Annual events
at the Hotel Lercher

Events in the region

Murau offers numerous events!

further information

Seminars at the Hotel Lercher

4 well-equipped seminar rooms await you!

further information

Privacy

Data privacy protection

Data Privacy Declaration

The data privacy declaration informs you about nature, scope and purpose of the processing of personal data (subsequently referred to as “data”) within our online offer and the associated websites, features and contents as well as extern online presence, such as our social media profiles (subsequently referred to as “online offer”). With regard to the used terms, such as “processing” or “controller”, we refer to the terms of article 4 of the General Data Protection Regulation (GDPR).

Name and address of the controller

Hotel Gasthof Lercher in Murau
D. Lercher GmbH
Dagmar Lercher
Schwarzenbergstraße 10
8850 Murau
Tel: 0043 3532 2431
Fax: 0043 3532 3694
office (at) hotel-lercher. at
www.hotel-restaurant-lercher.at

Imprint

If you have questions regarding data protection, please contact:
Dagmar Lercher
office (at) hotel-lercher. at
Telephone: 0043 3532 2431

Type of data being processed:

  • personal data (e.g. name, address) 
  • contact data (e.g. e-mail, telephone number)
  • content data (e.g. text inputs, photographs, videos)
  • usage data (e.g. pages viewed, interest in contents, constituent pages)
  • meta-/communications data (e.g. device information, IP address)

Category of the potential data subjects: 

Visitors and users of the online services. (In the following the affected persons are summarized referred to as user)

Purpose of data processing 

  • the providing of the online offer, its functions and content
  • reply of contact requests and communication with user
  • security measures
  • reach measurement/marketing 

Definitions 

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject" or "user"). A natural person is considered to be identifiable who, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified. Affected person is any identified or identifiable natural person whose personal data is processed by the controller. 

Processing means any process or series of operations related to personal data, such as gathering, collecting, organizing, arraning, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction. 

Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data not assigned to an identified or identifiable natural person. 

Profiling is any kind of automated processing of personal data that consists of using that personal information to evaluate certain personal aspects relating to a natural person, in particular aspects relating to job performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of that natural person. 
controller or person in charge of controlling 

The controller or person in charge of controlling is the natural or legal person, public authority, agency or body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided under Union or national law. 

The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller. 

Applicable legal basis

We inform you of the legal basis of our processing in accordance with Art. 13 GDPR. Insofar as the legal basis is not identified in the data privacy statement, the following applies: The legal basis for obtaining consent is Art. 6 (1), point a and Art. 7 GDPR, the legal basis for processing to provide our services and for contractual performance as well as responding to enquiries is Art. 6 (1), point b GDPR, the legal basis for processing to meet our legal obligations is Art. 6 (1), point c GDPR and the legal basis for processing to protect our legitimate interests is Art. 6 (1), point f GDPR. In case the vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Art. 6 (1), point d GDPR.

Security measures

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk pursuant to Art. 32 GDPR.

The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access rights, input, dissemination, ensuring availability and the separation of data. We have also implemented procedures for protecting the rights of data subjects, the erasure of data, and responding to threats to the data. Furthermore, we take the protection of personal data into account in the development and selection of hardware, software and procedures according to the principle of data protection through the design of technology and through default settings that favour data protection (Art. 25 GDPR).

Cooperation with processors and third parties

Insofar as we disclose data to other persons and companies (processors or third parties) in the course of our processing, transfer data to them or otherwise grant them access to data, this is done solely based on legal permission (e.g. when a transfer of the data to third parties such as payment service providers is required for contractual performance pursuant to Art. 6 (1), point b GDPR), when you have given your consent, based on a legal obligation or to protect our legitimate interests (e.g. when employing agents, web hosting providers etc.).

Insofar as we engage third parties for processing data based on a “processing contract”, this is done pursuant to Art. 28 GDPR.

