Imprint & Data Privacy

​​Imprint of timnarosenthaler.at
Timna Rosenthaler
Groß-Schollach 60
3382 Groß-Schollach

Contact Information
Email: hallo@timnarosenthaler.at

Business Purpose
Multimedia Agency


Privacy Policy

Introduction and Overview

We have drafted this Privacy Policy (version 14.06.2024-112816342) in order to explain, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as "data") we as the controller – and the processors we commission (e.g. hosting providers) – process, will process in the future, and what lawful options you have. The terms used are to be understood as gender-neutral.

In short: we inform you comprehensively about the data we process about you.

Privacy policies usually sound very technical and are full of legal jargon. This Privacy Policy, however, is intended to describe the most important points as simply and transparently as possible. Where helpful for transparency, technical terms are explained in plain language, links to further information are provided, and graphics may be used. We therefore inform you in clear and straightforward language that, in the course of our business activities, we only process personal data when there is a corresponding legal basis for doing so. That would certainly not be possible if we relied on the kind of brief, unclear, and overly technical statements that are unfortunately standard on the internet when it comes to data protection.

We hope you find the following explanations both interesting and informative, and perhaps you will come across information you did not know before. If you still have questions, please contact the responsible body listed below or in the imprint, follow the links provided, or consult additional information on third-party sites. You will of course also find our contact details in the imprint.

Scope of Application

This Privacy Policy applies to all personal data processed by us within our company and to all personal data processed by companies commissioned by us (processors). By “personal data” we mean information as defined in Article 4(1) GDPR, such as the name, email address, and postal address of a person.

Processing personal data enables us to provide and bill for our services and products, whether online or offline.

The scope of this Privacy Policy includes:

  • all online presences (websites, online shops) we operate

  • social media presences and email communications

  • mobile apps for smartphones and other devices

In short: this Privacy Policy applies to all areas in which personal data in our company is processed via the channels mentioned. If we enter into legal relationships with you outside these channels, we will inform you separately where necessary.

Legal Bases

In the following Privacy Policy, we provide transparent information about the legal principles and regulations – i.e. the legal bases of the General Data Protection Regulation – that allow us to process personal data.

With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this GDPR online at EUR-Lex, the access point to EU law, at:
https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679

We only process your data if at least one of the following conditions applies:

  • Consent (Article 6(1)(a) GDPR): You have given us consent to process data for a specific purpose. An example would be storing the data you enter in a contact form.

  • Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase agreement with you, we need personal information in advance.

  • Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For instance, we are legally required to keep invoices for accounting purposes, and these usually contain personal data.

  • Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not override your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically. This processing is therefore a legitimate interest.

Other conditions, such as processing in the public interest or the exercise of official authority, as well as protecting vital interests, generally do not apply to us. Should such a legal basis become relevant, it will be indicated at the appropriate point.

Additional Applicable Laws

In addition to the EU Regulation, national laws also apply:

  • In Austria, this is the Federal Act concerning the Protection of Natural Persons with regard to the Processing of Personal Data (Datenschutzgesetz, DSG).

  • In Germany, this is the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

If further regional or national laws apply, we will inform you in the following sections.

Contact Details of the Controller

If you have any questions about data protection or the processing of personal data, please use the following contact details of the responsible person/entity:

Timna Rosenthaler
Groß-Schollach 60
3382 Groß-Schollach
Email: hallo@timnarosenthaler
Imprint: https://timnarosenthaler.at//imprint-dataprivacy

Storage Period

As a general principle, we only store personal data for as long as is absolutely necessary to provide our services and products. This means that we delete personal data once the reason for processing no longer exists. In some cases, however, we are legally obliged to retain certain data even after the original purpose has ceased, for example for accounting purposes.

If you request the deletion of your data or withdraw your consent to data processing, the data will be deleted as quickly as possible, provided there is no legal obligation to retain it.

Where we can provide more precise information on the storage period of specific data processing, you will find these details further below.

