Data protection information

Introduction and overview

We have written this data protection information (version 11.01.2023-122393022) in order to explain to you, in accordance with the requirements of the Datenschutz-Grundverordnung (EU) 2016/679 (General Data Protection Regulation (EU) 2016/679) and applicable national laws, which personal data (data for short) we as the controller – and the processor (e.g. provider) commissioned by us – process, will process in future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short, we will provide you with comprehensive information about your personal data we process.

Data protection information usually sounds very technical and uses legal terminology. This data protection information, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. As far as it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or two pieces of information you do not know yet.

If you still have questions, we would like to ask you to contact the responsible office mentioned below or in the imprint, to follow the existing links and to look at further information on third party sites. Our contact details can of course also be found in the imprint.

Scope of application

This data protection information applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (order processors). By personal data, we mean information within the meaning of Art. 4 Nr. 1 DSGVO (Art. 4 No. 1 DSGVO), such as a person’s name, E-mail address and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this data protection information includes:

• All online presences (websites, online shops, possibilities to donate etc.) that we operate
• Social media presences and E-mail communication
• Mobile apps for smartphones and other devices

In short, the data protection information applies to all areas in which personal data is processed in a structured manner within the company via the aforementioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal basis

In the following data protection information, we provide you with transparent information on the legal principles and regulations, i.e., the legal basis of the Basic Data Protection Regulation (Datenschutz- Grundverordnung), which enable us to process personal data.

As far as EU law is concerned, we refer to VERORDNUNG (EU) 2016/679 DES EUROPÄISCHEN PARLAMENTS UND DES RATES (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL) of 27 April 2016. You can, of course, read this EU data protection basic regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/ENG/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Artikel 6 Absatz 1 lit. a DSGVO (Article 6(1)(a) DSGVO)): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
2. Contract (Artikel 6 Absatz 1 lit. b DSGVO (Article 6(1)(b) DSGVO)): In order to conclude a contract or pre-contractual. To fulfil obligations with you, we process your data. For example, if we conclude a sales contract with you, we need personal information in
3. Legal obligation (Artikel 6 Absatz 1 lit. c DSGVO (Article 6(1)(c) DSGVO)): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
4. Legitimate interests (Artikel 6 Absatz 1 lit. f DSGVO (Article 6(1)(f) DSGVO)): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and in an economically efficient manner. This processing is therefore a legitimate

Further conditions such as the performance of recordings in the public interest and the exercise of official authority as well as the protection of vital interests do not generally occur with us. If such a legal basis should be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Bundesgesetz zum Schutz natürlicher Personen (Federal Act on the Protection of Individuals) with regard to the Processing of Personal Data (Datenschutzgesetz (Data Protection Act)), or DSG for
• In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible person

If you have any questions about data protection or the processing of personal data, you will find the contact details of the responsible person or office below:

Priv. Doz. Dr. Eduard STEFAN (Scientific Director)

E-mail: office@tkfi.at

Tel. no.: +43-512-570485-12

Contact details for questions relating to data protection

Below you will find the contact details: Priv. Doz. Dr. Eduard STEFAN (Scientific Director)

E-mail: office@tkfi.at

Tel. no.: +43-512-570485-12

Storage period

The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products applies as a general criterion with us. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

Should you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as soon as possible if there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the Datenschutz-Grundverordnung (General Data Protection Regulation)

In accordance with Artikel 13, 14 DSGVO (Articles 13, 14 of the DSGVO), we inform you of the following rights you have to ensure that data is processed fairly and transparently:

