Privacy Policy
Introduction and Overview
Version: 05.03.2024-312739388
We have prepared this Privacy Policy in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 and applicable national laws to inform you of which personal data (short: data) we, as the data controller—and the processors we commission (e.g., hosting providers)—process now and will process in the future, as well as the lawful options available to you. All terminology is to be understood as gender-neutral.
In short: We aim to give you comprehensive information about the data we process about you.
Privacy policies typically appear very technical and use legal jargon. However, we intend to describe the most important aspects in as simple and transparent a manner as possible. Where it aids transparency, we explain technical terms in a reader-friendly way, provide links to further information, and include illustrations. We therefore inform you clearly and simply that, in the course of our business activities, we only process personal data when a corresponding legal basis is in place. This is obviously not feasible when providing overly concise, vague, and purely legalistic or technical explanations, such as those often found on the internet with respect to data protection. We hope that you find the following explanations interesting and informative, and perhaps they will include one or two pieces of information that you did not know previously.
If you still have questions, we kindly ask you to contact the person or entity specified below or in our imprint, follow any existing links, and view further information on third-party websites. You can, of course, also find our contact details in the Imprint.
Scope
This Privacy Policy applies to all personal data we process within our company and to all personal data processed by companies we commission (processors). “Personal data” means information within the definition of Article 4(1) GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this Privacy Policy includes:
- All online presences (websites, online shops) operated by us
- Social media presences and email communications
- Mobile apps for smartphones and other devices
In short: The Privacy Policy covers all areas in which personal data is processed in our company via the aforementioned channels in a structured manner. If we enter into a legal relationship with you outside of these channels, we may provide separate notification where applicable.
Legal Bases
In this Privacy Policy, we provide transparent information about the legal principles and regulations—i.e., the legal bases of the General Data Protection Regulation—that allow us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read the text of this EU General Data Protection Regulation online on EUR-Lex, the access point for EU law, at:
https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679
We only process your data if at least one of the following conditions applies:
- Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example might be storing the data you enter in a contact form.
- Contract (Article 6(1)(b) GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For instance, if we enter into a purchase agreement with you, we need personal information in advance.
- Legal obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes, which typically contain personal data.
- Legitimate interests (Article 6(1)(f) GDPR): In cases of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to operate our website securely and economically. This processing therefore constitutes a legitimate interest.
Other conditions, such as processing for tasks in the public interest or the exercise of official authority, or for the protection of vital interests, generally do not apply to us. Insofar as such a legal basis might become relevant, it will be indicated at the appropriate point.
In addition to the EU Regulation, national laws also apply:
- In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
- In Germany, it is the Federal Data Protection Act (BDSG) for short.
If further regional or national laws apply, we will inform you in the following sections.
Contact Details of the Controller
If you have questions about data protection or the processing of personal data, you can find the contact details of the responsible person or entity below:
CeiliX Technology GmbH
Registered office: Josef-Ruhr-Str. 30, 53879 Euskirchen, Germany
Email: [email protected]
Imprint: https://ceilix.com/imprint/
Storage Period
As a general principle, we store personal data only as long as it is absolutely necessary for providing our services and products. This means we delete personal data as soon as the purpose for processing the data no longer exists. In some cases, we are legally required to store certain data even after the original purpose has expired—for example, for accounting purposes.
If you request the deletion of your data or withdraw your consent to the data processing, the data will be deleted as soon as possible, provided there is no obligation to retain it.
Where applicable, we provide specific details below on the duration of each data processing activity, if additional information is available.
Rights Under the General Data Protection Regulation
Pursuant to Articles 13 and 14 of the GDPR, we inform you about the following rights to ensure fair and transparent data processing:
-
Right of access (Article 15 GDPR): You have the right to know whether we process personal data about you. If we do, you have the right to receive a copy of the data and to learn the following information:
- The purpose for which we carry out the processing
- The categories, i.e. types of data, that are processed
- The recipients of the data and, if applicable, how the security of the data transfer to third countries is guaranteed
- The duration of data storage
- The existence of the right to rectification, erasure, or restriction of processing, and the right to object to the processing
- That you can lodge a complaint with a supervisory authority (links to these authorities can be found below)
- The origin of the data, if we did not collect it from you
- Whether profiling is carried out, i.e. whether data is automatically evaluated to create a personal profile of you
-
Right to rectification (Article 16 GDPR): You have the right to correct data if you discover errors.