Rights under the General Data Protection Regulation (GDPR)

In accordance with Articles 13 and 14 GDPR, we inform you of the following rights you are entitled to, ensuring fair and transparent data processing:

  • Right of access (Art. 15 GDPR): You have the right to know whether we process personal data about you. If we do, you are entitled to obtain a copy of the data and information such as:

    • the purpose of processing;

    • the categories of data processed;

    • the recipients of the data, and, if transferred to third countries, how security is ensured;

    • the duration of storage;

    • the existence of rights to rectification, deletion, restriction, or objection;

    • the right to lodge a complaint with a supervisory authority;

    • the source of the data, if not collected from you directly;

    • whether profiling takes place, i.e. whether data is automatically analyzed to create a personal profile.

  • Right to rectification (Art. 16 GDPR): You can request the correction of inaccurate data.

  • Right to erasure (Art. 17 GDPR, “right to be forgotten”): You can request that we delete your data.

  • Right to restriction (Art. 18 GDPR): You can request that we only store but not otherwise process your data.

  • Right to data portability (Art. 20 GDPR): Upon request, we will provide your data in a commonly used format.

  • Right to object (Art. 21 GDPR): You may object to processing, particularly if it is based on Article 6(1)(e) GDPR (public interest/official authority) or Article 6(1)(f) GDPR (legitimate interests). We will review as quickly as possible whether we can comply with your objection.

  • If your data is used for direct marketing, you may object at any time, and we will no longer use your data for that purpose.

  • If your data is used for profiling, you may likewise object at any time, and we will stop using your data for profiling.

  • Right not to be subject to automated decision-making (Art. 22 GDPR): Under certain conditions, you have the right not to be subject to a decision based solely on automated processing (including profiling).

  • Right to lodge a complaint (Art. 77 GDPR): You can contact a supervisory authority at any time if you believe that the processing of your personal data violates the GDPR.

In short: you have rights – please do not hesitate to contact the responsible entity listed above!

If you believe your data is being processed unlawfully or that your data protection rights are otherwise being violated, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority (Datenschutzbehörde), website: https://www.dsb.gv.at/.

In Germany, each federal state has its own Data Protection Commissioner. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

For our company, the following local authority is competent:

Austrian Data Protection Authority
Head: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Wherever possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to infer personal information from our data.

Article 25 GDPR refers to “data protection by design and by default,” meaning that both software (e.g. forms) and hardware (e.g. server room access) must always be developed and maintained with security in mind. Where relevant, we will outline specific measures below.

TLS Encryption with HTTPS

TLS, encryption, and HTTPS may sound technical – and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the Internet.

This means that the entire transmission of data between your browser and our web server is secured – no one can “listen in.”

This provides an extra layer of security and ensures compliance with data protection by design (Article 25(1) GDPR). With TLS (Transport Layer Security), a protocol for secure data transmission, we can ensure the protection of confidential information.

You can recognize this secure data transmission by the small padlock icon in the top left corner of your browser (next to the web address) and by the use of https instead of http in our web address.

If you want to learn more about encryption, we recommend searching for “Hypertext Transfer Protocol Secure wiki” for useful links to further information.

Communication

Summary
👥 Data subjects: All individuals who communicate with us via phone, email, or online form
📓 Data processed: e.g. phone number, name, email address, form entries (details vary by method of communication)
🤝 Purpose: To handle communication with customers, business partners, etc.
📅 Storage period: Duration of the business case and statutory retention periods
⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interests)

When you contact us via phone, email, or online form, personal data may be processed. These data are processed for handling your inquiry and the related business transaction and are stored as long as necessary for that purpose and as long as legal obligations require.

Data Subjects

All individuals who contact us through the communication channels we provide are affected.

Telephone

When you call us, call data are stored on the respective device and with the telecommunications provider in a pseudonymized manner. In addition, details such as your name and phone number may be forwarded via email and stored for the purpose of responding to your inquiry. The data are deleted once the business case has been completed, provided legal requirements allow.

