Privacy Police

EU Dispute Resolution

In accordance with the Regulation on Online Dispute Resolution for Consumer Matters (ODR Regulation), we would like to inform you about the Online Dispute Resolution (ODR) platform. Consumers have the option to submit complaints to the European Commission’s Online Dispute Resolution platform via https://ec.europa.eu/consumers. The necessary contact details can be found above in our Imprint.

However, please note that we are neither willing nor obligated to participate in dispute resolution procedures before a consumer arbitration board.

Liability for Content on This Website

We continuously develop the content of this website and strive to provide accurate and up-to-date information. Unfortunately, we cannot accept liability for the accuracy of all content on this website, especially for content provided by third parties.

If you notice any problematic or illegal content, please contact us immediately; you can find the contact details in the Imprint.

Liability for Links on This Website

Our website contains links to other websites for which we are not responsible. According to § 17 ECG, we are not liable for linked websites as we have no knowledge of any illegal activities and have not noticed any such activities. We would immediately remove links if we become aware of any legal violations.

If you notice any illegal links on our website, please contact us; you can find the contact details in the Imprint.

Copyright Notice

All content on this website (images, photos, texts, videos) is protected by copyright. If necessary, we will pursue legal action against unauthorized use of any part of the content on our site.

Photo Credits

The images, photos, and graphics on this website are protected by copyright. The image rights belong to the following photographers and companies:

  • Wolfgang Stadler
  • Alexandra Linortner
  • Bettina Hüttner
  • Markus Aichhorn
  • Chris Gütl
  • die Jungskochenundbacken
  • Konditorei Wallner KG

Privacy Policy

Data Protection

We have prepared this Privacy Policy (version 03.12.2020-221137331) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679, what information we collect, how we use data, and what choices you have as a visitor to this website. Unfortunately, it is inherent to the nature of these explanations that they may sound very technical. However, we have endeavored to describe the most important aspects as simply and clearly as possible.

Automatic Data Storage

When you visit websites nowadays, certain information is automatically created and stored, including on this website. When you visit our website, as you are doing now, our web server (the computer on which this website is hosted) automatically stores data such as:

  • The address (URL) of the accessed webpage
  • The browser and browser version
  • The operating system used
  • The address (URL) of the previously visited page (Referrer URL)
  • The hostname and IP address of the device from which access is made
  • Date and time

This information is saved in files (web server log files).

In general, web server log files are stored for two weeks and then automatically deleted. We do not share this data; however, we cannot exclude the possibility that this data may be reviewed in the event of illegal activities.

Cookies

Our website uses HTTP cookies to store user-specific data.

What about my Privacy?

Since 2009, there have been so-called "Cookie Policies" which stipulate that storing cookies requires your consent. Within the EU countries, there are still very different reactions to these regulations. In Austria, however, the implementation of this directive was included in § 96 Abs. 3 of the Telecommunications Act (TKG).

Storage of Personal Data

Personal data that you electronically transmit to us via this website, such as your name, email address, address, or other personal details as part of submitting a form or commenting on the blog, are used solely for the specified purpose, securely stored, and not shared with third parties. We use your personal data exclusively for communication with visitors who expressly wish to be contacted and for processing the services and products offered on this website. We do not share your personal data without consent, but cannot rule out the possibility that these data may be accessed in the event of unlawful behavior.If you send us personal data via email – outside of this website – we cannot guarantee secure transmission and protection of your data. We recommend that you never transmit confidential data unencrypted via email.

Rights Under the General Data Protection Regulation (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  1. Right of Access
    You have the right to request information about whether your personal data is being processed and, if so, access to your personal data and information regarding the processing.
  2. Right to Rectification
    You have the right to request the correction of inaccurate personal data concerning you without undue delay. You may also request that incomplete data be completed.
  3. Right to Erasure (Right to Be Forgotten)
    You can request the deletion of your personal data under certain conditions, such as when the data is no longer necessary for the purposes for which it was collected, you withdraw your consent, or the data has been unlawfully processed.
  4. Right to Restriction of Processing
    You have the right to request the restriction of processing of your personal data in certain situations, such as if you contest the accuracy of the data or if the processing is unlawful and you oppose the erasure of the data.
  5. Right to Data Portability
    You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, where technically feasible.
  6. Right to Object
    You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, including profiling. We will no longer process the personal data unless there are compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
  7. Right to Withdraw Consent
    If processing is based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  8. Right to Lodge a Complaint
    If you believe that the processing of your personal data infringes GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement.