-
Right to erasure (“right to be forgotten”) (Article 17 GDPR): You have the right to request the deletion of your data.
-
Right to restriction of processing (Article 18 GDPR): You have the right to demand that we only store your data and not use it further.
-
Right to data portability (Article 20 GDPR): You have the right to request that we provide your data in a common format.
-
Right to object (Article 21 GDPR): You have the right to object to data processing if the processing is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest). We will then review as quickly as possible whether we can legally comply with your objection.
- If the data is used for direct marketing, you can object at any time, and we must stop processing your data for direct marketing.
- If the data is used for profiling, you can object at any time, and we must stop processing your data for profiling.
-
Right not to be subject to automated decision-making (Article 22 GDPR): Under certain circumstances, you have the right not to be subject to a decision based solely on automated processing (e.g., profiling).
-
Right to lodge a complaint with a supervisory authority (Article 77 GDPR): If you believe that the processing of your personal data violates the GDPR, you can lodge a complaint with a supervisory authority at any time.
In short: You have rights—do not hesitate to contact the above-listed responsible office in our organization!
If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been infringed, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority (https://www.dsb.gv.at/). In Germany, there is a Data Protection Officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:
(Note: Please insert or clarify the specific authority’s details if applicable.)
Data Transfer to Third Countries
We only transfer or process data in countries outside the scope of the GDPR (third countries) if you consent to such processing or if another legal permission exists. This is especially relevant if processing is legally required or necessary for fulfilling a contractual relationship and only insofar as such processing is generally permitted. Your consent is, in most cases, the primary reason we process data in third countries. Processing personal data in third countries such as the United States, where many software providers offer services and have server locations, can mean that personal data may be processed and stored in unexpected ways.
We explicitly note that, according to the opinion of the European Court of Justice, there is currently only an adequate level of protection for data transfer to the USA if a U.S. company that processes personal data of EU citizens in the USA actively participates in the EU-U.S. Data Privacy Framework. You can find more information here:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en
Data processing by U.S. services that are not active participants in the EU-U.S. Data Privacy Framework may result in data potentially being processed and stored without anonymization. Furthermore, U.S. government agencies may be able to access certain data. Additionally, any data collected may be linked with data from other services of the same provider if you have a corresponding user account. Wherever possible, we try to use server locations within the EU if it is offered.
We will provide more specific information regarding data transfer to third countries at the appropriate sections of this Privacy Policy, if applicable.
Security of Data Processing
To protect personal data, we have implemented both technical and organizational measures. Whenever possible, we encrypt or pseudonymize personal data, thereby making it as difficult as possible—within our capabilities—for third parties to draw personal conclusions from our data.
Article 25 GDPR refers to “data protection by design and by default,” meaning that we keep security in mind when it comes to both software (e.g., forms) and hardware (e.g., server room access), implementing appropriate measures. If necessary, we will address specific measures below.
TLS Encryption with HTTPS
TLS, encryption, and HTTPS sound very technical, but we use HTTPS (Hypertext Transfer Protocol Secure) to transmit data securely over the internet. This ensures that the complete transfer of all data from your browser to our web server is protected against eavesdropping.
We have thus introduced an additional security layer and fulfill data protection through technology design (Article 25(1) GDPR). By using TLS (Transport Layer Security)—an encryption protocol for secure data transmission on the internet—we can ensure the confidentiality of sensitive data.
You can recognize the use of this secure data transmission by the small lock symbol at the top left in your browser, to the left of the internet address (e.g., examplepage.de), and by the scheme https (instead of http) in our web address.
If you want to learn more about encryption, we recommend searching for “Hypertext Transfer Protocol Secure wiki” in Google to find good links to further information.
Communication
Summary:
- Data subjects: All those who communicate with us by telephone, email, or online form.
- Data processed: e.g., telephone number, name, email address, form data entered. More details can be found under each method of contact.
- Purpose: Handling communication with customers, business partners, etc.
- Storage period: Duration of the business case and as legally required
- Legal bases: Article 6(1)(a) GDPR (consent), Article 6(1)(b) GDPR (contract), Article 6(1)(f) GDPR (legitimate interests)
If you contact us by telephone, email, or online form, personal data may be processed.