Email

When you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and on our email server. Data are deleted once the business case has been completed, provided legal requirements allow.

Online Forms

When you use an online form to contact us, the data are stored on our web server and may be forwarded to one of our email addresses. The data are deleted once the business case has been completed, provided legal requirements allow.

Legal Bases

The processing of data is based on the following legal grounds:

  • Art. 6(1)(a) GDPR (consent): You give us consent to store your data and use it for purposes relating to the business case.

  • Art. 6(1)(b) GDPR (contract): Processing is necessary for the performance of a contract with you or with a processor such as a telecommunications provider, or for pre-contractual measures like preparing an offer.

  • Art. 6(1)(f) GDPR (legitimate interests): We want to conduct customer inquiries and business communications in a professional manner. To do this, certain technical systems (e.g. email programs, exchange servers, mobile operators) are necessary to enable efficient communication.

Data Processing Agreement (DPA)

In this section, we want to explain what a Data Processing Agreement is and why it is necessary. Since the term Data Processing Agreement is a bit of a tongue twister, we will often use the acronym DPA throughout this text. Like most companies, we do not work alone but also make use of services provided by other companies or individuals. By involving different companies or service providers, it may happen that we pass on personal data for processing. These partners then act as processors, with whom we conclude a contract – the so-called Data Processing Agreement (DPA).

The most important thing for you to know is that the processing of your personal data takes place exclusively according to our instructions and must be governed by the DPA.

Who are processors?

As a company and website owner, we are responsible for all the data we process from you. In addition to controllers, there can also be so-called processors. This includes any company or individual who processes personal data on our behalf.

More precisely, according to the GDPR definition: any natural or legal person, public authority, agency, or other body which processes personal data on our behalf is considered a processor.

Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies like Google or Microsoft.

To better understand the terminology, here is an overview of the three GDPR roles:

  • Data Subject (you as a customer or prospect) →

  • Controller (us as the company and client) →

  • Processor (service providers such as web hosting or cloud providers)

Contents of a Data Processing Agreement

As already mentioned above, we have concluded DPAs with our partners who act as processors. The key point is that the processor must process the relevant data exclusively in accordance with the GDPR.

The contract must be in writing, although electronic conclusion also counts as "in writing." Processing of personal data only takes place on the basis of the contract.

The agreement must include the following:

  • Binding to us as the controller

  • Duties and rights of the controller

  • Categories of data subjects

  • Type of personal data

  • Nature and purpose of the processing

  • Object and duration of the processing

  • Place of processing

In addition, the contract includes all obligations of the processor. The most important ones are:

  • Ensuring data security measures

  • Taking appropriate technical and organizational measures to protect the rights of the data subject

  • Keeping a record of processing activities

  • Cooperating with supervisory authorities upon request

  • Conducting a risk analysis regarding the received personal data

  • Sub-processors may only be engaged with the written approval of the controller

To see what such a DPA looks like in practice, you can take a look at this sample contract:
👉 WKO Sample DPA (in German)

Cookies

Cookies Summary
👥 Data subjects: Website visitors
🤝 Purpose: Depends on the specific cookie. More details can be found below or from the software provider that sets the cookie.
📓 Processed data: Depends on the specific cookie. More details can be found below or from the software provider that sets the cookie.
📅 Storage period: Varies from hours to years depending on the cookie
⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What are cookies?
Our website uses HTTP cookies to store user-specific data.

Below, we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you browse the Internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser—these files are called cookies.

The fact is: cookies are very useful helpers. Almost all websites use cookies. More precisely, they use HTTP cookies, since there are also other types for other applications. HTTP cookies are small files stored by our website on your computer. These cookie files are automatically placed into your browser’s cookie folder—the "memory" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data such as language or personal page settings. When you revisit our site, your browser sends the “user-related” information back to our page. Thanks to cookies, our website knows who you are and can provide your familiar settings. In some browsers, each cookie has its own file, while in others like Firefox, all cookies are stored in a single file.