Transmission to third party countries

Insofar as we process data in a third party country (i.e. outside the European Union (EU) or European Economic Area (EEA)) or this is done within the scope of utilising third-party services or the disclosure or transfer of data to third parties, this takes place solely to meet our (pre-)contractual obligations, based on your consent, due to a legal obligation or to protect our legitimate interests. Subject to legal or contractual permission, we only process or have data processed in a third party country when the special requirements pursuant to Art. 44 ff. GDPR are met. This means that processing is performed, for example, based on specific guarantees such as the officially recognised determination of a data protection level equivalent to the EU (e.g. by the “Privacy Shield” for the USA) or subject to officially recognised special contractual obligations (known as “standard contract clauses”).

Rights of the data subject

You have the right to request confirmation whether relevant data are processed and to obtain information about these data as well as additional information and a copy of the data pursuant to Art. 15 GDPR.

Pursuant to Art. 16 GDPR, you have the right to request the completion of data pertaining to you or the correction of incorrect data pertaining to you.

Pursuant to Art. 17 GDPR, you have the right to request the prompt deletion of relevant data. Alternatively you may request a restriction of processing for the data pursuant to Art. 18 GDPR.

Pursuant to Art. 20 GDPR, you have the right to request a copy of the data pertaining to you that you have provided to us and to request their transfer to another controller.

Furthermore, you have the right pursuant to Art. 77 GDPR to submit a complaint to the applicable supervisory authority.

Right of withdrawal

Pursuant to Art. 7 (3) GDPR, you have the right to revoke your consent with future effect.

Right to object

You may object to the future processing of data pertaining to you at any time pursuant to Art. 21 GDPR. In particular, you can object to processing for the purpose of direct marketing.

Cookies and right to object to direct marketing

Cookies are small files stored on a user’s device. Various information can be stored in cookies. A cookie is used primarily to store information about a user (or the device on which the cookie is stored) during or also after a visit to an online offering. A temporary, session or transient cookie is a cookie that is deleted after a user leaves an online offering and closes their browser. Such a cookie can be used for example to store the contents of a shopping cart in an online shop or a login status. Permanent or persistent cookies are cookies that continue to be stored even after the browser is closed. For example, the login status can be stored when a user returns after several days. Such a cookie can also be used to store the user’s interests for coverage measurement or marketing purposes. Third-party cookies are cookies of providers other than the controller who operates the online offering (otherwise one speaks of first-party cookies when referring to the cookies of the controller).

We may use temporary and permanent cookies. The relevant information is provided in our data privacy statement.

If a user does not want cookies to be stored on their device, they can deactivate the corresponding option in their browser’s system settings. Stored cookies can be erased in the browser’s system settings. Excluding cookies can limit the functionality of this online offering.

A general objection to the use of cookies for online marketing purposes can be submitted to numerous services, in particular in case of tracking, via the US page www.aboutads.info/choices or the EU page www.youronlinechoices.com. Furthermore, storing cookies can be deactivated in the browser settings. Please note that you may not be able to use all functions of this online offering in that case.

Data erasure

The data processed by us are erased or their processing is restricted pursuant to Art. 17 and 18 GDPR. Unless expressly specified within the scope of this data privacy statement, the data stored by us are erased as soon as they are no longer needed for their intended purpose and their erasure does not conflict with any statutory retention obligations. Insofar as the data are not erased because they are needed for other and legally permissible purposes, their processing is restricted. This means the data are blocked and not processed for other purposes. This applies for example for data that have to be retained for commercial or tax law reasons.

According to legal requirements in Germany, a 10-year retention period applies pursuant to Section 147, Paragraph 1 of the Tax Code (AO) and Section 257, Paragraph 1, No. 1 and 4, Paragraph 4 of the German Commercial Code (HGB) (books, records, management reports, accounting records, account books, documents relevant for taxation etc.), and a 6-year retention period pursuant to Section 257, Paragraph 1, No. 2 and 3, Paragraph 4 HGB (business letters).

