Privacy Policy

Privacy Policy

Stand: September 14, 2024

Table of Contents

Controller

Mohsen Sayah

E-mail address: m.sayah@noitnoway.com

Overview of Processing

The following overview summarizes the types of data processed and the purposes of processing, and refers to the affected persons.

Types of Data Processed

  • Inventory data.
  • Payment data.
  • Location data.
  • Contact details.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication and procedural data.

Categories of Affected Persons

  • Service recipients and customers.
  • Interested parties.
  • Communication partners.
  • Users.
  • Business and contract partners.

Purposes of Processing

  • Providing contractual services and fulfilling contractual obligations.
  • Communication.
  • Direct marketing.
  • Reach measurement.
  • Office and organizational procedures.
  • Organizational and administrative procedures.
  • Feedback.
  • Profiles with user-related information.
  • Providing our online offering and user-friendliness.
  • Business processes and economic procedures.

Relevant Legal Bases

Relevant legal bases according to the GDPR: The following provides an overview of the legal bases of the GDPR, on which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence. If more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6(1) Sentence 1 lit. a) GDPR – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6(1) Sentence 1 lit. b) GDPR – Processing is necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures taken at the request of the data subject.
  • Legal obligation (Art. 6(1) Sentence 1 lit. c) GDPR – Processing is necessary to fulfill a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR – Processing is necessary for the legitimate interests of the controller or a third party, provided that the interests or fundamental rights and freedoms of the data subject do not override these interests.

National data protection regulations in Germany: In addition to the GDPR, national regulations on data protection in Germany apply. This includes in particular the Federal Data Protection Act (BDSG), which contains specific provisions on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and the transfer of data and automated decision-making in individual cases, including profiling. Additionally, the data protection laws of the individual federal states may apply.

Note on the applicability of the GDPR and the Swiss Data Protection Act (DSG): These privacy notices serve both the information provision under the Swiss DSG and under the GDPR. Therefore, please note that due to broader territorial applicability and understanding, the terms of the GDPR are used. In particular, instead of the terms “processing” of “personal data,” “overriding interest,” and “sensitive personal data” used in the Swiss DSG, the terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” are used in the GDPR. However, the legal meaning of the terms continues to be determined under the Swiss DSG when applicable.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of individuals, to ensure an appropriate level of security for the risks involved.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling access to the physical and electronic data as well as access, input, transmission, ensuring availability, and separation of the data concerned. Furthermore, we have procedures in place that allow the exercise of data subject rights, the deletion of data, and responses to threats to the data. In addition, we consider the protection of personal data in the development or selection of hardware, software, and procedures according to the principle of data protection through technical design and data protection-friendly default settings.

Secure online connections using TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), ensuring that the data is protected from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and encrypted.

Business Services

We process the data of our contract and business partners, such as customers and interested parties (collectively referred to as “contractual partners”), in the context of contractual and comparable legal relationships, as well as associated measures and in relation to communication with the contractual partners (or pre-contractually), for example, to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, any update obligations, and remedies in the event of warranty and other performance failures. In addition, we use the data to protect our rights and for the purpose of administrative tasks associated with these obligations as well as business organization. Moreover, we process the data based on our legitimate interests in proper and economic business management as well as security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., involvement of telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). In accordance with applicable law, we only transfer the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed of other forms of processing, such as for marketing purposes, within the scope of this privacy policy.

The data required for the aforementioned purposes are communicated to the contractual partners before or during data collection, for example, in online forms, through special labeling (e.g., colors) or symbols (e.g., asterisks or similar), or personally.

We delete the data after the expiry of legal warranty and comparable obligations, i.e., generally after four years unless the data is stored in a customer account, e.g., as long as it needs to be retained for legal archiving purposes (e.g., for tax purposes, usually ten years). Data disclosed to us by the contractual partner in the course of an order will be deleted according to the specifications and generally after the end of the order.

  • Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); payment data (e.g., bank account details, invoices, payment history); contact details (e.g., postal and e-mail addresses or phone numbers). Contract data (e.g., contract subject, duration, customer category).
  • Affected persons: Service recipients and customers; interested parties. Business and contractual partners.
  • Purposes of processing: Providing contractual services and fulfilling contractual obligations; communication; office and organizational procedures; organizational and administrative procedures. Business processes and economic procedures.
  • Retention and deletion: Deletion as per the details in the section “General Information on Data Storage and Deletion”.
  • Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1) Sentence 1 lit. b) GDPR); legal obligation (Art. 6(1) Sentence 1 lit. c) GDPR). Legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR).