If you believe that the processing of your data violates data protection laws or your data protection rights have otherwise been infringed in any way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/.

Analysis of Visitor Behavior

In the following privacy policy, we inform you about whether and how we analyze the data from your visit to this website. The evaluation of the collected data is generally done anonymously, and we cannot infer your identity from your behavior on this website.

Google Maps Privacy Policy

We use Google Maps on our website, provided by Google Inc. For the European region, the company responsible for all Google services is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Maps allows us to display locations more effectively and tailor our service to your needs. By using Google Maps, data is transmitted to Google and stored on Google's servers. In the following, we will explain what Google Maps is, why we use this Google service, what data is stored, and how you can prevent this.

Why Do We Use Google Maps on Our Website?

All our efforts on this page aim to provide you with a useful and meaningful experience on our website. By incorporating Google Maps, we can provide you with key information about various locations. You can see at a glance where our company is located. The directions will always show you the best or fastest way to reach us. You can access routes by car, public transportation, on foot, or by bicycle. For us, providing Google Maps is part of our customer service.

Welche Daten werden von Google Maps gespeichert?

Google Maps collects various types of data, including:

  1. Location Data: Google Maps collects location data from your device, which can be obtained through GPS, IP address, and other location-detection technologies.
  2. Usage Data: Information about how you interact with Google Maps, such as the locations you search for, the routes you request, and the places you view.
  3. Device Information: Data about the device you use to access Google Maps, including hardware information, operating system version, and device identifiers.
  4. Log Data: Details of your use of Google Maps, including the time and date of your access, your IP address, and information about the web browser you use.
  5. Cookies and Similar Technologies: Google Maps uses cookies and similar tracking technologies to collect and store data about your interactions with the service.

For a more detailed explanation of what data is collected and how it is used, you can refer to Google's Privacy Policy directly.

How Long and Where Is Data Stored?

Data Storage Duration:

  1. Location Data: Google may retain location data for varying periods depending on your account settings and activity. For instance, data related to your location history may be stored until you delete it or until it is automatically deleted based on your settings.
  2. Usage Data: Usage data is typically retained for a period necessary to fulfill the purposes for which it was collected. This period can vary depending on factors such as service functionality and legal requirements.
  3. Device Information and Log Data: This data is usually retained as long as necessary to provide and improve the service, comply with legal obligations, and resolve disputes.

Data Storage Locations:

Google stores data in data centers around the world. The exact location of the data storage depends on the service you use and the data's geographic origin. Google's data centers are located in multiple countries, and data may be transferred between these locations as part of the service's operation.

Google's Privacy Policy provides detailed information about data storage practices and how they handle your information.

Google Fonts Privacy Policy

We Use Google Fonts on Our Website

On our website, we use Google Fonts provided by Google Inc. Google Fonts is a service that allows us to integrate fonts from Google’s extensive library into our website, ensuring that the text appears as intended regardless of the fonts installed on your device.

Data Collection and Usage

When you visit our website, your browser establishes a direct connection to Google's servers. This connection enables Google to deliver the font files needed to display the text correctly. During this process, certain data may be transmitted to Google, including:

  1. IP Address: Google may collect your IP address to ensure that the fonts are served correctly to your browser.
  2. Usage Data: Information about your visit to our website, including the pages you view and the fonts being accessed.

Data Storage and Handling

Google Fonts operates through Google's servers, which are distributed globally. The data collected is handled according to Google's Privacy Policy, which provides detailed information about data retention and usage practices.

Opting Out

If you prefer not to use Google Fonts, you can opt for local font hosting. This involves downloading the required font files and hosting them on your own server. This approach prevents the transmission of data to Google’s servers.

What data is stored by Google?

When you visit our website, the fonts are loaded from a Google server. This external request transmits data to Google’s servers. This allows Google to recognize that you or your IP address have visited our website. The Google Fonts API was designed to minimize the collection, storage, and use of end-user data to what is necessary for the proper delivery of fonts. API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software field.