According to legal requirements in Austria, a 7-year retention period applies pursuant to Section 132, Paragraph 1 of the Federal Fiscal Code (BAO) (accounting records, documents/invoices, accounts, vouchers, business documents, listing of income and expenses etc.), a 22-year retention period in the context of land and a 10-year retention period related to services provided electronically, telecommunication, radio and television services provided to non-entrepreneurs in EU member states and for which the mini one-stop shop (MOSS) exemption is claimed.

Processing for business purposes

We also process

  • contract data (e.g. object of the contract, term, customer category), and
  • payment data (e.g. bank details, payment history)

of our customers, prospects and business partners for the purpose of contractual performance, service and customer support, marketing, promotion and market research.

Online booking on our website

On our website there is the option to book rooms and make other arrangements. If a user uses this option, the data entered in the input mask will be transmitted to us and saved. This data includes personal data, communication data, contractual data, payment data. The subjects of data processing are costumers, interested parties and other business partners. 

The processing of data takes place in accordance with article 6 par. 1 lit. b (order processes) and lit. c (archiving required by law) GDPR. The data marked as mandatory is necessary in order for us to fulfil the contract. We only disclose that data to third parties in the framework of delivery, payment or in the framework of legal authorisations and obligations regarding legal counsel and authorities. The data is only processed in third countries, if it is necessary to fulfil the contract (e.g. following the costumer’s request in regard of delivery or payment).

In the framework of registration and renewed registration as well as the use of our online booking tools, we store the IP-address and the date of the respective user intervention. The data retention takes place on the basis of our legitimate interests, as well as the user’s interest of protection against abuse and any other unauthorised use of data. We do not disclose data to third parties, unless it is necessary in order for us to pursue claims or there is a legal obligation for data transfer in accordance with article 6 par. 1 lit. c GDPR. 

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements have been met. The necessity of the data retention is reviewed every three years; in case of legal archiving obligations, the erasure of data takes place after the retention period has expired (commercial retention obligation 6 years; tax-related retention period 10 years). 

Contractual services

We process the data of our contracting partners and interested parties as well as other clients, costumers (uniformly referred to as contracting partners) in accordance with article 6 par. 1 lit. b GDPR, in order to comply with our contractual or precontractual services. The processed data, the type, scope and purpose and the necessity of its processing are determined in accordance with the underlying contract.

The processed data include the master data of our contracting partners (e.g. names and addresses), contact information (e.g. e-mail address and phone numbers) as well as contractual data (e.g. services received, contract contents, contractual communication, name of contact persons) and payment details (e.g. bank details, payment history).

In principle, we do not process special categories of personal data, except the data is part of an assigned or contractual processing. 

We process data, that are necessary in order to provide contractual services and point out the necessity of its processing, unless it is clearly evident for our contracting partners. Any disclosure to third parties or companies only follows, if it is necessary to meet the obligations of the contract. When processing data supplied in the framework of our assignment, we comply with the instructions of our clients as well as according to the legal requirements. 

In the course of using our online services, we are able to store the IP-address and the timeframe of any respective user action at any time. The storage of data is based on our legitimate interests, as well as on the user’s interests in the protection from misusing their data and the unauthorized use of data. We do not pass on data to third parties, unless it is necessary in order to provide contractual services in accordance article 6 par. 1 lit. f GDPR or there is a legal obligation in accordance with article 6 par. 1 lit. c GDPR.

Data are erased, when the data is no longer required for the fulfilment of contractual or legal obligations as well as possible warranty or any comparable obligations. The necessity of the storage of data is reviewed every three years. Furthermore, legal provisions regarding the retention obligation shall also apply.  