Additional notes on processing, procedures, and services:

  • Project and development services: We process the data of our customers and clients (hereinafter uniformly referred to as “customers”) to enable them to select, acquire, or commission the chosen services or works and related activities as well as to pay for and provide or perform them. The required information is marked as such during the order, purchase, or comparable contract conclusion and includes the information needed for service provision and billing, as well as contact information to make any necessary consultations. If we have access to information of end customers, employees, or other persons, we process this information in accordance with legal and contractual requirements; Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1) Sentence 1 lit. b) GDPR).
  • Offer of software and platform services: We process the data of our users, registered and any trial users (hereinafter uniformly referred to as “users”), in order to provide them with our contractual services and, based on legitimate interests, to ensure and further develop the security of our offering. The required information is marked as such during the order, purchase, or comparable contract conclusion and includes the information needed for service provision and billing, as well as contact information to make any necessary consultations; Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1) Sentence 1 lit. b) GDPR).

Use of Cookies

Cookies are small text files or other storage markers that store information on devices and retrieve them. For example, they can be used to save the log-in status in a user account, the contents of a shopping cart in an e-shop, the contents or functions of an online offering accessed, or the use of certain functionalities. Cookies may also be used for different purposes, such as to improve the functionality, security, and convenience of online offerings or to create analyses of visitor traffic.

Notes on consent: We use cookies in compliance with legal regulations. Therefore, we obtain prior consent from users unless consent is not required by law. Consent is particularly not required if the storage and access of information, i.e., also cookies, are strictly necessary to provide the users with a telemedia service they have expressly requested (i.e., our online offering). The revocable consent is clearly communicated to users and contains information about the respective use of cookies.

Notes on legal bases for data protection: The legal basis on which we process users’ personal data using cookies depends on whether we ask them for consent. If users consent, the legal basis for the processing of their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., for the economic operation of our online offering and improving its usability) or, if the use of cookies is necessary to fulfill our contractual obligations, to comply with our contractual obligations. We explain for which purposes the cookies are used in this privacy policy or in the context of our consent and processing processes.

Retention period: Regarding the retention period, the following types of cookies are distinguished:

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after closing the device. For example, the log-in status can be stored and preferred content can be displayed directly when the user revisits a website. Likewise, the usage data collected via cookies can be used for reach measurement. Unless we provide explicit information about the type and retention period of cookies (e.g., during consent collection), users should assume that they are permanent and can be stored for up to two years.

General information on revocation and objection (opt-out): Users can revoke their consent at any time and also object to the processing in accordance with legal regulations, including through the privacy settings of their browser.

  • Types of data processed: Meta, communication and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR). Consent (Art. 6(1) Sentence 1 lit. a) GDPR).

Additional notes on processing, procedures, and services:

  • Processing of cookie data based on consent: We use a consent management solution that obtains users’ consent for the use of cookies or the procedures and providers mentioned in the consent management solution. This procedure is used for obtaining, logging, managing, and revoking consents, especially with regard to the use of cookies and similar technologies for storing, reading, and processing information on users’ devices. In the context of this procedure, users’ consents for the use of cookies and the related processing of information, including the specific processing and providers mentioned in the consent management procedure, are obtained. Users also have the option to manage and revoke their consents. The consent declarations are stored to avoid re-requesting and to prove consent according to legal requirements. Storage is server-side and/or in a cookie (so-called opt-in cookie) or using similar technologies to assign consent to a specific user or their device. Unless specific information is provided about the providers of consent management services, the following general information applies: The storage duration of consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information about the scope of consent (e.g., concerning categories of cookies and/or service providers), as well as information about the browser, system, and device used; Legal bases: Consent (Art. 6(1) Sentence 1 lit. a) GDPR).
  • Complianz: Consent management: Procedure for obtaining, logging, managing, and revoking consent, especially for the use of cookies and similar technologies for storing, reading, and processing information on users’ devices, as well as their processing; Service provider: Execution on servers and/or computers under its own data protection responsibility; Website: https://complianz.io/; Privacy Policy: https://complianz.io/legal/. Further information: An individual user ID, language, and types of consent, as well as the time of consent, are stored server-side and in a cookie on the user’s device.

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, e-mail, phone, or via social media), as well as in the context of existing user and business relationships, the information of the requesting persons is processed to the extent necessary to respond to the contact inquiries and any requested measures.

  • Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact details (e.g., postal and e-mail addresses or phone numbers); content data (e.g., text or image messages and contributions, as well as related information such as authorship information or creation time); usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
  • Affected persons: Communication partners.
  • Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form). Providing our online offering and user-friendliness.
  • Retention and deletion: Deletion as per the details in the section “General Information on Data Storage and Deletion”.
  • Legal bases: Legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR). Contract performance and pre-contractual inquiries (Art. 6(1) Sentence 1 lit. b) GDPR).

