Privacy Policy

Introduction and Overview

We have drafted this Privacy Policy (Version 14.11.2022- 112326086) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter referred to as „data“) we, as the data controller, and our contracted processors (e.g., providers) process, will process in the future, and what lawful options you have. The terms used are to be understood in a gender-neutral manner. In short, we provide comprehensive information about the data we process about you. Privacy policies typically sound very technical and use legal terminology. However, this Privacy Policy aims to describe the most important things to you as simply and transparently as possible. Wherever transparency is beneficial, technical terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. In doing so, we communicate clearly and simply that we only process personal data within the scope of our business activities if there is a corresponding legal basis. This is not possible if we provide terse, unclear, and legally technical explanations, as is often the standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps you’ll find some information that you didn’t know before. If you still have questions, we kindly ask you to contact the responsible party listed below or in the imprint, follow the provided links, and consult further information on third-party sites. Our contact details are also available in the imprint. Scope This Privacy Policy applies to all personal data processed by us in the company and to all personal data processed by companies contracted by us (data processors). By personal data, we mean information within the meaning of Article 4(1) of the GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or

offline. The scope of this Privacy Policy includes:

• all online presences (websites, online shops) that we operate

• social media presences and email communication

• mobile apps for smartphones and other devices In short, the rivacy Policy applies to all areas where personal data is structuredly processed in the company via the channels mentioned.

If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary. Legal Basis In the following Privacy Policy, we provide transparent information about the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which allow us to process personal data. Regarding EU law, we refer to

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access point to EU law, at https://eur-lex.europa.eu/legalcontent/DE/ALL/?uri=celex%3A32016R0679. We only process your data if at least one of the following

conditions applies:

1. Consent (Article 6(1)(a) GDPR): You have given us consent to process data for a specific purpose. An example would be storing the data you entered in a contact form.

2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or precontractual obligations with you, we process your data. For example, if we conclude a purchase contract with you, we need personal information beforehand.

3. Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.

4. Legitimate interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not infringe upon your fundamental rights, we reserve the right to process personal data. For example, we may need to process certain data to operate our website securely and economically efficiently. This processing is therefore a legitimate interest. Further conditions such as the exercise of public interest recording and exercising public authority, as well as protecting vital interests, usually do not apply to us. If such a legal basis should be relevant, it will be indicated at the appropriate place. In addition to the EU Regulation, national laws also apply:

• In Austria, this is the Federal Act concerning the Protection

of Personal Data (Data Protection Act), abbreviated as DSG.

• In Germany, the Federal Data Protection Act, abbreviated as BDSG, applies. If further regional or national laws are applicable, we will inform you in the following sections.

Contact Details of the Controller If you have any questions about data protection or the processing of personal data, you will find below the contact details of the responsible person or entity:

DI (FH) Philipp Schneider, MSc Stubenring 24/9 – 1010 Vienna

Email: office@environomics.at Phone: +43676889831310 Imprint: https://environomics.at/en/impressum/

Retention Period 

It is a general criterion for us to store personal data only for as long as it is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased, for example, for accounting purposes. If you wish for the deletion of your data or withdraw your consent for data processing, the data will be deleted as soon as possible, provided there is no obligation to store it. We will inform you below about the specific duration of each data processing if we have further information on it. Rights under the General Data Protection Regulation According to Articles 13 and 14 of the GDPR, we inform you about the following rights that you are entitled to, ensuring fair and transparent data processing: • According to Article 15 of the GDPR, you have the right to information about whether we process data about you. If so, you have the right to receive a copy of the data and to learn the following information:

• the purpose of the processing;

• the categories, i.e., types of data being processed;

• who receives this data and, if the data is transferred to third countries, how security can be guaranteed;

• how long the data will be stored;

• the existence of the right to rectification, erasure, or restriction of processing and the right to object;

• that you can complain to a supervisory authority (links to these authorities can be found below);

• the origin of the data, if we did not collect it from you;

• whether profiling is performed, i.e., whether data is automatically evaluated to create a personal profile of you.

• According to Article 16 of the GDPR, you have the right to rectification of the data, meaning that we must correct data if you find errors.

• According to Article 17 of the GDPR, you have the right to erasure („right to be forgotten“), which means that you can request the deletion of your data.

• According to Article 18 of the GDPR, you have the right to restrict processing, which means that we may only store the data but not further use it.

• According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a commonly used format upon request.

