Ingeborg Breisig-Schreiner

• Introduction and Overview
• Scope
• Legal Basis
• Contact Information of the Controller
• Storage Period
• Rights according to the General Data Protection Regulation (GDPR)
• Communication
• Data Processing Agreement (DPA)
• Cookies
• Web Design Introduction
• Online Mapping Services Introduction
• Explanation of Terms Used

Introduction and Overview

This privacy policy (version 18.05.2023-112506562) has been written to inform you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, about the personal data (referred to as "data") that we, as the data controller, and our processors (e.g., providers) process or will process in the future, as well as the lawful options available to you. The terms used in this policy are gender-neutral.
In short: We provide comprehensive information about the data we process about you.

Privacy policies are usually very technical and use legal terminology. This privacy policy aims to describe the most important things to you in a simple and transparent manner. Where transparency is beneficial, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We use clear and simple language to inform you that we only process personal data if there is a legal basis for doing so in the course of our business activities. This is not possible if we provide concise, unclear, and legally-technical explanations, as is often the standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information that you were not aware of.
If you still have questions, we kindly ask you to contact the responsible party mentioned below or follow the provided links and consult additional information on third-party sites. Our contact information can also be found in the imprint.

Scope

This privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies we have engaged as processors. By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as the name, email address, and postal address of a person. The processing of personal data enables us to offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate
• social media presences and email communication
• mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed within the company through the mentioned channels. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Basis

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation (GDPR), that enable us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can find this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be storing the data you entered in a contact form.
2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information beforehand.
3. Legal Obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These invoices usually contain personal data.
4. Legitimate Interests (Article 6(1)(f) GDPR): In case of legitimate interests that do not override your fundamental rights, we reserve the right to process personal data. For example, we may need to process certain data to operate our website securely and economically efficiently. This processing represents a legitimate interest.

Additional conditions such as the exercise of public interest tasks or the protection of vital interests typically do not apply to us. If such a legal basis should be relevant, it will be indicated at the corresponding point.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act concerning the Protection of Personal Data (Datenschutzgesetz), abbreviated as DSG.
• In Germany, the Federal Data Protection Act (Bundesdatenschutzgesetz) applies.

If additional regional or national laws are applicable, we will inform you in the following sections.

Contact Details of the Controller

If you have any questions about data protection or the processing of personal data, you will find below the contact details of the responsible person or entity:
Ingeborg Breisig-Schreiner
Schlossallee 2, 2512 Tribuswinkel, Austria
Authorized Representative: Ingeborg Breisig-Schreiner
Email: office.breisig-schreiner@speed.at
Phone: +432252209587
Imprint: https://ibs-monitoring.at/impressum/

Storage Duration

That we only store personal data for as long as it is absolutely necessary for the provision of our services and products is considered a general criterion for us. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obligated to store certain data even after the original purpose has ceased, for example, for accounting purposes.

If you wish to have your data deleted or revoke your consent for data processing, the data will be deleted as soon as possible and to the extent that there is no obligation to store it.

We will provide you with information on the specific duration of data processing below if we have further information on it.

Rights according to the General Data Protection Regulation (GDPR)

According to Articles 13 and 14 of the GDPR, we inform you about the following rights that you have to ensure fair and transparent data processing:

• According to Article 15 of the GDPR, you have the right to know whether we process data about you. If so, you have the right to receive a copy of the data and to obtain the following information:
  • the purpose for which we process the data;
  • the categories, i.e., the types of data that are processed;
  • who receives this data and if the data is transferred to third countries, how the security can be guaranteed;
  • how long the data is stored;
  • the existence of the right to rectification, erasure, or restriction of processing and the right to object to the processing;
  • that you have the right to lodge a complaint with a supervisory authority (links to these authorities can be found below);
  • the origin of the data if we did not collect it from you;
  • whether profiling is being carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
• According to Article 16 of the GDPR, you have the right to rectification of data, which means that we must correct data if you find any errors.
• According to Article 17 of the GDPR, you have the right to erasure ("right to be forgotten"), which means that you can request the deletion of your data.
• According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
• According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.
• According to Article 21 of the GDPR, you have the right to object, which, when enforced, brings about a change in the processing.
• If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you have the right to object to the processing. We will review whether we can comply with this objection as soon as possible.
• If data is used for direct marketing purposes, you can object to this type of data processing at any time. We will no longer use your data for direct marketing after that.
• If data is used for profiling purposes, you can object to this type of data processing at any time. We will no longer use your data for profiling after that.
• Under certain circumstances, you have the right according to Article 22 of the GDPR not to be subject to a decision based solely on automated processing (including profiling).
• You have the right to lodge a complaint according to Article 77 of the GDPR. This means that you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In summary: You have rights - do not hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection laws or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, the data protection authority is the Datenschutzbehörde, and you can find their website at https://www.dsb.gv.at/. In Germany, each federal state has a data protection officer. For more information, you can contact the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) at https://www.bfdi.bund.de/DE/Home/home_node.html. The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Director: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Phone number: +43 1 52 152-0
Email address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Communication

