Privacy policy of the OBERNDORFER Group

We are delighted that you are interested in the OBERNDORFER Group. Data protection is a particularly high priority for us, not only for the management, but also for all employees. It is generally possible to use our website without providing any personal data. However, if you wish to make use of our company's special services via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

By means of this privacy policy, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, data subjects are informed of their rights by means of this privacy policy.

We have implemented numerous technical and organizational measures for the processing of personal data in order to ensure the most complete protection possible for personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone or post.

Unfortunately, it is in the nature of things that these explanations sound very technical, but we have tried to describe the most important things as simply and clearly as possible.

Please send all your questions, complaints and/or suggestions to the following e-mail address: datenschutz [at] oberndorfer.at.

 

Automatic data storage

When you visit our website as you are doing right now, our web server (computer on which this website is stored) automatically saves data such as

  • The address (URL) of the website accessed
  • Browser and browser version
  • The operating system used
  • The address (URL) of the previously visited page (referrer URL)
  • The host name and IP address of the device from which access is made
  • Date and time

in files (web server log files).

As a rule, web server log files are stored for two weeks and then automatically deleted. We do not pass this data on, but we cannot rule out the possibility of this data being viewed in the event of illegal behavior.

 

Cookies

Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

 

What exactly are cookies?

Whenever you surf the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites save small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, the "brain" of your browser, so to speak. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "malware". Cookies also cannot access information on your PC.

This is what cookie data can look like, for example:

Name: _ga
Value: GA1.2.1326744211.152111609605-9
Purpose: Differentiation of website visitors
Expiration date: after 2 years

A browser should be able to support these minimum sizes:

  • At least 4096 bytes per cookie
  • At least 50 cookies per domain
  • At least 3000 cookies in total

 

What types of cookies exist?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly explain the different types of HTTP cookies.

There are 4 different types of cookies:

Essential cookies
These cookies are necessary to ensure basic website functions. For example, these cookies are needed when a user places a product in the shopping cart, then continues surfing on other pages and only goes to the checkout later. These cookies ensure that the shopping cart is not deleted even if the user closes their browser window.

Functional cookies
These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and the behavior of the website with different browsers.

Goal-oriented cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes or form data are saved.

Advertising cookies
These cookies are also known as targeting cookies. They are used to deliver customized advertising to the user. This can be very practical, but also very annoying.

When you visit a website for the first time, you are usually asked which of these types of cookie you would like to allow. And of course this decision is also stored in a cookie.

 

How do I delete cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option of deleting, deactivating or only partially allowing cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, activate and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer 

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is to be set. You can then decide for each individual cookie whether or not to allow it. The procedure differs depending on the browser. It is best to search for the instructions in Google using the search term "delete cookies Chrome" or "deactivate cookies Chrome" in the case of a Chrome browser.

 

What about my data protection?

The so-called "cookie guidelines" have been in place since 2009. These state that you must give your consent for cookies to be stored. However, there are still very different reactions to these directives within the EU countries. In Austria, however, this directive has been implemented in Section 96 (3) of the Telecommunications Act (TKG).

If you would like to know more about cookies and are not afraid of technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

 

Storage of personal data

Personal data that you transmit to us electronically on this website, such as your name, e-mail address, address or other personal details when submitting a form or comments on the blog, will be used by us together with the time and IP address only for the purpose stated in each case, stored securely and not passed on to third parties.

We therefore only use your personal data to communicate with those visitors who expressly request contact and to process the services and products offered on this website. We do not pass on your personal data without your consent, but we cannot rule out the possibility of this data being viewed in the event of unlawful behavior.

If you send us personal data by e-mail - i.e. outside of this website - we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data unencrypted by e-mail.

 

Rights under the General Data Protection Regulation

According to the provisions of the GDPR and the Austrian Data Protection Act (DSG), you have the following rights:

  • Right to rectification (Article 16 GDPR)
  • Right to erasure ("right to be forgotten") (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to notification - notification obligation in connection with the rectification or erasure of personal data or the restriction of processing (Article 19 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object (Article 21 GDPR)
  • Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR)

If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority, which in Austria is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/.

 

Evaluation of visitor behavior

In the following privacy policy, we inform you whether and how we analyze data from your visit to this website. The evaluation of the collected data is generally anonymous and we cannot draw any conclusions about your person from your behavior on this website.

