Privacy policy
Introduction and Overview
We have drafted this Privacy Policy (version 07.03.2025-122959644) to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as “data”) we, as the data controller, and the data processors we engage (e.g., service providers) process, will process in the future, and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process about you.
Privacy policies often sound very technical and use legal jargon. However, this Privacy Policy aims to describe the most important aspects as simply and transparently as possible. Where it enhances transparency, technical terms are explained in a user-friendly manner, links to further information are provided, and graphics may be used. We clearly and plainly inform you that we only process personal data in the course of our business activities when a corresponding legal basis exists. This would not be possible if we provided brief, unclear, and legally technical explanations, as is often the standard on the internet when it comes to data protection.
We hope you find the following explanations interesting and informative, and perhaps you’ll learn something new.
If you still have any questions, please do not hesitate to contact the responsible entity mentioned below or in the legal notice, follow the provided links, or seek additional information on third-party websites. You can, of course, also find our contact details in the legal notice.
Scope of Application
This Privacy Policy applies to all personal data processed by us within the company and to all personal data processed by companies (data processors) engaged by us. By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this Privacy Policy includes:
•All online presences (websites, online shops) operated by us
•Social media appearances and email communication
•Mobile apps for smartphones and other devices
In short: This Privacy Policy applies to all areas where personal data is processed within the company via the aforementioned channels. Should we engage with you in legal relationships outside these channels, we will inform you separately if necessary.
Legal Basis
In the following Privacy Policy, we provide transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation (GDPR) that enable us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL of 27 April 2016. This EU General Data Protection Regulation can of course be read online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.
We process your data only if at least one of the following conditions applies:
•Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data you entered into a contact form.
•Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For instance, if we enter into a purchase agreement with you, we need personal information beforehand.
•Legal Obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to keep invoices for accounting purposes, which generally contain personal data.
•Legitimate Interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not impair your fundamental rights, we retain the right to process personal data. For example, we need to process certain data to operate our website securely and efficiently. This processing is therefore a legitimate interest.
Other conditions such as the performance of tasks carried out in the public interest and the exercise of public authority, as well as the protection of vital interests, do not generally apply to us. If such a legal basis should apply, it will be indicated at the relevant point.
In addition to the EU regulation, national laws also apply:
•In Austria, this is the Federal Act on the Protection of Natural Persons in the Processing of Personal Data (Data Protection Act), abbreviated DSG.
•In Germany, the Federal Data Protection Act, abbreviated BDSG, applies.
If additional regional or national laws are applicable, we will inform you about them in the following sections.
Contact Details of the Data Controller:
If you have any questions regarding data protection or the processing of personal data, you can find the contact details of the data controller according to Article 4(7) of the EU General Data Protection Regulation (GDPR) below:
Elisabeth Grasser
office@grasser-racing.com
+43-650-5035370
Data Retention
We only store personal data for as long as it is absolutely necessary to provide our services and products. This is a general criterion for us. This means that we delete personal data once the reason for the data processing is no longer applicable. In some cases, we are legally required to retain certain data even after the original purpose has been fulfilled, such as for accounting purposes.
If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as soon as possible, provided there is no obligation to retain it.
We will inform you below about the specific duration of the respective data processing if we have further information available.
Rights under the General Data Protection Regulation
In accordance with Articles 13 and 14 of the GDPR, we inform you about the following rights that you are entitled to in order to ensure fair and transparent data processing:
•Right of Access (Article 15 GDPR): You have the right to know if we process data about you. If applicable, you have the right to receive a copy of the data and to be informed of the following details:
•The purpose of the processing;
•The categories, i.e., the types of data being processed;
•Who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
•How long the data is stored;
•The existence of the right to rectification, erasure, or restriction of processing, and the right to object to processing;
•The right to lodge a complaint with a supervisory authority (links to these authorities can be found below);
•The source of the data, if we did not collect it from you;
•Whether profiling is conducted, i.e., whether data is automatically evaluated to create a personal profile of you.
•Right to Rectification (Article 16 GDPR): You have the right to correct your data, which means we must rectify the data if you find any inaccuracies.
•Right to Erasure (“Right to be Forgotten”) (Article 17 GDPR): You have the right to request the erasure of your data, meaning we must delete it if applicable.
•Right to Restriction of Processing (Article 18 GDPR): You have the right to restrict the processing of your data, meaning we may store the data but not use it further.
