L o a d i n g
Legal

Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both within the scope of providing our services and particularly on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to as "online offering").

The terms used are not gender-specific.

Effective date: April 8, 2024

Table of Contents

Responsible Party

Hakan, Acikgöz / onevis IT GmbH
Am Römerstein 10,
6971, Hard, Austria

Email address: hakan.acikgöz@onevis.com

Overview of Processing

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.

Types of Data Processed

  • Inventory data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.

Categories of Data Subjects

  • Customers.
  • Interested parties.
  • Users.
  • Business and contractual partners.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Contact inquiries and communication.
  • Security measures.
  • Office and organizational procedures.
  • Management and response to inquiries.
  • Feedback.
  • Marketing.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.

Relevant Legal Basis

Relevant legal basis under the GDPR: The following is an overview of the legal basis of the GDPR on which we base the processing of personal data. Please note that, in addition to the regulations of the GDPR, national data protection regulations in your or our country of residence may apply. If more specific legal bases are relevant in individual cases, we will inform you of them in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given their consent to the processing of personal data relating to them for one or more specific purposes.

  • Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.

  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - The processing is necessary for compliance with a legal obligation to which the controller is subject.

  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Austria: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Austria. This includes, in particular, the Federal Act on the Protection of Natural Persons with Regard to the Processing of Personal Data (Data Protection Act - DSG). The Data Protection Act contains specific regulations on the right of access, the right to rectification or erasure, the processing of special categories of personal data, the processing for other purposes, and the transmission as well as automated decision-making in individual cases.

Relevant legal basis under the Swiss Data Protection Act: If you are located in Switzerland, we process your data based on the Federal Act on Data Protection (short "Swiss DPA", effective from September 1, 2023). This also applies if our processing of your data affects you otherwise in Switzerland and you are affected by the processing. Unlike the GDPR, the Swiss DPA generally does not require that a legal basis for processing personal data be specified. We only process personal data if it is carried out in good faith, lawful, and proportionate (Art. 6 paras. 1 and 2 of the Swiss DPA). In addition, we only collect personal data for a specific, recognizable purpose for the data subject and only process it in a manner compatible with that purpose (Art. 6 para. 3 of the Swiss DPA).

Note on the applicability of the GDPR and Swiss DPA: These privacy notices serve both to provide information under the Swiss Federal Data Protection Act (Swiss DPA) and under the General Data Protection Regulation (GDPR). For this reason, please note that the terms used in the GDPR are used for broader geographical application and comprehensibility. In particular, instead of the terms "processing" of "personal data", "overriding interest", and "special categories of personal data" used in the Swiss DPA, the terms "processing" of "personal data" as well as "legitimate interest" and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms will continue to be determined under the Swiss DPA.

Security Measures

We take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with the legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

Measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the access, entry, transfer, securing availability, and separation of data concerning them. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to data threats. We also consider the protection of personal data already during the development or selection of hardware, software, and procedures according to the principle of data protection through technology design and through data protection-friendly default settings.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect user data transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions comply with the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being securely and encryptedly transmitted.

Deletion of Data

Data processed by us will be deleted in accordance with the legal requirements as soon as their permitted consents are revoked or other permissions cease to apply (e.g., if the purpose of the processing of this data no longer applies or they are not necessary for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. That is, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person. Our privacy notices may also contain additional information on the storage and deletion of data, which apply primarily to the respective processing.

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

  • Right to withdraw consent: You have the right to withdraw consent at any time.

  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and further information and a copy of the data in accordance with the legal requirements.

  • Right to rectification: You have the right to obtain the rectification of inaccurate personal data concerning you or to have incomplete personal data completed, in accordance with the legal requirements.

  • Right to erasure and restriction of processing: You have the right to obtain the erasure of personal data concerning you without undue delay, or alternatively to obtain restriction of processing in accordance with the legal requirements.

  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to have it transmitted to another controller, in accordance with the legal requirements.

  • Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

Rights of data subjects under the Swiss DPA:

As a data subject, you have the following rights under the provisions of the Swiss DPA:

  • Right to information: You have the right to obtain confirmation as to whether personal data concerning you is being processed, and to receive the information necessary to assert your rights under this law and ensure transparent data processing.

  • Right to data release or transfer: You have the right to request the release of your personal data provided to us in a commonly used electronic format.

  • Right to rectification: You have the right to obtain the rectification of inaccurate personal data concerning you.

  • Right to object, erasure, and destruction: You have the right to object to the processing of your data and to request the erasure or destruction of personal data concerning you.