• According to Artikel 15 DSGVO (Article 15 of the DSGVO), you have the right to know whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and to learn the following information:
  • the purpose for which we carry out the processing;
  • the categories, i.e., the types of data that are processed;
  • who receives this data and if the data is transferred to third countries, how security can be guaranteed;
  • how long the data will be stored;
  • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  • that you can complain to a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we have not collected it from you.
• You have a right to rectify data under Artikel 16 DSGVO (Article 16 of the DSGVO), which means that we must correct data if you find errors.
• According to Artikel 17 DSGVO (Article 17 of the DSGVO), you have the right to erasure („Recht auf Vergessenwerden“ (“right to be forgotten”)), which specifically means that you may request the deletion of your data.
• According to Artikel 18 DSGVO (Article 18 of the DSGVO), you have the right to restriction of processing, which means that we may only store the data but not use it any further.
• According to Artikel 20 DSGVO (Article 20 of the DSGVO), you have the right to data portability, which means that we will provide you with your data in a common format upon request.
• According to Artikel 21 DSGVO (Article 21 of the DSGVO), you have a right to object, which, once enforced, entails a change in processing.
  • If the processing of your data is based on Artikel 6 Abs. 1 lit. e (öffentliches Interesse, Ausübung öffentlicher Gewalt) oder Artikel 6 Abs. 1 lit. f (berechtigtes Interesse) (Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest)), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
  • If data is used to carry out direct marketing, you can object to this type of data processing at any time. We are then no longer allowed to use your data for direct marketing.
  • If data is used to carry out profiling, you can object to this type of data processing at any time. We are then no longer allowed to use your data for profiling.
• You may have the right under Artikel 22 DSGVO (Article 22 of the DSGVO) not to be subject to a decision based solely on automated processing (for example profiling).
• According to Artikel 77 DSGVO (Article 77 of the DSGVO), you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the data processing of personal data violates the DSGVO.

In short: You have rights – do not hesitate to contact the responsible person listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can contact and complain to the supervisory authority. For Austria, this is the Datenschutzbehörde (Data Protection Authority), whose website can be found at https://www.data-protection-authority.gv.at/. In Germany, there is a data protection commissioner for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).The following local data protection authority is responsible for our company:

Austria Data Protection Authority

Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Wien
Tel. no.: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
Website: https://www.data-protection-authority.gv.at/

Data processing security

To protect personal data, we have implemented both technical and organisational measures. If possible, we encrypt or pseudonymise personal data. By this, we make it as difficult as possible for third parties to infer personal information from our data.

Art. 25 DSGVO (Article 25 of the DSGVO) speaks of “Datenschutz durch Technikgestaltung und durch datenschutzfreundliche Voreinstellungen” (“data protection through technical design and through data protection-friendly default settings”) and thus means that both software (e.g., forms) and hardware (e.g., access to the server room) should always be designed with security in mind and that appropriate measures should be taken. In the following, we will go into more detail on specific measures, if necessary.

TLS encryption with https

TLS, encryption and https sound very technical and they are. We use HTTPS (Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) to transmit data tap-proof on the internet.

This means that the complete transmission of all data from your browser to our web server is secured – no one can “listen in”.

By this, we have introduced an additional layer of security and comply with data protection by design of technology (Artikel 25 Absatz 1 DSGVO (Article 25(1) DSGVO)). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.

You can recognise the use of this data transmission protection by the small lock symbol at the top left of the browser, to the left of the internet address (e.g., example.com) and the use of the https scheme (instead of http) as part of our internet address.

If you want to know more about encryption, we recommend a Google search for “Hypertext Transfer Protocol Secure wiki” to get good links to further information.

Communication

Data subjects: All those who communicate with us by telephone, email or online form
Data processed: e.g., telephone number, name, email address, form data entered. More details can be found in the respective contact type used
Purpose: Handling of communication with customers, business partners, etc.
Duration of storage: Duration of the business case and legal regulations
Legal basis: Art. 6 Abs. 1 lit. a DSGVO (Einwilligung), Art. 6 Abs. 1 lit. b DSGVO (Vertrag), Art. 6 Abs. 1 lit. f DSGVO (Berechtigte Interessen) (Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit. b DSGVO (Contract), Art. 6 para. 1 lit. f DSGVO (Legitimate Interests))

When you contact us and communicate by phone, email or online form, personal data may be processed.

The data is processed for the handling and processing of your question and the related business transaction. The data is stored for as long as it is required by law.

Persons concerned

All those who seek contact with us via the communication channels provided by us are affected by the aforementioned processes.