Google Fonts securely stores CSS and font requests with Google, providing protection for these data. By analyzing usage statistics, Google can determine how well individual fonts are received. Google publishes these results on internal analytics pages, such as Google Analytics. Additionally, Google uses data from its own web crawler to identify which websites use Google Fonts. This data is published in the BigQuery database of Google Fonts. Entrepreneurs and developers use Google’s BigQuery web service to analyze and manage large datasets.

It should be noted that with each Google Fonts request, information such as language settings, IP address, browser version, browser screen resolution, and browser name is automatically transmitted to Google’s servers. Whether this data is also stored is not clearly ascertainable and is not explicitly communicated by Google.

How Long and Where Is Data Stored?

Google stores requests for CSS assets on its servers for one day, which are primarily located outside the EU. This allows us to use fonts through a Google stylesheet. A stylesheet is a format template that enables quick and easy changes to the design or font of a website.

Font files are stored by Google for one year. The goal is to improve website load times. When millions of websites reference the same fonts, they are cached after the first visit and appear immediately on all subsequent websites visited. Occasionally, Google updates font files to reduce file size, expand language coverage, and improve design.

For more information on what data Google collects and how it is used, you can refer to the following link.

Source: Created with the Privacy Generator from firmenwebseiten.at

WEBSHOP

We offer you the opportunity to purchase products directly through our webshop. In the context of the webshop, the processing of the data you enter and data related to the products you select is carried out by the responsible party for the purpose of providing offers, concluding contracts, fulfilling contracts, and meeting any post-contractual obligations based on the pre-contractual relationship initiated by you and, after the contract is concluded, based on the contract in accordance with Article 6(1)(b) of the GDPR.

For customers who have purchased our products through a guest profile, the processing of your personal data continues until the expiration of legal retention obligations.

Data processing related to contract fulfillment may include direct marketing in non-consent-requiring forms, such as addressed postal advertising, until objection is made.

There is no statutory or contractual obligation to provide personal data. However, providing the data is necessary for concluding the contract. Failure to provide the data will result in the inability to conclude the contract.

Shopping carts from non-registered users are deleted after a maximum of 14 days. User accounts of registered users remain active until the account is deleted by the user. Contract data is processed until the expiration of possible post-contractual obligations.

Right to Object

If the processing of your personal data is based on legitimate interests, you have the right to object to this processing.

If there are no compelling and legitimate reasons for processing your data on our part, the processing of your data based on this legal basis will be discontinued.

Additionally, you have the right to object to the processing of your personal data for the purpose of direct marketing. In the event of such an objection, your personal data will no longer be processed for direct marketing purposes.

The legality of the data processed up to the point of objection is not affected by the objection.

Right to Withdraw Consent

You have the right to withdraw any consent you have previously given at any time by changing the privacy settings.

If you have consented to receive electronic advertising, you can withdraw your consent by clicking on the unsubscribe link. In this case, processing will cease, unless there is another legal basis for processing.

The legality of data processed up to the point of withdrawal is not affected by the withdrawal.

Embedded Social Media Elements Privacy Policy

We integrate elements from social media services on our website to display images, videos, and texts.

By visiting pages that feature these elements, data from your browser is transmitted to the respective social media service and stored there. We do not have access to this data.

The following links will take you to the privacy policies of the respective social media services, where you can learn how they handle your data:

Facebook Privacy Policy

We use selected tools from Facebook on our website. Facebook is a social media network operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. These tools allow us to provide the best possible offers to you and to people interested in our products and services.

Below, we provide an overview of the various Facebook tools, the data sent to Facebook, and how you can delete this data.

Why Do We Use Facebook Tools on Our Website?

We want to show our services and products only to people who are genuinely interested. Through advertising tools (Facebook Ads), we can reach precisely these individuals. For Facebook to display relevant ads to users, it needs information about their preferences and needs. Consequently, Facebook is provided with information about user behavior (and contact details) on our website. This helps Facebook gather better user data and display relevant advertisements about our products or services to interested individuals. The tools thus enable targeted advertising campaigns on Facebook.