•Right to Data Portability (Article 20 GDPR): You have the right to request your data in a commonly used, machine-readable format.
•Right to Object (Article 21 GDPR): You have the right to object to the processing of your data, which may result in a change in how the data is processed.
•If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then review as soon as possible whether we can comply with this objection legally.
•If data is used for direct marketing, you may object at any time to this type of data processing. We may no longer use your data for direct marketing afterward.
•If data is used for profiling, you may object at any time to this type of data processing. We may no longer use your data for profiling afterward.
•Right not to be Subject to Automated Decision-Making (Article 22 GDPR): In certain cases, you have the right not to be subjected to decisions based solely on automated processing (e.g., profiling).
•Right to Lodge a Complaint (Article 77 GDPR): You have the right to lodge a complaint with the supervisory authority at any time if you believe the processing of personal data violates the GDPR.
In short: You have rights – don’t hesitate to contact the responsible entity listed above!
If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can file a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, which you can find on their website at https://www.dsb.gv.at/. In Germany, each federal state has a data protection officer. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The relevant local data protection authority for our company is:
Austrian Data Protection Authority
Head: Dr. Matthias Schmidl
Address: Barichgasse 40-42, 1030 Vienna
Phone Number: +43 1 52 152-0
Email Address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/
Cookies
Cookie Summary
👥 Affected: Website visitors
🤝 Purpose: Depends on the specific cookie. More details can be found below or from the software provider setting the cookie.
📓 Processed Data: Depends on the specific cookie used. More details can be found below or from the software provider setting the cookie.
📅 Retention Period: Depends on the specific cookie, ranging from hours to years
⚖️ Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)
What Are Cookies?
Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used so that you can better understand the following Privacy Policy.
Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing is undeniable: cookies are really useful helpers. Almost all websites use cookies. Specifically, they are HTTP cookies, as there are other types of cookies for different applications. HTTP cookies are small files stored by our website on your computer. These cookie files are automatically placed in the cookie folder, essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data from you, such as language preferences or personal page settings. When you revisit our site, your browser sends the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, like Firefox, all cookies are stored in a single file.
The following graphic shows a possible interaction between a web browser, such as Chrome, and the web server. The web browser requests a website and receives a cookie from the server, which the browser will reuse when another page is requested.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each stores different data. The expiration time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other “malicious” software. Cookies also cannot access information on your PC.
Here is an example of what cookie data may look like:
•Name: _ga
•Value: GA1.2.1326744211.152122959644-9
•Purpose: Differentiation of website visitors
•Expiration Date: After 2 years
These are the minimum sizes that a browser should support:
•At least 4096 bytes per cookie
•At least 50 cookies per domain
•At least 3000 cookies in total
What Types of Cookies Are There?
The question of which cookies we specifically use depends on the services used and will be clarified in the following sections of the Privacy Policy. At this point, we would like to briefly discuss the different types of HTTP cookies.
There are 4 types of cookies:
Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, they are required when a user adds a product to the shopping cart, browses other pages, and later proceeds to checkout. These cookies prevent the shopping cart from being cleared, even if the user closes the browser window.
Functional Cookies
These cookies collect information about user behavior and whether the user encounters any error messages. Additionally, these cookies measure the website’s loading time and performance across different browsers.
Targeted Cookies
These cookies enhance user experience. For example, they store entered locations, font sizes, or form data.
Advertising Cookies
These cookies are also known as targeting cookies. They are used to deliver customized advertising to the user. This can be very useful, but also quite annoying.
Typically, you are asked during your first visit to a website which of these cookie types you want to allow. Of course, this decision is also stored in a cookie.
If you want to learn more about cookies and are not intimidated by technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments by the Internet Engineering Task Force (IETF) titled “HTTP State Management Mechanism.”
Purpose of Processing via Cookies
The purpose ultimately depends on the specific cookie. More details can be found below or from the software provider that sets the cookie.
Which Data Is Processed?
Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data in the following Privacy Policy.
Retention Period of Cookies
The retention period depends on the specific cookie and will be specified further below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.
You also have control over the retention period. You can manually delete all cookies at any time via your browser (see also “Right to Object” below). Furthermore, cookies based on consent will be deleted at the latest upon withdrawal of your consent, with the legality of the storage remaining unaffected until then.
Right to Object – How Can I Delete Cookies?
Regardless of which service or website the cookies come from, you always have the option to delete, disable, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.