Administration, financial accounting, office organization, contact management

We process data in the framework of administrative tasks as well as the organization of our company, financial accounting and the fulfilment of legal obligations, such as the storage of data. In doing so, we process the same data, that we use in order to fulfil our contractual obligations. The legal basis for processing data is article 6 par.1 lit. c GDPR, article 6 par. 1 lit. f GDPR. Costumers, interested parties, business partner and website visitors are affected by the processing of data. The objective and our interest in processing your data is administration, financial accounting, office organization, the storage of data, as well as tasks in order to maintain our business operations, the execution of our tasks and the provision of our services. The erasure of data regarding contractual services and contractual communication correspond to the above mentioned indications. 

We disclose and pass on data to the financial administration, financial advisors, such as tax consultants and auditors as well as further financial units and payment service providers. 

Furthermore, we store data of suppliers, event organizer and other business partner on the basis of our business interests, such as the purpose of contact at a later date. The predominantly company-related-data will be stored permanently. 

Business analysis and market research

In order for us to maintain our economic operation, to identify market trends and the wishes of our contracting partners and users, we have to analyse the available data regarding business processes, contracts, enquiries, etc. Thereby we process inventory data, communication data, contract data, payment data, user data, metadata on the basis of article 6 par. 1 lit. f GDPR. The types of data subjects, whose data are collected, include contractual partners, interested parties, costumers, visitors and users of our online services. 

The analyses are made for the purpose of business assessments, marketing and market research. Thereby, we are able to take the profile of registered users and data, such as used services, into account. The analyses enable us to increase user-friendliness, the optimisation of our services and economic efficiency. We do not disclose the analyses to third parties, unless it is an anonymous analysis of data used for statistical purposes only. 

We erase or anonymize person-related analysis or profiles with the cancellation of the user’s membership, otherwise the data is delated two years after the date of conclusion of the contract. 

Apart from that, if possible, the overall economic analysis and the determination of general tendencies are created anonymously. 

Data protection for application procedures

Your application data is only processed for the purpose and in the framework of the job application process in accordance with applicable laws and regulations. The processing of application data shall take place exclusively for the fulfilment of our precontractual obligations in the framework of the application process according to article 6 par. 1 lit. b GDPR and article 6 par. 1 lit. f GDPR, as long as the processing of data is necessary (e.g. in the framework of legal procedures) – in Germany § 26 BDSG is applicable. 

The application process requires the communication of the applicant’s data. The necessary application data are, if offered in the form of an online application, otherwise indicated in the job description and include personal data, contact address and the for the application relevant documents, such as cover letters, CV and certificates. In addition, our applicants are able to voluntarily disclose further information. 

By sending your application, you agree to process your data for the purpose of the application process in accordance with the terms and conditions of our data privacy declaration. 

If we have received categories of personal data voluntarily according to article 9 par. 1 GDPR, the processing of this data is made additionally in accordance with article 9 par. 2 lit. b GDPR (e.g. health data, such as severe disability or ethnic background). If we ask for personal data according to article 9 par. 1 GDPR in the framework of the application procedure, the above mentioned data is processed additionally in accordance with article 9 par. 2 lit. a GDPR (e.g. health data, if it is necessary for the professional practice).

If provided, applicants have the possibility to submit their application by using the online form on our website. The data is transferred encoded in accordance with the state of art. Furthermore, applicants are able to submit their application by e-mail. In doing so, please note that e-mails are not transferred encoded and that the applicant is responsible for the necessary encoding. Therefore, we do not take responsibility for the transmission rout of the application between sender and recipient and rather recommend using our online form or sending the application by mail. Besides the possibility of using our online form and e-mail, you still have the chance to send your application by mail. 

In case of a successful application, the available data may further be processed for employment purposes. Otherwise, we erase the data of the applicant. We also erase the data of the applicant, if the application is withdrawn, which the applicant is entitled to do at any time. 

The deletion of data takes place, subject to the entitled withdrawal of the applicant, after a period of six months, in order for us to answer follow-up questions regarding the application process and to comply with the obligations of providing proof in accordance with the General Treatment Act. Invoices regarding possible travel reimbursements are stored according to the applicable tax guidelines. 