Communication Summary 👥 Data subjects: Anyone who communicates with us by phone, email, or online form 📓 Processed data: e.g., phone number, name, email address, entered form data. For more details, refer to the specific method of contact used 🤝 Purpose: Handling communication with customers, business partners, etc. 📅 Storage duration: Duration of the business case and legal requirements ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Contract), Art. 6(1)(f) GDPR (Legitimate interests)

If you contact us and communicate via telephone, email, or online form, it may involve the processing of personal data.

The data will be processed for the handling and processing of your inquiry and the related business transaction. The data will be stored for as long as necessary or as required by law.

Affected Individuals

All individuals who seek contact with us through the communication channels provided by us are affected by the aforementioned processes.

Telephone

If you call us, call data will be pseudonymized and stored on the respective device and with the telecommunications provider used. In addition, data such as name and telephone number may be sent by email and stored for the purpose of responding to the inquiry. The data will be deleted as soon as the business case is concluded and as permitted by legal requirements.

Email

If you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data may be stored on the email server. The data will be deleted as soon as the business case is concluded and as permitted by legal requirements.

Online Forms

If you communicate with us through online forms, data will be stored on our web server and may be forwarded to an email address provided by us. The data will be deleted as soon as the business case is concluded and as permitted by legal requirements.

Legal Basis

The processing of data is based on the following legal bases:

• Art. 6(1)(a) GDPR (Consent): You give us consent to store your data and use it for purposes related to the business case;
• Art. 6(1)(b) GDPR (Contract): There is a necessity for the performance of a contract with you or a data processor such as the telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
• Art. 6(1)(f) GDPR (Legitimate Interests): We aim to conduct customer inquiries and business communication in a professional manner. For this purpose, certain technical facilities such as email programs, exchange servers, and mobile network operators are necessary to efficiently operate communication.

Data Processing Agreement (DPA)

In this section, we would like to explain what a Data Processing Agreement is and why it is required. Because the term "Data Processing Agreement" is quite a mouthful, we will often use the acronym DPA in the text. Like most companies, we do not work alone but also utilize services from other companies or individuals. By involving various companies or service providers, it may be necessary for us to disclose personal data for processing. These partners then act as data processors with whom we conclude a contract, the so-called Data Processing Agreement (DPA). It is important for you to know that the processing of your personal data is carried out exclusively according to our instructions and must be regulated by the DPA.

Who Are Data Processors?

As a company and website owner, we are responsible for all data we process from you. In addition to the data controllers, there may also be data processors. This includes any company or person who processes personal data on our behalf. More precisely and according to the definition of the GDPR: any natural or legal person, authority, institution, or other body that processes personal data on our behalf is considered a data processor. Data processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

For a better understanding of the terminology, here is an overview of the three roles in the GDPR:

Data Subject (You as a customer or prospect) → Data Controller (Us as a company and data controller) → Data Processor (Service providers such as web hosts or cloud providers)

Content of a Data Processing Agreement

As mentioned above, we have concluded a DPA with our partners acting as data processors. It primarily stipulates that the data processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, but in this context, electronic contract conclusion is also considered "in writing." The processing of personal data is based on the contract. The following must be included in the contract:

• Obligation to the data controller
• Rights and obligations of the data controller
• Categories of data subjects
• Type of personal data
• Nature and purpose of data processing
• Subject matter and duration of data processing
• Location of data processing

Furthermore, the contract contains all obligations of the data processor. The most important obligations are:

• Ensuring data security measures
• Implementing technical and organizational measures to protect the rights of data subjects
• Maintaining a data processing inventory
• Cooperating with the data protection supervisory authority upon request
• Conducting a risk analysis regarding the personal data received
• Sub-processors may only be engaged with the written approval of the data controller

You can view an example of how such a DPA looks like, for example, at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html. Here, a sample contract is presented.