If you want to check which cookies have been stored in your browser or if you want to change or delete cookie settings, you can find this option in your browser settings:
•Chrome: Delete, enable, and manage cookies in Chrome
•Safari: Manage cookies and website data with Safari
•Firefox: Delete cookies to remove data that websites have stored on your computer
•Internet Explorer: Delete and manage cookies
•Microsoft Edge: Delete and manage cookies
If you generally do not want any cookies, you can set up your browser to notify you whenever a cookie is about to be set. This way, you can decide whether to allow the cookie for each one individually. The procedure varies depending on the browser. It’s best to search for the instructions on Google with the search terms “Delete cookies Chrome” or “Disable cookies Chrome” if you are using the Chrome browser.
Legal Basis
Since 2009, the so-called “Cookie Guidelines” have been in place. These guidelines state that storing cookies requires your consent (Article 6(1)(a) GDPR). However, there are still varying reactions to these guidelines among EU countries. In Austria, the implementation of these guidelines was made in Section 165(3) of the Telecommunications Act (2021). In Germany, the cookie guidelines were not implemented as national law. Instead, the implementation of this directive largely took place in Section 15(3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DDG) since May 2024.
For strictly necessary cookies, even in the absence of consent, legitimate interests (Article 6(1)(f) GDPR) apply, which are often of an economic nature. We want to provide website visitors with a pleasant user experience, and certain cookies are often essential for this.
Where non-essential cookies are used, this only occurs with your consent. The legal basis in this case is Article 6(1)(a) GDPR.
In the following sections, you will be provided with more detailed information about the use of cookies, if the software used employs cookies.
Website Builder Systems Introduction
Website Builder Systems Privacy Policy Summary
👥 Affected: Website visitors
🤝 Purpose: Optimization of our service performance
📓 Processed Data: Data such as technical usage information like browser activity, clickstream activities, session heatmaps, as well as contact data, IP address, or your geographical location. More details can be found below in this Privacy Policy and in the Privacy Policy of the providers.
📅 Retention Period: Depends on the provider
⚖️ Legal Basis: Article 6(1)(f) GDPR (Legitimate Interests), Article 6(1)(a) GDPR (Consent)
What Are Website Builder Systems?
We use a website builder system for our website. Website builder systems are a special form of a Content Management System (CMS). With a website builder system, website operators can easily create a website without any programming knowledge. In many cases, web hosting providers also offer website builder systems. By using a website builder system, personal data from you can be collected, stored, and processed. In this privacy notice, we provide general information about data processing through website builder systems. More detailed information can be found in the privacy policies of the providers.
Why Do We Use Website Builder Systems for Our Website?
The biggest advantage of a website builder system is its ease of use. We want to offer you a clear, simple, and user-friendly website that we can manage and maintain easily without external support. A website builder system now offers many helpful features that we can apply without programming knowledge. This allows us to design our online presence according to our preferences and provide you with an informative and pleasant experience on our website.
What Data Is Stored by a Website Builder System?
The exact data stored depends on the website builder system being used. Each provider processes and collects different data from website visitors. However, in general, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit is collected. Additionally, tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) may be processed. Personal data may also be collected and stored. This usually includes contact data such as email address, phone number (if provided), IP address, and geographical location data. The exact data stored can be found in the provider’s privacy policy.
How Long and Where Is the Data Stored?
We will inform you about the duration of data processing further below in connection with the website builder system used, provided we have additional information on this. Detailed information can be found in the provider’s privacy policy. In general, we process personal data only as long as necessary to provide our services and products. It is possible that the provider stores data based on their own policies, over which we have no control.
Right to Object
You always have the right to access, rectify, and delete your personal data. If you have any questions, you can also contact the responsible party of the website builder system used at any time. Contact details can be found either in our privacy policy or on the website of the respective provider.
Cookies used by providers for their functions can be deleted, disabled, or managed in your browser. Depending on the browser you use, this may work in different ways. Please note, however, that some functions may no longer work as expected if you disable cookies.
Legal Basis
We have a legitimate interest in using a website builder system to optimize our online service and present it efficiently and user-friendly to you. The corresponding legal basis is Article 6(1)(f) GDPR (Legitimate Interests). We only use the website builder to the extent that you have given your consent.
To the extent that the processing of data for the operation of the website is not strictly necessary, the data is processed only based on your consent. This particularly applies to tracking activities. The legal basis in this case is Article 6(1)(a) GDPR.