Contacting

When contacting our hotel (e.g. through the contact form, e-mail, telephone, or through social media), we process the user data for the purpose of processing the contact request in accordance with article 6 par. 1 lit. b GDPR. The user data might be stored in a costumer-relationship-management system (CRM-System) or in any comparable system.

We delete the enquiry, as long as it is no longer required. We review the necessity every two years. Furthermore, the legal archiving obligations are applied. 

Newsletter

With references, we would like to inform you about the contents of our newsletter, as well as the registration-, dispatch- and statistical evaluation procedures and your right of objection. When registering for our newsletter, you consent to receiving our newsletter in the below mentioned way. 

Content of the newsletter: we send newsletter, e-mail and other electronic notifications with promotional information (subsequent “newsletter”) only with the consent of the recipient or legal allowance. Our newsletter contains information about our products and additional information (e.g. safety information), offers, promotions and our business. 
Double-opt-in and recording: The registration for our newsletter is carried out in the so-called double-opt-in-procedure. This means, after the registration you receive an e-mail, in which you are asked to confirm your registration. This confirmation is necessary, so no one is able to register with a false e-mail address. The registration for the newsletter is being recorded, in order for us to proof the application of legal requirements regarding the registration procedure. This includes the storage of registration- and confirmation date, as well as the IP-address. Furthermore, changes of your stored data will be recorded. 

Registration data: In order for you to register for our newsletter, it is sufficient to only state your e-mail address. Optionally, we ask you to state your name, in order for us to address you personally in the newsletter. 

The mailing of the newsletter and the related performance measurement take place on the basis of the consent of the recipient in accordance with article 6 par. 1 lit. a; article 7 GDPR in conjunction with § 107 par. 2 TKG, respectively in accordance with § 107 par. 2 and 3 TKG.

The recording of the registration procedure takes place in accordance with article 6 par. 1 lit. f GDPR. Our interests comply with the usage of a user-friendly, as well as secure newsletter-system, which is serving our business interests as well as user expectations and enables us to proof the user’s consent during the registration process. 

Cancellation/withdrawal – you are able to cancel the subscription of our newsletter at any time, this means you are able to revoke your consent. At the end of the newsletter, there is a link to unsubscribe. We are able to store the withdrawn e-mail addresses for a period of three years on the basis of our legitimate interests before they are deleted, in order for us to proof the user’s consent. The process of data is limited to the purpose of a possible defence against claims. An individual request for cancellation is possible at any time, as long as there is proof of former consent. 

Newsletter – service provider

The mailing of the newsletter takes place by the means of the service provider “Newstroll email marketing software, Marco Ahrendt, Maustäle 18, D 72793 Pfullingen”. The data protection regulations of the service provider can be found on the following website: www.newstroll.de/datenschutzrichtlinie/ . The service provider is used based on our legitimate interests in accordance with article 6 par. 1 lit. f GDPR and a processing contract according to article 28 par. 3 S. 1 GDPR.
 
The service provider is allowed to disclose the data of the recipient in anonymized form, this means without the allocation of users, for the purpose of optimizing the dispatch and the presentation of the newsletter or for statistical purposes. The service provider does not use the data of our newsletter-recipients to contact them himself or to disclose data to third parties. 

Newsletter – performance measurement

The newsletter contains a so-called “web-beacon”, which is a pixel-sized document, that is retrieved by our server or the server of the service provider, when opening the newsletter. In the framework of this retrieval, technical information, such as browser and system information as well as the IP-address and the date of the retrieval are collected. 

This information is used for the technical improvement of the service on the basis of technical data or the target group and their reading behaviour by the means of their retrieval places (which are determined with the help of the IP-address) or their access times. The statistical surveys include the determination of the opening of the newsletter, the time frame of the opening and which links were clicked on. This information can be associated with the individual newsletter. In any case, it is not our ambition, nor the ambition of the service provider, to observe individual users. The evaluation serves us to recognize the reading habits of our user in order for us to adapt our content according to the interest of the user and to send different contents in accordance with the interests of our users. 

