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR (legitimate interests)

What is social media?

In addition to our website, we are also active on various social media platforms. User data can be processed so that we can target users who are interested in us via the social networks. In addition, elements of a social media platform can also be embedded directly in our website. This is the case, for example, if you click a so-called social button on our website and are forwarded directly to our social media presence. So-called social media or social media are websites and apps through which registered members can produce content, exchange content openly or in certain groups and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and come into contact online. With our social media presence, we can bring our products and services closer to interested parties. The social media elements integrated on our website help you to switch to our social media content quickly and without complications.

The data that is stored and processed through your use of a social media channel is primarily used to carry out web analyzes. The aim of these analyzes is to be able to develop more precise and personal marketing and advertising strategies. Depending on your behavior on a social media platform, appropriate conclusions can be drawn about your interests with the help of the evaluated data and so-called user profiles can be created. In this way, it is also possible for the platforms to present you with customized advertisements. For this purpose, cookies are usually set in your browser, which save data on your usage behavior.

We generally assume that we will remain responsible under data protection law, even if we use the services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform can be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of a related agreement. The essence of the agreement is then given below for the platform concerned.

Please note that when you use the social media platforms or our built-in elements, your data can also be processed outside the European Union, as many social media channels, such as Facebook or Twitter, are American companies. As a result, you may no longer be able to easily claim or enforce your rights with regard to your personal data.

Which data are processed?

Exactly which data is stored and processed depends on the respective provider of the social media platform. But usually it is data such as telephone numbers, e-mail addresses, data that you enter in a contact form, user data such as which buttons you click, who you like or who you follow, when you visited which pages, information about Your device and your IP address. Most of this data is stored in cookies. Especially if you yourself have a profile on the social media channel you are visiting and are logged in, data can be linked to your profile.

All data that is collected via a social media platform is also stored on the provider's servers. This means that only the providers have access to the data and can provide you with the appropriate information or make changes.

If you want to know exactly which data is stored and processed by the social media providers and how you can object to the data processing, you should read the respective data protection declaration of the company carefully. We also recommend that you contact the provider directly if you have any questions about data storage and data processing or if you want to assert corresponding rights.

Duration of the data processing

We will inform you below about the duration of the data processing if we have further information. For example, the social media platform Facebook stores data until it is no longer needed for its own purpose. However, customer data that is compared with your own user data is deleted within two days. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of accounting, this storage period can also be exceeded.

Right of objection

You also have the right and the option to revoke your consent to the use of cookies or third-party providers such as embedded social media elements at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.

Since cookies can be used with social media tools, we also recommend our general data protection declaration on cookies. To find out which of your data is stored and processed, you should read the data protection declarations of the respective tools.

Legal basis

If you have consented that your data can be processed and stored through integrated social media elements, this consent is considered the legal basis for data processing (Art. 6 Para. 1 lit. a GDPR). In principle, if you have given your consent, your data will also be processed on the basis of our legitimate interest (Art. 6 Para. 1 lit.f GDPR) saved and processed in fast and good communication with you or other customers and business partners. Nevertheless, we only use the tools if you have given your consent. Most social media platforms also set cookies on your browser to save data. We therefore recommend that you read our data protection text about cookies carefully and take a look at the data protection declaration or the cookie guidelines of the respective service provider.

You can find information on special social media platforms - if available - in the following sections.

Payment Provider Introduction

Payment Provider Privacy Policy Summary 👥 Affected: visitors to the website 🤝 Purpose: To enable and optimize the payment process on our website 📓 Processed data: Data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.), IP address and contract data More details can be found in the respective payment provider tool used. 📅 Storage duration: depends on the payment provider used ⚖️ Legal bases: Art. 6 (1) (b) GDPR (performance of a contract)

What is a payment provider?

We use online payment systems on our website, which enable us and you to make a secure and smooth payment process. Among other things, personal data can be sent to the respective payment provider, stored and processed there. Payment providers are online payment systems that enable you to place an order via online banking. The payment processing is carried out by the payment provider you have chosen. We will then receive information about the payment made. Any user who has an active online banking account with PIN and TAN can use this method. There are hardly any banks that do not offer or accept such payment methods.

Why do we use payment providers on our website?

Of course, we want to offer the best possible service with our website and our integrated online shop, so that you feel comfortable on our site and use our offers. We know that your time is precious and that payment processing in particular has to work quickly and smoothly. For these reasons, we offer you various payment providers. You can choose your preferred payment provider and pay in the usual way.

Which data are processed?