Cookies

Cookies Summary 👥 Affected: Website visitors 🤝 Purpose: Depends on the respective cookie. For more details, please refer below or to the software manufacturer that sets the cookie. 📓 Processed data: Depends on the specific cookie. For more details, please refer below or to the software manufacturer that sets the cookie. 📅 Storage period: Depends on the respective cookie, ranging from hours to years. ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data.
In the following, we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is certain: cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, which is like the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data from you, such as language or personal page settings. When you visit our site again, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are accustomed to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file.

The following graphic illustrates a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie from the server, which the browser reuses when another page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie needs to be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans, or other "malware." Cookies also cannot access information on your PC.

Here's an example of how cookie data might look:

Name: _ga
Value: GA1.2.1326744211.152112506562-9
Purpose: Distinguishing website visitors
Expiration Date: After 2 years

The following are minimum sizes a browser should be able to support:

• Minimum of 4096 bytes per cookie
• Minimum of 50 cookies per domain
• Minimum of 3000 cookies in total

What Types of Cookies Are There?

The specific types of cookies we use depend on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

Four types of cookies can be distinguished:

Essential Cookies
These cookies are necessary to ensure basic functionality of the website. For example, these cookies are needed when a user adds a product to the shopping cart, then continues browsing other pages, and later proceeds to checkout. These cookies prevent the shopping cart from being deleted, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. Additionally, these cookies measure the loading time and behavior of the website across different browsers.

Targeting Cookies
These cookies enhance user-friendliness. For example, stored locations, font sizes, or form data are saved.

Advertising Cookies
These cookies are also called targeting cookies. They are used to deliver personalized advertising to the user. This can be very practical but also very annoying.

Usually, when you visit a website for the first time, you are asked which types of cookies you want to allow. And of course, this decision is also stored in a cookie.

If you want to learn more about cookies and don't mind technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments by the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism."

Purpose of processing through cookies

The purpose ultimately depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

Which data is processed?

Cookies are helpful for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data in the following privacy policy.

Storage duration of cookies

The storage duration depends on the respective cookie and is further specified below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have control over the storage duration. You can manually delete all cookies at any time through your browser (see also "Right to object" below). Furthermore, cookies based on consent are deleted no later than upon revocation of your consent, while the legality of the storage remains unaffected until then.

Right to object - How can I delete cookies?

Whether and how you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data stored by websites on your computer

Internet Explorer: Delete and Manage Cookies

Microsoft Edge: Delete and Manage Cookies

If you don't want to have any cookies at all, you can configure your browser to always inform you when a cookie is set. This way, you can decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. It is best to search for the instructions on Google using the search term "Delete cookies Chrome" or "Disable cookies Chrome" in the case of a Chrome browser.

Legal Basis

Since 2009, there have been the so-called "Cookie Directives." It states that storing cookies requires consent (Article 6(1)(a) of the GDPR) from you. However, within the EU countries, there are still very different reactions to these directives. In Austria, the implementation of this directive took place in § 96(3) of the Telecommunications Act (TKG). In Germany, the cookie directives were not implemented as national law. Instead, the implementation of this directive largely took place in § 15(3) of the Telemedia Act (TMG).

For strictly necessary cookies, even in the absence of consent, there are legitimate interests (Article 6(1)(f) of the GDPR), which are mostly of an economic nature. We want to provide visitors to the website with a pleasant user experience, and certain cookies are often essential for that purpose.

If non-essential cookies are used, this only happens with your consent. The legal basis in this case is Article 6(1)(a) of the GDPR.

In the following sections, you will be provided with more detailed information about the use of cookies if the deployed software uses cookies.