You can find out more about how to object to this analysis of your visit data in the following privacy policy.

 

TLS encryption with https

We use https to transmit data tap-proof on the Internet (data protection through technology design Article 25 (1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small lock symbol at the top left of the browser and the use of the https scheme (instead of http) as part of our Internet address.

 

Mapbox API Privacy Policy

On our website we use the Mapbox API of the American software company Mapbox Inc, 740 15th Street NW, 5th Floor, District of Columbia 20005, USA. Mapbox is an online map tool (open source mapping) that is accessed via an interface (API). By using this tool, your IP address is forwarded to Mapbox and stored, among other things. In this privacy policy, you can find out more about the functions of the tool, why we use it and, above all, what data is stored and how you can prevent this.

What is Mapbox API?

Mapbox is an American software company that offers customized online maps for websites. Mapbox can be used to illustrate content on our website or, for example, to graphically display directions. The maps can be easily integrated into our website using small code snippets (JavaScript code). Among other things, Mapbox offers a mobile-friendly environment, route information is provided in real time and data is visualized.

Why do we use Mapbox API on our website?

We also want to offer you a comprehensive service on our website and this should not simply end with our services or products. No, all of our content should also be of use to you. And this includes, for example, maps that show you the way to our company.

What data is stored by Mapbox API?

When you access one of our subpages that has an integrated online map from Mapbox, data about your user behavior may be collected and stored. This is necessary to ensure that the integrated online maps function properly. It is also possible that data collected by Mapbox will be passed on to third parties, but not personal data. This happens either if this is necessary for legal reasons or if Mapbox is explicitly commissioned by another company. The map content is transmitted directly to your browser and integrated into our website.

Mapbox automatically collects certain technical information when requests are made to the APIs. In addition to your IP address, this includes browser information, your operating system, the content of the request, limited location and usage data, the URL of the website visited and the date and time of the website visit. According to Mapbox, the data is only used to improve its own products. Mapbox also collects randomly generated IDs to analyze user behavior and determine the number of active users.

If you use one of our subpages and interact with an online map, Mapbox sets the following cookie in your browser:

Name: ppcbb-enable-content-mapbox_js
Value: 1605795587111609605-4
Purpose: We have not yet been able to find out more detailed information about the purpose of the cookie.
Expiration date: after one year

Note: In our tests, we did not find any cookies in the Chrome browser, but we did in other browsers.

Where and how long is data stored?

The data collected is stored and processed on the American servers of the company Mapbox. Your IP address is stored for 30 days for security reasons and then deleted. Randomly generated IDs (no personal data) that analyze the use of the APIs are deleted after 36 months.

How can I delete my data or prevent data storage?

If you do not want Mapbox to process data about you or your user behavior, you can deactivate JavaScript in your browser settings. Of course, you will then no longer be able to use the corresponding functions to their full extent.

You have the right to access your personal data at any time and to object to its use and processing. You can manage, delete or deactivate cookies that may be set by Mapbox API in your browser at any time. However, this may prevent the service from functioning fully. The management, deletion or deactivation of cookies works slightly differently for each browser. Below you will find links to the instructions for the most popular browsers:

Chrome: Delete, activate and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer 

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you would like to find out more about data processing by Mapbox, we recommend that you read the company's privacy policy at https://www.mapbox.com/legal/privacy.

 

Google Analytics privacy policy

We use the analysis tracking tool Google Analytics (GA) of the American company Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, when you click on a link, this action is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us to better tailor our website and our service to your wishes. In the following, we will go into more detail about the tracking tool and inform you in particular about what data is stored and how you can prevent this.

What is Google Analytics?

Google Analytics is a tracking tool that is used to analyze traffic on our website. For Google Analytics to work, a tracking code is built into the code of our website. When you visit our website, this code records various actions that you perform on our website. As soon as you leave our website, this data is sent to the Google Analytics servers and stored there.