Additional National Laws

In addition to the EU Regulation, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), abbreviated as DSG.

  • In Germany, the Federal Data Protection Act, abbreviated as BDSG, applies.

If other regional or national laws apply, we will inform you in the following sections.

Contact Details of the Controller

If you have any questions about data protection or the processing of personal data, you can find the contact details of the responsible person or entity below:

Timna Rosenthaler
Groß-Schollach 60
3382 Groß-Schollach
📧 E-mail: hallo@timnarosenthaler
📑 Legal notice: https://timnarosenthaler.at/imprint-dataprivacy

Storage Duration

As a general principle, we only store personal data for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for its processing no longer exists.

In some cases, we are legally required to retain certain data even after the original purpose has ceased—for example, for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it.

We will inform you further below about the specific duration of each type of data processing, where we have additional information.

Rights under the General Data Protection Regulation (GDPR)

According to Articles 13 and 14 of the GDPR, we inform you about the following rights you have to ensure fair and transparent data processing:

  • Right of access (Art. 15 GDPR): You have the right to know whether we process personal data about you. If so, you have the right to obtain a copy of the data and the following information:

    • The purpose of the processing

    • The categories (types) of data processed

    • The recipients of the data and, if data is transferred to third countries, how security is ensured

    • The storage duration of the data

    • The existence of the rights to rectification, erasure, restriction of processing, and objection

    • That you may lodge a complaint with a supervisory authority (links to these authorities are provided below)

    • The source of the data, if it was not collected from you

    • Whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you

  • Right to rectification (Art. 16 GDPR): You have the right to have inaccurate data corrected.

  • Right to erasure (Art. 17 GDPR, “Right to be forgotten”): You may request the deletion of your data.

  • Right to restriction of processing (Art. 18 GDPR): You may request that your data only be stored but no longer processed.

  • Right to data portability (Art. 20 GDPR): Upon request, we must provide you with your data in a commonly used format.

  • Right to object (Art. 21 GDPR): You may object to the processing of your data.

    • If the processing is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interests), we will review as quickly as possible whether we can legally comply with your objection.

    • If data is used for direct marketing, you may object at any time. We must then stop processing your data for this purpose.

    • If data is used for profiling, you may object at any time, and we must stop using your data for this purpose.

  • Right not to be subject to automated decision-making (Art. 22 GDPR): You may have the right not to be subject to a decision based solely on automated processing (including profiling).

  • Right to lodge a complaint (Art. 77 GDPR): You may lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.

👉 In short: You have rights – don’t hesitate to contact the responsible office listed above!

Complaints to Supervisory Authorities

If you believe that the processing of your data violates data protection law or that your rights have otherwise been infringed, you may lodge a complaint with a supervisory authority.

  • In Austria, this is the Data Protection Authority, website: https://www.dsb.gv.at/

  • In Germany, each federal state has its own data protection officer. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

For our company, the competent supervisory authority is:

Austrian Data Protection Authority
Leiter: Dr. Matthias Schmidl
📍 Address: Barichgasse 40-42, 1030 Vienna
📞 Phone: +43 1 52 152-0
📧 E-mail: dsb@dsb.gv.at
🌐 Website: https://www.dsb.gv.at/

Security of Data Processing

To protect personal data, we have implemented both technical and organizational measures. Wherever possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our capabilities, for third parties to infer personal information from our data.

Article 25 GDPR refers to "data protection by design and by default," meaning that both in software (e.g., forms) and hardware (e.g., server room access), security must always be considered and appropriate measures implemented.

We will explain specific measures further below, where relevant.

TLS Encryption with HTTPS

TLS, encryption, and HTTPS may sound technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the Internet.

This means that the entire transmission of data from your browser to our web server is secured – no one can “listen in.”

This adds an extra layer of security and ensures data protection by design (Article 25(1) GDPR). By using TLS (Transport Layer Security), a protocol for secure data transmission, we can guarantee the protection of confidential data.