Web Design Introduction

Web Design Privacy Policy Summary 👥 Data subjects: Visitors to the website 🤝 Purpose: Improving the user experience 📓 Processed data: The data processed depends heavily on the services used. It usually includes IP address, technical data, language settings, browser version, screen resolution, and browser name. More details can be found in the respective web design tools used. 📅 Storage duration: Depends on the tools used ⚖️ Legal bases: Art. 6(1)(a) of the GDPR (Consent), Art. 6(1)(f) of the GDPR (Legitimate interests)

What is Web Design?

We use various tools on our website that serve our web design. Web design is not just about making our website look pretty, as often assumed, but also about functionality and performance. However, the appropriate appearance of a website is also one of the major goals of professional web design. Web design is a subfield of media design and deals with both the visual and the structural and functional design of a website. The goal is to improve your experience on our website through web design. In web design jargon, this is referred to as user experience (UX) and usability. User experience refers to all the impressions and experiences that the website visitor experiences on a website. One aspect of user experience is usability, which focuses on the user-friendliness of a website. The emphasis here is on ensuring that content, subpages, or products are well-structured and easy to find quickly. To provide you with the best possible experience on our website, we also use third-party web design tools. In this privacy policy, the category "web design" includes all services that improve the design of our website. These can include fonts, various plugins, or other integrated web design functions, for example.

Why do we use web design tools?

How you perceive information on a website depends heavily on the structure, functionality, and visual perception of the website. Therefore, good and professional web design has become increasingly important for us as well. We are constantly working on improving our website, and we see this as an extended service for you as a website visitor. Furthermore, a beautiful and functioning website also has economic advantages for us. After all, you will only visit us and take advantage of our offers if you feel comfortable.

What data is stored by web design tools?

When you visit our website, web design elements may be integrated into our pages, which can also process data. The exact data involved depends, of course, on the tools used. Below, you can see exactly which tools we use for our website. We recommend that you also read the respective privacy policies of the tools used for more information about data processing. You will usually find information there about the data processed, whether cookies are used, and how long the data is stored. For example, when using fonts such as Google Fonts, information such as language settings, IP address, browser version, browser screen resolution, and browser name are automatically transmitted to Google servers.

Duration of data processing

The duration of data processing is highly individual and depends on the web design elements used. If cookies are used, for example, the storage period can range from one minute to several years. Please inform yourself about this. For this purpose, we recommend that you read both our general section on cookies and the privacy policies of the tools used. There you will usually find information about the exact cookies used and the information stored in them. For example, Google Font files are stored for one year to improve website loading time. In general, data is only stored for as long as it is necessary to provide the service. Data can be stored for longer periods in accordance with legal requirements.

Right to object

Font Awesome Privacy Policy

Font Awesome Datenschutzerklärung Zusammenfassung 👥 Betroffene: Besucher der Website 🤝 Zweck: Optimierung unserer Serviceleistung 📓 Verarbeitete Daten: etwa IP-Adresse und und welche Icon-Dateien geladen werden Mehr Details dazu finden Sie weiter unten in dieser Datenschutzerklärung. 📅 Speicherdauer: Dateien in identifizierbarer Form werden wenige Wochen gespeichert ⚖️ Rechtsgrundlagen: Art. 6 Abs. 1 lit. a DSGVO (Einwilligung), Art. 6 Abs. 1 lit. f DSGVO (Berechtigte Interessen)

What is Font Awesome?

We use Font Awesome on our website, which is a web font provided by the American company Fonticons (307 S. Main St., Suite 202, Bentonville, AR 72712, USA). When you visit one of our webpages, the web font Font Awesome (specifically icons) is loaded via the Font Awesome Content Delivery Network (CDN). This ensures that texts, fonts, and icons are displayed correctly on any device. In this privacy policy, we will provide more information about the data storage and processing carried out by this service.

Icons play an increasingly important role in websites. Font Awesome is a web font specifically designed for web designers and developers. With Font Awesome, icons can be scaled and colored as desired using the CSS stylesheet language. They replace old image icons. Font Awesome CDN is the easiest way to load icons or fonts on your website. We only needed to include a small line of code on our website to achieve this.

Why do we use Font Awesome on our website?

Font Awesome allows us to present content on our website in a better way. It helps visitors navigate and comprehend the content more easily. Icons can sometimes replace entire words and save space. This is especially useful when optimizing content for smartphones. These icons are inserted as HTML code instead of image icons. This allows us to customize the icons using CSS as desired. At the same time, Font Awesome improves our loading speed because it involves HTML elements rather than icon images. All these benefits help us make the website more organized, fresh, and faster for you.