Google processes the data and we receive reports on your user behavior. These may include the following reports:

  • Target group reports: Target group reports allow us to get to know our users better and know more precisely who is interested in our service.
  • Ad reports: Ad reports make it easier for us to analyze and improve our online advertising.
  • Acquisition reports: Acquisition reports provide us with helpful information on how we can get more people interested in our service.
  • Behavioral reports: This tells us how you interact with our website. We can see which path you take on our site and which links you click on.
  • Conversion reports: Conversion is a process in which you perform a desired action as a result of a marketing message. For example, when you convert from a mere website visitor to a buyer or newsletter subscriber. With the help of these reports, we learn more about how our marketing measures are received by you. This is how we want to increase our conversion rate.
  • Real-time reports: Here we always know immediately what is happening on our website. For example, we can see how many users are currently reading this text.
Why do we use Google Analytics on our website?

Our goal with this website is clear: we want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal.

The statistically analyzed data gives us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it can be found more easily by interested people on Google. On the other hand, the data helps us to better understand you as a visitor. We therefore know exactly what we need to improve on our website in order to offer you the best possible service. The data also helps us to carry out our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.

What data is stored by Google Analytics?

Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This is how Google Analytics recognizes you as a new user. The next time you visit our site, you will be recognized as a "returning" user. All collected data is stored together with this user ID. This is what makes it possible to evaluate pseudonymous user profiles in the first place.

Identifiers such as cookies and app instance IDs are used to measure your interactions on our website. Interactions are all types of actions that you carry out on our website. If you also use other

Google systems (such as a Google account), data generated via Google Analytics may be linked to third-party cookies. Google does not pass on any Google Analytics data unless we as the website operator authorize this. Exceptions may be made if required by law.

The following cookies are used by Google Analytics:

Name: _ga
Value: 2.1326744211.152111609605-5
Purpose: By default, analytics.js uses the _ga cookie to store the user ID. It is generally used to differentiate between website visitors.
Expiration date: after 2 years

Name: _gid
Value: 2.1687193234.152111609605-1
Purpose: The cookie is also used to distinguish website visitors
Expiration date: after 24 hours

Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to reduce the request rate. If Google Analytics is provided via the Google Tag Manager, this cookie is given the name _dc_gtm_ <property-id>.
Expiration date: after 1 minute

Name: AMP_TOKEN
Value: not specified
Purpose: The cookie has a token that can be used to retrieve a user ID from the AMP client ID service. Other possible values indicate a logout, a request or an error.
Expiration date: after 30 seconds up to one year

Name: __utma
Value: 1564498958.1564498958.1564498958.1
Purpose: This cookie can be used to track your behavior on the website and measure performance. The cookie is updated every time information is sent to Google Analytics.
Expiration date: after 2 years

Name: __utmt
Value: 1
Purpose: The cookie is used like _gat_gtag_UA_<property-id> to throttle the request rate.
Expiration date: after 10 minutes

Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.
Expiration date: after 30 minutes

Name: __utmc
Value: 167421564
Purpose: This cookie is used to determine new sessions for returning visitors. It is a session cookie and is only stored until you close the browser.
Expiration date: After closing the browser

Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: The cookie is used to identify the source of traffic to our website. This means that the cookie stores where you came to our website from. This may have been another page or an advertisement.
Expiration date: after 6 months

Name: __utmv
Value: not specified
Purpose: The cookie is used to store user-defined user data. It is always updated when information is sent to Google Analytics.
Expiration date: after 2 years

Note: This list cannot claim to be exhaustive, as Google changes its choice of cookies from time to time.

Here we show you an overview of the most important data that is collected with Google Analytics:

Heatmaps: Google creates so-called heatmaps. Heatmaps allow you to see exactly those areas that you click on. This gives us information about where you are "traveling" on our site.

Session duration: Google defines session duration as the time you spend on our site without leaving it. If you have been inactive for 20 minutes, the session ends automatically.

Bouncerate: A bounce is when you only view one page on our website and then leave our website again.

Account creation: When you create an account on our website or place an order, Google Analytics collects this data.

IP address: The IP address is only displayed in abbreviated form so that no clear assignment is possible.

Location: The IP address can be used to determine the country and your approximate location. This process is also known as IP location determination.

Technical information: Technical information includes your browser type, your internet provider or your screen resolution.

Source of origin: Google Analytics and we are of course also interested in which website or which advertisement brought you to our site.

Other data includes contact details, any ratings, playing media (e.g. when you play a video on our site), sharing content via social media or adding it to your favorites. The list is not exhaustive and is only intended to provide a general overview of data storage by Google Analytics.

