Data Protection Declaration - Klausnerhof

Data Protection Declaration

This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and associated websites, functions and content, as well as external online presences, such as our social media profile (hereinafter referred to collectively as "online offer”). With regard to the terminology used e.g.  “processing" or “controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Hotel Klausnerhof 4*

Family Klausner, Martin Klausner e.U.

Hintertux 770

A-6294 Hintertux

www.klausnerhof.at/service/impressum/

Types of processed data:

  • Stock data (e.g. names, addresses).
  • Contact details (e.g. e-mail, telephone numbers).
  • Content data (e.g. text entries, photographs, videos).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Meta/communication data (e.g. device information, IP addresses).

Categories of affected persons

Visitors and users of the online offer (hereinafter referred to collectively as "users").

Purpose of processing

  • Provision of the online offer, its functions and contents.
  • Answering contact requests and communicating with users.
  • Security measures
  • Range measurement/marketing

Terms used

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter the "data subject"). A natural person is considered as identifiable when he/she can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier (e.g. cookie) or to one or more specific features, which express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

"Processing" means any process performed with or without the aid of automated procedures, or any such process associated with personal data. The term has a broad meaning and covers practically all handling of data.

"Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures that ensure the personal data is not attributed to an identified or identifiable natural person. 

“Profiling" means any automated processing of personal data which involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements of that natural person.

The "controller" is the natural or legal person, public authority, agency or other body, who alone or jointly with others determines the purposes and means of processing personal data.

“Processor" means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

Relevant legal basis

In compliance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing in order to fulfil our services necessary for the performance of a contract as well as to answer enquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing in order to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. d GDPR serves as the legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data.

Security measures

In accordance with Art. 32 GDPR, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

In particular, these measures include safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data as well as access to, inputting, forwarding, securing and separating the data. In addition, we have established procedures that ensure the enjoyment of data subject rights, data erasure and data vulnerability.  Furthermore, we take the protection of personal data into account at the time of the design of the processing system or selection of hardware, software and processes, in accordance with the principle of data protection by technology design and by data protection-friendly default settings (Art. 25 GDPR).

Collaboration with processors and third parties

Insofar as we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, pursuant to  Art. 6 Para. 1 lit. b GDPR is necessary for the performance of the contract), if you have consented to this, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). 

If we commission third parties to process data on the basis of a so-called “contract processing contract", this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA), or if this is done in the context of the use of third party services or disclosure or transfer of data to third parties, this will only occur if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests.  Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 ff. of the GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

Rights of data subjects

You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data, as well as for further information and a copy of the data in accordance with Art. 15 GDPR.

You have accordingly, pursuant to  Art. 16 GDPR, the right to request the completion of data concerning you or the correction of incorrect data concerning you.

Pursuant to Art. 17 GDPR, you have the right to demand that the data concerned be deleted immediately or, alternatively, to demand a restriction on the processing of the data pursuant to Art. 18 GDPR.

You have the right to demand that data concerning you that you have made available to us, be obtained in accordance with Art. 20 GDPR, and request its transmission to other responsible parties.  

You also have the right, pursuant to Art. 77 GDPR, to file a complaint with the competent supervisory authority.

Right of revocation

You have the right to revoke consents granted pursuant to Art. 7 para. 3 GDPR, for the future use of your data at any time.

Right to object

You may object at any time to the future processing of the data concerning you in accordance with Art. 21 GDPR. In particular, you may object to the processing of your data for the purposes of direct marketing.

Cookies and right to object to direct advertising

"Cookies" are small files that are stored on users' computers. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user's visit to an online service. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his/her browser. The content of a shopping basket in an online shop or a login jam, for example, can be stored in such a cookie. Cookies are referred to as "permanent" or "persistent" and remain stored even after the browser has been closed.  For example, the login status can be saved if users return after several days. The interests of the users who are used for range measurement or marketing purposes can also be stored in such a cookie. A “third-party cookie” refers to cookies that are offered by providers other than the person who manages the online offer (otherwise, if it is only their cookies, these are called “first-party cookies”).