Hosting

The occupied hosting services ensure the provision of the following services: infrastructure- and plattformservices, computing capacity, memory and database services, security provisions as well as technical maintenance services, which we use for the purpose of operating our online offer. 

Therefore, we, respectively our hosting provider, process personal data, contact data, content data, contract data, user data, meta- and communication data of costumers, interested parties and visitors of our online offer on the basis of our legitimate interests for an efficient and secure provision of our online offer in accordance with article 6 par. 1 lit. f GDPR in conjunction with article 28 GDPR (conclusion of the processing contract).  

The collection and storage of data and log files 

In accordance with article 6 par. 1 lit. f GDPR, we, respectively our hosting provider, collect data every time a user accesses the page on which the service is located (so-called log files). The data includes the name of the accessed website, files, date and time of access, volume of data transmitted, notice of successful access, browser type and version, user’s operating system, referrer URL (the website you were referred to), IP-address and requesting provider.  

Log file information are stored for a maximum period of 7 days for security reasons (e.g. provision of abuse and fraud). After this period, the information is erased. The only data excluded from erasure is the one necessary for evidence purposes until the incident has been finally clarified.

Google Tag Manager

Google Tag Manager is a way for us to manage so-called website-tags by the means of a user interface (so that we are able to integrate google analytics as well as other google-marketing services in our online offer). The tag manager itself (which implements tags) does not process personal user data. With regard to the processing of personal user data we refer to the information of google services. 
Guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html. 

Google Analytics

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economical operation of our online offering pursuant to Art. 6 (1), point f. GDPR), we use Google Analytics, a web analysis service of Google LLC (“Google”). Google uses cookies. The information generated by the cookies regarding the use of the online offering by the user is generally transmitted to a Google server in the USA where it is stored.

Google is certified under the Privacy Shield agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).  

Google uses this information on our behalf in order to evaluate the use of our online offering by the users, compile reports about the activities within this online offering and provide us with additional services related to the use of this online offering and the Internet. In doing so, pseudonymised usage profiles for the users may be prepared from the processed data.

We only use Google Analytics with activated IP anonymisation. This means that the IP address of users within member states of the European Union or other states in the European Economic Area is shortened by Google. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.

The IP address transferred by the user’s browser is not combined with other data by Google. Users can prevent the storage of cookies by configuring the settings of their browser software accordingly. Furthermore, users can prevent the capture of data generated by the cookie and related to their use of the online offering by Google as well as the processing of these data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. 

Alternatively to the browser add-on or in browsers on mobile devices, please click the following link to prevent future data collection by Google Analytics within this website: Analytics-Opt-Out. This stores an opt-out cookie on your device. If you delete your cookies then you have to click the link again.

Further information about the use of data by Google, settings and rights to object is available in the Google data privacy statement (https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated). 

Google Universal Analytics

We use google analytics in the form of “universal analytics” and is a process in which the user analysis is carried out on the basis of a pseudonymous user ID. This way, a pseudonymous user profile with information from the usage of different devices is formed (so-called “cross-device-tracking”).

Formation of target groups with Google Analytics

We use Google Analytics in order to display the advertisements placed within advertising services of Google and its partners only to those users who have shown an interest in our online offering, or who exhibit certain characteristics (e.g. interest in certain topics or products determined based on the websites that are visited), which we transmit to Google (known as Remarketing Audiences or Google Analytics Audiences). With the help of Remarketing Audiences, we also want to ensure that our advertisements correspond to the potential interests of users.

Google AdWords

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economical operation of our online offering pursuant to Art. 6 (1), point f. GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google is certified under the Privacy Shield agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). 