Which data is processed exactly depends on the respective payment provider. Basically, however, data such as name, address, bank details (account number, credit card number, passwords, TANs, etc.) are stored. This is necessary data in order to be able to carry out a transaction at all. In addition, any contract data and user data, such as when you visit our website, what content you are interested in or which subpages you click on, can also be stored. Most payment providers also store your IP address and information about the computer you are using.

The data is usually stored and processed on the servers of the payment providers. As the website operator, we do not receive this data. We are only informed whether the payment worked or not. For identity and credit checks, payment providers may forward data to the appropriate authority. The business and data protection principles of the respective provider always apply to all payment transactions. Therefore, please always take a look at the general terms and conditions and the data protection declaration of the payment provider. You also have the right, for example, to have data deleted or corrected at any time. Please contact the respective service provider regarding your rights (right of withdrawal, right to information and right to be affected).

Duration of the data processing

We will inform you below about the duration of data processing if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of accounting, this storage period can also be exceeded. We keep accounting documents (invoices, contractual documents, account statements, etc.) belonging to a contract for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they have been incurred.

Right of objection

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the person responsible for the payment provider used at any time. You can find contact details either in our specific privacy policy or on the website of the relevant payment provider.

You can delete, disable or manage cookies that payment providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.

Legal basis

We therefore offer to process contractual or legal relationships (Art. 6 Para. 1 lit. b GDPR)  In addition to the conventional bank/credit institutions, we also offer other payment service providers. In the data protection declarations of the individual payment providers (e.g Amazon Payments, Apple Pay or Discover) gives you a detailed overview of data processing and data storage. In addition, you can always contact the person responsible if you have any questions about data protection-related topics.

Information on the special payment providers - if available - can be found in the following sections.

Stripe privacy policy

We use a payment tool from the American technology company and online payment service Stripe on our website. Stripe Payments Europe (Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) is responsible for customers within the EU. This means that if you choose Stripe as your payment method, your payment will be processed via Stripe Payments. Data required for the payment process is forwarded to Stripe and stored. In this data protection declaration we give you an overview of this data processing and storage by Stripe and explain why we use Stripe on our website.

What is stripe?

The technology company Stripe offers payment solutions for online payments. With Stripe it is possible to accept credit and debit card payments in our webshop. Stripe handles the entire payment process. A big advantage of Stripe is that you never have to leave our website or shop during the payment process and the payment is processed very quickly.

Why do we use Stripe for our website?

Of course, we want to offer the best possible service with our website and our integrated online shop, so that you feel comfortable on our site and use our offers. We know that your time is valuable and that payment processing in particular must therefore work quickly and smoothly. In addition to our other payment providers, we have found a partner in Stripe that guarantees secure and fast payment processing.

What data does Stripe store?

If you choose Stripe as your payment method, your personal data will also be transmitted to Stripe and stored there. This is transaction data. This information includes, for example, the payment method (i.e. credit card, debit card or account number), sort code, currency, amount and date of payment. A transaction may also include your name, email address, billing or shipping address, and sometimes your transaction history. This data is required for authentication. In addition to technical data about your device (such as IP address), Stripe may also collect name, address, telephone number and your country for fraud prevention, financial reporting and in order to be able to offer its own services in full.

Stripe does not sell any of your data to independent third parties, such as marketing agencies or other companies unrelated to Stripe. However, the data may be forwarded to internal departments, a limited number of external Stripe partners or to comply with legal regulations. Stripe also uses cookies to collect data. Here is a selection of cookies that Stripe can set during the payment process:

Name: m
Value: edd716e9-d28b-46f7-8a55-e05f1779e84e040456121682507-5
Usage: This cookie appears when you select the payment method. It saves and recognizes whether you access our website via a PC, tablet or smartphone.
Expiry Date: after 2 years

Name: __stripe_mid
Value: fc30f52c-b006-4722-af61-a7419a5b8819875de9121682507-1
Usage: In order to be able to carry out a credit card transaction, this cookie is required. To do this, the cookie stores your session ID.
Expiry Date: after a year

Name: __stripe_sid
Value: 6fee719a-c67c-4ed2-b583-6a9a50895b122753fe
Usage: This cookie also stores your ID and is used by Stripe for the payment process on our website.
Expiry Date: after the session expires

How long and where is the data stored?

Personal data is generally stored for the duration of the service provision. This means that the data will be stored until we terminate the cooperation with Stripe. However, in order to fulfill legal and official obligations, Stripe can also store personal data for the duration of the service provision. Since Stripe is a global company, data may also be stored in any country where Stripe offers services. This means that data can also be stored outside of your country, for example in the USA.