What data is stored by Font Awesome?

The Font Awesome Content Delivery Network (CDN) is used to load icons and symbols. CDNs are networks of servers distributed worldwide that enable fast file delivery from nearby locations. Therefore, when you visit one of our pages, the corresponding icons are provided by Font Awesome.

In order to load web fonts, your browser must establish a connection to the servers of Fonticons, Inc., the company behind Font Awesome. During this process, your IP address is recognized. Font Awesome also collects data on which icon files are downloaded and when. Additionally, technical data such as your browser version, screen resolution, or the timing of the accessed page is transmitted.

These data are collected and stored for the following reasons:

• to optimize content delivery networks
• to detect and resolve technical errors
• to protect CDNs from abuse and attacks
• to charge fees for Font Awesome Pro customers
• to determine the popularity of icons
• to understand the computer and software you are using

If your browser does not allow web fonts, the default font on your computer will be used automatically. As of our current knowledge, no cookies are set. We are in contact with the privacy department of Font Awesome and will inform you as soon as we have more information.

How long and where are the data stored?

Font Awesome stores data on the usage of the Content Delivery Network on servers located in the United States of America. However, the CDN servers are distributed worldwide and store user data wherever they are located. In identifiable form, the data is usually stored for only a few weeks. Aggregated statistics on the usage of the CDNs may be stored for a longer period. Personal data is not included in this data.

How can I delete my data or prevent data storage?

As of our current knowledge, Font Awesome does not store personal data through the Content Delivery Networks. If you do not want data about the icons used to be stored, unfortunately, you cannot visit our website. If your browser does not allow web fonts, no data will be transmitted or stored. In this case, the default font on your computer will be used.

Legal basis

If you have consented to the use of Font Awesome, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (Consent), this consent constitutes the legal basis for processing personal data that may occur when Font Awesome collects data.

Furthermore, we have a legitimate interest in using Font Awesome to optimize our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate interests). However, we only use Font Awesome if you have given your consent.

We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection for data transfers to the USA. The data processing is mainly carried out by Font Awesome. This may result in data being processed and stored without anonymization. Furthermore, US authorities may have access to individual data. It is also possible that this data may be linked to data from other Font Awesome services for which you have a user account.

If you would like to learn more about Font Awesome and their handling of data, we recommend reading their privacy policy at https://fontawesome.com/privacy and their help page at https://fontawesome.com/support.

Google Fonts Privacy Policy

Google Fonts Privacy Policy Summary 👥 Concerned parties: Website visitors 🤝 Purpose: Optimization of our service performance 📓 Processed data: Data such as IP address, CSS and font requests More details can be found below in this privacy policy. 📅 Storage duration: Font files are stored by Google for one year ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests)

What are Google Fonts?

On our website, we use Google Fonts. These are the "Google Fonts" provided by Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.

When using Google fonts, you do not need to sign up or provide a password. Furthermore, no cookies are stored in your browser. The files (CSS, font files) are requested from the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don't need to worry about your Google account data being transmitted to Google while using Google Fonts. Google records the usage of CSS (Cascading Style Sheets) and the fonts used and securely stores this data. We will take a closer look at how the data storage works in more detail.

Google Fonts (formerly Google Web Fonts) is a directory of over 800 fonts that Google offers to its users free of charge.

Many of these fonts are published under the SIL Open Font License, while others are published under the Apache License. Both are free software licenses.

Why do we use Google Fonts on our website?

Google Fonts allows us to use fonts on our own website without having to upload them to our own server. Google Fonts is an important component to maintain the quality of our website. All Google fonts are automatically optimized for the web, which saves data volume and is particularly advantageous for use on mobile devices. When you visit our site, the low file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in various browsers, operating systems, and mobile devices can cause errors. Such errors can distort texts or entire web pages visually. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform issues with Google Fonts. Google Fonts supports all popular browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts to present our entire online service as beautiful and consistent as possible.

How long and where are the data stored?

Google stores requests for CSS assets on its servers for one day, which are primarily located outside the EU. This allows us to use the fonts by using a Google stylesheet. A stylesheet is a template that allows for easy and quick changes to the design or font of a website, for example.