With this privacy policy, we have provided you with the most important general information regarding data processing. If you wish to learn more, you can find further information – if available – in the following section or in the privacy policy of the provider.
WordPress.com Privacy Policy
WordPress.com Privacy Policy Summary
👥 Affected: Website visitors
🤝 Purpose: Optimization of our service performance
📓 Processed Data: Data such as technical usage information like browser activity, clickstream activities, session heatmaps, as well as contact data, IP address, or your geographical location. More details can be found below in this Privacy Policy.
📅 Retention Period: It mainly depends on the type of stored data and the specific settings.
⚖️ Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)
What is WordPress?
We use the well-known content management system WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.
Founded in 2003, the company quickly became one of the most popular content management systems (CMS) worldwide. A CMS is software that helps us design our website and present content in a clean and organized manner. The content can include text, audio, and video.
By using WordPress, personal data from you can also be collected, stored, and processed. Typically, mainly technical data such as operating system, browser, screen resolution, or hosting provider is stored. However, personal data such as IP address, geographical data, or contact data may also be processed.
Why Do We Use WordPress on Our Website?
We have many strengths, but programming is not exactly one of our core competencies.
Nevertheless, we want a powerful and attractive website that we can manage and maintain ourselves. With a website builder system or a content management system like WordPress, this is exactly possible. With WordPress, we don’t have to be programming experts to offer you a beautiful website. Thanks to WordPress, we can quickly and easily operate our website without any technical knowledge. If technical issues arise or we have special requests for our website, we still have our experts who are familiar with HTML, PHP, CSS, and more.
With the ease of use and comprehensive features of WordPress, we can shape our online presence according to our preferences and provide you with a great user experience.
What Data Is Processed by WordPress?
Non-personal data includes technical usage information such as browser activity, clickstream activities, session heatmaps, and data about your computer, operating system, browser, screen resolution, language and keyboard settings, internet service provider, and the date of the site visit.
Additionally, personal data is also collected. This primarily includes contact details (email address or phone number, if provided), IP address, or your geographical location.
WordPress may also use cookies to collect data. These often capture data about your behavior on our website. For example, it can track which subpages you visit most frequently, how long you stay on specific pages, when you leave a page (bounce rate), or which preferences (e.g., language selection) you have made. Based on this data, WordPress can also better tailor its marketing efforts to your interests and user behavior. The next time you visit our website, it will be displayed according to the settings you previously made.
WordPress may also use technologies such as pixel tags (web beacons) to, for example, clearly identify you as a user and potentially offer interest-based advertising.
How Long and Where Is the Data Stored?
The length of time the data is stored depends on various factors, mainly on the type of data stored and the specific settings of the website. In general, WordPress deletes the data when it is no longer needed for its purposes. There are, of course, exceptions, especially when legal obligations require a longer retention of data. Web server logs containing your IP address and technical data are deleted by WordPress or Automattic after 30 days. During this time, Automattic uses the data to analyze traffic on its websites (such as all WordPress sites) and address any potential issues. Deleted content on WordPress websites is also kept in the trash for 30 days to allow for recovery, after which it may remain in backups and caches until those are deleted. The data is stored on American servers by Automattic.
How Can I Delete My Data or Prevent Data Storage?
You have the right at any time to access your personal data and object to its use and processing. You can also file a complaint with a regulatory authority at any time.
In your browser, you also have the option to manage, delete, or disable cookies individually. Please note that disabled or deleted cookies may negatively affect the functionality of our WordPress site. Depending on which browser you use, managing cookies may work differently. Under the “Cookies” section, you will find the corresponding links to the instructions for the most popular browsers.
Legal Basis
If you have consented to the use of WordPress, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR (Consent), this consent forms the legal basis for the processing of personal data that may occur during the collection process by WordPress.
We also have a legitimate interest in using WordPress to optimize our online service and present it attractively. The corresponding legal basis is Article 6(1)(f) GDPR (Legitimate Interests). We only use WordPress to the extent that you have granted consent.
WordPress, or Automattic, also processes data from you, including in the USA. Automattic is an active participant in the EU-US Data Privacy Framework, which governs the correct and secure transfer of personal data from EU citizens to the USA. More information on this can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Additionally, Automattic uses so-called Standard Contractual Clauses (= Article 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data remains in compliance with European data protection standards when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and Standard Contractual Clauses, Automattic commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the relevant Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
For more details on the privacy policy and what data is processed in what way by WordPress, please visit https://automattic.com/privacy/.