How can I delete my data or prevent data storage?

Please note that when you use this tool, your data can also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data to insecure third countries may not simply be transferred, stored and processed there unless there are suitable guarantees (such as EU standard contractual clauses) between us and the non-European service provider.

You always have the right to information, correction and deletion of your personal data. You can also contact the Stripe team at any time with questions https://support.stripe.com/contact/email Contact.

You can delete, disable or manage cookies that Stripe uses for its functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work. The following instructions show how to manage cookies in your browser:

Chrome: delete, activate and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer

Internet Explorer: delete and manage cookies

Microsoft Edge: delete and manage cookies

We have now given you a general overview of how Stripe processes and stores data. If you want to obtain even more and more precise information, the detailed Stripe data protection declaration will serve you under https://stripe.com/at/privacy as a good source.

Single Sign-On Logins Introduction

Single Sign-On Logins Privacy Statement Summary 👥 Affected: visitors to the website 🤝 Purpose: To simplify the authentication process 📓 Processed data: Depends heavily on the respective provider, mostly e-mail address and user name can be saved. You can find more details on this for the tool used in each case. 📅 Storage duration: depends on the tools used ⚖️ Legal basis: Article 6 paragraph 1 letter a GDPR (consent), Article 6 paragraph 1 letter b GDPR (performance of contract), Article 6 paragraph 1 letter f GDPR (legitimate interests)

What are single sign-on logins?

On our website you have the option of registering quickly and easily for our online service using a user account from another provider (e.g. via Facebook). This authentication method is also known as "single sign-on". Of course, this registration process only works if you are registered with the other provider or have a user account and enter the relevant access data in the online form. In many cases you are already registered, the access data is automatically entered in the form and you only have to confirm the single sign-on registration with a button. In the course of this registration, your personal data can also be processed and stored. In this data protection text, we generally deal with data processing through single sign-on registrations. You can find more information in the data protection declarations of the respective providers.

Why do we use single sign-on logins?

We want to make your life on our website as easy and pleasant as possible. Therefore, we also offer single sign-on logins. This saves you valuable time because you only need one authentication. Since you only have to remember one password and it is only transmitted once, security is also increased. In many cases, you have already saved your password automatically using cookies, so the login process on our website only takes a few seconds.

What data is stored by single sign-on logins?

Although you log in to our website using this special login procedure, the actual authentication takes place with the relevant single sign-on provider. As the website operator, we receive a user ID as part of the authentication process. It states that you are registered with the relevant provider under this ID. This ID cannot be used for any other purpose. Other data may also be transmitted to us, but this depends on the single sign-on providers used. It also depends on which data you voluntarily provide during the authentication process and which data you basically release in your settings with the provider. Mostly it is data like your e-mail address and your username. We do not know your password, which is required for registration, and it is not saved by us. It is also important for you to know that data stored by us can be automatically compared with the data of the respective user account during the registration process.

Duration of the data processing

We will inform you below about the duration of data processing if we have further information on this. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. Customer data that is compared with your own user data will be deleted within two days. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products.

Right of objection

You also have the right and ability to revoke your consent to the use of single sign-on logins at any time. This usually works via the provider’s opt-out functions. If available, you will also find links to the corresponding opt-out functions in our data protection texts for the individual tools.

Legal basis

If it has been agreed with you and this is done as part of the fulfillment of the contract (Article 6 Paragraph 1 lit. b GDPR) and the consent (Article 6 Paragraph 1 lit. a GDPR), we can use the single sign-on procedure on their legal basis insert.

In addition to consent, we have a legitimate interest in offering you a quick and easy registration process. The legal basis for this is Article 6 (1) (f) GDPR (legitimate interests). However, we only use single sign-on registration if you have given your consent.

If you no longer want this link to the provider with the single sign-on registration, please cancel it in your user account with the respective provider. If you also want to delete data from us, you must cancel your registration.

Facebook single sign-on privacy policy

We also use the Facebook Single Sign-On authentication service to register on our website. The service provider is the American company Meta Platforms Inc. The company Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible for the European area.

Facebook processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can be associated with various risks to the legality and security of the data processing.

Facebook uses so-called standard contractual clauses (= Art. 46, Paragraphs 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, especially in the USA) or for data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data also comply with European data protection standards if they are transferred to third countries (such as the USA) and stored there. With these clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the resolution and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook data processing conditions, which correspond to the standard contractual clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing

If you are logged in to Facebook or Instagram, you can go to https://www.facebook.com/adpreferences/ad_settings Withdraw your consent to the use of single sign-on logins via opt-out function. You can find out more about the data processed by using Facebook in the data protection declaration https://www.facebook.com/policy.php.