We may use temporary and permanent cookies and clarify this in the context of our privacy policy.

If users do not want cookies stored on their computer, they will be asked to disable the option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional restrictions of this online offer.


A general objection to the use of cookies used for online marketing purposes can be declared on a variety of services, especially in the case of tracking, via the US website www.aboutads.info/choices/ or the EU website www.youronlinechoices.com. The storage of cookies can also be prevented by deactivating them in the browser settings. Please note that it may subsequently not be possible to use all features of this online offer. 

Deletion of data

The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any statutory storage requirements.
 Unless the data are deleted because they is required for other and legally permitted purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.

According to legal requirements in Germany, the storage takes place specifically for 10 years, in accordance with §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 no. 2 and 3, para. 4 HGB (commercial letters). 

According to legal regulations in Austria, storage takes place specifically for 7 years, according to Art. 132 (1) BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in relation to real estate, and for 10 years in the case of documents relating to electronically supplied services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop (MOSS) is used.

Business-related processing

We also process

  • Contract data (for example, contract object, term, customer category)
  • Payment data (e.g., bank details, payment history)

from our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

Making contact 

When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user's details are processed for the purpose of processing the contact enquiry in accordance with Art. 6 Para. 1 lit. b) GDPR. The user data can be stored in a customer relationship management system ("CRM system") or comparable inquiry organisation.

We delete requests, if they are no longer required. We review the need for continued storage every two years; furthermore, legal archiving obligations apply.

Newsletter 

The following information explains the contents of our newsletter and clarifies the procedures for registration, shipping and statistical evaluation, as well as your right to cancel subscription at any time. By subscribing to our newsletter, you declare your consent to receive the newsletter and agree to the procedures described.

Content of Newsletters We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the express consent of the recipient or legal permission. Insofar as the contents of the newsletter are specifically described within the scope of registration, they are decisive for the consent of the recipient. Furthermore, our newsletters contain information about our products and accompanying information (e.g. safety instructions), offers, promotions and our company.

Double-opt-in and subscription data storage: Subscription to our newsletter follows a double opt-in procedure. That means after registering, users receive an e-mail requesting confirmation of the subscription. This confirmation is required to ensure subscribers use their own e-mail addresses and not those of third-parties. In order to maintain that subscription procedures follow legal requirements, all newsletter subscriptions will be recorded. This includes storage of subscription details and the time of confirmation, as well as the IP address. Similarly, any changes to your data will be stored with the dispatch service provider.

Subscriber’s credentials: In order to sign-up for the newsletter, subscribers’ must provide their e-mail address. For the purposes of writing personal salutations on the newsletter and invitations we also request user’s names.

The dispatch of the newsletter and the related performance assessment is based on the consent of the recipients in accordance with Art. 6 Para. 1 lit. a, Art. 7 GDPR in conjunction with § 107 Para. 2 TKG or on legal permission in accordance with § 107 Paras. 2 and 3 TKG.

The registration procedure is recorded on the basis of our legitimate interests pursuant to Art. 6 Par. 1 lit. f GDPR. Our interest lies in the use of a user-friendly and secure newsletter system, which serves both our business interests and the expectations of the users, while allowing us to provide evidence of consent.

Cancellation/revocation - you can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to provide evidence of a previously given consent.  The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time.

Newsletter - Mailchimp

The newsletter is distributed by “MailChimp”, a newsletter dispatch platform of Rocket Science Group, LLC, 675 Ponce De Leon Ave # 5000, Atlanta, GA 30308, USA. You can view the privacy policy of the dispatch service provider here: mailchimp.com/legal/privacy/. The Rocket Science Group LLC is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active ). The dispatch service provider is used on the basis of our legitimate interests pursuant to Art. 6 Par. 1 lit. f GDPR and a contract processing agreement pursuant to Art. 28 (3) para. 1 GDPR.