Web Design Introduction
Web Design Privacy Policy Summary
👥 Affected: Website visitors
🤝 Purpose: Improving the user experience
📓 Processed Data: The data processed largely depends on the tools used. It often includes data such as IP address, technical data, language settings, browser version, screen resolution, and browser name. More details can be found with the respective web design tools used.
📅 Retention Period: Depends on the tools used
⚖️ Legal Basis: Article 6(1)(a) GDPR (Consent), Article 6(1)(f) GDPR (Legitimate Interests)
What is Web Design?
We use various tools for web design on our website. Web design is not just about making our website look nice, as often assumed, but also about functionality and performance. However, the visual appearance of a website is certainly one of the major goals of professional web design. Web design is a subset of media design and deals with both the visual and the structural and functional design of a website. The goal is to improve your experience on our website through web design. In web design jargon, this is referred to as User Experience (UX) and Usability. User Experience encompasses all the impressions and experiences that a website visitor has on a website. A subcategory of User Experience is Usability, which focuses on the user-friendliness of a website. The emphasis here is primarily on ensuring that content, subpages, or products are clearly structured, and that you can easily and quickly find what you are looking for. To provide you with the best possible experience on our website, we also use third-party web design tools. In this privacy policy, the category “Web Design” includes all services that enhance the design of our website. These may include fonts, various plugins, or other integrated web design features.
Why Do We Use Web Design Tools?
How you perceive information on a website strongly depends on the structure, functionality, and visual appearance of the website. Therefore, good and professional web design has become increasingly important for us. We are constantly working on improving our website and see this as an extended service for you as a website visitor. Furthermore, a beautiful and functional website also has economic advantages for us. After all, you will only visit us and make use of our offerings if you feel completely comfortable.
Which Data Is Stored by Web Design Tools?
When you visit our website, web design elements may be embedded in our pages that can also process data. The exact data depends largely on the tools used. Further down, you will see exactly which tools we use for our website. For more detailed information about data processing, we also recommend reading the respective privacy policy of the tools used. Usually, you will find information there about which data is processed, whether cookies are used, and how long the data is retained. For example, fonts like Google Fonts automatically transmit information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google’s servers.
Duration of Data Processing
The duration for which data is processed is very individual and depends on the web design elements used. For example, if cookies are used, the retention period can vary from just one minute to several years. Please inform yourself about this. We recommend reading both our general section on cookies and the privacy policies of the tools used. Usually, you will find out which cookies are specifically used and what information is stored in them. For example, Google Font files are stored for one year. This is to improve the loading time of a website. In general, data is only kept for as long as it is necessary to provide the service. Data may also be stored longer if required by legal obligations.
Right to Object
You also have the right and the ability to revoke your consent for the use of cookies or third-party providers at any time. This can be done either through our cookie management tool or other opt-out functions. You can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. However, some data from web design elements (usually fonts) cannot be easily deleted. This happens when data is automatically collected upon visiting a page and transmitted to a third party (such as Google). In this case, please contact the support of the relevant provider. If it concerns Google, you can reach their support at https://support.google.com/?hl=en.
Legal Basis
If you have consented to the use of web design tools, the legal basis for the corresponding data processing is your consent. According to Article 6(1)(a) GDPR (Consent), this consent forms the legal basis for the processing of personal data that may occur during the collection through web design tools. Additionally, we have a legitimate interest in improving the web design of our website. After all, we can only provide you with an attractive and professional online offering. The corresponding legal basis for this is Article 6(1)(f) GDPR (Legitimate Interests). We only use web design tools to the extent that you have granted consent. We want to emphasize this once again.
Information about specific web design tools will be provided – if available – in the following sections.
Adobe Fonts Privacy Policy
We use Adobe Fonts, a web font hosting service, on our website. The service provider is the American company Adobe Inc. For the European region, the responsible company is Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland.
Adobe processes data from you, including in the USA. Adobe is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information on this can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Adobe uses Standard Contractual Clauses (= Article 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data meets European data protection standards even when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Adobe commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementation decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.
For more information on Adobe’s Standard Contractual Clauses, visit https://www.adobe.com/at/privacy/eudatatransfers.html.