Such data is processed to handle your query and the associated business transaction. It is stored only as long as is necessary or as the law prescribes.
Data Subjects
All individuals who seek to contact us via the communication channels we provide may be affected by this process.
Telephone
When you call us, call data is pseudonymously stored on the respective end device and by the telecommunications provider used. Furthermore, data such as your name and phone number may be sent via email afterward and stored for query resolution. Data is deleted once the business case is closed and provided there are no legal requirements to retain it.
If you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and data may be stored on our email server. Data is deleted once the business case is concluded and provided there are no legal requirements to retain it.
Online Forms
If you contact us using an online form, data will be stored on our web server and, if necessary, forwarded to one of our email addresses. Data is deleted once the business case is concluded and provided there are no legal requirements to retain it.
Legal Bases
The processing of the data is based on the following legal grounds:
- Article 6(1)(a) GDPR (consent): You give us your consent to store your data and to use it for purposes related to the business case.
- Article 6(1)(b) GDPR (contract): It is necessary for fulfilling a contract with you or a processor (e.g., telecommunications provider), or we must process the data for pre-contractual activities such as preparing an offer.
- Article 6(1)(f) GDPR (legitimate interests): We seek to handle customer inquiries and business communication in a professional manner. Technical infrastructure, such as email programs, exchange servers, and mobile service providers, is necessary for efficient communication.
Cookies
Summary:
- Data subjects: Visitors to the website
- Purpose: Depends on the specific cookie. More details can be found below or from the software vendor that sets the cookie.
- Data processed: Depends on the cookie in question. More details can be found below or from the software vendor that sets the cookie.
- Storage period: Depends on the specific cookie, ranging from hours to years
- Legal bases: Article 6(1)(a) GDPR (consent), Article 6(1)(f) GDPR (legitimate interests)
What Are Cookies?
Our website uses HTTP cookies to store user-specific data. Below, we explain what cookies are and why they are used, so you can better understand this Privacy Policy.
Whenever you browse the internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser—these files are called cookies.
It’s clear that cookies are handy little helpers. Nearly all websites use cookies—more precisely, HTTP cookies. There are other cookies for other applications, but here we are focusing on HTTP cookies. HTTP cookies are small files placed on your computer by our website. These files are automatically stored in the cookie folder of your browser’s “brain.” A cookie consists of a name and a value. When defining a cookie, you must also provide one or more attributes.
Cookies store certain user data, such as language or personal page settings. When you revisit our site, your browser sends the “user-related” information back to our website. Thanks to cookies, our website knows who you are and provides your usual settings. Some browsers store each cookie in a separate file; others, like Firefox, store all cookies in a single file.
Below is an example of how a browser might interact with a web server: The browser requests a webpage, receives a cookie from the server, and uses that cookie again when requesting another page.
(Graphic not included here: “HTTP Cookie interaction between browser and web server”)
Cookies can be either first-party cookies or third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each one stores different data. Cookies also have varying expiration times, from a few minutes to several years. Cookies are not software programs and do not contain viruses, trojans, or other “harmful” programs. They also cannot access information on your PC.
Here is an example of what cookie data might look like:
Name: _ga
Value: GA1.2.1326744211.152312739388-9
Purpose: Distinguishing website visitors
Expiration date: after 2 years
A browser must support at least the following minimum sizes:
- Minimum 4096 bytes per cookie
- At least 50 cookies per domain
- A total of at least 3000 cookies
What Types of Cookies Are There?
Which specific cookies we use depends on the services we employ and is clarified in the subsequent sections of this Privacy Policy. At this point, we would like to briefly discuss the different types of HTTP cookies.
We can distinguish four types of cookies:
-
Absolutely necessary cookies
These cookies are required to ensure basic functions of the website. For example, such cookies are needed when a user places a product in a shopping cart, browses other pages, and later proceeds to checkout. Without these cookies, the shopping cart would be cleared even if the browser window is closed. -
Functional cookies
These cookies collect information about user behavior and any errors the user might receive. Furthermore, these cookies measure loading times and how the website behaves in different browsers. -
Target-oriented cookies
These cookies enhance user-friendliness. For instance, entered locations, font sizes, or form data may be saved. -
Advertising cookies
Also known as targeting cookies, they serve to deliver customized advertising to users. This can be very convenient, but also quite annoying.