You can recognize this security measure by the small padlock symbol at the top left of your browser, next to the web address (e.g., example.com), and by the use of the scheme https (instead of http) in our Internet address.

If you would like to learn more about encryption, we recommend searching for "Hypertext Transfer Protocol Secure wiki" for good resources.

Communication

Communication Summary
👥 Data subjects: Anyone communicating with us via phone, e-mail, or online form
📓 Processed data: e.g., phone number, name, e-mail address, form entries. More details can be found in the specific contact method below.
🤝 Purpose: Handling communication with customers, business partners, etc.
📅 Storage duration: Duration of the business case and legal requirements
⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract), Art. 6(1)(f) GDPR (legitimate interests)

When you contact us via phone, e-mail, or online form, personal data may be processed. The data is used to handle and respond to your inquiry and the associated business transaction. The data is stored for as long as necessary for the business case or as required by law.

Data subjects
All persons who contact us through the communication methods we provide are affected by these processes.

Phone
If you call us, call data is pseudonymized and stored on the respective device and by the telecommunications provider. Data such as name and phone number may also be sent by e-mail afterward and stored to respond to the inquiry. Data is deleted once the business case has ended and if legal requirements allow it.

E-mail
If you communicate with us via e-mail, data may be stored on the device you use (computer, laptop, smartphone, etc.) and on the e-mail server. The data is deleted once the business case has ended and if legal requirements allow it.

Online forms
If you communicate with us via an online form, data is stored on our web server and may also be forwarded to one of our e-mail addresses. The data is deleted once the business case has ended and if legal requirements allow it.

Legal Bases

The processing of data is based on the following legal bases:

  • Art. 6(1)(a) GDPR (Consent): You give us your consent to store and use your data for purposes related to the business case.

  • Art. 6(1)(b) GDPR (Contract): Processing is necessary for the performance of a contract with you or with a processor (e.g., telephone provider), or for pre-contractual measures (e.g., preparing an offer).

  • Art. 6(1)(f) GDPR (Legitimate Interests): We want to handle customer inquiries and business communication in a professional manner. This requires certain technical facilities such as e-mail programs, exchange servers, and mobile operators to ensure efficient communication.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to access your data, update it, delete it, or restrict its processing. With the browser add-on for disabling Google Analytics JavaScript (analytics.js, gtag.js), you can prevent Google Analytics 4 from using your data. You can download and install the browser add-on here:
👉 https://tools.google.com/dlpage/gaoptout?hl=en

Please note that this add-on only disables data collection by Google Analytics.

If you generally want to disable, delete, or manage cookies, you can find the appropriate instructions under the “Cookies” section for the most commonly used browsers.

Legal Basis

The use of Google Analytics requires your consent, which we obtained through our cookie popup. This consent constitutes the legal basis under Art. 6(1)(a) GDPR (consent) for the processing of personal data that may occur through web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to improve our offering technically and economically. With Google Analytics, we can identify website errors, detect potential attacks, and improve efficiency. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). We only use Google Analytics to the extent that you have given consent.

Google also processes your data in the USA, among other locations. Google participates in the EU–US Data Privacy Framework, which ensures secure and lawful transfer of personal data of EU citizens to the USA. More information:
👉 EU Commission – Data Privacy Framework

Google also uses Standard Contractual Clauses (SCCs, Art. 46(2) and (3) GDPR). SCCs are templates provided by the EU Commission to ensure that your data complies with European data protection standards even when transferred to third countries (like the USA). By using both the EU–US Data Privacy Framework and SCCs, Google commits to maintaining EU data protection standards even if data is stored, processed, or managed in the USA. These clauses are based on an EU Commission implementing decision:
👉 EU Commission Decision 2021/914

Google Ads Data Processing Terms, which reference SCCs, can be found here:
👉 Google Ads Data Processing Terms

More information on Google Analytics:

  • Terms of Service

  • Support & Privacy Info

  • Google Privacy Policy

Data Processing Agreement (DPA) with Google Analytics

In accordance with Art. 28 GDPR, we have a Data Processing Agreement (DPA) with Google. This legally required contract ensures Google processes data only according to our instructions and in compliance with the GDPR.