More about the data processed through the use of Adobe Fonts can be found in the privacy policy at https://www.adobe.com/at/privacy.html.
Explanation of Used Terms
We strive to write our privacy policy as clearly and understandably as possible. However, especially with technical and legal topics, this is not always easy. It often makes sense to use legal terms (e.g., personal data) or specific technical expressions (e.g., cookies, IP address). We do not want to use these without providing an explanation. Below you will find an alphabetical list of important terms we have used, which we may not have explained adequately in the previous sections of the privacy policy. If these terms are taken from the GDPR and are legal definitions, we will also provide the relevant GDPR text and, if necessary, additional explanations.
Data Processor
Definition according to Article 4 of the GDPR
For the purposes of this regulation, the term:
“Data processor” refers to a natural or legal person, authority, agency, or other body that processes personal data on behalf of the controller;
Explanation: As a company and website owner, we are responsible for all data that we process from you. In addition to the controller, there may also be so-called data processors. This includes any company or person that processes personal data on our behalf. Data processors can therefore include service providers such as tax consultants, as well as hosting or cloud providers, payment or newsletter providers, or large companies like Google or Microsoft.
Consent
Definition according to Article 4 of the GDPR
For the purposes of this regulation, the term:
“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, expressed by a statement or a clear affirmative action, by which the data subject signifies agreement to the processing of personal data relating to them;
Explanation: Typically, on websites, such consent is given through a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to the data processing or give your consent. Often, you can also make individual settings and decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data about you may be processed. In principle, consent can also be given in writing, i.e., not through a tool.
Personal Data
Definition according to Article 4 of the GDPR
For the purposes of this regulation, the term:
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
Explanation: Personal data refers to any data that can identify you as a person. These are typically data such as:
•Name
•Address
•Email address
•Postal address
•Phone number
•Date of birth
•Identification numbers such as social security number, tax identification number, ID card number, or student number
•Bank data such as account number, credit information, account balances, etc.
According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to at least identify the approximate location of your device and, by extension, you as the account holder. Therefore, storing an IP address also requires a legal basis under the GDPR.
There are also so-called “special categories” of personal data, which are considered particularly sensitive and require extra protection. These include:
•Racial and ethnic origin
•Political opinions
•Religious or philosophical beliefs
•Trade union membership
•Genetic data, such as data taken from blood or saliva samples
•Biometric data (information about psychological, physical, or behavioral characteristics that can identify a person)
•Health data
•Data on sexual orientation or sexual life
Profiling
Definition according to Article 4 of the GDPR
For the purposes of this regulation, the term:
“Profiling” means any kind of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects related to a natural person, particularly to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person;
Explanation: Profiling involves collecting various pieces of information about a person in order to learn more about them. In the web domain, profiling is often used for advertising purposes or creditworthiness assessments. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile, which can then be used to target advertisements to a specific audience.
Controller
Definition according to Article 4 of the GDPR
For the purposes of this regulation, the term:
“Controller” refers to the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of Member States, the controller or the specific criteria for its designation may be provided for in accordance with Union law or the law of Member States;
Explanation: In our case, we are responsible for processing your personal data and are therefore the “controller.” If we share the collected data for processing with other service providers, they are considered “processors.” A “Data Processing Agreement (DPA)” must be signed for this.
Processing
Definition according to Article 4 of the GDPR
For the purposes of this regulation, the term:
“Processing” means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;
Note: When we refer to processing in our privacy policy, we mean any kind of data processing. This includes, as mentioned in the original GDPR definition above, not only collecting but also storing and processing data.
Closing Remarks
Congratulations! If you’re reading these lines, you have truly “fought” through our entire privacy policy or at least scrolled to this point. As you can see from the length of our privacy policy, we take the protection of your personal data very seriously.
It is important for us to inform you about the processing of personal data to the best of our knowledge and belief. We not only want to tell you which data is processed, but also explain the reasons for using various software programs. Privacy policies typically sound very technical and legal. Since most of you are not web developers or lawyers, we wanted to take a different approach and explain the matter in simple and clear language. Of course, this is not always possible due to the nature of the topic. Therefore, the most important terms are explained at the end of the privacy policy.
If you have any questions about data protection on our website, please don’t hesitate to contact us or the responsible authority. We wish you a pleasant time and hope to welcome you back to our website soon.
All texts are copyright protected.
Source: Privacy policy created with the Privacy Policy Generator for Austria by AdSimple.