Google single sign-on privacy policy

We also use the Google Single Sign-On authentication service to log in to our website. The service provider is the American company Facebook Inc. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe.

Google processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can be associated with various risks to the legality and security of the data processing.

Google uses so-called standard contractual clauses (= Art. 46, Paragraphs 2 and 3 GDPR) as the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. especially in the USA) or data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. With these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the resolution and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

To learn more about Google's Standard Contractual Clauses, see the Google Ads Data Processing Terms at https://business.safety.google/intl/de/adsprocessorterms/.

On Google you can go to https://adssettings.google.com/authenticated Withdraw your consent to the use of single sign-on logins via opt-out function. You can find out more about the data processed by using Google Single Sign-On in the Privacy Policy https://policies.google.com/privacy?hl=de.

Online Map Services Introduction

Online Map Services Privacy Policy Summary 👥 Affected: visitors to the website 🤝 Purpose: Improve user experience 📓 Processed data: Which data is processed depends heavily on the services used. It is mostly IP address, location data, search objects and/or technical data. You can find more details on this under the respective tools used. 📅 Storage duration: depends on the tools used ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR (legitimate interests)

What are online map services?

We also use online map services for our website as an extended service. Google Maps is probably the service you are most familiar with, but there are other providers that specialize in creating digital maps. Such services make it possible to display locations, route maps or other geographical information directly via our website. Thanks to an integrated map service, you no longer have to leave our website, for example to view the route to a location. To ensure that the online map also works on our website, map sections are integrated using HTML code. The services can then display street maps, the earth's surface, or aerial or satellite imagery. If you use the built-in map offer, data will also be transferred to the tool used and stored there. This data may also include personal data.

Why do we use online map services on our website?

Generally speaking, it is our concern to offer you a pleasant time on our website. And of course your time will only be pleasant if you can easily find your way around our website and find all the information you need quickly and easily. We therefore thought that an online card system could be a significant optimization of our service on the website. Without leaving our website, you can use the map system to easily view route descriptions, locations or points of interest. Of course, it is also super practical that you can see at a glance where our company headquarters are, so that you can find us quickly and safely. As you can see, there are just a lot of advantages and we clearly consider online map services on our website to be part of our customer service.

What data is stored by online map services?

If you open a page on our website that has an online map function installed, personal data may be transmitted to the relevant service and stored there. This is usually your IP address, which can also be used to determine your approximate location. In addition to the IP address, data such as entered search terms and longitude and latitude coordinates are also stored. For example, if you enter an address for route planning, this data will also be saved. The data is not stored by us, but on the servers of the integrated tools. You can think of it like this: You may be on our website, but when you interact with a mapping service, that interaction is actually happening on their website. In order for the service to function properly, at least one cookie is usually set in your browser. For example, Google Maps also uses cookies to record user behavior and thus to optimize its own service and to be able to place personalized advertising. You can find out more about cookies in our "Cookies" section.

How long and where is the data stored?

Every online map service processes different user data. If we have further information, we will inform you about the duration of the data processing below in the corresponding sections on the individual tools. In principle, personal data is only kept for as long as is necessary to provide the service. Google Maps, for example, stores certain data for a specified period of time, but you must delete other data yourself. At Mapbox, for example, the IP address is kept for 30 days and then deleted. You see, each tool stores data for different lengths of time. We therefore recommend that you take a close look at the data protection declarations of the tools used.

The providers also use cookies to save data on your user behavior with the map service. You can find more general information about cookies in our "Cookies" section, but you can also find out which cookies can be used in the data protection texts of the individual providers. In most cases, however, this is only an exemplary list and is not complete.

Right of objection

You always have the possibility and also the right to access your personal data and also to object to the use and processing. You can also revoke the consent you have given us at any time. This is usually easiest to do with the cookie consent tool. However, there are other opt-out tools that you can use. You can also manage, delete or deactivate any cookies that are set by the providers used yourself with just a few mouse clicks. However, it may then happen that some functions of the service no longer work as usual. How you manage cookies in your browser also depends on the browser you use. In the "Cookies" section you will also find links to the instructions of the main browsers.

Legal basis

If you have agreed that an online map service may be used, the legal basis for the corresponding data processing is this consent. According to Art. 6 Paragraph 1 lit.

We also have a legitimate interest in using an online map service to optimize our service on our website. The corresponding legal basis for this is Art. 6 Para. 1 lit. f GDPR (legitimate interests). However, we only use an online map service if you have given your consent. We definitely want to have this recorded again at this point.