We use the Google AdWords online marketing method to place advertisements in the Google advertising network (e.g. in search results, in videos, on websites etc.) so they are displayed for users who have a presumed interest in the advertisements. This allows us to display advertisements for and within our online offering more selectively in order to only present advertisements to users that potentially correspond to their interests. For example, when advertisements for products in which a user has expressed interest in other online offerings are displayed to that user, this is called remarketing. When our and other websites that are part of the Google advertising network are accessed, a Google code is executed directly by Google and what are known as (re)marketing tags (invisible graphics or code, also known as web beacons) are integrated into the website. These are used to store an individual cookie or small file on the user’s device (comparable technologies may also be used instead of cookies). This file stores the websites the user visits, the content the user is interested in and the offers on which the user clicks, as well as technical information about the browser and operating system, referrer URLs, time of the visit and further information about the use of the online offering.

We also receive an individual conversion cookie. Google uses information obtained with the help of this cookie to prepare conversion statistics for us. However, we only obtain the anonymous total number of users who have clicked our advertisement and were forwarded to a page with a conversion tracking tag. We do not receive any information that could be used to identify the users personally.

User data is pseudonymised for processing within the Google advertising network. This means that Google does not store and process, for example, the name or e-mail address of the user, but processes the relevant data on a cookie basis within pseudonymised user profiles. From the perspective of Google, the advertisements are not managed and displayed for a concrete, identified person but for a cookie owner, regardless of who this cookie owner is. This does not apply when the user has expressly permitted Google to process the data without such pseudonymisation. The information collected about users is transmitted to Google and stored on Google servers in the USA.

Further information about the use of data by Google, settings and rights to object is available in the Google data privacy statement (https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated). 

Facebook Pixel, Custom Audiences and Facebook Conversion

Based on our legitimate interests in the analysis, optimisation and economical operation of our online offering and for these purposes, our online offering uses what is called the “Facebook pixel” of the social network Facebook operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

Facebook is certified under the Privacy Shield agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). 

The Facebook pixel allows Facebook to identify the visitors to our online offering as a target group for this display of advertisements (known as Facebook ads). Accordingly we use the Facebook pixel in order to display the Facebook ads placed by us only to those Facebook users who have shown an interest in our online offering, or who exhibit certain characteristics (e.g. interest in certain topics or products determined based on the websites that are visited), which we transmit to Facebook (known as Custom Audiences). We also use the Facebook pixel to ensure that our Facebook ads correspond to the potential interests of users and are not perceived as bothersome. With the help of the Facebook pixel, we are also able to understand the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were forwarded to our website after clicking a Facebook advertisement (known as conversion).

Facebook processes the data according to Facebook’s data usage guideline. Corresponding general information about the display of Facebook ads in Facebook’s data usage guideline: www.facebook.com/policy.php. Specific information and details about the Facebook pixel and its functionality is available in the Facebook help section: https://www.facebook.com/business/help/651294705016616. 

You can object to the recording of data by the Facebook pixel and their use for the display of Facebook ads. To choose what types of advertisements are displayed to you on Facebook, you can call up the page set up by Facebook and follow the instructions for configuring usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, meaning they apply for all devices including desktop computers and mobile devices.

You can also object to the use of cookies for the purpose of measuring coverage and for promotional purposes on the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and on the US website  (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/). 

Online presence in social media

We use social networks and platforms in order to communicate with costumers, interested parties and users, who are active on social networks, and to inform them about our services. When opening a network or platform, the respective conditions and data processing -guidelines of the respective operators are applied.

As far as there is nothing else mentioned in our data privacy declaration, we process the user data, if the user communicates with us through social networks and platforms, e.g. post comments on our profile on social media or send messages. 

Third party services and content

Based on our legitimate interest (interest of analysis, economic and efficient operations for our online services in accordance with article. 6 par. 1 lit. GDPR.) we use third party content offerings and services to corporate their content offerings and services, for instance corporate videos and fonts (throughout consistently used as content). 