Phone

When you call us, the call data is stored pseudonymously on the respective end device and with the telecommunications provider used. In addition, data such as name and telephone number can subsequently be sent by E-mail and stored for the purpose of responding to enquiries. The data is deleted as soon as the business case has been completed and legal requirements permit.

E-mail

If you communicate with us by E-mail, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and data is stored on the E-mail server. The data is deleted as soon as the business case has been completed and legal requirements permit.

Online forms

If you communicate with us using an online form, data is stored on our web server and, if necessary, forwarded to an E-mail address of ours. The data is deleted as soon as the business case has been terminated and legal requirements permit.

Legal basis

The processing of data is based on the following legal bases:

• 6 Abs. 1 lit. a DSGVO (Einwilligung) (Art. 6 para. 1 lit. a DSGVO (consent)): You give us your consent to store your data and to use it for purposes related to the business case;
• 6 Abs. 1 lit. b DSGVO (Vertrag) (Art. 6 para. 1 lit. b DSGVO (contract)): There is a need for the performance of a contract with you or a processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
• 6 Abs. 1 lit. f DSGVO (Berechtigte Interessen) (Art. 6 para. 1 lit. f DSGVO (Legitimate Interests)): We want to operate customer enquiries and business communication in a professional framework. For this purpose, certain technical facilities such as E-mail programmes, exchange servers and mobile phone operators are necessary in order to be able to operate the communication efficiently.

Cookies

Data subjects: visitors to the website
Purpose: depending on the cookie. More details can be found below or from the manufacturer of the software that sets the cookie.
Data processed: Depending on the particular cookie used. More details can be found below or from the manufacturer of the software that sets the cookie.
Storage period: depends on the respective cookie, can vary from hours to years

Legal basis: Art. 6 Abs. 1 lit. a DSGVO (Einwilligung), Art. 6 Abs. 1 lit.f DSGVO (Berechtigte Interessen) (Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit.f DSGVO (Legitimate Interests)).

What are Cookies?

Our website uses HTTP cookies to store user-specific data.

Below we explain what cookies are and why they are used so that you can better understand the following privacy information.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, which is more or less the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you call up our page again, your browser transmits the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the setting you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. Here, the web browser requests a website and receives a cookie back from the server, which the browser uses again as soon as another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie is to be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programmes and do not contain viruses, Trojans or other “pests”.
Cookies also cannot access information on your PC.
For example, this is what cookie data can look like:

Name: _ga
Wert: GA1.2.1326744211.152122393022-9
Intended use: differentiation of website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

• At least 4096 bytes per Cookie
• At least 50 cookies per domain
• At least 3000 cookies in total

What are the different types of Cookies?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the data protection information. At this point, we would like to briefly discuss the different types of HTTP cookies.

One can distinguish between 4 types of cookies:

Essential cookies

These cookies are necessary to ensure the basic functions of the website. For example, these cookies are needed when a user places a product in the shopping cart, then continues surfing on other pages and later goes to the checkout. These cookies do not delete the shopping cart, even if the user closes his browser window.

‘’Purposeful’’ cookies

These cookies collect information about user behaviour and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and the behaviour of the website with different browsers.

Targeting cookies

These cookies ensure a better user experience. For example, locations entered, font sizes or form data are saved.

Advertising cookies

These cookies are also called targeting cookies. They are used to deliver individually adapted advertising to the user. This can be very practical, but also very annoying.

Usually, when you visit a website for the first time, you are asked which of these cookie types you would like to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the cookie in question. More details can be found below or from the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalise what data is stored in cookies, but we will inform you about the data processed or stored in the following data policy information.

Storage period of Cookies

The storage period depends on the cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You can also influence the storage period yourself. You can manually delete all cookies at any time via your browser (see also “Widerspruchsrecht” (“Right of objection”) below). Furthermore, cookies that are based on consent will be deleted at the latest after revocation of your consent, whereby the legality of the storage remains unaffected until then.

Right of objection – how can I delete Cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, activate and manage cookies in Chrome

Safari: Manage cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser. It is best to search for the instructions in Google with the search term “Delete Cookies Chrome” or “Deactivate Cookies Chrome” in the case of a Chrome browser.