The font files are stored by Google for one year. Google aims to improve the loading time of websites in general. When millions of websites reference the same fonts, they are cached after the initial visit and immediately appear on all other subsequently visited websites. Sometimes, Google updates font files to reduce file size, increase language coverage, and improve design.

How can I delete my data or prevent data storage?

The data that Google stores for one day or one year cannot be easily deleted. The data is automatically transmitted to Google when the page is accessed. To delete this data prematurely, you need to contact Google support at https://support.google.com/?hl=en&tid=112506562. In this case, you can only prevent data storage by not visiting our site.

Unlike other web fonts, Google allows us unrestricted access to all fonts. Therefore, we can access a vast variety of fonts and optimize them for our website. For more information about Google Fonts and other questions, you can visit https://developers.google.com/fonts/faq?tid=112506562. While Google addresses privacy-related issues on that page, detailed information about data storage is not included. Obtaining precise information about stored data from Google is relatively difficult.

Legal basis

If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Art. 6(1)(a) GDPR (Consent), this consent represents the legal basis for processing personal data that may occur when using Google Fonts.

Furthermore, we have a legitimate interest in using Google Fonts to optimize our online service. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate interests). However, we only use Google Fonts if you have given your consent.

Google processes data from you, among other things, in the United States. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the United States. This can entail various risks for the legality and security of data processing.

As the basis for data processing for recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the United States) or for data transfers to such countries, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are template contracts provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when transferred and stored in third countries (such as the United States). Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the United States. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

Online Map Services Introduction

Online Map Services Privacy Policy Summary 👥 Data Subjects: Website visitors 🤝 Purpose: Improving user experience 📓 Processed Data: The data processed depends on the specific services used. It usually includes IP address, location data, search queries, and/or technical data. For more details, please refer to the respective tools used. 📅 Storage Duration: Depends on the tools used ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests)

What are Online Map Services?

As part of our website's extended services, we also utilize online map services. Google Maps is probably the most well-known service, but there are other providers specializing in digital map creation. These services allow us to display locations, routes, or other geographical information directly on our website. By integrating a map service, you don't need to leave our website to view, for example, the route to a location. To make the online map work on our website, map sections are embedded using HTML code. The services can display street maps, the Earth's surface, or aerial/satellite images. When you use the embedded map, data is also transmitted and stored by the respective tool. This data may include personal information.

Why do we use Online Map Services on our website?

In general, our goal is to provide you with a pleasant experience on our website. Your time on our website is enjoyable when you can easily navigate and quickly find all the information you need. Therefore, we believe that an online map system could significantly enhance our service on the website. Without leaving our website, you can easily access route directions, locations, or points of interest using the map system. It's also very convenient for you to see our company's headquarters at a glance, allowing you to find us quickly and safely. As you can see, there are many benefits, and we consider online map services on our website as an integral part of our customer service.

What data is stored by Online Map Services?

When you open a page on our website that includes an embedded online map function, personal data may be transmitted to and stored by the respective service. Typically, this includes your IP address, which can determine your approximate location. In addition to the IP address, data such as entered search terms and latitude/longitude coordinates may also be stored. If you enter an address for route planning, that data is also stored. The data is not stored on our servers but on the servers of the integrated tools. You can imagine it like this: You are on our website, but when you interact with a map service, the interaction actually takes place on their website. To ensure the service functions properly, at least one cookie is usually set in your browser. For example, Google Maps also uses cookies to record user behavior and optimize its own service, including displaying personalized ads. You can learn more about cookies in our "Cookies" section.

How long and where is the data stored?

Each online map service processes different user data. If we have further information, we will provide details about the data processing duration in the corresponding sections for each tool. Generally, personal data is only retained for as long as necessary to provide the service. For example, Google Maps stores certain data for a specific period, while other data may need to be deleted by you. For Mapbox, the IP address is retained for 30 days and then deleted. As you can see, each tool stores data for different durations. Therefore, we recommend reviewing the privacy policies of the specific tools for more information.

The providers also use cookies to store data related to your user behavior with the map service. You can find more general information about cookies in our "Cookies" section, but the privacy policies of each provider will provide details about the cookies they may use. However, please note that these lists are usually exemplary and not exhaustive.