Business Services

We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as "contractual partners"), in the context of contractual and comparable legal relationships and related measures and in the context of communication with the contractual partners (or pre-contractual), such as to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any obligations to update, and remedies for warranty and other performance issues. Furthermore, we use the data to protect our rights and for administrative tasks related to these obligations as well as business organization. We also process the data on the basis of our legitimate interests in proper and economic business management and in security measures to protect our contractual partners and our business operations from misuse, endangering their data, secrets, information, and rights (e.g., involving telecommunications, transportation, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. The contractual partners are informed about further forms of processing, such as for marketing purposes, within the framework of this privacy policy.

We inform the contractual partners before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks or similar), or personally about which data is required for the aforementioned purposes.

We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal reasons (e.g., for tax purposes, typically ten years). Data disclosed to us by the contractual partner in the context of an order is deleted in accordance with the specifications and generally after the end of the order.

  • Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses or phone numbers). Contract data (e.g., contract subject, term, customer category).

  • Data subjects: Interested parties. Business and contractual partners.

  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Contact inquiries and communication; Office and organizational procedures. Management and response to inquiries.

  • Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional notes on processing processes, procedures, and services:

  • Agency services: We process our customers' data in the context of our contractual services, which may include conceptual and strategic consulting, campaign planning, software and design development/consultation or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services, and training services; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • Project and development services: We process our customers' and clients' data (collectively referred to as "customers") to enable them to select, acquire or commission the services or works they have chosen, as well as related activities and their payment and provision or execution.

    The required information is identified as such in the context of the order, purchase, or comparable contract conclusion and includes the information needed for service provision and billing, as well as contact information to make any necessary follow-ups. If we receive access to information from end customers, employees, or other individuals, we process it in accordance with legal and contractual requirements; Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

  • Offering software and platform services: We process our users' data, registered and possible test users (collectively referred to as "users"), to provide them with our contractual services and, based on legitimate interests, to ensure the security of our offer and develop it further. The required information is identified as such in the context of the order, purchase, or comparable contract conclusion and includes the information needed for service provision and billing, as well as contact information to make any necessary follow-ups;

  • Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Providers and Services Used in Business Activities

In the context of our business activities, we use additional services, platforms, interfaces, or plug-ins from third-party providers ("services") in compliance with legal requirements. Their use is based on our interests in proper, lawful, and efficient business processes and the continuous optimization of our offers and services. We rely on transparency and data protection as fundamental principles of our work.

  • Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, date of birth); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses, phone numbers); Content data (e.g., textual or visual messages and posts and the information concerning them, such as authorship information). Contract data (e.g., contract subject, term, customer category).

  • Data subjects: Customers; Interested parties; Users (e.g., website visitors, users of online services). Business and contractual partners.

  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Office and organizational procedures.

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Provision of Online Offering and Web Hosting

We process the data of users to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or end device.

  • Processed data types: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons).

  • Data subjects: Users (e.g., website visitors, users of online services).

  • Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).); Security measures. Provision of contractual services and fulfillment of contractual obligations.

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional notes on processing processes, procedures, and services:

  • Provision of online offering on rented storage space: To provide our online offering, we use storage space, computing capacity, and software that we rent from a corresponding server provider (also called "web hoster"); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files may include the address and name of the retrieved websites and files, date and time of the retrieval, transferred data volumes, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to avoid server overloads (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure server stability; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Deletion of data: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data that must be retained for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.

  • 1&1 IONOS: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.ionos.de; Privacy policy: https://www.ionos.de/terms-gtc/terms-privacy; Order processing agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/. Third-country transfer basis: Switzerland - Adequacy decision (Germany).

Use of Cookies

Cookies are small text files or other storage notes that store information on end devices and read them. For example, to store the login status in a user account, the content of a shopping cart in an e-shop, the accessed content, or the functions used in an online offering. Cookies can also be used for different purposes, such as to ensure the functionality, security, and comfort of online offerings and to create analyses of visitor flows.

Notes on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, unless it is not required by law. Consent is particularly not required if storing and reading the information, including cookies, is absolutely necessary to provide users with a telemedia service (i.e., our online offering) they explicitly request. The revocable consent is clearly communicated to users and contains information about the respective cookie usage.

Notes on data protection legal basis: The legal basis on which we process users' personal data using cookies depends on whether we ask users for consent. If users agree, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in a business-oriented operation of our online offering and its improvement of usability) or, if necessary, to fulfill our contractual obligations. We inform users about the purposes for which the cookies are used within this privacy policy or as part of our consent and processing procedures.

Storage duration: Regarding the storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also called session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).

  • Permanent cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be stored, and preferred content can be displayed directly when the user visits a website again. Likewise, the user data collected with cookies can be used for reach measurement. Unless we provide users with explicit information on the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that these are permanent cookies and that the storage duration can be up to two years.

General information on withdrawal and objection (opt-out): Users can withdraw their consent at any time and also object to the processing in accordance with the legal requirements, including via the privacy settings of their browser.