How long and where is the data stored?

Google has distributed its servers all over the world. Most of the servers are located in America and therefore your data is usually stored on American servers. Here you can read exactly where the Google data centers are located: https://www.google.com/about/datacen-ters/inside/locations/?hl=de

Your data is distributed on various physical data carriers. This has the advantage that the data can be accessed more quickly and is better protected against manipulation. There are appropriate emergency programs for your data in every Google data center. For example, if the

hardware at Google fails or natural disasters paralyze servers, the risk of a service interruption at Google remains low.

Google Analytics has a standard retention period of 26 months for your user data. Your user data will then be deleted. However, we have the option of choosing the retention period for user data ourselves. We have five options for this:

  • Deletion after 14 months
  • Deletion after 26 months
  • Deletion after 38 months
  • Deletion after 50 months
  • No automatic deletion

Once the specified period has expired, the data will be deleted once a month. This retention period applies to your data linked to cookies, user recognition and advertising IDs (e.g. DoubleClick domain cookies). Reporting results are based on aggregated data and are stored independently of user data. Aggregated data is an amalgamation of individual data into a larger unit.

How can I delete my data or prevent data storage?

Under European Union data protection law, you have the right to obtain information about your data and to update, delete or restrict it. You can use the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js) to prevent Google Analytics from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only deactivates data collection by Google Analytics.

If you generally want to deactivate, delete or manage cookies (independently of Google Analytics), there are separate instructions for each browser:

Chrome: Delete, activate and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer 

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

Google Analytics is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information about this at https://www.privacyshield.gov/partici-pant?id=a2zt000000001L5AAI&tid=111609605. We hope we have been able to provide you with the most important information about data processing by Google Analytics. If you would like to find out more about the tracking service, we recommend these two links: http://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/ans-wer/6004245?hl=de.

 

Google Analytics reports on demographic characteristics and interests

We have activated the functions for advertising reports in Google Analytics. The reports on demographic characteristics and interests contain information on age, gender and interests. This allows us to get a better picture of our users without being able to assign this data to individual persons. You can find out more about the advertising functions at https://support.google.com/analytics/ans-wer/3450482?hl=de_AT&utm_id=ad.

You can stop the use of the activities and information of your Google account under "Settings for advertising" at https://adssettings.google.com/authenticated via a checkbox.

 

Google Analytics data processing addendum

We have concluded a direct customer contract with Google for the use of Google Analytics by accepting the "Data Processing Addendum" in Google Analytics.

You can find out more about the data processing addendum for Google Analytics here: https://support.google.com/analytics/ans-wer/3379636?hl=de&utm_id=ad

 

Facebook pixel privacy policy

We use the Facebook pixel from Facebook on our website. We have implemented a code on our website for this purpose. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions with which Facebook can track your user actions if you have come to our website via Facebook ads. For example, if you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies enable Facebook to match your user data (customer data such as IP address, user ID) with your Facebook account data. Facebook then deletes this data again. The data collected is anonymous and cannot be viewed by us and can only be used in the context of ad placements. If you are a Facebook user and are logged in, your visit to our website is automatically assigned to your Facebook user account.

We only want to show our services and products to people who are really interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. This means that Facebook users (provided they have allowed personalized advertising) see suitable advertising. Facebook also uses the data collected for analysis purposes and its own advertisements.

Below we show you the cookies that were set by integrating Facebook pixels on a test page. Please note that these are only sample cookies. Different cookies are set depending on the interaction on our website.

Name: _fbp
Value: fb.1.1568287647279.257405483-6111609605-7
Purpose: Facebook uses this cookie to display advertising products.
Expiration date: after 3 months

Name: fr
Value: 0aPf312HOS5Pboo2r..Bdeiuf...1.0.Bdeiuf.
Purpose: This cookie is used to ensure that Facebook Pixel works properly.
Expiration date: after 3 months

Name: comment_author_50ae8267e2bdf1253ec1a5769f48e062111609605-3
Value: Name of the author
Purpose: This cookie stores the text and name of a user who leaves a comment, for example.
Expiration date: after 12 months

Name: comment_author_url_50ae8267e2bdf1253ec1a5769f48e062
Value: https%3A%2F%2Fwww.testseite...%2F (URL of the author)
Purpose: This cookie stores the URL of the website that the user enters in a text field on our website.
Expiration date: after 12 months

Name: comment_author_email_50ae8267e2bdf1253ec1a5769f48e062
Value: Email address of the author
Purpose: This cookie stores the user's e-mail address if they have provided it on the website.
Expiration date: after 12 months

Note: The cookies mentioned above relate to individual user behavior. Especially when using cookies, changes on Facebook can never be ruled out.