The DPA is available here:
👉 Google Ads Data Processing Terms

Google Analytics IP Anonymization

We have enabled IP anonymization on this website. Google developed this feature to comply with data protection laws and recommendations of local authorities prohibiting full IP storage. IP anonymization occurs when addresses enter Google Analytics’ collection network and before any storage or processing.

More info:
👉 Google Support – IP Anonymization

Social Media Introduction

Social Media Privacy Policy Summary

👥 Data subjects: Website visitors
🤝 Purpose: Display and optimization of our services, contact with visitors, potential customers, and advertising
📓 Processed data: Data such as phone numbers, email addresses, contact details, user behavior, device information, and IP address
📅 Storage duration: Depends on the platform
⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is Social Media?

In addition to our website, we are active on various social media platforms. These platforms may process data to target users interested in our services. Social media elements may also be embedded directly into our website, e.g., via social buttons linking to our social media profiles. Social media refers to websites and apps where registered users produce content, share it openly or in groups, and network with others.

Why we use Social Media

Social media platforms have long been key places for online communication. Our presence allows us to promote our products and services and provide users easy access to our content via embedded social media elements. The data collected primarily serves to conduct web analysis, allowing for improved personalized marketing and advertising strategies. Cookies are often set in your browser to store usage data.

We generally remain responsible for data processing, even when using social media platform services. However, the European Court of Justice has ruled that in some cases the platform operator and we may be jointly responsible under Art. 26 GDPR. We provide details in the respective platform sections if applicable.

Data may also be processed outside the EU, e.g., by US-based platforms like Facebook or Twitter, which may affect your ability to enforce data protection rights.

What data is processed?

Data varies by platform but typically includes phone numbers, emails, data entered into contact forms, usage data (e.g., clicks, likes, follows), timestamps, device information, and IP addresses. Most data is stored in cookies. If you are logged in, data may be linked to your profile.

All data collected is stored on platform servers, giving the provider sole access. To know exactly which data is stored, review the privacy policy of the respective platform.

Data retention

Platforms store data as long as necessary for their purposes. Customer data matched with user data is typically deleted within two days. Personal data is generally only retained as long as required to provide our services or comply with legal obligations.

Right to object

You can withdraw consent to cookies or third-party social media elements at any time via our cookie management tool or other opt-out mechanisms. You can also manage, disable, or delete cookies directly in your browser.

Legal basis

If you have given consent for embedded social media elements, that consent serves as the legal basis (Art. 6(1)(a) GDPR). Additionally, we may process data on the basis of legitimate interests (Art. 6(1)(f) GDPR). We only use social media tools if consent is given. Most platforms set cookies, so we recommend reviewing our cookies and platform-specific privacy policies.

Instagram Privacy Policy

Summary

👥 Data subjects: Website visitors
🤝 Purpose: Service optimization
📓 Processed data: User behavior, device information, IP address
📅 Storage duration: Until Instagram no longer requires it
⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is Instagram?

Instagram is a social media platform by Instagram LLC, Menlo Park, USA, and a subsidiary of Meta Platforms Inc. Embedding Instagram content on our website allows us to display photos, videos, and buttons. Data is transmitted to Instagram regardless of whether you have an account. Instagram uses the same systems as Facebook, processing data across Meta companies.

Why we use Instagram

Instagram allows us to enrich our website content with visual media and target personalized advertising via Meta. We also receive aggregated statistics to better understand interests, without identifying individual users.

What data does Instagram store?

Data is sent to Instagram servers via browser interaction, including web usage, device info, purchases, ads viewed, and timestamps. If logged in, Instagram stores additional account data. Customer data may be hashed before transfer. Event data tracks user behavior and may be combined with contact info. Cookies transmit much of this data.