• According to Article 21 of the GDPR, you have the right to object, which, when enforced, results in a change in processing.

• If the processing of your data is based on Article 6(1)(e) (public interest, exercise of public authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then promptly examine whether we can legally comply with this objection.

• If data is used for direct marketing purposes, you can object to this type of data processing at any time. We may not use your data for direct marketing thereafter.

• If data is used for profiling purposes, you can object to this type of data processing at any time. We may not use your data for profiling thereafter.

• According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g., profiling).

• According to Article 77 of the GDPR, you have the right to lodge a complaint. This means you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible party listed above! If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:

Data Protection Authority Address: Barichgasse 40-42, 1030 Vienna Phone number: +43 1 52 152-0 Email address: dsb@dsb.gv.at Website: https://www.dsb.gv.at/

Security of Data Processing 

To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. This makes it as difficult as possible, within our capabilities, for third parties to infer personal information from our data. Article 25 of the GDPR speaks of „data protection by design and by default,“ meaning that both software (e.g., forms) and hardware (e.g., access to the server room) always consider security and implement appropriate measures. Below, if necessary, we will go into specific measures. TLS encryption with https TLS, encryption, and https sound very technical, and they are. We use HTTPS (Hypertext Transfer Protocol Secure) to transfer data securely over the Internet. This means that the entire transmission of all data from your browser to our web server is secure – no one can „eavesdrop.“ Thus, we have introduced an additional layer of security and comply with data protection by design (Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small lock icon in the browser’s address bar, to the left of the web address (e.g., examplepage.com), and the use of the https scheme (instead of http) as part of our Internet address. If you want to learn more about encryption, we recommend searching Google for „Hypertext Transfer Protocol Secure wiki“ for good links to further information. Communication Summary Affected Individuals: Anyone who communicates with us via telephone, email, or online form Processed Data: e.g., telephone number, name, email address, entered form data. More details can be found for each contact method used. Purpose: Processing communication with customers, business partners, etc. Retention Period: Duration of the business case and legal requirements Legal Basis: Art. 6 Para. 1 lit. a GDPR (Consent), Art. 6 Para. 1 lit. b GDPR (Contract), Art. 6 Para. 1 lit. f GDPR (Legitimate interests) When you contact us and communicate via telephone, email, or online form, personal data may be processed. The data is processed for handling and processing your inquiry and the associated business transaction. The data is stored for as long as the business case lasts or as long as required by law.

Affected Individuals 

All those who seek contact with us via the communication channels provided by us are affected by the mentioned processes.

Telephone 

When you call us, call data is pseudonymized and stored on the respective device and with the telecommunications provider used. In addition, data such as name and telephone number may be sent by email and stored for inquiry processing. The data is deleted as soon as the business case is concluded and legal requirements allow.

Email

When you communicate with us via email, data may be stored on the respective device (computer, laptop, smartphone, etc.) and data may be stored on the email server. The data is deleted as soon as the business case is concluded and legal requirements allow.

Online Forms 

When you communicate with us via online form, data is stored on our web server and may be forwarded to an email address of ours. The data is deleted as soon as the business case is concluded and legal requirements allow.

Legal Basis

The processing of data is based on the following legal bases:

• Art. 6 Para. 1 lit. a GDPR (Consent): You give us consent to store your data and to further use it for purposes related to the business case;

• Art. 6 Para. 1 lit. b GDPR (Contract): There is a necessity for the performance of a contract with you or a data processor such as the telephone provider, or we need to process the data for pre contractual activities, such as preparing an offer;

• Art. 6 Para. 1 lit. f GDPR (Legitimate interests): We aim to conduct customer inquiries and business communication in a professional manner. For this purpose, certain technical facilities such as email programs, Exchange servers, and mobile network operators are necessary to efficiently conduct communication.

Cookies Summary

Affected Individuals: Website visitors Purpose: Depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

Processed Data: Depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

Retention Period: Depends on the respective cookie, can vary from hours to years.

Legal Basis: Art. 6 Para. 1 lit. a GDPR (Consent), Art. 6 Para. 1 lit.f GDPR (Legitimate interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data. In the following, we explain what cookies are and why they are used so that you can better understand the following privacy policy. Whenever you surf the Internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies. It cannot be denied: cookies are really useful helpers. Almost all websites use cookies. More specifically, these are HTTP cookies, as there are also other cookies for other applications. HTTP cookies are small files that are stored by our website on your computer. These cookie files are automatically placed in the cookie folder, which is like the „brain“ of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified. Cookies store certain user data, such as language or personal page settings. When you revisit our site, your browser sends the „user-related“ information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in a single file. The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie from the server, which the browser uses again when requesting another page. There are both first-party cookies and third-party cookies. Firstparty cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be individually evaluated because each cookie stores different data. The expiration time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans, or other „malware“. Cookies cannot access information on your PC.