If you are logged in to Facebook, you can change your settings for advertisements yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Facebook user, you can manage your usage-based online advertising at http://www.youronlinec-hoices.com/de/praferenzmanagement/. There you have the option of deactivating or activating providers.

If you want to find out more about Facebook's data protection, we recommend that you read the company's own data policy at https://www.facebook.com/policy.php.

 

Facebook automatic advanced matching privacy policy

We have also activated Automatic Advanced Matching as part of the Facebook pixel function. This function of the pixel enables us to send hashed emails, names, gender, city, state, zip code and date of birth or telephone number as additional information to Facebook, provided you have provided us with this data. This activation enables us to tailor advertising campaigns on Facebook even more precisely to people who are interested in our services or products.

 

Google Tag Manager privacy policy

For our website, we use Google Tag Manager from Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. This Tag Manager is one of many helpful marketing products from Google. Google Tag Manager allows us to centrally integrate and manage sections of code from various tracking tools that we use on our website.

In this privacy policy, we want to explain to you in more detail what Google Tag Manager does, why we use it and how data is processed.

What is the Google Tag Manager?

Google Tag Manager is an organizational tool that allows us to integrate and manage website tags centrally and via a user interface. Tags are small sections of code that record (track) your activities on our website, for example. For this purpose, JavaScript code sections are inserted into the source code of our site. The tags often originate from internal Google products such as Google Ads or Google Analytics, but tags from other companies can also be integrated and managed via the Manager. Such tags perform different tasks. They can collect browser data, feed marketing tools with data, integrate buttons, set cookies and also track users across multiple websites.

Why do we use Google Tag Manager for our website?

As the saying goes: organization is half the battle! And of course this also applies to the maintenance of our website. In order to make our website as good as possible for you and all people who are interested in our products and services, we need various tracking tools such as Google Analytics. The data collected by these tools shows us what you are most interested in, where we can improve our services and which people we should show our offers to. And for this tracking to work, we have to integrate the corresponding JavaScript codes into our website. In principle, we could integrate each code section of the individual tracking tools separately into our source code. However, this takes a relatively long time and it is easy to lose track. That's why we use the Google Tag Manager. We can easily integrate the necessary scripts and manage them from one place. Google Tag Manager also offers an easy-to-use user interface and no programming knowledge is required. This is how we manage to keep order in our tag jungle.

What data is stored by Google Tag Manager?

The Tag Manager itself is a domain that does not set any cookies or store any data. It acts as a mere "manager" of the implemented tags. The data is recorded by the individual tags of the various web analysis tools. The data is passed through the Google Tag Manager to the individual tracking tools and is not saved.

However, the situation is completely different with the integrated tags of the various web analysis tools, such as Google Analytics. Depending on the analysis tool, various data about your web behavior is usually collected, stored and processed with the help of cookies. Please read our data protection texts for the individual analysis and tracking tools that we use on our website.

In the account settings of the Tag Manager, we have allowed Google to receive anonymized data from us. However, this only concerns the use and utilization of our Tag Manager and not your data that is stored via the code sections. We allow Google and others to receive selected data in anonymized form. We therefore consent to the anonymous sharing of our website data. Despite extensive research, we were unable to find out exactly which summarized and anonymous data is forwarded. In any case, Google deletes all information that could identify our website. Google combines the data with hundreds of other anonymous website data and creates user trends as part of benchmarking measures. Benchmarking involves comparing our own results with those of our competitors. Processes can be optimized on the basis of the information collected.

How long and where is the data stored?

When Google stores data, this data is stored on Google's own servers. The servers are located all over the world. Most of them are located in America. You can find out exactly where the Google servers are located at https://www.google.com/about/datacenters/inside/locations/?hl=de.