Typically, you will be asked which types of cookies you wish to allow when you first visit a website. This decision is also stored in a cookie.
For more technical information about cookies, we recommend reading the “HTTP State Management Mechanism” at https://datatracker.ietf.org/doc/html/rfc6265, a Request for Comments by the Internet Engineering Task Force (IETF).
Purpose of Processing via Cookies
Ultimately, the purpose depends on the specific cookie in use. You can find more details further below or from the software provider that sets the cookie.
Which Data Is Processed?
Cookies are small aides for many different tasks. Unfortunately, it is not possible to generalize which data is stored in cookies, but we will inform you about the data processed and stored as part of this Privacy Policy.
Storage Period of Cookies
The storage duration depends on the specific cookie and is detailed below. Some cookies are deleted after less than one hour, while others may remain stored on a computer for several years.
You also have control over the storage duration yourself. You can manually delete all cookies at any time through your browser settings (see “Right to Object” below). Furthermore, cookies that rely on your consent are deleted at the latest upon the withdrawal of your consent, without affecting the lawfulness of the storage prior to the withdrawal.
Right to Object – How Can I Delete Cookies?
You decide whether and how you use cookies. Regardless of which service or website places cookies, you always have the option to delete, deactivate, or partially allow cookies. For example, you can block cookies from third-party providers while allowing all other cookies.
To see which cookies have been stored in your browser, to change cookie settings, or to delete them, you can find instructions in your browser settings:
- Chrome: Delete, enable, and manage cookies in Chrome
- Safari: Manage cookies and website data in Safari
- Firefox: Delete cookies to remove the data websites have placed on your computer
- Internet Explorer: Delete and manage cookies
- Microsoft Edge: Delete and manage cookies
If you generally do not want any cookies, you can set your browser to always inform you when a cookie is about to be placed. This allows you to decide whether to allow each cookie. The procedure differs for each browser. It is best to search Google for “delete cookies Chrome” or “disable cookies Chrome” if you use Chrome as your browser.
Legal Basis
The so-called “Cookie Guidelines” have been in place since 2009, stipulating that storing cookies requires your consent (Article 6(1)(a) GDPR). However, EU member states have responded differently to these guidelines. Austria implemented these guidelines in Section 165(3) of the Telecommunications Act (2021). In Germany, the Cookie Guidelines were not implemented as national law; instead, they were largely enforced in Section 15(3) of the Telemedia Act (TMG).
For cookies that are absolutely necessary—even where no consent has been granted—there are legitimate interests (Article 6(1)(f) GDPR), usually of an economic nature. We want to offer visitors to our website a pleasant user experience, which often requires certain cookies to be absolutely necessary.
If non-essential cookies are used, we do so only with your consent. The legal basis is then Article 6(1)(a) GDPR.
In the following sections, you will receive more detailed information about the use of cookies if we employ any specific software that uses them.
Web Hosting – Introduction
Summary:
- Data subjects: Visitors to the website
- Purpose: Professional hosting of the website and securing its operation
- Data processed: IP address, time of visit, browser used, and additional data. More details can be found below or from the respective hosting provider used.
- Storage period: Depends on the provider, but usually 2 weeks
- Legal basis: Article 6(1)(f) GDPR (legitimate interests)
What Is Web Hosting?
Whenever you visit websites nowadays, certain information—including personal data—is automatically created and stored, including on our website. We strive to process such data as sparingly as possible and only with justification. By “website,” we refer to all the pages on our domain, i.e., everything from the homepage to the very last subpage (including this one). By “domain,” we mean something like example.com or sampledomain.com.
If you want to view a website on your computer, tablet, or smartphone, you use a web browser (like Google Chrome, Microsoft Edge, Mozilla Firefox, Apple Safari, etc.). We refer to it simply as a browser or web browser.
To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Running a web server is complicated and time-intensive, which is why, as a rule, this is handled by professional providers known as hosting providers. They offer web hosting and ensure the reliable and error-free storage of website data. A lot of technical terms, but it gets better—promise!
When your browser connects to a web server (on your desktop, laptop, tablet, or smartphone) and during data transfer to and from the server, personal data may be processed. On the one hand, your computer stores data; on the other, the web server must store data for a certain time to guarantee proper operation.
(Graphic not included here: “Browser and Webserver”)
Why Do We Process Personal Data?
