Privacy Policy

This privacy policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter jointly referred to as the "online offering"). Regarding the terms used, such as "processing" or "controller," we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

The following categories of data are processed:

• Usage data (e.g., websites visited, interest in content, access times)
• Meta/communication data (e.g., device information, anonymized IP addresses)

We process your data for the following purposes:

• Provision of the online offering, its functions, and content
• Security measures to protect our systems and your data
• Reach measurement and marketing optimization

You can generally use our website without providing any personal data. If personal data (such as name, address, or email addresses) is collected on our website, this is always done on a voluntary basis, wherever possible. This data will not be shared with third parties without your express consent.

We would like to point out that data transmission over the Internet (e.g., when communicating via email) may be subject to security gaps. Complete protection of data from access by third parties is not possible.

The use of contact data published in the context of the imprint obligation by third parties to send unsolicited advertising and information materials is hereby expressly prohibited.

"Personal data"

means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing"

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers virtually all data handling.

The "controller"

is the natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of the processing of personal data.

In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing:

• Consent: Art. 6 (1) (a) and Art. 7 GDPR
• Contract fulfillment: Art. 6 (1) (b) GDPR
• Legal obligations: Art. 6 (1) (c) GDPR
• Legitimate interests: Art. 6 (1) (f) GDPR
• Vital interests: Art. 6 (1) (d) GDPR

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, and regular security assessments.

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes to the data processing we carry out make this necessary.

If we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant access to the data, this is only done on the basis of:

• Legal permission
• Your consent
• Legal obligation
• Our legitimate interests

When using third-party processors, we use contracts compliant with Art. 28 GDPR.

If we process data in a third country (outside the EU/EEA), this only occurs if:

• Necessary for contract fulfillment
• Based on your consent
• Due to legal obligations
• Based on legitimate interests

We ensure compliance with Art. 44 ff. GDPR through appropriate safeguards such as Privacy Shield certification or standard contractual clauses.

Under GDPR, you have the right to:

• Access your data (Art. 15 GDPR)
• Rectification of inaccurate data (Art. 16 GDPR)
• Erasure ("right to be forgotten") (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Object to processing (Art. 21 GDPR)
• Withdraw consent (Art. 7 (3) GDPR)
• Lodge a complaint with a supervisory authority (Art. 77 GDPR)

"Cookies" are small files stored on users' computers. We may use:

• Session cookies (deleted when you close your browser)
• Persistent cookies (remain stored after browser is closed)
• First-party cookies (set by us)
• Third-party cookies (set by other providers)

You can manage cookie preferences in your browser settings. Note that disabling cookies may limit website functionality.

For online marketing opt-out, visit US opt-out page or EU opt-out page.

We retain data only as long as necessary for its purpose and in compliance with legal retention periods:

• Germany: 10 years for tax documents (Sections 147 AO), 6 years for commercial letters (Section 257 HGB)
• Austria: 7 years for accounting documents (Section 132 BAO), 22 years for real estate documents

Our hosting provider processes data to deliver our online services based on legitimate interests (Art. 6 (1) (f) GDPR).

Server log files include:

• Accessed website/file
• Date and time of access
• Data volume transferred
• Browser type and version
• Operating system
• Referrer URL
• Anonymized IP address

Log files are stored for up to 7 days for security purposes.