Legal basis

The so-called „Cookie-Richtlinien“ (“Cookie Guidelines”) have been in place since 2009. These state that the storage of cookies requires your consent (Artikel 6 Abs. 1 lit. a DSGVO (Article 6 para. 1 lit. a DSGVO)). Within the EU countries, however, there are still very different reactions to these directives. In Austria, however, this directive was implemented in § 96 Abs. 3 des Telekommunikationsgesetzes (TKG) (§ 96 para. 3 of the Telecommunications Act (TKG)). In Germany, the Cookie Directive has not been implemented as national law. Instead, this directive was largely implemented in § 15 Abs.3 des Telemediengesetzes (TMG) (§ 15 para.3 of the Telemedia Act (TMG)).

For cookies that are absolutely necessary, even if no consent has been given, there are justified interests (Artikel 6 Abs. 1 lit. f DSGVO (Article 6(1)(f) DSGVO)), which in most cases of an economic nature happens. We want to give visitors of the website a pleasant user experience and for this, certain cookies are often absolutely necessary.

If cookies are used that are not absolutely necessary, this only happens in the case of your consent. The legal basis in this respect is Art. 6 Abs. 1 lit. a DSGVO (Art. 6 para. 1 lit. a DSGVO).

In the following sections, you will be informed in more detail about the use of cookies, insofar as the software used uses cookies.

Web hosting introduction

We host the content of our website with the following provider: All-Inkl

The provider is ALL-INKL.COM – Neue Medien Münnich, owner René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter All-Inkl). For details, please refer to the data protection information of All-Inkl:

https://all-inkl.com/datenschutzinformationen/

The use of All-Inkl is based on Art. 6 Abs. 1 lit. f DSGVO (Art. 6 para. 1 lit. f DSGVO). We have a legitimate interest in ensuring that our website is presented as reliably as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Abs. 1 lit. a DSGVO und § 25 Abs. 1 TTDSG (Art.6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG), insofar as the consent allows for the storage of cookies or the access to information in the user’s terminal device (e.g., device fingerprinting) within the meaning of the TTDSG includes. The consent can be revoked at any time.

Job processing

We have concluded a Vertrag über Auftragsverarbeitung (contract on order processing) (AVV) for the use of the above service. This is a contract prescribed by data protection law, which ensures that it will only process the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

Web hosting summary

Affected parties: visitors to the website
Purpose: To professionally host the website and secure its operation.
Data processed: IP address, time of website visit, browser used and other data. More details can be found below or with the respective web hosting provider used.
Storage period: depends on the respective provider, but usually 2 weeks
Legal basis: Art. 6 Abs. 1 lit.f DSGVO (Berechtigte Interessen) (Art. 6 para. 1 lit.f DSGVO (Legitimate Interests))

What is web hosting?

When you visit websites nowadays, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, by the way, we mean the totality of all web pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By domain, we mean, for example, example.de or example.com.

If you want to view a website on a computer, tablet or smartphone, you use a programme called a web browser to do so. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari. We call them browsers or web browsers for short.

To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complicated and costly task, which is why it is usually done by professional providers. These offer web hosting and thus ensure reliable and error-free storage of website data. A whole lot of technical terms, but please stay tuned, it gets better!

When the browser on your computer (desktop, laptop, tablet or smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, on the other hand, the web server must also store data for a while to ensure proper operation.

The following graphic illustrates the interaction between the browser, the Internet and the hosting provider.

Why do we process personal data?

The purposes of the data processing are:

1. Professional hosting of the website and safeguarding of the operation
2. To maintain operational and IT security
3. Anonymous evaluation of access behaviour to improve our offer and, if necessary, for criminal prosecution or the pursuit of claims

What data is processed?

Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically stores data such as

• The complete internet address (URL) of the accessed website Browser and browser version (e.g., Chrome 87)
• The operating system used (e.g., Windows 10)
• The address (URL) of the previously visited page (referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen/)
• The host name and IP address of the device being accessed (e.g., COMPUTERNAME and 194.23.43.121).
• Date and time
• In files, the so-called web server log files

How long is data stored?