The dispatch service provider can use the recipient's data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of dispatching and the presentation of the newsletter or for statistical purposes.  However, the dispatch service provider does not use the data of our newsletter recipients to address them themselves or to pass the data on to third parties. 

Newsletter - Performance Assessment

The newsletters contain a so-called "web-beacon", i.e. a file the size of a pixel, which is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from its server. As part of this request, technical information, such as information about the browser and your system, as well as your IP address and time of the request are collected. 

This information is used to improve the technical performance of services based on specifications about the audience and their reading habits, based on their locations (which can be determined using the IP address) or the access times. Also included in the statistical survey is information regarding if the newsletters are opened, when they are opened, and which links are clicked on. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our aim nor that of our dispatch service provider to observe individual users. Instead, we use the information retrieved to learn more about our users reading habits so that we can adapt our content to better serve their interests.

Hosting  

The hosting services we use are designed to provide the following services: infrastructure and platform services, computing capacity, storage and database services, emailing, security and technical maintenance services we use to operate this online service. 

This involves us or our hosting provider processing inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (conclusion of contract processing agreement).

Collection of access data and log files

Based on our legitimate interests within the meaning of Art. 6 (1) (f) GDPR, we or our hosting provider collect data on each access to the server on which this service is located (so-called server log files). The access data include the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until final clarification of the incident in question.

Google Analytics 

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) (f) GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. Information the cookie generates about your use of this website is usually transferred to and stored on a server operated by Google in the USA.

Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.

We only use Google Analytics with activated IP anonymisation. As a result, your IP address will be truncated and anonymised by Google within the area of Member States of the European Union or other parties to the Agreement in the European Economic Area. Only in exceptional cases, is the complete IP address transmitted to a Google server in the USA and shortened there. 

The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. Users can prevent the storage of cookies by setting their browser software accordingly; users may also prevent the collection of the data generated by the cookie and related to their use of the online offer, as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout.

For more information about Google’s data usage, settings and objection options, please read Google’s Privacy Policy (https://policies.google.com/technologies/ads), as well as the settings for displaying pop-up ads by Google (https://adssettings.google.com/authenticated).

The personal data of users will be deleted or anonymised after 14 months. 

Demographic characteristics of Google Analyticss  

This website uses the “demographic features” function of Google Analytics. This allows reports to be generated that contain statements about the age, gender, and interests of site visitors. This data comes from Google’s interest-based advertising and from visitor data made available by third-party providers. This data cannot be assigned to a specific individual. You can opt-out of this feature at any time using the ad preferences in your Google Account.

Google Analytics Remarketing 

Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. These are provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This feature enables you to link the advertising target groups created with Google Analytics and remarket with the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-based, personalised advertising messages that have been customised based on your previous usage and browsing behaviour on one end device (e.g., cell phone) may also be displayed on another of your end devices (e.g., tablet or PC). Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. This allows the same personalised advertising messages to be placed on every terminal device on which you log in with your Google Account.

To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising. You can permanently opt out of cross-device remarketing/targeting by opting out of personalized advertising in your Google Account by following this link: www.google.com/settings/ads/onweb/. The data collected in your Google Account will only be aggregated on the basis of your consent, which you may give or revoke to Google (Art. 6 para. 1 lit. a GDPR). In the case of data collection processes that are not consolidated in your Google Account (e.g. because you do not have a Google Account or have objected to the consolidation), the data collection is based on Art. 6 para. 1 lit. f GDPR.  The legitimate interest arises from the fact that the website operator has an interest in the anonymous analysis of website visitors for advertising purposes. Further information and the data protection regulations can be found in Google's data protection declaration at: www.google.com/policies/technologies/ads/.