You will find information on special online map services – if available – in the following sections.

Google Maps Privacy Policy

Google Maps Privacy Policy Summary 👥 Affected: visitors to the website 🤝 Purpose: to optimize our service 📓 Processed data: Data such as entered search terms, your IP address and also the latitude and longitude coordinates. You can find more details on this below in this data protection declaration. 📅 Storage duration: depending on the stored data ⚖️ Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR (legitimate interests)

What is Google Maps?

We use Google Maps from Google Inc. on our website. For Europe, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Maps, we can better show you locations and thus adapt our service to your needs. By using Google Maps, data is transferred to Google and stored on the Google servers. Here we want to go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.

Google Maps is an internet map service from Google. With Google Maps, you can search for exact locations of cities, sights, accommodations, or businesses online using a PC, tablet, or app. If companies are represented on Google My Business, additional information about the company is displayed in addition to the location. In order to show the way to get there, map sections of a location can be integrated into a website using HTML code. Google Maps shows the surface of the earth as a road map or as an aerial or satellite image. Thanks to the Street View images and the high-quality satellite images, very precise representations are possible.

Why do we use Google Maps on our website?

All our efforts on this page aim to offer you a useful and meaningful time on our website. By integrating Google Maps, we can provide you with the most important information about various locations. You can see at a glance where we are based. The route description always shows you the best or fastest way to us. You can get directions for routes by car, public transport, on foot or by bike. For us, the provision of Google Maps is part of our customer service.

What data does Google Maps store?

In order for Google Maps to be able to offer its full service, the company must record and store data about you. This includes, among other things, the search terms entered, your IP address and the latitude and longitude coordinates. If you use the route planner function, the entered start address is also saved. However, this data storage happens on the Google Maps website. We can only inform you about it, but we cannot influence it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google primarily uses this data to optimize its own services and to provide individual, personalized advertising for you.

The following cookie is set in your browser due to the integration of Google Maps:

Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ121682507-5
Usage: NID is used by Google to adapt advertisements to your Google search. With the help of cookies, Google “remembers” your most frequently entered search queries or your previous interaction with ads. So you always get tailor-made advertisements. The cookie contains a unique ID that Google uses to collect your personal settings for advertising purposes.
Expiry Date: after 6 months

Note: We cannot guarantee the completeness of the information in the stored data. Changes can never be ruled out, especially when using cookies. In order to identify the cookie NID, a separate test page was created, where only Google Maps was integrated.

How long and where is the data stored?

The Google servers are located in data centers around the world. Most of the servers are located in America. For this reason, your data is increasingly being stored in the USA. Here you can read exactly where the Google data centers are: https://www.google.com/about/datacenters/locations/?hl=de

Google distributes the data on various data carriers. This means that the data can be called up more quickly and is better protected against any manipulation attempts. Each data center also has special emergency programs. If, for example, there are problems with the Google hardware or a natural disaster paralyzes the servers, the data will almost certainly remain protected.

Google stores some data for a specified period of time. For other data, Google only offers the option to delete it manually. The company also anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months.

How can I delete my data or prevent data storage?

With the automatic deletion of location and activity data introduced in 2019, information on location determination and web / app activity - depending on your decision - is either saved for 3 or 18 months and then deleted. You can also manually delete this data from the history at any time using the Google account. If you want to completely prevent your location from being recorded, you must pause the "Web and app activity" section in the Google account. Click "Data and Personalization" and then click the "Activity Setting" option. Here you can switch the activities on or off.

You can also deactivate, delete or manage individual cookies in your browser. Depending on which browser you use, this always works a little differently. Under the "Cookies" section you will find the relevant links to the relevant instructions for the most popular browsers.

If you basically do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. So you can decide for each individual cookie whether you allow it or not.

Legal basis

If you have consented to the use of Google Maps, the legal basis for the corresponding data processing is this consent. This consent is loud Art. 6 para. 1 lit. a GDPR (consent) the legal basis for the processing of personal data as it may occur when collected by Google Maps.

We also have a legitimate interest in using Google Maps to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit.f GDPR (legitimate interests). However, we only use Google Maps if you have given your consent.

Google processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can be associated with various risks to the legality and security of the data processing.

Google uses so-called standard contractual clauses (= Art. 46, Paragraphs 2 and 3 GDPR) as the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. especially in the USA) or data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. With these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the resolution and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.

If you want to learn more about data processing by Google, we recommend the company's own privacy policy at https://policies.google.com/privacy?hl=de.

Source: Created with the Privacy generator by AdSimple