This assumes that third parties of this content use the user’s IP-address because the content can’t be sent to the browser without an IP-address. Therefore, an IP-address is needed for displaying content. We endeavour to only use content, where the provider merely uses an IP-address for delivering content. Third parties can use so called Pixel-Tags (invisible graphics or code, also known as „Web Beacons“) as well for statistical or marketing purposes. With the help of „Pixel-Tags“, information like traffic of visitors can be analyzed on subsites of the website. The pseudonymous data can be stored in cookies on the user’s device and include technical information about the browser and operating system, referring websites, time of access, as well as further information about usage of our online services. This information is used to be connected with other information from different sources.

Vimeo

We use videos of the platform “vimeo” of the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Data privacy declaration: https://vimeo.com/privacy. We would like to point out that Vimeo might use the service of Google Analytics and therefore refere to the data privacy declaration (https://www.google.com/policies/privacy), as well as opt-out possibilities of Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or the setting of Google for the usage of data for marketing purposes. 

Youtube

We use videos of the platform “Youtube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy declaration: https://www.google.com/policies/privacy/; opt-out: https://adssettings.google.com/authenticated. 

Google Fonts: 

We use fonts („Google Fonts“) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy declaration: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google ReCaptcha

We use the feature to detect bots, e.g. during the input of data into our online form (“ReCaptcha”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy declaration: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated. 

Google Maps

We use the map-services of “Google Maps” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data include IP-addresses and the user’s location data, which won’t be collected without the user’s consent (as a general rule in the framework of the settings of their mobile devices). The data might be processed in the USA. Data privacy declaration: https://www.google.com/policies/privacy/,  Opt-Out: https://adssettings.google.com/authenticated. 

Use of Facebook plugins

Based on our legitimate interests (i.e. the interest in the analysis, optimisation and economical operation of our online offering pursuant to Art. 6 (1), point f. GDPR), we used the Social Plugins (“plugins”) of the social network facebook.com operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins may represent interaction elements or content (e.g. videos, graphics or text contributions), and are identified by one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “Gefällt mir” or a “thumbs up” symbol) or the addendum “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins is available here: developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield agreement and thereby guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). 

When a user calls up a function of this online offering, the user’s device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted from Facebook directly to the user’s device, where it is integrated into the online offering. In doing so, usage profiles for the users may be prepared from the processed data. We therefore have no influence on the scope of the data collected by Facebook with the help of the plugins, and consequently inform users according to our state of knowledge.

Due to the integration of the plugins, Facebook receives the information that a user has called up the corresponding page of the online offering. If the user is logged on to Facebook, then Facebook can assign the visit to the user’s Facebook account. When a user interacts with the plugins, e.g. by clicking the “Like” button or submitting a comment, the corresponding information is transmitted from the user’s device directly to Facebook where it is stored. If a user is not a Facebook member, Facebook may nevertheless determine and store the user’s IP address. According to Facebook, only an anonymised IP address is stored in Germany.

In regards to the purpose and scope of data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy, please consult the Facebook data privacy statement: https://www.facebook.com/about/privacy/. 

When a user is a Facebook member and does not want Facebook to collect data about the user through this online offering and link it to the user’s profile data stored by Facebook, the user has to log off Facebook and delete their cookies before using our online offering. For further settings and objections to the use of data for promotional purposes, see the Facebook profile settings: https://www.facebook.com/settings?tab=ads or visit the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, meaning they apply for all devices including desktop computers and mobile devices.

Sharing functions of AddThis

Within our online offer we use the service “AddThis” (1595 Spring Hill Rd Suite 300 Vienna, VA 22182, USA) to share content of the online offer on social media (so-called sharing). AddThis uses the user’s personal data for the provision and operation of sharing functions. Furthermore, AddThis is able to use pseudonymous information of the user for marketing purposes. This data is stored with the help of so-called „cookie-text files“ on the computer of the user. Data privacy declaration: http://www.addthis.com/privacy, Opt-Out: http://www.addthis.com/privacy/opt-out. 

Created with the “Datenschutz-Generator.de” of RA Dr. Thomas Schwenke and adapted by crosseye Marketing