Cookie Data Example:

Name: _ga Value: GA1.2.1326744211.152112326086-9 Purpose: Distinguishing website visitors Expiration date: after 2 years Minimum requirements a browser should support for cookies:

• At least 4096 bytes per cookie

• At least 50 cookies per domain

• At least 3000 cookies in total

What Types of Cookies Are There?

The question of which cookies we specifically use depends on the services used and will be clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

Four types of cookies can be distinguished:

1. Essential Cookies: These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed if a user adds a product to the shopping cart, then continues to surf other pages, and later goes to checkout. These cookies prevent the shopping cart from being deleted even if the user closes their browser window.

2. Functional Cookies: These cookies collect information about user behavior and whether the user receives error messages. In addition, these cookies measure the loading time and behavior of the website in different browsers.

3. Targeted Cookies: These cookies ensure better user friendliness. For example, entered locations, font sizes, or form data are stored.

4. Advertising Cookies: These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very practical, but also very annoying.

Usually, when you first visit a website, you are asked which of these types of cookies you want to allow. And, of course, this decision is also stored in a cookie. If you want to know more about cookies and don’t mind technical documentation, we recommend https://datatracker.ietf.org/
doc/html/rfc6265
, the Internet Engineering Task Force (IETF) Request for Comments called „HTTP State Management Mechanism“.

Purpose of Processing via Cookies
The purpose ultimately depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

What Data Is Processed?

Cookies are small helpers for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the processed or stored data within the following privacy policy.

Storage Period of Cookies

The storage duration depends on the respective cookie and is further specified below. Some cookies are deleted in less than an hour, while others can remain stored on a computer for several years. You also have influence over the storage duration. You can manually delete all cookies via your browser at any time (see also „Right to Object“ below). Furthermore, cookies that are based on consent are deleted, at the latest, after you revoke your consent, while the legality of the storage remains unaffected until then. Right to Object – How can I delete cookies? How and whether you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies. If you want to find out which cookies are stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings: Chrome: Delete, enable, and manage cookies in Chrome Safari: Manage cookies and website data with Safari Firefox: Delete cookies to remove data stored by websites on your computer Internet Explorer: Delete and manage cookies Microsoft Edge: Delete and manage cookies If you do not want cookies in principle, you can set up your browser to always inform you when a cookie is set. This way, you can decide for each individual cookie whether to allow it or not. The procedure varies depending on the browser. It’s best to search for the instructions on Google using the search term „delete cookies Chrome“ or „disable cookies Chrome“ in the case of a Chrome browser.

Legal Basis

Since 2009, there have been the so-called „Cookie Guidelines“. These guidelines stipulate that storing cookies requires your consent (Article 6(1)(a) GDPR). However, within EU countries, there are still very different reactions to these guidelines. In Austria, the implementation of these guidelines was carried out in § 96(3) of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not implemented as national law. Instead, the implementation of these guidelines largely occurred in § 15(3) of the Telemedia Act (TMG). For strictly necessary cookies, even in cases where no consent is given, legitimate interests exist (Article 6(1)(f) GDPR), which are mostly of an economic nature. We aim to provide visitors to the website with a pleasant user experience, and for this, certain cookies are often strictly necessary. Where non-essential cookies are used, this only occurs with your consent. The legal basis is Article 6(1)(a) GDPR. In the following sections, you will be provided with more detailed information about the use of cookies, provided that the software used utilizes cookies.

Web Hosting Introduction
Web Hosting Summary

Affected Parties: Visitors to the website

Purpose: Professional hosting of the website and ensuring its operation

Processed Data: IP address, time of website visit, used browser, and other data. More details can be found below or with the respective web hosting provider.

Storage Duration: Dependent on the respective provider but typically 2 weeks

Legal Basis: Article 6(1)(f) GDPR (Legitimate Interests)

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and ensuring its operation

2. Maintaining operational and IT security

3. Anonymous analysis of access behavior to improve our offerings and, if necessary, for law enforcement or pursuit of claims.

What data is processed?