Google Tag Manager 

This website uses the Google Tag Manager. This service allows website tags to be managed through a single interface. Google Tag Manager only implements tags. No cookies are set and no personal information is collected. Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager.  More information about the Google Tag Manager can be found at the following link: www.google.de/tagmanager/use-policy.html. The user has the option to prevent the sending of all tags by Google Tag Manager. To do this, the user must click on the following opt-out link to place the Google Tag Manager deactivation cookie in their browser. Click here to opt out of Google Tag Manager tracking. In some cases, we may ask your permission to share product information (such as your account information) with other Google products to enable certain features, such as making it easier to add new conversion tracking tags for AdWords. Furthermore, our development team periodically reviews product usage information to further optimise those products. However, such information will not be shared with other Google products without your consent. For more information, please visit: www.google.de/tagmanager/use-policy.html.

Google AdWords Conversion Tracking  

This website also uses Google Conversion Tracking. If you access our website via a Google ad, Google Adwords stores a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. If a user visits certain pages of an Adwords customer's website and the cookie stored on their computer has not expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Every Adwords customer receives a different cookie. Cookies can therefore not be traced via the websites of Adword customers. The information gathered using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers will know the total number of users who clicked on their ad and were directed to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users. If you do not want to participate in the tracking process, you can also refuse the required setting of a cookie - for example, via a browser setting that generally disables the automatic setting of cookies. 

You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the "www.googleadservices.com” domain.  Google's privacy policy for conversion tracking can be found here

Hotjar

This website uses Hotjar: analysis software from Hotjar Ltd. "("Hotjar") (http://www.hotjar.com, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe). Hotjar makes it possible to measure and evaluate usage behaviour (clicks, mouse movements, scroll heights, etc.) on our website. The information generated by the "Tracking Code" and "Cookie" about your visit to our website is transmitted to and stored on Hotjar servers in Ireland.  

The tracking code collects the following information:

  • Device related data
  • The following information can be recorded by your device and your browser:
  • The IP address of your device (collected and stored in an anonymous format)
  • Your e-mail address including your first and last name, if you have provided it to us via our website.
  • Screen size of your device
  • Device type and browser information
  • Geographical position (country only)
  • The preferred language to display our website
  • User interactions
  • Mouse events (movement, position and clicks)
  • Keystrokes
  • Log data

The following data is automatically generated by our servers when Hotjar is used

  • Related domain
  • Visited pages
  • Geographical position (country only)
  • The preferred language to display our website
  • Date and time when the website was accessed

Hotjar will use this information for the purpose of evaluating your use of our website, compiling reports on website usage and providing other services relating to website usage and internet evaluation of the website. Hotjar also uses third-party services such as Google Analytics and Optimizely to provide services. These third party companies may store information that your browser sends when you visit the website, such as cookies or IP requests. For more information on how Google Analytics and Optimizely store and use data, please refer to their respective privacy policies. If you continue to use this website, you consent to the processing of such data by Hotjar and its third party providers as described above in their privacy policies.  The cookies that Hotjar uses have differing "lifetimes"; some remain valid for up to 365 days, some remain valid only during the current visit. You can prevent Hotjar from collecting this information by clicking on the following link and following its instructions: www.hotjar.com/legal/compliance/opt-out .

Online Presence in Social Media

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.  

Unless otherwise stated in our data protection declaration, we process the data of users who communicate with us within social networks and platforms, e.g. post articles on our online presence or send us messages.

Integration of services and contents of third parties

As part of our online offer, we use content or services offered by third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer pursuant to Art. 6 Para. 1 lit. f. of the GDPR). DSGVO) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").  

This always presupposes that the third-party providers of this content recognise the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavour to use only content whose respective providers use the IP address solely for the delivery of the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online offer. 