Data about your behavior on our website is referred to by Facebook as "Event Data." This data is also used for measurement and analytics services. Facebook can, on our behalf, create "campaign reports" about the effectiveness of our advertising campaigns. Additionally, through analytics, we gain better insights into how you use our services, website, or products. This allows us to optimize your user experience on our website using some of these tools. For example, social plugins enable you to share content from our site directly on Facebook.

What Data Is Stored by Facebook Tools?

By using certain Facebook tools, personal data (customer data) can be sent to Facebook. Depending on the tools used, customer data such as name, address, phone number, and IP address may be transmitted.

Facebook uses this information to match it with the data it already has about you (if you are a Facebook member). Before customer data is transmitted to Facebook, a process called "hashing" is performed. This means that any amount of data is transformed into a string of characters, which also serves to encrypt the data.

In addition to contact details, "Event Data" is also transmitted. "Event Data" refers to information we collect about you on our website, such as the pages you visit or the products you purchase. Facebook does not share the received information with third parties (such as advertisers) unless the company has explicit permission or is legally required to do so. "Event Data" may also be combined with contact data, enabling Facebook to offer better-targeted advertising. After the aforementioned matching process, Facebook deletes the contact data.

To optimize the delivery of advertisements, Facebook uses Event Data only when it is aggregated with other data (collected by Facebook through other means). Facebook also uses this Event Data for security, protection, development, and research purposes. Many of these data are transmitted to Facebook via cookies. Cookies are small text files used to store data or information in browsers. Depending on the tools used and whether you are a Facebook member, a varying number of cookies may be set in your browser. In the descriptions of the individual Facebook tools, we provide more details about specific Facebook cookies. General information about the use of Facebook cookies can be found here.

How Long and Where Is Data Stored?

Generally, Facebook retains data until it is no longer needed for its own services and Facebook products. Facebook operates servers around the world where data is stored. However, customer data is deleted within 48 hours after being matched with Facebook's own user data.

Facebook is an active participant in the EU-U.S. Privacy Shield Framework, which governs the correct and secure transfer of personal data. More information about this framework can be found here.

We hope we have provided you with the key information regarding the use and processing of data by Facebook tools. If you want to learn more about how Facebook uses your data, we recommend reviewing the Facebook Data Policy here.

Instagram Privacy Policy

We have integrated features from Instagram on our website. Instagram is a social media platform operated by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA. Since 2012, Instagram has been a subsidiary of Facebook Inc. and is part of the Facebook products. Embedding Instagram content on our website is referred to as "embedding." This allows us to display content such as buttons, photos, or videos from Instagram directly on our website.

When you visit pages on our website that include an Instagram feature, data is transmitted to Instagram, where it is stored and processed. Instagram uses the same systems and technologies as Facebook, so your data is processed across all Facebook companies.

What Data Is Stored by Instagram?

When you visit a page on our site that incorporates Instagram features (such as Instagram images or plugins), your browser automatically connects to Instagram's servers. During this process, data is sent to Instagram, stored, and processed, regardless of whether you have an Instagram account or not. This includes information about our website, your computer, purchases made, advertisements viewed, and how you use our services. Additionally, the date and time of your interaction with Instagram are recorded. If you have an Instagram account or are logged in, Instagram stores significantly more data about you.

Facebook differentiates between customer data and event data. We assume that Instagram follows the same practice. Customer data includes, for example, name, address, phone number, and IP address. This customer data is transmitted to Instagram only after it has been "hashed." Hashing involves converting a data set into a string of characters, thereby encrypting the contact details. Additionally, the aforementioned "event data" is transmitted. "Event data" refers to information about your user behavior. It may also occur that contact data is combined with event data. The collected contact data is matched with the data Instagram already has about you.

Data Stored by Instagram

The collected data is transmitted to Facebook through small text files (cookies), which are typically set in your browser. Depending on the Instagram features used and whether you have an Instagram account, different amounts of data are stored.

We assume that Instagram's data processing is similar to Facebook's. This means that if you have an Instagram account or have visited www.instagram.com, Instagram has set at least one cookie. If this is the case, your browser sends information to Instagram through the cookie whenever you interact with an Instagram feature. These data are deleted or anonymized after a maximum of 90 days (following matching). Although we have extensively reviewed Instagram's data processing, we cannot precisely determine which data Instagram specifically collects and stores.