As a rule, the above data is stored for a fortnight and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of unlawful conduct.

In short, your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not share your data without consent!

Legal basis

The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 Abs. 1 lit. f DSGVO (Wahrung der berechtigten Interessen) (Art. 6 para. 1 lit. f DSGVO (protection of legitimate interests)), because the use of professional hosting with a provider is necessary to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary.

As a rule, there is a contract on commissioned processing between us and the hosting provider in accordance with Art. 28 f. DSGVO (Art. 28 f. DSGVO), which ensures compliance with data protection and guarantees data security.

Payment provider introduction

Data subject: Visitors to the website
Purpose: To enable and optimise the payment process on our website
Data processed: Data such as name, address, bank data (account number, credit card number, passwords, TANs, etc.), IP address and contract data.
More details can be found with the respective payment provider tool used.
Storage period: depending on the payment provider used
Legal basis: Art. 6 Abs. 1 lit. b DSGVO (Erfüllung eines Vertrags) (Art. 6 para. 1 lit. b DSGVO (fulfilment of a contract))

What is a payment provider?

We use online payment systems on our website that allow us and you a secure and smooth payment process. In the process, personal data may also be sent to the respective payment provider, stored and processed there. Payment providers are online payment systems that enable you to place an order via online banking. In this case, the payment processing is carried out by the payment provider you have chosen. We then receive information about the payment made. This method can be used by any user who has an active online banking account with PIN and TAN. There are hardly any banks left that do not offer or accept such payment methods.

Why do we use payment providers on our website?

Of course, we want to offer you the best possible service with our website and our integrated online shop/possibilities to donate so that you feel comfortable on our site and use our offers. We know that your time is valuable and that payment processes/transfer of your donated money in particular must function quickly and smoothly. For these reasons, we offer you payment providers for your donations. You can choose your preferred payment provider and pay/donate in the usual way. We especially offer PayPal, which will get an own paragraph later on.

What data is processed?

Exactly what data is processed depends, of course, on the respective payment provider. But basically, data such as name, address, bank data (account number, credit card number, passwords, TANs, etc.) are stored. These are necessary data to be able to carry out a transaction at all. In addition, any contractual data and user data, such as when you visit our website, what content you are interested in or which sub-pages you click on, may also be stored. Your IP address and information about the computer you are using are also stored by most payment providers.

The data is usually stored and processed on the servers of the payment providers. We as the website operator do not receive this data. We are only informed whether the payment has worked or not. For identity and creditworthiness checks, it may happen that payment providers forward data to the corresponding office. The business and data protection principles of the respective provider always apply to all payment transactions. Therefore, please always check the General Terms and Conditions and the data protection information of the payment provider. You also have the right to have data deleted or corrected at any time. Please contact the respective service provider regarding your rights (Widerrufsrecht, Auskunftsrecht und Betroffenheitsrecht (right of revocation, right to information and right to be affected)).

Duration of data processing

We will inform you about the duration of data processing below if we have further information on this. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. If it is required by law, for example in the case of accounting, this storage period may be exceeded. For example, we keep accounting documents relating to a contract (invoices, contract documents, account statements, etc.) for 10 years (§ 147 AO) and other relevant business documents for 6 years (§ 247 HGB) after they are created.

Right of objection

You always have the right to information, correction and deletion of your personal data. If you have any questions, you can also contact the responsible person of the payment provider used at any time. You can find contact details either in our specific data protection policy or on the website of the relevant payment provider.

You can delete, deactivate or manage cookies that payment providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that the payment process may then no longer work.

Legal basis

We therefore offer other payment service providers for making a donation in addition to traditional banking/credit institutions for the processing of contractual or legal relationships (Art. 6 Abs. 1 lit. b DSGVO) ((Art. 6 para. 1 lit. b DSGVO)). The data protection information of the individual payment providers (such as e.g., Amazon Payments, Apple Pay, PayPal, Discover, etc.) provides you with a detailed overview of data processing and data storage. In addition, you can always contact the responsible persons if you have questions about data protection-relevant topics.