Right to Object

You always have the option and the right to access your personal data and object to its use and processing. You can also revoke any consent you have given us. Generally, the easiest way to do this is through the cookie consent tool. There are also other opt-out tools available for your use. You can manage, delete, or disable cookies set by the providers yourself with just a few mouse clicks. However, it is possible that some functions of the service may no longer work as expected. The method for managing cookies in your browser depends on the browser you are using. In the "Cookies" section, you will find links to instructions for the most popular browsers.

Legal Basis

If you have consented to the use of an online map service, the legal basis for the corresponding data processing is that consent. According to Art. 6(1)(a) GDPR, this consent is the legal basis for processing personal data that may occur during the interaction with an online map service.

Additionally, we have a legitimate interest in using an online map service to optimize our service on our website. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate interests). However, we only use an online map service if you have given your consent. We want to emphasize this once again at this point.

If available, you can find information about specific online map services in the following sections.

Google Maps Privacy Policy

Google Maps Privacy Policy Summary 👥 Data Subjects: Website visitors 🤝 Purpose: Optimizing our service performance 📓 Processed Data: Data such as entered search terms, your IP address, and latitude/longitude coordinates. More details can be found below in this privacy policy. 📅 Storage Duration: Depends on the stored data ⚖️ Legal Basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate interests)

What is Google Maps?

We use Google Maps by Google Inc. on our website. For the European region, the responsible company for all Google services is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). Google Maps allows us to show you locations more effectively and tailor our service to your needs. By using Google Maps, data is transmitted to Google and stored on Google servers. We will now provide more detailed information about what Google Maps is, why we use this Google service, what data is stored, and how you can prevent this.

Google Maps is an internet map service provided by Google. With Google Maps, you can search for precise locations of cities, landmarks, accommodations, or businesses online using a computer, tablet, or app. If businesses are listed on Google My Business, additional information about the company is displayed along with its location. To display directions, map sections of a location can be embedded into a website using HTML code. Google Maps displays the Earth's surface as a street map or as aerial/satellite images. Thanks to Street View images and high-quality satellite imagery, highly accurate representations are possible.

Why do we use Google Maps on our website?

All our efforts on this site are aimed at providing you with a useful and meaningful experience. By integrating Google Maps, we can provide you with the most important information about various locations. You can quickly see where our company headquarters are located. The directions feature always shows you the best or fastest way to reach us. You can access driving, public transit, walking, or cycling directions. For us, providing Google Maps is part of our customer service.

What data is stored by Google Maps?

In order to offer its service fully, Google Maps needs to collect and store data from you. This includes, among other things, entered search terms, your IP address, and latitude/longitude coordinates. If you use the route planner function, the entered start address is also stored. However, this data storage takes place on the Google Maps website. We can only inform you about it but have no influence on it. Since we have embedded Google Maps on our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behavior. Google primarily uses this data to optimize its own services and provide personalized advertisements for you.

The following cookie is set in your browser due to the integration of Google Maps:

Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ112506562-5
Purpose: NID is used by Google to customize ads to your Google search. With the help of the cookie, Google remembers your most frequently entered search queries or your previous interactions with ads. This way, you always receive tailored advertisements. The cookie contains a unique ID that Google uses to collect your personal settings for advertising purposes.
Expiration Date: after 6 months

Note: We cannot guarantee the completeness of the information about the stored data. Changes are possible, especially when using cookies. To identify the NID cookie, a separate test page was created where only Google Maps was integrated.

How long and where is the data stored?

Google servers are located in data centers worldwide. However, most servers are located in America. For this reason, your data is also primarily stored in the USA. You can read exactly where the Google data centers are located here: https://www.google.com/about/datacenters/locations/?hl=de

Google distributes the data across various storage devices. This makes the data more quickly accessible and provides better protection against potential manipulation attempts. Each data center also has special emergency programs. For example, if there are problems with Google hardware or a natural disaster disrupts the servers, the data remains fairly secure.

Google stores some data for a defined period of time. For other data, Google only offers the option to manually delete it. Furthermore, the company anonymizes information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months.

How can I delete my data or prevent data storage?