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Additional notes on processing processes, procedures, and services:

  • Processing of cookie data based on consent: We use a consent management solution in which users' consent for the use of cookies or the procedures and providers mentioned within the consent management solution is obtained. This procedure serves to obtain, record, manage, and withdraw consents, especially regarding the use of cookies and similar technologies used for storing, reading, and processing information on users' end devices. In this process, users' consent to use cookies and the associated processing of information, including the specific processing and providers mentioned in the consent management process, is obtained. Users also have the opportunity to manage and withdraw their consent. The consent declarations are stored to avoid re-querying and to prove consent in accordance with legal requirements. Storage is server-side and/or in a cookie (so-called opt-in cookie) or using similar technologies to assign consent to a specific user or their device. Unless specific information on the providers of consent management services is provided, the following general notes apply: The storage duration of consent is up to two years. A pseudonymous user identifier is created, which is stored along with the time of consent, information on the scope of consent (e.g., relevant categories of cookies and/or service providers), as well as information about the browser, system, and used end device; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

Social Media Presence

We maintain online presences within social networks and process user data to communicate with the active users there or to offer information about us.

Please note that user data may be processed outside the European Union. This may pose risks for users because, for example, it could be more difficult to enforce the users' rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on the user's behavior and resulting interests. These profiles can, in turn, be used to place advertisements inside and outside the networks that are likely to match the users' interests. For these purposes, cookies are usually stored on users' computers, in which the users' usage behavior and interests are stored. Moreover, data may also be stored in the user profiles, regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective processing forms and the opt-out options, please refer to the privacy policies and information provided by the operators of the respective networks.

Even in the case of information requests and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only they have access to the user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

  • Processed data types: Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or visual messages and posts and the information concerning them, such as authorship information or creation time); Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons).

  • Data subjects: Users (e.g., website visitors, users of online services).

  • Purposes of processing: Contact inquiries and communication; Feedback (e.g., collecting feedback via online form). Marketing.

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional notes on processing processes, procedures, and services:

  • LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Third-country transfer basis: EU/EWR - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland); Opt-out option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Additional information: We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of data from visitors, for the purpose of creating "Page Insights" (statistics) of our LinkedIn profiles.
    This data includes information about the types of content users view or interact with, or the actions they take, as well as information about the devices used by the users (e.g., IP addresses, operating system, browser type, language settings, cookie data) and information from the users' profile, such as job function, country, industry, hierarchy level, company size, and employment status. Privacy information on the processing of user data by LinkedIn can be found in LinkedIn's privacy notices: https://www.linkedin.com/legal/privacy-policy
    We have entered into a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum (the 'Addendum')", https://legal.linkedin.com/pages-joint-controller-addendum), which specifically governs which security measures LinkedIn must observe and in which LinkedIn agrees to fulfill the data subjects' rights (i.e., users can, for example, submit information or deletion requests directly to LinkedIn). The users' rights (especially the right of access, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. The joint responsibility is limited to the collection of data by and its transmission to the Ireland Unlimited Company, a company based in the EU. The further processing of the data is the sole responsibility of the Ireland Unlimited Company, particularly concerning the transmission of the data to the parent company LinkedIn Corporation in the USA.

Plug-ins and Embedded Functions and Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, or maps (collectively referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browsers without the IP address. The IP address is thus necessary for the display of this content or functions. We strive to use only content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offering, as well as being linked to such information from other sources.

Notes on legal basis: If we ask users for their consent to use third-party providers, the legal basis for the data processing is the consent. Otherwise, the users' data is processed based on our legitimate interests (i.e., interest in efficient, economic, and recipient-friendly services). In this context, we also refer to the information on the use of cookies in this privacy policy.

  • Processed data types: Usage data (e.g., page views and time spent, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, involved persons).

  • Data subjects: Users (e.g., website visitors, users of online services).

  • Purposes of processing: Provision of our online offering and user-friendliness.

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Additional notes on processing processes, procedures, and services:

  • Integration of third-party software, scripts, or frameworks (e.g., jQuery): We integrate software into our online offering that we retrieve from other providers' servers (e.g., function libraries used to display or improve the usability of our online offering). In this process, the respective providers collect the users' IP address and may process it for purposes of transmitting the software to the users' browser, as well as for security, evaluation, and optimization of their offering. - We integrate software into our online offering that we retrieve from other providers' servers (e.g., function libraries used to display or improve the usability of our online offering). In this process, the respective providers collect the users' IP address and may process it for purposes of transmitting the software to the users' browser, as well as for security, evaluation, and optimization of their offering; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Google Fonts (provision on own server): Provision of font files for a user-friendly presentation of our online offering; Service provider: Google Fonts are hosted on our server, no data is transmitted to Google; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Google Fonts (retrieval from Google server): Retrieval of fonts (and icons) for the purpose of technically secure, maintenance-free, and efficient use of fonts and icons in terms of timeliness and loading times, their uniform display, and consideration of possible licensing restrictions. The IP address of the user is transmitted to the provider of the fonts so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, used hardware) is transmitted, which is necessary for providing the fonts depending on the used devices and the technical environment. This data may be processed on a server of the provider of the fonts in the USA - When visiting our online offering, the users' browsers send their HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user-agent describing the browser and operating system versions of the website visitors, as well as the referring URL (i.e., the website on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, nor are they analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user-agent, and referring URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. The user-agent must customize the font generated for the respective browser type. The user-agent is primarily logged and used for debugging and generating aggregated usage statistics to measure the popularity of font families. These aggregated usage statistics are published on the Google Fonts "Analytics" page. Finally, the referring URL is logged so that the data can be used for maintaining the production and an aggregated report on the top integrations based on the number of font requests can be generated. According to its information, Google does not use any information collected by Google Fonts to create profiles of end-users or to display targeted advertisements; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://fonts.google.com/; Privacy policy: https://policies.google.com/privacy; Third-country transfer basis: EU/EWR - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Ireland). Additional information: https://developers.google.com/fonts/faq/privacy?hl=de.

  • Font Awesome (provision on own server): Presentation of fonts and icons; Service provider: Font Awesome icons are hosted on our server, no data is transmitted to the provider of Font Awesome; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Icons8 (Hosted on our own server): Display of icons; Service provider: The Icons8 icons are hosted on our server, no data is transmitted to the provider of Icons8; Icons from Icons8 Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as the changes to our data processing make this necessary. We will inform you as soon as changes require your participation (e.g., consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to check the information before contacting us.

Definitions of Terms

This section provides an overview of the terminology used in this privacy policy. If the terms are legally defined, their legal definitions apply. The following explanations are intended to serve primarily for understanding.

  • Inventory data: Inventory data includes essential information required for the identification and management of contractual partners, user accounts, profiles, and similar assignments. These data can include personal and demographic information such as names, contact details (addresses, phone numbers, email addresses), birth dates, and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between individuals and services, institutions, or systems by enabling unique assignment and communication.

  • Content data: Content data includes information generated during the creation, editing, and publication of all types of content. This data category can include texts, images, videos, audio files, and other multimedia content published on various platforms and media. Content data is not limited to the actual content but also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates.

  • Contact data: Contact data is essential information that enables communication with individuals or organizations. It includes, among others, phone numbers, postal addresses, and email addresses, as well as communication means such as social media handles and instant-messaging identifiers.

  • Meta, communication, and procedural data: Meta, communication, and procedural data are categories containing information about how data is processed, transmitted, and managed. Meta-data, also known as data about data, includes information describing the context, origin, and structure of other data. They can include details about file size, creation date, document author, and modification histories. Communication data captures the exchange of information between users over various channels, such as email traffic, call logs, messages on social networks, and chat histories, including the involved persons, timestamps, and transmission paths. Procedural data describes the processes and workflows within systems or organizations, including workflow documentation, transaction logs, and activities, as well as audit logs used for tracking and verifying operations.

  • Usage data: Usage data refers to information that captures how users interact with digital products, services, or platforms. This data includes a wide range of information showing how users utilize applications, which features they prefer, how long they stay on certain pages, and the paths they navigate through an application. Usage data can also include usage frequency, activity timestamps, IP addresses, device information, and location data. It is particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. Additionally, usage data plays a crucial role in identifying trends, preferences, and potential issues within digital offerings.

  • Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

  • Controller: "Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

  • Processing: "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and encompasses practically any handling of data, whether it be collection, evaluation, storage, transmission, or deletion.

  • Contract data: Contract data are specific information related to the formalization of an agreement between two or more parties. They document the terms under which services or products are provided, exchanged, or sold. This data category is essential for managing and fulfilling contractual obligations and includes both the identification of the contracting parties and the specific terms and conditions of the agreement. Contract data can include start and end dates of the contract, the type of agreed services or products, price agreements, payment terms, termination rights, renewal options, and special conditions or clauses. They serve as the legal basis for the relationship between the parties and are crucial for clarifying rights and obligations, enforcing claims, and resolving disputes.

  • Payment data: Payment data includes all information necessary for processing payment transactions between buyers and sellers. This data is essential for e-commerce, online banking, and any other form of financial transaction. They include details such as credit card numbers, bank account details, payment amounts, transaction data, verification numbers, and billing information. Payment data can also include information about payment status, chargebacks, authorizations, and fees.

Do you have a project in mind? Let's start together.