Additional notes on processing, procedures, and services:

  • Contact form: When contacting us via our contact form, e-mail, or other communication methods, we process the personal data provided to us to respond to and process the respective request. This typically includes information such as name, contact details, and, if applicable, other information provided that is necessary for proper processing. We use this data exclusively for the stated purpose of contact and communication; Legal bases: Contract performance and pre-contractual inquiries (Art. 6(1) Sentence 1 lit. b) GDPR), legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR).

Newsletter and Electronic Notifications

We send newsletters, e-mails, and other electronic notifications (hereinafter “newsletters”) only with the consent of the recipients or based on a legal basis. If the contents of the newsletter are specified as part of the registration, they are relevant to the consent of the users. To register for our newsletter, it is usually sufficient to provide your e-mail address. However, in order to offer you a personalized service, we may ask for your name for personal addressing in the newsletter or for additional information if necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store unsubscribed e-mail addresses for up to three years based on our legitimate interests before we delete them, in order to prove the previously given consent. The processing of this data is limited to the purpose of defending against potential claims. An individual deletion request is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address solely for this purpose in a blocklist (so-called “blocklist”).

The logging of the registration process is based on our legitimate interests for the purpose of proving its proper execution. If we commission a service provider with the sending of e-mails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.

Contents:

Information about us, our services, actions, and offers.

  • Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact details (e.g., postal and e-mail addresses or phone numbers); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved). Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features).
  • Affected persons: Communication partners.
  • Purposes of processing: Direct marketing (e.g., via e-mail or postal).
  • Retention and deletion: 3 years – contractual claims (AT) (Data necessary to account for potential warranty and compensation claims or similar contractual claims and rights, as well as associated inquiries, based on past business experience and usual industry practices, will be stored for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB).). 10 years – contractual claims (CH) (Data necessary to account for potential compensation claims or similar contractual claims and rights, as well as for handling associated inquiries, based on past business experience and common industry practices, will be stored for the duration of the statutory limitation period of ten years, unless a shorter period of 5 years is applicable, which applies in certain cases (Art. 127, 130 OR)).
  • Legal bases: Consent (Art. 6(1) Sentence 1 lit. a) GDPR).
  • Opt-out option: You can cancel receiving our newsletter at any time, i.e., revoke your consent, or object to further receipt. A link to unsubscribe from the newsletter can be found either at the end of each newsletter, or you can use one of the contact methods provided above, preferably by e-mail, for this purpose.

Additional notes on processing, procedures, and services:

  • Measurement of opening and click rates: The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from our or its server when the newsletter is opened, provided we use a mailing service provider. During this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of retrieval, are initially collected. This information is used to technically improve our newsletter based on technical data or the target groups and their reading behavior, based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether and when the newsletters are opened and which links are clicked. The information is assigned to individual newsletter recipients and stored in their profiles until deleted. The evaluations serve to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of opening and click rates as well as the storage of measurement results in the profiles of the users – This text area must be unlocked with a premium license. – premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext ; Legal bases: Consent (Art. 6(1) Sentence 1 lit. a) GDPR).

Web Analysis, Monitoring and Optimization

Web analysis (also referred to as “reach measurement”) is used to evaluate the visitor flows of our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, identify the times at which our online offering or its functions or content is most frequently used, or invite reuse. Likewise, we can track which areas need optimization.

In addition to web analysis, we may also use testing procedures to, for example, test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e., data summarized for a usage process, may be created for these purposes, and information may be stored and retrieved in a browser or device. The collected information includes, in particular, visited websites and used elements, as well as technical information, such as the browser used, the computer system used, and usage times. If users have consented to us or the providers of the services we use collecting their location data, the processing of location data is also possible.

Furthermore, users’ IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear data of users (such as e-mail addresses or names) are stored within the framework of web analysis, A/B testing, and optimization, but pseudonyms. This means that neither we nor the providers of the used software know the actual identity of the users, but only the information stored in their profiles for the respective procedures.

Legal basis: If we ask users for their consent to use third-party providers, the legal basis for the data processing is consent. Otherwise, users’ data is processed based on our legitimate interests (i.e., interest in efficient, economic, and recipient-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features). Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g., access statistics, recognizing returning visitors); profiles with user-related information (creating user profiles). Providing our online offering and user-friendliness.
  • Retention and deletion: Deletion as per the details in the section “General Information on Data Storage and Deletion”. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for a period of up to two years).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6(1) Sentence 1 lit. a) GDPR). Legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR).