You can find out how long the individual tracking tools store your data in our individual data protection texts for the individual tools.

How can I delete my data or prevent data storage?

The Google Tag Manager itself does not set cookies, but manages tags from various tracking websites. In our data protection texts on the individual tracking tools, you will find detailed information on how you can delete or manage your data.

Google is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=111609605. If you want to find out more about Google Tag Manager, we recommend the FAQs at https://www.google.com/intl/de/tagmanager/faq.html.

 

YouTube privacy policy

We have integrated YouTube videos on our website. This allows us to present interesting videos directly on our site. YouTube is a video portal that has been a subsidiary of Google since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you access a page on our website that has an embedded YouTube video, your browser automatically connects to the YouTube or Google servers. Various data will be transmitted (depending on the settings). Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all data processing in Europe.

In the following, we would like to explain to you in more detail what data is processed, why we have integrated YouTube videos and how you can manage or delete your data.

What is YouTube?

On YouTube, users can watch, rate, comment on and upload videos for free. Over the last few years, YouTube has become one of the most important social media channels in the world. To enable us to display videos on our website, YouTube provides a code snippet that we have integrated into our site.

Why do we use YouTube videos on our website?

YouTube is the video platform with the most visitors and the best content. We strive to offer you the best possible user experience on our website. And of course, interesting videos are a must. With the help of our embedded videos, we provide you with further helpful content in addition to our texts and images. The embedded videos also make our website easier to find on the Google search engine. Even if we place ads via Google Ads, Google can - thanks to the data collected - only show these ads to people who are interested in our offers.

What data is stored by YouTube?

As soon as you visit one of our pages that has a YouTube video embedded, YouTube sets at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, Y-ouTube can usually assign your interactions on our website to your profile with the help of cookies. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your internet provider. Other data may include contact details, any ratings, the sharing of content via social media or adding to your favorites on YouTube.

If you are not logged into a Google account or a YouTube account, Google stores data with a unique identifier that is linked to your device, browser or app. For example, your preferred language setting is retained. But a lot of interaction data cannot be saved because fewer cookies are set.

In the following list, we show cookies that were set in the browser in a test. On the one hand, we show cookies that are set without a logged-in YouTube account. On the other hand, we show cookies that are set with a logged-in account. The list cannot claim to be complete because the user data always depends on the interactions on YouTube.

Name: YSC
Value: b9-CV6ojI5Y111609605-1
Purpose: This cookie registers a unique ID to store statistics of the video viewed.
Expiration date: after the end of the session

Name: PREF
Value: f1=50000000
Purpose: This cookie also registers your unique ID. Google receives statistics on how you use YouTube videos on our website via PREF.
Expiration date: after 8 months

Name: GPS
Value: 1
Purpose: This cookie registers your unique ID on mobile devices to track GPS location.
Expiration date: after 30 minutes

Name: VISITOR_INFO1_LIVE
Value: 95Chz8bagyU
Purpose: This cookie attempts to estimate the user's bandwidth on our websites (with embedded YouTube video).
Expiration date: after 8 months

Other cookies that are set when you are logged in with your YouTube account:

Name: APISID
Wert: zILlvClZSkqGsSwI/AU1aZI6HY7111609605-
Purpose: This cookie is used to create a profile of your interests. The data is used for personalized advertisements.
Expiration date: after 2 years

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user's consent to the use of various Google services. CONSENT is also used for security purposes to check users and protect user data from unauthorized attacks.
Expiration date: after 19 years

Name: HSID
Value: AcRwpgUik9Dveht0I
Purpose: This cookie is used to create a profile of your interests. This data helps to display personalized advertising.
Expiration date: after 2 years

Name: LOGIN_INFO
Value: AFmmF2swRQIhALl6aL...
Purpose: This cookie stores information about your login data.
Expiration date: after 2 years

Name: SAPISID
Value: 7oaPxoG-pZsJuuF5/AnUdDUIsJ9iJz2vdM
Purpose: This cookie works by uniquely identifying your browser and device. It is used to create a profile of your interests.
Expiration date: after 2 years

Name: SID
Value: oQfNKjAsI111609605-
Purpose: This cookie stores your Google Account ID and your last login time in digitally signed and encrypted form.
Expiration date: after 2 years

Name: SIDCC
Value: AN0-TYuqub2JOcDTyL
Purpose: This cookie stores information about how you use the website and which advertisements you may have seen before visiting our site.
Expiration date: after 3 months
 

How long and where is the data stored?

