Privacy Policy
Table of Contents
Types of Data Processed
Inventory data (e.g. names, addresses).
Content data (e.g. text input, photographs, videos).
Contact details (e.g. email, telephone numbers).
Meta / communication data (e.g. device information, IP addresses).
Usage data (e.g. visited websites, interest in content, access times).
Location data (data that indicates the location of an end user’s device).
Contract data (e.g. object of contract, term, customer category).
Payment data (e.g. bank details, invoices, payment history).
Categories of data subjects
Business and contract partner.
Interested persons.
Communication partner.
Customers.
Users (e.g. website visitors, users of online services).
Contest and contest participants.
Purposes of Processing
Visit action evaluation.
Office and organizational procedures.
Cross‑device tracking (cross‑device processing of user data for marketing purposes).
Direct marketing (e.g. by email or post).
Conducting competitions and competitions.
Interest‑based and behavioral marketing.
Contact requests and communication.
Conversion measurement (measurement of the effectiveness of marketing measures).
Profiling (creating user profiles).
Remarketing.
Range measurement (e.g. access statistics, detection of returning visitors).
Safety measures.
Tracking (e.g. interest / behavioral profiling, use of cookies).
Contractual benefits and service.
Management and answering inquiries.
Target group formation (determination of target groups relevant for marketing purposes or other output of content).
Relevant legal bases
In the following we share the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, the national data protection regulations in your or our country of residence and domicile may apply. If more specific legal bases are also relevant in individual cases, we will inform you of this in the data protection declaration.
Consent (Art. 6 Para. 1 S. 1 lit. a GDPR) – The data subject has given their consent to the processing of their personal data for a specific purpose or several specific purposes.
Fulfillment of contract and pre‑contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR) – The processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of pre‑contractual measures at the request of the data subject.
Legal obligation (Art. 6 Para. 1 S. 1 lit. c GDPR) – Processing is necessary to fulfill a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR) – Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject require otherwise.
National data protection regulations in Austria: In addition to GDPR, the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act – DSG) applies, including special rules on information rights, correction, deletion, special categories, purpose limitation, transmission and automated decision‑making.
Safety measures
We take appropriate technical and organizational measures in accordance with legal requirements, considering state of the art, implementation costs and the type, scope, circumstances and purposes of processing, as well as probability and severity of risks to natural persons’ rights and freedoms. Measures include ensuring confidentiality, integrity and availability of data by controlling physical and electronic access, input, transfer and storage; guaranteeing data subject rights, deletion of data and risk responses; and incorporating data protection by design and by default.
Use of cookies
Cookies are text files that contain data from visited websites or domains and are saved by a browser on the user’s computer. Their primary purpose is to store information about a user during or after their visit within an online offer, such as language settings, login status, shopping cart contents or video playback position. The term cookies also covers similar technologies using pseudonymous online identifiers (also known as “user IDs”).
A distinction is made between:
Temporary cookies (session cookies): deleted when the browser is closed.
Permanent cookies: remain after browser closure.
First‑party cookies: set by us.
Third‑party cookies: set by external providers.
Necessary cookies: essential for website operation.
Statistics, marketing and personalization cookies: used for analytics, profiling and tracking.
Notes on legal bases: Processing with consent relies on that consent; otherwise, based on legitimate interests or contractual necessity.
Revocation and objection (opt‑out): You may revoke consent or object at any time via browser settings, which may limit functionality.
Processed data types: usage data, meta / communication data.
Affected persons: users of online services.
Legal basis: consent (Art. 6 Para. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 lit. f GDPR).
Commercial and business services
We process data from contractual and business partners (customers, interested parties) to fulfill contractual obligations, secure our rights and perform administrative and organizational tasks. Data is shared with third parties only as required by law or with partner consent (e.g. transport services, banks, tax advisers, payment providers). We inform you which data is required before or during collection (e.g. via forms). Data is deleted after statutory warranty and archival obligations expire (generally four years, ten years for tax).
Economic analysis and market research: Anonymized or pseudonymized analysis of business transactions and inquiries for internal evaluations, marketing and research.
Shop and e-commerce: Processing to enable product selection, purchase, payment and delivery. Required information is indicated during ordering.