With the automatic deletion function for location and activity data introduced in 2019, location determination and web/app activity information is stored for either 3 or 18 months, depending on your choice, and then deleted. You can also manually delete this data from the history through your Google account. If you want to completely prevent location tracking, you need to pause the "Web & App Activity" section in your Google account. Click on "Data & Personalization" and then on the "Activity controls" option. Here, you can turn activities on or off.

In your browser, you can also disable, delete, or manage individual cookies. The process varies depending on the browser you use. Under the "Cookies" section, you will find the corresponding links to the instructions for the most popular browsers.

If you don't want any cookies at all, you can configure your browser to always notify you when a cookie is being set. This way, you can decide whether to allow each individual cookie or not.

Legal basis

If you have consented to the use of Google Maps, the legal basis for the corresponding data processing is this consent. According to Art. 6(1)(a) of the General Data Protection Regulation (GDPR), this consent constitutes the legal basis for the processing of personal data that may occur during the collection by Google Maps.

From our side, there is also a legitimate interest in using Google Maps to optimize our online service. The corresponding legal basis for this is Art. 6(1)(f) of the GDPR (Legitimate Interests). However, we only use Google Maps if you have given consent.

Google processes data from you, among other things, in the United States. We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the United States. This can entail various risks for the legality and security of data processing.

As the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and especially in the United States) or a transfer of data to such countries, Google uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) of the GDPR). Standard Contractual Clauses (SCC) are template clauses provided by the European Commission and are intended to ensure that your data also comply with European data protection standards when transferred to and stored in third countries (such as the United States). Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the United States. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other things, here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en

The Google Ads data processing terms, which refer to the Standard Contractual Clauses, can be found at https://business.safety.google/intl/en/adsprocessorterms/.

If you want to learn more about Google's data processing, we recommend referring to the company's privacy policy at https://policies.google.com/privacy?hl=en.

Explanation of Used Terms

We always strive to make our privacy policy as clear and understandable as possible. However, when it comes to technical and legal topics, this is not always easy. It often makes sense to use legal terms (such as personal data) or specific technical terms (such as cookies, IP address). However, we do not want to use these terms without explanation. Below is an alphabetical list of important terms we have used, which we may not have sufficiently explained in the previous privacy policy. If these terms have been taken from the GDPR and are definitions, we will also include the GDPR texts here and, if necessary, add our own explanations.

Data Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term:

"Data processor" means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all the data we process from you. In addition to controllers, there may also be data processors. This includes any company or person that processes personal data on our behalf. Data processors can include service providers such as accountants, hosting or cloud providers, payment or newsletter providers, or major companies such as Google or Microsoft.

Consent

Definition according to Article 4 of the GDPR

In the sense of this regulation, the term:

"Consent" of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: Typically, on websites, such consent is obtained through a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked through a banner whether you consent to the data processing. In most cases, you can also make individual settings and decide for yourself which data processing you allow and which you do not. If you do not give your consent, no personal data about you may be processed. In principle, consent can also be given in writing, without using a tool.

Personal Data

Definition according to Article 4 of the GDPR

In the sense of this regulation, the term:

"personal data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data refers to any data that can identify you as an individual. This typically includes data such as:

• Name
• Address
• Email address
• Postal address
• Phone number
• Date of birth
• Identification numbers such as social security number, tax identification number, ID card number, or student ID number
• Banking information such as account number, credit information, account balances, etc.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and, subsequently, identify you as the connection holder. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called "special categories" of personal data that are particularly sensitive and include:

• Racial and ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data, such as data obtained from blood or saliva samples
• Biometric data (information about psychological, physical, or behavioral characteristics that can identify a person)
• Health data
• Data relating to sexual orientation or sex life

Controller

Definition according to Article 4 of the GDPR

In the sense of this regulation, the term:

"Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for the processing of your personal data and therefore the "Controller." When we transfer collected data to other service providers for processing, they are considered "Data Processors." For this, a "Data Processing Agreement (DPA)" must be signed.

 

Processing

Definition according to Article 4 of the GDPR

In the sense of this regulation, the term:

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

Note: When we refer to processing in our privacy policy, we mean any kind of data processing. This includes, as mentioned above in the original GDPR statement, not only the collection but also the storage and processing of data.

All texts are protected by copyright.

Source: Created with the Data Protection Generator by AdSimple