The data that YouTube receives from you and processes is stored on Google servers. Most of these servers are located in America. At https://www.google.com/about/datacenters/inside/loca-tions/?hl=de you can see exactly where the Google data centers are located. Your data is distributed across the servers. This means that the data can be accessed more quickly and is better protected against manipulation.

Google stores the data it collects for different lengths of time. You can delete some data at any time, others are automatically deleted after a limited time and others are stored by Google for a longer period of time. Some data (such as elements from "My activity", Fo-tos or documents, products) that are stored in your Google account remain stored until you delete them. Even if you are not signed in to a Google Account, you can delete some data associated with your device, browser or app.


How can I delete my data or prevent data storage?

In principle, you can delete data in your Google account manually. With the automatic deletion function for location and activity data introduced in 2019, information is stored for either 3 or 18 months, depending on your decision, and then deleted.

Regardless of whether you have a Google account or not, you can configure your browser so that cookies are deleted or deactivated by Google. Depending on which browser you use, this works in different ways. The following instructions show you how to manage cookies in your browser:

Chrome: Delete, activate and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have stored on your computer 

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is to be set. This allows you to decide for each individual cookie whether you want to allow it or not. As YouTube is a subsidiary of Google, there is a joint privacy policy. If you want to find out more about how your data is handled, we recommend that you read the privacy policy at https://policies.google.com/privacy?hl=de.

 

Google reCAPTCHA privacy policy

Our primary goal is to secure and protect our website for you and for us in the best possible way. To ensure this, we use Google reCAPTCHA from Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With reCAPTCHA we can determine whether you are really a flesh and blood person and not a robot or other spam software. By spam we mean any unsolicited information that is sent to us electronically. With the classic CAPTCHAs, you usually had to solve text or picture puzzles to verify your identity. With reCAPTCHA from Google, we don't usually have to bother you with such puzzles. In most cases, all you have to do is tick a box to confirm that you are not a bot. With the new Invisible reCAPTCHA version, you no longer even have to tick the box. You can find out exactly how this works and, above all, which data is used for this in the course of this privacy policy.

What is reCAPTCHA?

reCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human visitors. This service is most commonly used when you fill out forms on the Internet. A Captcha service is a type of automatic Turing test designed to ensure that an action on the Internet is performed by a human and not by a bot. In the classic Turing test (named after the computer scientist Alan Turing), a human determines the difference between a bot and a human. With captchas, this is also done by a computer or a software program. Classic captchas work with small tasks that are easy for humans to solve but present considerable difficulties for machines. With re-CAPTCHA, you no longer have to actively solve puzzles. The tool uses modern risk techniques to distinguish humans from bots. All you have to do here is tick the "I am not a robot" text field, and with Invisible reCAPTCHA even this is no longer necessary. With reCAPTCHA, a JavaScript element is integrated into the source code and then the tool runs in the background and analyzes your user behavior. The software calculates a so-called captcha score from these user actions. Google uses this score to calculate the probability that you are human even before you enter the captcha. reCAPTCHA or captchas in general are always used when bots could manipulate or abuse certain actions (e.g. registrations, surveys, etc.).

Why do we use reCAPTCHA on our website?

We only want to welcome people of flesh and blood on our site. Bots and spam software of all kinds can safely stay at home. That's why we do everything we can to protect ourselves and offer you the best possible user-friendliness. For this reason, we use Google reCAPTCHA from Google. This way we can be pretty sure that we remain a "bot-free" website. By using reCAPTCHA, data is transmitted to Google to determine whether you are actually a human being. reCAPTCHA therefore serves to ensure the security of our website and, by extension, your security. For example, without reCAPTCHA it could happen that a bot registers as many e-mail addresses as possible during registration in order to subsequently "spam" forums or blogs with unwanted advertising content. With reCAPTCHA, we can prevent such bot attacks.