Information on the specific payment providers – if available – can be found in the following sections.

PayPal Privacy Information

We use the online payment service PayPal on our website. The service provider is the American company PayPal Inc. The company PayPal Europe (S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) is responsible for the European region.

PayPal also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

PayPal uses so-called ‘’Standardvertragsklauseln’’ (= Art. 46. Abs. 2 und 3 DSGVO) (Standard Contractual Clauses (= Art. 46 para. 2 and 3 DSGVO)) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular in the USA) or for data transfer there. Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, PayPal undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:

https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=eng

For more information on the standard contractual clauses and on the data processed through the use of PayPal, please see the privacy information at https://www.paypal.com/webapps/mpp/ua/privacy-full.

Web design introduction

Data subjects: Visitors to the website
Purpose: To improve the user experience
Data processed: The data processed depends largely on the services used. Mostly it is about IP address, technical data, language settings, browser version, screen resolution and browser name. More details can be found in the respective web design tools used.
Storage period: depends on the tools used
Legal basis: Art. 6 Abs. 1 lit. a DSGVO (Einwilligung), Art. 6 Abs. 1 lit. f DSGVO (Berechtigte Interessen) (Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. f DSGVO (legitimate interests)).

What is web design?

We use various tools on our website that serve our web design. Web design is not, as often assumed, only about our website looking pretty, but also about functionality and performance. But of course, making a website look right is also one of the big goals of professional web design. Web design is a branch of media design and deals with the visual as well as the structural and functional design of a website. The goal is to use web design to improve your experience on our website. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all impressions and experiences that the website visitor experiences on a website. A sub-item of user experience is usability. This is about the user-friendliness of a website. The main focus here is on ensuring that content, subpages or products are clearly structured and that you can easily and quickly find what you are looking for. In order to offer you the best possible experience on our website, we also use so-called third-party web design tools. Under the category

In this data protection information, “web design” includes all services that improve the design of our website. These can be, for example, fonts, various plug-ins or other integrated web design functions.

Why do we use web design tools?

How you absorb information on a website depends very much on the structure, functionality and visual perception of the website. Therefore, a good and professional web design became more and more important for us as well. We are constantly working on improving our website and also see this as an extended service for you as a website visitor. Furthermore, a beautiful and functioning website also has economic advantages for us.
After all, you will only visit us and make use of our offers if you feel completely at ease.

What data is stored by web design tools?

When you visit our website, web design elements may be embedded in our pages that can also process data. Exactly what data is involved depends, of course, heavily on the tools used. Below you can see exactly which tools we use for our website. We recommend that you also read the respective data protection information of the tools used for more detailed information on data processing. In most cases, you will find out which data is processed, whether cookies are used and how long the data is stored. Fonts such as Google Fonts also automatically transmit information such as language settings, IP address, browser version, browser screen resolution and browser name to the Google servers.

Duration of data processing

How long data is processed is very individual and depends on the web design elements used. For example, if cookies are used, the retention period can be as short as a minute or as long as a few years. Make yourself please find out more about this. For this purpose, we recommend on the one hand our general text section on cookies and on the other hand the data protection information of the tools used. There you will usually find out exactly which cookies are used and what information is stored in them. Google font files, for example, are stored for one year. This is to improve the loading time of a website. In principle, data is only stored for as long as is necessary for the provision of the service. In the case of legal requirements, data can also be stored for longer.

Right of objection

You also have the right and the possibility to revoke your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. You can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser. Under web design elements (mostly fonts), however, there is also data that cannot be deleted quite so easily. This is the case if data is automatically collected directly when a page is called up and transmitted to a third-party provider (such as Google). In this case, please contact the support of the relevant provider. In the case of Google, you can reach the support at https://support.google.com/?hl=eng.