The purposes of data processing are:
- Professional hosting of the website and ensuring its operation
- Maintaining operational and IT security
- Anonymous evaluation of access behavior to improve our offerings and, if necessary, to pursue criminal prosecution or claims
Which Data Is Processed?
When you visit our website—like right now—our web server (the computer hosting this webpage) typically automatically stores data such as:
- The complete internet address (URL) of the webpage accessed
- Browser and browser version (e.g., Chrome 87)
- The operating system used (e.g., Windows 10)
- The URL of the previously visited page (referrer URL) (e.g.,
https://www.examplesite.com/previouspage/
) - The hostname and IP address of the device from which access is made (e.g., COMPUTERNAME and 194.23.43.121)
- Date and time
These are saved in so-called web server log files.
How Long Is the Data Stored?
Typically, the above-mentioned data is stored for two weeks before being automatically deleted. We do not disclose this data, but we cannot rule out the possibility that these data may be viewed if illegal behavior occurs.
In short: Your visit is logged by our provider (the company that operates the website’s specialized computers/servers), but we do not share your data without consent!
Legal Basis
The legality of processing personal data in the context of web hosting arises from Article 6(1)(f) GDPR (protection of legitimate interests), as using a professional provider is necessary for a secure and user-friendly online presence and to be able to pursue any claims or address any attacks that may arise.
Typically, there is a contract for commissioned processing pursuant to Article 28 GDPR between us and our hosting provider, which ensures adherence to data protection and guarantees data security.
Website Builder Systems – Introduction
Summary:
- Data subjects: Visitors to the website
- Purpose: Optimization of our service offering
- Data processed: Such as technical usage information (browser activity, clickstream activities, session heatmaps), contact information, IP address, or geographical location. More details can be found below in this Privacy Policy and in the provider’s privacy statement.
- Storage period: Depends on the provider
- Legal bases: Article 6(1)(f) GDPR (legitimate interests), Article 6(1)(a) GDPR (consent)
What Are Website Builder Systems?
We use a website builder system for our website. These systems are special forms of a Content Management System (CMS). With a website builder, website operators can easily create a website without programming knowledge. In many cases, hosting providers also offer their own website builder systems. Using such a system may involve collecting, storing, and processing personal data from you. In this Privacy Policy, we provide general information about data processing by website builders. More details can be found in the privacy policies of the providers themselves.
Why Do We Use Website Builder Systems?
The biggest advantage of a builder system is ease of use. We want to offer you a clear, simple, and straightforward website, which we can operate and maintain ourselves without external help. Such a system now offers many useful features that we can use without programming knowledge. This allows us to design our online presence according to our preferences, ensuring a pleasant and informative experience for you.
Which Data Is Stored by a Website Builder?
The exact data stored depends on the website builder in use. Each provider processes and collects different data from website visitors. However, typically technical usage information is gathered, such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your visit. Tracking data (e.g., browser activity, clickstream activities, session heatmaps) may also be processed. Additionally, personal data can be collected and stored, often including contact data such as email address, telephone number (if you’ve provided it), IP address, and geographical location data. You can find the specific details on what is stored in the provider’s Privacy Policy.
How Long and Where Is the Data Stored?
In the following section (where available), we provide information on data storage duration in connection with the builder system we use. Detailed information is also available in the provider’s Privacy Policy. Generally, we process personal data only for as long as is absolutely necessary for providing our services and products. The provider may store data according to its own criteria, over which we have no influence.
Right to Object
You always have the right to access, rectify, and erase your personal data. If you have any questions, you can also contact the controller of the website builder system at any time. The contact details can be found in our Privacy Policy or on the website of the respective provider.
You can delete, deactivate, or manage cookies used by the provider for its functions in your browser. Depending on your browser, this can be done in various ways. Please note, however, that some functions may no longer work as intended.
Legal Basis
We have a legitimate interest in using a website builder system to optimize our online offering and present it efficiently and appealingly to users. The corresponding legal basis is Article 6(1)(f) GDPR (legitimate interests). However, we only use the builder system insofar as you have provided consent.
If the data processing is not absolutely necessary for operating the website, your data will only be processed based on your consent. This particularly concerns tracking activities. The legal basis here is Article 6(1)(a) GDPR.
All texts are protected by copyright.
Source: Created with the AdSimple Privacy Policy Generator (Germany)