What data is stored by reCAPTCHA?

reCAPTCHA collects personal data from users in order to determine whether the actions on our website actually originate from people. The IP address and other data that Google requires for the reCAPTCHA service may therefore be sent to Google. IP addresses are almost always truncated within the member states of the EU or other signatory states to the Agreement on the European Economic Area before the data is sent to a server in the USA. The IP address is not combined with other Google data unless you are logged in with your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed on your browser. Then reCAPTCHA places an additional cookie in your browser and takes a snapshot of your browser window.

The following list of collected browser and user data does not claim to be exhaustive. Rather, they are examples of data that, to our knowledge, are processed by Google.

  • Referrer URL (the address of the page from which the visitor comes)
  • IP address (e.g. 256.123.123.1)
  • Information about the operating system (the software that enables your computer to operate. Known operating systems are Windows, Mac OS X or Linux)
  • Cookies (small text files that store data in your browser)
  • Mouse and keyboard behavior (every action you perform with the mouse or keyboard is stored)
  • Date and language settings (which language or date you have preset on your PC is stored)
  • All JavaScript objects (JavaScript is a programming language that enables websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)
  • Screen resolution (shows how many pixels the image consists of)

It is undisputed that Google uses and analyzes this data even before you click on the "I am not a robot" checkbox. With the Invisible reCAPTCHA version, you don't even have to check the box and the entire recognition process runs in the background. Google does not tell you in detail exactly how much and what data it stores.

The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:

Name: IDE
Value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-111609605-8
Purpose: This cookie is set by the company DoubleClick (also owned by Google) to register and report the actions of a user on the website in dealing with advertisements. This allows the effectiveness of advertising to be measured and appropriate optimization measures to be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiration date: after one year

Name: 1P_JAR
Value: 2019-5-14-12
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. The cookie can also be used to prevent a user from seeing the same ad more than once.
Expiration date: after one month

Name: ANID
Wert: U7j1v3dZa1116096050xgZFmiqWppRWKOr
Purpose: We were unable to find out much information about this cookie. In Google's privacy policy, the cookie is mentioned in connection with "advertising cookies" such as "DSID", "FLC", "AID", "TAID". ANID is stored under domain google.com.
Expiration date: after 9 months

Name: CONSENT
Value: YES+AT.de+20150628-20-0
Purpose: The cookie stores the status of a user's consent to the use of various Google services. CONSENT is also used for security purposes to verify users, prevent fraudulent login information and protect user data from unauthorized attacks.
Expiration date: after 19 years

Name: NID
Wert: 0WmuWqy111609605zILzqV_nmt3sDXwPeM5Q
Purpose: NID is used by Google to customize advertisements to your Google search. With the help of the cookie, Google "remembers" your most frequently entered search queries or your previous interaction with ads. This means you always receive customized ads. The cookie contains a unique ID to collect the user's personal settings for advertising purposes.
Expiration date: after 6 months

Name: DV
Wert: gEAABBCjJMXcI0dSAAAANbqc111609605-4
Purpose: As soon as you have checked the "I am not a robot" box, this cookie is set. The cookie is used by Google Analytics for personalized advertising. DV collects information in anonymized form and is also used to make user distinctions.
Expiration date: after 10 minutes

Note: This list cannot claim to be exhaustive, as experience has shown that Google changes its choice of cookies from time to time.

How long and where is the data stored?

By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored is not made clear by Google, even after repeated requests. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on the European or American Google servers. The IP address that your browser transmits to Google is not merged with other Google data from other Google services. However, if you are logged in to your Google account while using the reCAPTCHA plugin, the data will be merged. The deviating data protection provisions of Google apply to this.

How can I delete my data or prevent data storage?

If you do not want any data about you and your behavior to be transmitted to Google, you must log out of Google completely and delete all Google cookies before you visit our website or use the reCAPTCHA software. In principle, the data is automatically transmitted to Google as soon as you visit our website. To delete this data, you must contact Google support at https://support.google.com/?hl=de&tid=111609605.

Therefore, by using our website, you consent to Google LLC and its representatives automatically collecting, processing and using data.

You can find out a little more about reCAPTCHA on Google's web developer page at https://developers.google.com/recaptcha/. Although Google goes into more detail here about the technical development of reCAPTCHA, you will search in vain for precise information about data storage and data protection issues. A good overview of the basic use of data at Google can be found in the company's own privacy policy at https://www.google.com/intl/de/policies/privacy/.