How Long and Where Is Data Stored?

Instagram shares the received information among Facebook companies, external partners, and individuals you connect with worldwide. Data processing is carried out in accordance with its own data policy. For security reasons, your data is distributed across Facebook servers around the world. Most of these servers are located in the USA.

Instagram is a subsidiary of Facebook Inc., and Facebook is an active participant in the EU-U.S. Privacy Shield Framework. This framework ensures proper data transfer between the USA and the European Union. You can learn more about it here.

We have aimed to provide you with the essential information regarding data processing by Instagram. You can explore Instagram’s data policies further here.

Google Analytics Reports on Demographic Characteristics and Interests

We have enabled the advertising features in Google Analytics. The reports on demographic characteristics and interests include information about age, gender, and interests. This allows us to get a better understanding of our users—without being able to attribute this data to individual persons. Learn more about the advertising features at this link.

You can stop the collection of activities and information from your Google account by adjusting the "Ad Settings" at this link.

Google Analytics IP Anonymization

We have implemented IP address anonymization in Google Analytics on this website. This feature was developed by Google to ensure that this website complies with applicable data protection regulations and the recommendations of local data protection authorities when they prohibit the storage of full IP addresses. The anonymization or masking of the IP address occurs as soon as the IP addresses arrive at the Google Analytics data collection network and before any data storage or processing takes place.

For more information on IP anonymization, please visit this link.

Google Analytics Privacy Policy

We use the Google Analytics (GA) tracking tool on our website, which is provided by the American company Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is stored in a cookie and sent to Google Analytics. With the reports we receive from Google Analytics, we can better tailor our website and services to your preferences. Below, we provide more details about the tracking tool, including what data is stored and how you can prevent this.

What Data Is Stored by Google Analytics?

Google Analytics uses a tracking code to create a random, unique ID that is associated with your browser cookie. This allows Google Analytics to recognize you as a new user. When you visit our site again, you are recognized as a "returning" user. All collected data is stored along with this user ID, making it possible to analyze pseudonymous user profiles.

Through identifiers such as cookies and app-instance IDs, your interactions on our website are measured. Interactions encompass all types of actions you take on our site. If you use other Google systems (e.g., a Google account), data generated by Google Analytics may be linked with third-party cookies. Google does not share Google Analytics data except when we, as the website operator, authorize it. Exceptions may occur if required by law.

How Long and Where Is Data Stored?

Google has distributed its servers around the world. Most servers are located in the United States, and consequently, your data is mainly stored on American servers. You can find detailed information about the locations of Google's data centers here.

Your data is distributed across various physical storage media. This distribution helps ensure that data can be retrieved more quickly and is better protected against tampering. Each Google data center has appropriate emergency programs for your data. For example, if hardware fails or natural disasters affect servers, the risk of service disruption remains low.

Google Analytics has a standard user data retention period of 26 months, after which your user data is deleted. However, we have the option to choose the data retention period ourselves. We have five options available:

  • Deletion after 14 months
  • Deletion after 26 months
  • Deletion after 38 months
  • Deletion after 50 months
  • No automatic deletion

When the specified Retention Period has expired once the designated retention period has elapsed, data is deleted on a monthly basis. This retention period applies to your data associated with cookies, user identifiers, and advertising IDs (e.g., cookies from the DoubleClick domain). Reporting results are based on aggregated data and are stored independently of user data. Aggregated data refers to the merging of individual data points into a larger unit.

How to Delete Your Data or Prevent Data Storage

Under European Union data protection law, you have the right to access your data, update it, delete it, or restrict its processing. To prevent Google Analytics from using your data, you can use the browser add-on for disabling Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can download and install the browser add-on from this link. Please note that this add-on only disables data collection by Google Analytics.

If you want to generally disable, delete, or manage cookies (regardless of Google Analytics), there are specific instructions for each browser:

Google Analytics is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the proper and secure transfer of personal data. More information about this can be found here. We hope we have provided you with the essential information regarding the data processing of Google Analytics. For more information about the tracking service, we recommend these two links: Google Analytics Terms and Google Analytics Support.

Created with the Privacy Policy Generator from firmenwebseiten.at