Use of Typekit Fonts  

We use Typekit fonts on our website. This allows us to integrate certain fonts into our website. These fonts are provided by Adobe via servers in the USA. When our website is accessed, the visitor's web browser establishes a direct connection to these servers. Among other things, the visitor's IP address is transmitted to Adobe and stored there. Adobe participates in the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework 

Further information about Adobe: Adobe Systems Incorporated, 45 Park Avenue, San Jose, California 95110, USA. Further information on data protection when using Typekit: www.adobe.com/de/privacy/policies/typekit.html&nbsp

Google Maps

We include maps from the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, users’ IP addresses and location data, but these are not collected without their consent (usually as part of the settings on their mobile devices). The data can be processed in the USA. Privacy Policy: https://www.google.com/policies/privacy/ , Opt-Out: https://adssettings.google.com/authenticated .

Use of Facebook Social Plugins

We use Social Plugins ("Plugins") from the social network facebook.com on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer, pursuant to Art. 6 Para. 1 lit. f. GDPR), operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").  The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white "f" on a blue square, the terms "like", "like" or a "thumbs up" sign) or are additionally marked with "Facebook Social Plugin".  The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/ .

Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participantid=a2zt0000000GnywAAC&status=Active ).

When a user calls up a function of this online service that contains such a plugin, his/her device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to the user's device, which will integrate it into the online offer. During this process, user profiles can be created from the processed data. We therefore have no influence on the extent of the data that Facebook collects with the help of this plugin and therefore inform the user accordingly.

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his/her Facebook account. If users interact with the plugins, for example, activate the "Like" button or enter a comment, the corresponding information will be transmitted directly from their device to Facebook and saved there. If a user is not a member of Facebook, there is still the possibility that Facebook can find out his/her IP address and save it. According to Facebook, only anonymous IP addresses are stored in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options to protect the privacy of users can be found in Facebook's data protection information: www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about him or her via this online service and link it to the member data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using our online service. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads  or via the US page http://www.aboutads.info/choices/  or the EU page http://www.youronlinechoices.com/ . The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

Shariff sharing features

We use the privacy-protected "Shariff" buttons. "Shariff" is designed to allow more privacy on the network and replace the usual "share" buttons on social networks. In this case, it is not the user's browser, but the server on which this online service is located, that establishes a connection with the server of the respective social media platforms and queries, for example, the number of likes, etc.. The user remains anonymous. More information about the Shariff project can be found at the developers of c't magazine: www.ct.de .

Payment via credit card 

You can pay by credit card on our website. Payment data is transferred to VISA and Mastercard in order to process the payment. The legal basis for the processing of your data is accordance with Art. 6 para. 1 lit. f DS-GMO. VISA or Mastercard collect information about the transaction and other information related to the transaction, such as information about goods/services, financial information, information about the interaction between you and VISA or Mastercard, merchant information, including information about payment instruments, device-related information and location data. VISA and Mastercard use the data for payment processing, credit checks, monitoring and improving their services, among other things. For details on data processing and processing purposes, see the privacy policy of VISA or Mastercard: 

https://www.mastercard.at/de-at/datenschutz.html   

https://www.visaeurope.at/datenschutz 

Payment via Klarna 

On our website, you can pay using the Klarna payment service. Payment data is transferred to Klarna in order to process the payment. The legal basis for the processing of your data is accordance with Art. 6 para. 1 lit. f DS-GMO. Klarna collects information about the transaction and other information related to the transaction, such as information about goods/services, financial information, information about the interaction between you and VISA or Mastercard, merchant information, including information about payment instruments, device-related information and location data. Klarna use the data for payment processing, credit checks, monitoring and improving their services, among other things. Details on data processing and processing purposes can be found in the Klarna Privacy Policy: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy  

Klarna transmits your data to a number of third parties, including other companies of the Klarna Group, credit bureaus, service providers and subcontractors. Details can be found in the Klarna Privacy Policy: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy  

Further information about Klarna: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Schweden 

A large proportion of the Data Protection Declaration was created using Datenschutz-Generator.de by RA Dr. Thomas Schwenke.