Cookies used

Examples (without claiming completeness):

  • csrftoken: Security against request forgery; expires in 1 year

  • mid: Unique user ID; session expiry

  • fbsr_112816342124024: Login request for Instagram app; session expiry

  • rur: Ensures functionality; session expiry

  • urlgen: Marketing purposes; session expiry

Data retention varies; most Instagram data is anonymized/deleted after 90 days.

Data deletion and prevention

You can manage Instagram data in settings. To fully delete, you must permanently delete your Instagram account via the help section. Cookies can be managed or deleted in your browser.

Instagram data may also be processed in the USA under the EU–US Data Privacy Framework and SCCs. More info:
👉 Instagram Privacy Center

Blogs and Publishing Media

Summary

👥 Data subjects: Website visitors
🤝 Purpose: Service optimization, communication, security, management
📓 Processed data: Contact info, IP address, published content
📅 Storage duration: Depends on the tools used
⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests), Art. 6(1)(b) GDPR (contract)

What are Blogs and Publishing Media?

Blogs allow communication between users and us. Data may be stored to ensure proper display, functionality, and security. Specific data depends on the tools used.

Why we use Blogs

We aim for interactive exchange and to provide engaging content. Users can comment or publish posts.

What data is processed?

Typically IP address, username, and content are stored for security, spam prevention, and legal reasons. Cookies may also be used.

Data retention

Data is stored as long as needed for service provision unless legally required otherwise.

Right to object

Consent for cookies or third-party communication tools can be withdrawn via our cookie management tool or browser settings.

Legal basis

We use communication tools primarily based on legitimate interests (Art. 6(1)(f) GDPR). Contract-related usage is based on Art. 6(1)(b) GDPR. Consent governs certain processing (Art. 6(1)(a) GDPR).

Cloud Services

Summary

👥 Data subjects: Website operators and visitors
🤝 Purpose: Security and data storage
📓 Processed data: IP address, name, technical data (e.g., browser version)
📅 Storage duration: Usually until no longer needed for service fulfillment
⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What are Cloud Services?

Cloud services provide us, as website operators, with storage space and computing power over the internet. Data can be transmitted, processed, and stored on an external system via the internet. The management of this data is handled by the respective cloud provider. Depending on the requirements, an individual or a company can choose the amount of storage or computing power. Access to cloud storage is usually via an API or storage protocols. An API, or Application Programming Interface, is a software interface that connects software with hardware components.

Why do we use Cloud Services?

We use cloud services for several reasons. Cloud services allow us to store data securely. Additionally, we can access the data from multiple locations and devices, providing greater flexibility and facilitating our work processes. Cloud storage also saves costs, as we do not need to build or manage our own infrastructure for data storage and security. Centralized storage in the cloud allows us to expand our applications and manage our information more effectively.

As website operators or a company, we primarily use cloud services for our own purposes. For example, we use them to manage calendars, store documents, or other important information. However, personal data you provide may also be stored. This occurs, for example, when you provide contact information (such as name and email address) and we store our customer data with a cloud provider. Consequently, data we process may be stored and processed on external servers.

If certain forms or content on our website rely on cloud services, cookies may also be set for web analytics and advertising purposes. Such cookies may remember your settings (for example, the language used) so that your preferred website environment is maintained during your next visit.

What data is processed by Cloud Services?

Many of the data stored in the cloud have no personal reference, but some are considered personal data under the GDPR. Common examples include customer data such as name, address, IP address, or phone number, as well as technical device information. Cloud services may also store videos, images, and audio files.

How the data is collected and stored depends on the service. We strive to only use services that handle data professionally and securely. Generally, services like Amazon Drive have access to stored files to provide their services. Permissions, such as the right to copy files for security purposes, may be required. Data is processed and managed according to applicable laws, including GDPR for U.S.-based providers (via Standard Contractual Clauses). Some cloud services may also work with third-party providers who process data according to instructions, privacy policies, and security measures.

It is important to note that well-known cloud services (such as Amazon Drive, Google Drive, or Microsoft OneDrive) may reserve the right to access stored content to provide and optimize their services.