Even as you visit our website right now, our web server, which is the computer where this website is stored, typically automatically stores data such as:

• The complete internet address (URL) of the accessed webpage

• Browser and browser version (e.g., Chrome 87)

• The operating system used (e.g., Windows 10)

• The address (URL) of the previously visited page (referrer URL) (e.g., https://www.examplereferrer.com/
howigotthere/
)

• The hostname and IP address of the accessing device (e.g., COMPUTERNAME and 194.23.43.121)

• Date and time

• In files, known as web server log files

How long is data stored?

Generally, the aforementioned data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot exclude the possibility that authorities may access this data in the event of unlawful behavior.

In summary: Your visit is logged by our provider (the company that runs our website on special computers called servers), but we do not share your data without consent!

Legal Basis 

The legality of processing personal data in the context of web hosting is based on Article 6(1)(f) GDPR (Legitimate interests), as the use of professional hosting with a provider is necessary to securely and user-friendly present the company on the internet and potentially pursue attacks and claims arising therefrom. Typically, there is a contract between us and the hosting provider for order processing in accordance with Article 28 et seq. GDPR, which ensures compliance with data protection and guarantees data security. External Web Hosting Provider Data Protection Declaration Below you will find the contact details of our external hosting provider, where you can find more information about data processing in addition to the information above:

Company: easyname GmbH
Address: Canettistraße 5/10, A-1100 Vienna
VAT number: ATU68122177 Commercial
register number: 402196s
Commercial register court: Commercial Court Vienna
Phone number: +43 1 353 2222
Email address: office@easyname.com

You can learn more about data processing with this provider in data-protection-policy-de-v4.pdf (easyname.at).

Website Builder Systems Introduction Website Builder Systems Data Protection Declaration Summary

Affected Parties:
Visitors to the website Purpose: Optimization of our service performance Processed Data: Data such as technical usage information like browser activity, clickstream activities, session heatmaps, as well as contact details, IP address, or your geographic location. More details can be found below in this data protection declaration and in the provider’s data protection declaration. Storage Duration: Depends on the provider Legal Basis: Article 6(1)(f) GDPR (Legitimate interests), Article 6(1)(a) GDPR (Consent)

What are Website Builder Systems?

We use a website builder system for our website. Builder systems are special forms of a content management system (CMS). With a builder system, website operators can easily create a website without programming knowledge. In many cases, web hosts also offer builder systems. By using a builder system, personal data from you can also be collected, stored, and processed. In this privacy text, we provide you with general information about data processing through builder systems. For more information, please refer to the provider’s privacy policies.

Why do we use website builder systems for our website?

The greatest advantage of a builder system is its ease of use. We aim to provide you with a clear, simple, and user-friendly website that we can operate and maintain ourselves, without external support. Nowadays, builder systems offer many helpful functions that we can apply without programming knowledge. This allows us to design our web presence according to our wishes and provide you with an informative and pleasant experience on our website.

What data is stored by a builder system?

The exact data stored naturally depends on the website builder system used. Each provider processes and collects different data from website visitors. However, typically technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are collected. Further, tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) can also be processed. Additionally, personal data may be collected and stored. This usually includes contact details such as email address, telephone number (if provided by you), IP address, and geographic location data. You can find details about the specific data stored in the provider’s privacy policy.

How long and where are the data stored?

We will inform you about the duration of data processing below in connection with the website builder system used, provided we have further information on this. Detailed information can be found in the provider’s privacy policy. Generally, we process personal data only for as long as it is absolutely necessary for the provision of our services and products. The provider may store data from you according to their own standards, over which we have no control.

Right to object
You always have the right to information, correction, and deletion of your personal data. If you have any questions, you can also contact the responsible party of the website builder system used at any time. Contact details can be found either in our privacy policy or on the website of the respective provider. Cookies used by providers for their functions can be deleted, disabled, or managed in your browser. Depending on the browser you use, this works in different ways. Please note, however, that this may affect the functioning of some features.

Legal basis

We have a legitimate interest in using a website builder system to optimize our online service and present it efficiently and userfriendly for you. The corresponding legal basis for this is Article 6(1)(f) GDPR (Legitimate interests). However, we only use the builder system if you have given consent. Where the processing of data for the operation of the website is not strictly necessary, the data is processed only on the basis of your consent. This particularly concerns tracking activities. The legal basis in this regard is Article 6(1)(a) GDPR. With this privacy policy, we have provided you with the most important general information about data processing. If you want to find out more about this, you can find additional information – if available – in the following section or in the provider’s privacy policy.