Processed data types: inventory data, payment data, contact details, contract data, usage data, meta / communication data.
Affected persons: interested parties, contractual partners, customers.
Purposes: contractual services, communication, organization, marketing, profiling, security.
Legal basis: contract performance (Art. 6 Para. 1 lit. b GDPR), legal obligation (Art. 6 Para. 1 lit. c GDPR), legitimate interests (Art. 6 Para. 1 lit. f GDPR).
Provision of the online offer and web hosting
We use one or more web hosting providers to make our online offer available securely and efficiently. Services include infrastructure, platform services, storage, database and security maintenance. We process server access data (IP addresses, referrer URLs, browser type) via log files for security (e.g. DDoS protection) and stability monitoring. Email hosting involves processing sender/recipient addresses, providers and content for delivery and spam detection. Note that emails are not encrypted at rest unless end‑to‑end encryption is used.
Processed data types: content data, usage data, meta / communication data.
Affected persons: users of online services.
Legal basis: legitimate interests (Art. 6 Para. 1 lit. f GDPR).
Newsletter and broad communication
We send newsletters and electronic notifications only with recipient consent or legal permission. Subscription generally requires email address (and optionally name). We use a double opt‑in procedure and log registration and confirmation times and IP addresses. Removed addresses may be stored for up to three years to demonstrate prior consent; processing limited to defense against claims. Newsletters contain “web beacons” that collect technical information (browser, IP, access time) to improve content and measure opens and clicks under legitimate interests. Revoking measurement requires unsubscribing.
Processed data types: inventory data, contact details, meta / communication data, usage data.
Affected persons: communication partners.
Purposes: direct marketing.
Legal basis: consent (Art. 6 Para. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 lit. f GDPR).
Opt‑out: unsubscribe via link or contact options.
Promotional communication via email, post, fax or telephone
We process personal data for advertising via various channels. Recipients may withdraw consent or object at any time. After objection, data may be retained for up to three years to defend claims.
Processed data types: inventory data, contact details.
Affected persons: communication partners.
Purposes: direct marketing.
Legal basis: consent (Art. 6 Para. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 lit. f GDPR).
Competitions and challenges
We process participants’ data only as necessary for conducting competitions or with their consent. Published entries may include names; participants can object. Competition data is deleted no later than six months after end (winners’ data may be kept longer for prize fulfillment or warranty). If other processing applies (e.g. newsletter opt‑in), retention follows that policy.
Processed data types: inventory data, content data.
Affected persons: contest participants.
Purposes: conducting competitions.
Legal basis: contract performance (Art. 6 Para. 1 lit. b GDPR).
Online marketing
We process data to display ads and content based on user interests and to measure effectiveness. We create pseudonymous profiles in cookies or similar technologies, use IP masking, and may access only aggregated statistics except for conversion measurement. Cookies generally stored for two years. Consent is sought for third‑party providers; otherwise processing is based on legitimate interests.
Opt‑out via browser settings or at
Europe: https://www.youronlinechoices.eu
Cross‑Territory: https://optout.aboutads.info
Services used: Google Analytics, Facebook Pixel.
Presence in social networks
We maintain profiles on social networks to communicate and share information. Data may be processed outside the EU; US providers certified under Privacy Shield or equivalent guarantee EU standards. Social networks also process data for market research and advertising. See each network’s privacy information and opt‑out options for details.
Processed data types: inventory data, contact details, content data, usage data, meta / communication data.
Affected persons: users of online services.
Purposes: communication, tracking, remarketing, analytics.
Legal basis: legitimate interests (Art. 6 Para. 1 lit. f GDPR).
Change and update of the data protection declaration
We review and update this declaration as needed and will inform you if changes require action on your part (e.g. renewed consent). Contact details may change; please verify before contacting us.
Rights of the data subjects
Under GDPR (Articles 15–18, 21) you have rights to:
object to processing (Art. 21)
withdraw consent
request access and copies (Art. 15)
correct data (Art. 16)
delete or restrict processing (Art. 17–18)
data portability (Art. 20)
lodge a complaint with a supervisory authority
Definitions of terms
See separate Definitions section for alphabetical glossary of GDPR, marketing, technical and photography terms.