Legal basis

If you have consented to web design tools being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 Abs. 1 lit. a DSGVO (Einwilligung) (Art. 6 para. 1 lit. a DSGVO (consent)), this consent constitutes the legal basis for the processing of personal data as may occur when web design tools are used. From our side, there is also a legitimate interest in improving the web design on our website. After all, only then can we provide you with a beautiful and professional web offer. The corresponding legal basis for this is Art. 6 Abs. 1 lit. f DSGVO (Berechtigte Interessen) (Art. 6 para. 1 lit. f DSGVO (Legitimate Interests)). Nevertheless, we only use web design tools if you have given your consent. We would like to emphasise this again here in any case.

Information on special web design tools – if available – can be found in the following sections.

Explanation of terms used

We always try to make our data protection information as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). However, we do not want to use these without explanation. Below you will now find an alphabetical list of important terms used that we may not have sufficiently addressed in the previous data protection information. If these terms have been taken from the DSGVO and are definitions, we will also quote the DSGVO texts here and add our own explanations if necessary.

Biometric data

Definition according to Artikel 4 der DSGVO (Article 4 of the DSGVO)

For the purposes of this Regulation, the term:

“biometric data” means personal data, obtained by means of specific technical procedures, relating to the physical, physiological or behavioural characteristics of a natural person, which enable or confirm the unique identification of that natural person, such as facial images or dactyloscopy data;

Explanation: These are biological characteristics that are described by biometric data and from which personal data can be obtained with the help of technical procedures. These include DNA, fingerprints, the geometry of various body parts, body size, but also handwriting or the sound of a voice.

Consent

Definition according to Artikel 4 der DSGVO (Article 4 of the DSGVO)

For the purposes of this Regulation, the term:

“consent’ means any freely given specific, informed and unambiguous indication of the data subject’s wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to personal data relating to him or her being processed;

Explanation: As a rule, such consent is given on websites via a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree or consent to data processing. In most cases, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data of yours may be processed. In principle, consent can of course also be given in writing, i.e., not via a tool.

We also would like to highlight that our website’s cookie banner is very intuitive and allows you to decline by only one click!

Personal data

Definition according to Artikel 4 der DSGVO (Article 4 of the DSGVO)

For the purposes of this Regulation, the term:

“personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data is therefore all data that can identify you as a person. This is usually data such as:

• Name
• Address
• E-mail address
• Postal address
• Telephone number
• Date of birth
• Identification numbers such as national insurance number, tax identification number, identity card number or matriculation number
• Bank data such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address is also personal data. IT experts can use your IP address to at least determine the approximate location of your

device and subsequently identify you as the connection owner. Therefore, the storage of an IP address also requires a legal basis within the meaning of the DSGVO. There are also so-called “special categories” of personal data that also require special protection. These include:

• Racial and ethnic origin
• Political opinions
• Religious or ideological convictions
• Trade union membership
• Genetic data such as data taken from blood or saliva samples
• Biometric data (this is information on mental, physical or behavioural characteristics that can identify a person).
• Health data
• Data on sexual orientation or sexual life

Profiling

Definition according to Artikel 4 der DSGVO (Article 4 of the DSGVO)

For the purposes of this Regulation, the term:

“profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location;

Explanation: Profiling involves gathering various pieces of information about a person in order to learn more about that person. In the web sector, profiling is often used for advertising purposes or for credit checks. Web or Advertising analysis programmes, for example, collect data about your behaviour and interests on a website. This results in a special user profile, with the help of which advertising can be played to a specific target group

Closing words

Congratulations! If you are reading these lines, you have really “fought your way” through our entire data protection information, or at least scrolled this far. As you can see from the scope of our data protection information, we take the protection of your personal data anything but lightly.

It is important to us to inform you to the best of our knowledge and belief about the processing of personal data. However, we do not only want to tell you what data is processed, but also explain the reasons for using various software programmes. As a rule, data protection information sounds very technical and legalistic. However, since most of you are not web developers or lawyers, we wanted to take a different linguistic approach and explain the facts in simple and clear language. Of course, this is not always possible due to the subject matter. Therefore, the most important terms are explained in more detail at the end of the data protection information.

If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible office. We wish you all the best and hope to see you on our website again soon.

All texts are protected by copyright.

Source: Created with the Impressum Generator from AdSimple

Translation to English: supported by DeepL Translator from AdSimple