What is Email Marketing?

To keep you up to date, we also utilize the opportunity of email marketing. In this process, if you have consented to receiving our emails or newsletters, data about you is processed and stored. Email marketing is a subset of online marketing. It involves sending news or general information about a company, products, or services via email to a specific group of people who are interested. If you want to participate in our email marketing (usually via newsletters), you typically just need to sign up with your email address. You fill out an online form and submit it. However, we may also ask for your title and name so that we can address you personally. The signup for newsletters generally works using the so-called „Double-Opt-In“ procedure. After you have signed up for our newsletter on our website, you will receive an email to confirm the newsletter subscription. This ensures that the email address belongs to you and that no one has signed up with a foreign email address. We or a notification tool we use log each individual registration. This is necessary so that we can prove the legal registration process. Usually, the time of registration, the time of registration confirmation, and your IP address are stored. Additionally, changes to your stored data are also logged.

Why do we use Email Marketing?

Naturally, we want to stay in touch with you and always present the most important news about our company. For this purpose, we use email marketing – often referred to as „newsletters“ – as an essential part of our online marketing. If you agree or if it is legally allowed, we send you newsletters, system emails, or other notifications via email. When we use the term „newsletter“ in the following text, we mainly mean regularly sent emails. Of course, we do not want to bother you with our newsletters in any way. Therefore, we make every effort to provide only relevant and interesting content. You will learn more about our company services, or products. Since we are always improving our offerings, you will also be informed about news or special, lucrative promotions through our newsletter. If we engage a service provider offering a professional dispatch tool for our email marketing, we do so to provide you with fast and secure newsletters. The purpose of our email marketing is fundamentally to inform you about new offers and also to get closer to our business goals.

What data is processed?

When you subscribe to our newsletter via our website, you confirm membership in an email list via email. In addition to the IP address and email address, your title, name, address, and telephone number can also be stored. However, only if you agree to this data storage. The data marked as such is necessary for you to participate in the service offered. Providing this information is voluntary, but failure to provide it means that you cannot use the service. Additionally, information about your device or your preferred content on our website may also be stored. More information on data storage when visiting a website can be found in the „Automatic Data Storage“ section. We record your consent declaration so that we can always prove that it complies with our laws.

Duration of data processing

If you unsubscribe your email address from our email/newsletter distribution list, we may store your address for up to three years based on our legitimate interests, so that we can still prove your previous consent. We are allowed to process this data only if we need to defend against any claims. However, if you confirm that you have given us consent to subscribe to the newsletter, you can request individual deletion at any time. If you permanently object to the consent, we reserve the right to store your email address in a blocklist. As long as you voluntarily subscribe to our newsletter, we will of course also retain your email address.

Right to object 

You have the option to cancel your newsletter subscription at any time. You simply need to revoke your consent to subscribe to the newsletter. This usually takes only a few seconds or one or two clicks. In most cases, you will find a link directly at the end of each email to cancel the newsletter subscription. If you cannot find the link in the newsletter, please contact us by email, and we will promptly cancel your newsletter subscription.

Legal Basis

The sending of our newsletter is based on your consent (Article 6(1)(a) GDPR). This means that we are only allowed to send you a newsletter if you have actively signed up for it beforehand. If you have become our customer and have not objected to the use of your email address for direct advertising, we may also send you advertising messages based on § 7(3) of the German Unfair Competition Act (UWG).

Information about specific email marketing services and how they process personal data can be found – if available – in the following sections.

Cloud Services

Cloud Services Privacy Policy Summary

Affected parties: We as website operators and you as website visitors Purpose: Security and data storage Processed data: Data such as your IP address, name, or technical data such as browser version More details can be found below and in the individual privacy texts or in the privacy policies of the providers Storage period: Most data is stored until it is no longer needed to fulfill the service Legal bases: Article 6(1)(a) GDPR (consent), Article 6(1)(f) GDPR (legitimate interests)

What are Cloud Services?

Cloud services provide us as website operators with storage space and computing power over the internet. Data can be transferred, processed, and stored in an external system via the internet. The management of this data is handled by the respective cloud provider. Depending on the requirements, an individual or a company can choose the size of storage space or computing power. Cloud storage is accessed via an API or storage protocols. API stands for Application Programming Interface and refers to a programming interface that connects software with hardware components.

Why do we use Cloud Services?