Data Retention

Information on the duration of data processing is provided below, if available. Generally, cloud services store data until you or we revoke the storage or delete the data. Personal data is only retained as long as necessary to provide services. Complete deletion from the cloud may take several months because data is often stored across multiple servers.

Right to Object

You have the right to withdraw consent for cloud storage at any time. If cookies are used, you can also revoke consent for them. This can be done via our cookie management tool or other opt-out functions. You may also prevent cookie-based data collection by managing, disabling, or deleting cookies in your browser. We also recommend reviewing our general privacy policy on cookies and the privacy policies of individual cloud providers for details on which data is stored and processed.

Legal Basis

We primarily use cloud services based on our legitimate interests (Art. 6(1)(f) GDPR) for secure storage and reliable systems.

Certain processing, especially the use of cookies and storage functions, requires your consent. If you have consented to the processing and storage of your data by cloud services, that consent constitutes the legal basis for processing (Art. 6(1)(a) GDPR). Most services set cookies in your browser to store data. We therefore recommend reviewing our privacy text on cookies and the privacy policies or cookie policies of the respective service providers.

Explanation of Terms

We strive to make our privacy policy as clear and understandable as possible. Technical and legal terms can be difficult to explain, but we aim to define important terms used throughout this policy.

Supervisory Authority
Definition (Art. 4 GDPR): An independent public authority established by a member state under Article 51.
Explanation: Supervisory authorities are state entities responsible for monitoring compliance with data protection. In Austria, this is the Austrian Data Protection Authority; in Germany, each federal state has its own authority.

Processor
Definition (Art. 4 GDPR): A natural or legal person, authority, or other entity that processes personal data on behalf of the controller.
Explanation: We are responsible for all data we process. A processor is any company or individual that processes data on our behalf, such as hosting providers, cloud services, payment providers, or large companies like Google or Microsoft.

Consent
Definition (Art. 4 GDPR): Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, expressing agreement to the processing of personal data.
Explanation: On websites, consent is usually obtained via cookie consent tools. If you do not consent, no personal data may be processed. Consent can also be provided in writing.

Personal Data
Definition (Art. 4 GDPR): Any information relating to an identified or identifiable natural person.
Explanation: Personal data includes, for example, name, address, email, phone number, birthdate, identification numbers, bank details, and IP addresses. Special categories include racial/ethnic origin, political opinions, religious beliefs, union membership, genetic data, biometric data, health data, and sexual orientation.

Profiling
Definition (Art. 4 GDPR): Any automated processing of personal data to evaluate personal aspects, particularly to analyze or predict behavior, preferences, reliability, or location.
Explanation: Profiling is often used for targeted advertising or credit assessment.

Controller
Definition (Art. 4 GDPR): A natural or legal person, authority, or entity that determines the purposes and means of processing personal data.
Explanation: We are the controller responsible for your data. Entities processing data on our behalf are processors under a data processing agreement.

Processing
Definition (Art. 4 GDPR): Any operation performed on personal data, including collection, organization, storage, use, disclosure, restriction, or deletion.
Explanation: “Processing” in this policy refers to any form of data handling.

Personal Data Breach
Definition (Art. 4 GDPR): A breach of security that leads to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data.
Explanation: Data breaches may result from leaks, technical issues, or cyberattacks. High-risk breaches must be reported to authorities and affected individuals.

Closing Statement

Congratulations! If you’ve read this far, you’ve made it through our entire privacy policy. As you can see from its length, we take the protection of your personal data very seriously.

We aim to inform you clearly about the processing of your personal data, including the reasons for using various software programs. Privacy policies are often technical and legal, but we have tried to present information in plain, clear language whenever possible.

For questions regarding data protection on our website, please contact us or the responsible authority. We hope you enjoy your time on our site and look forward to welcoming you again.

All texts are copyright-protected.
Source: Created with the Privacy Policy Generator Austria by AdSimple