Additional notes on processing, procedures, and services:

  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number contains no personal data, such as names or e-mail addresses. It is used to associate analysis information with a device to recognize which content users have accessed within one or more usage processes, which search terms they have used, recalled, or interacted with our online offering. Likewise, the time of use and its duration, as well as the sources of users who refer to our online offering, and technical aspects of their devices and browsers, are stored. In doing so, pseudonymous profiles of users are created with information from the use of different devices, using cookies. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). In the case of EU traffic, IP address data is used exclusively for this derivation of geolocation data before it is immediately deleted. It is not logged, accessed, or used for further purposes. When Google Analytics collects measurement data, all IP requests are made on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) Sentence 1 lit. a) GDPR);Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Third-country transfer basis: Data Privacy Framework (DPF); Opt-out option: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying ads: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).
  • Google Tag Manager: We use the Google Tag Manager, a software from Google, that allows us to manage so-called website tags centrally via an interface. Tags are small code elements on our website that serve to track and analyze visitor activity. This technology helps us improve our website and the content offered on it. The Google Tag Manager itself does not create user profiles, store cookies with user profiles, or conduct independent analyses. Its function is limited to simplifying and making the integration and management of tools and services that we use on our website more efficient. Nonetheless, users’ IP addresses are transmitted to Google when using the Google Tag Manager, which is technically necessary to implement the services we use. Cookies may also be set in this process. However, this data processing only occurs if services are embedded via the Tag Manager. For more detailed information about these services and their data processing, we refer to the further sections of this privacy policy; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1) Sentence 1 lit. a) GDPR);Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms. Third-country transfer basis: Data Privacy Framework (DPF).

Plug-ins and Embedded Features

We integrate function and content elements into our online offering that are retrieved from the servers of their respective providers (hereinafter referred to as “third-party providers”). This may include graphics, videos, or maps (hereinafter collectively referred to as “content”).

Embedding always requires that the third-party providers of this content process the users’ IP addresses because they could not send the content to their browser without the IP address. The IP address is therefore required for the display of these contents or functions. We strive to use only content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” allow information, such as visitor traffic on the pages of this website, to be evaluated. The pseudonymous information may also be stored in cookies on the users’ devices and may include, among other things, technical information about the browser and operating system, referring websites, visit times, and other details about the use of our online offering, as well as being linked to such information from other sources.

Legal basis: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, users’ data is processed based on our legitimate interests (i.e., interest in efficient, economic, and recipient-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems, interactions with content and features); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved). Location data (information about the geographic location of a device or person).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Providing our online offering and user-friendliness.
  • Retention and deletion: Deletion as per the details in the section “General Information on Data Storage and Deletion”. Storage of cookies for up to 2 years (Unless otherwise stated, cookies and similar storage methods may be stored on users’ devices for a period of up to two years).
  • Legal bases: Consent (Art. 6(1) Sentence 1 lit. a) GDPR). Legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR).

Additional notes on processing, procedures, and services:

  • Google Fonts (retrieval from Google server): Retrieval of fonts (and symbols) for the purpose of a technically secure, maintenance-free, and efficient use of fonts and symbols with regard to timeliness and loading times, their uniform display, and consideration of possible licensing restrictions. The font provider is informed of the user’s IP address so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, used hardware) is transmitted, which is necessary for the provision of fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA – When visiting our online offering, the browsers of users send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent that describes the browser and operating system versions of website visitors, as well as the referrer URL (i.e., the website on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families the user wants to load fonts for. This data is logged so that Google can determine how often a particular font family is requested. The user agent must adjust the font generated for the respective browser type in the Google Fonts Web API. The user agent is logged primarily for debugging purposes and used to generate aggregate usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the “Analytics” page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance, and an aggregated report on the top integrations based on the number of font requests can be generated. According to Google, none of the information collected by Google Fonts is used to create profiles of end users or to serve targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR);Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy; Third-country transfer basis: Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=de.
  • Font Awesome (hosting on own server): Display of fonts and symbols; Service provider: The Font Awesome icons are hosted on our server, and no data is transmitted to the provider of Font Awesome; Legal bases: Legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR).
  • Google Maps: We integrate maps from the “Google Maps” service of Google. The data processed may include, in particular, IP addresses and location data of users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal bases: Consent (Art. 6(1) Sentence 1 lit. a) GDPR);Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Third-country transfer basis: Data Privacy Framework (DPF).

Created with the free privacy policy generator from Dr. Thomas Schwenke

Let’s Get in Touch

We’d love to hear from you - reach out to us and let’s explore how we can help your business thrive with our tailored IT solutions.

Let's Talk!