We use cloud services for several reasons. A cloud service allows us to securely store our data. Additionally, we have access to the data from various locations and devices, providing us with more flexibility and streamlining our work processes. Cloud storage also saves us costs because we do not have to establish and manage our own infrastructure for data storage and security. By centrally storing our data in the cloud, we can also expand our application fields and manage our information much better. We as website operators or as a company primarily use cloud services for our own purposes. For example, we use the services to manage our calendar or to store documents or other important information in the cloud. However, personal data from you can also be stored. This is the case, for example, when you provide us with your contact details (such as name and email address) and we store our customer data with a cloud provider. Consequently, data that we process from you can also be stored and processed on external servers. If we offer certain forms or content of cloud services on our website, cookies for web analytics and advertising purposes can also be set. Furthermore, such cookies remember your settings (such as the language used) so that you will find your familiar web environment on your next visit to our website. What data is processed by Cloud Services? Many of the data stored in the cloud by us do not have personal references, but according to the GDPR’s definition, some data counts as personal data. Often, this includes customer data such as name, address, IP address, or telephone number, or technical device information. Videos, images, and audio files can also be stored in the cloud. The exact collection and storage of data depend on the respective service. We strive to use only services that handle data very trustworthily and professionally. In general, services like Amazon Drive have access to the stored files to be able to offer their own service accordingly. However, these services require permissions, such as the right to copy files for security reasons. This data is processed and managed within the framework of the services and in compliance with applicable laws, including the GDPR even for US providers (via standard contractual clauses). In some cases, these cloud services also work with third-party providers who can process data under instruction and in accordance with privacy policies and othersecurity measures.

We would like to emphasize once again that all well-known cloud services (such as Amazon Drive, Google Drive, or Microsoft OneDrive) obtain the right to access stored content to offer and optimize their own services. Duration of Data Processing We will inform you about the duration of data processing below, if we have further information about it. In general, cloud services store data until you or we revoke data storage or delete the data again. Personal data is generally only stored for as long as it is absolutely necessary for the provision of services or products. However, final deletion of data from the cloud can take several months. This is the case because the data is usually not only stored on one server but distributed across various servers.

Right to Object

You also have the right and the opportunity to revoke your consent to data storage in a cloud at any time. If cookies are used, you also have a right to object here. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser. The legality of processing until revocation remains unaffected. Since cookies are usually used through the embedded audio and video functions on our site, you should also read our general privacy policy on cookies. In the privacy policies of the respective third-party providers, you can find more detailed information about the handling and storage of your data.

Legal Basis

If you have consented to data processing and storage by embedded audio and video elements, this consent serves as the legal basis for data processing (Article 6(1)(a) GDPR). Generally, your data is also stored and processed based on our legitimate interest (Article 6(1)(f) GDPR) in fast and effective communication with you or other customers and business partners. However, we only use the embedded audio and video elements to the extent that you have given consent.

Explanation of Terms

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or specific technical terms (such as cookies, IP address). However, we do not want to use these terms without explanation. Below you will find an alphabetical list of important terms used, which we may not have sufficiently addressed in the previous privacy policy. If these terms were taken from the GDPR and are definitions, we will also include the GDPR texts here and possibly add our own explanations. Consent Definition according to Article 4 of the GDPR For the purposes of this Regulation, the term: „consent“ of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; Explanation: Typically, such consent is obtained via a cookie consent tool on websites. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree or consent to data processing. You can often make individual settings and decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data about you may be processed. In principle, consent can also be given in writing, i.e., not via a tool. Personal Data Definition according to Article 4 of the GDPR For the purposes of this Regulation, the term: „personal data“ means any information relating to an identified or identifiable natural person (‚data subject‘); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person; Explanation: Personal data is any data that can identify you as a person. These are usually data such as:
• Name
• Address
• Email address
• Mailing address
• Telephone number
• Date of birth
• Identification numbers such as social security number, tax identification number, ID card number, or student ID number
• Banking information such as account number, credit information, account balances, etc. According to the European Court of Justice (ECJ),

your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and subsequently identify you as the subscriber. Therefore, the storage of an IP address also requires a legal basis under the GDPR. There are also so-called „special categories“ of personal data, which are particularly sensitive.

These include:
• Racial andethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data such as data extracted from blood or saliva samples
• Biometric data (information about psychological, physical, or behavioral characteristics that can identify a person)
• Health data
• Data concerning sexual orientation or sex life