Privacy

Privacy Policy

This Privacy Policy explains how we handle your personal information (we'll call it 'data' for short) across our online services. This includes our websites, features, content, and even our social media pages (all together, we'll call this our 'online offering'). When we mention terms like 'processing' or 'controller,' we're using the definitions found in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Hotel Gasthof Lercher GmbH & Co KG
Anna Lercher
Schwarzenbergstrasse 10
8850 Murau
Phone: 0043 3532 2431
office (at) hotel-lercher. at
www.hotel-restaurant-lercher.at

Imprint

For questions about data protection, please contact:
Anna Lercher
office (at) hotel-lercher. at
Phone: 0043 3532 2431

Types of data we process:

- Basic info (like names, addresses).
- Contact details (like email, phone numbers).
- Content you provide (like text you type, photos, videos).
- How you use our site (like pages you visit, what you're interested in, when you access it).
- Technical and communication data (like device info, IP addresses).

Who this policy applies to

Visitors and users of our online services (From now on, we'll just call these folks 'users').

Why we process your data

- To provide our online services, including all its features and content.
- To answer your questions and chat with you.
- For security reasons.
- To measure how many people we reach and for marketing.

Terms we use

“Personal data” is any information that can identify you (we'll call you the “data subject”). You're identifiable if someone can figure out who you are, directly or indirectly, using things like your name, an ID number, location data, an online identifier (like a cookie), or other specific details about your physical, physiological, genetic, mental, economic, cultural, or social identity.

“Processing” means any operation or set of operations performed on personal data, whether automated or not. This term is very broad and basically covers anything we do with your data.

“Pseudonymization” means processing personal data so that it can no longer be linked to a specific person without using extra information. This extra info is kept separately and protected by technical and organizational measures to make sure the data can't be traced back to an identified or identifiable person.

“Profiling” means any automated processing of personal data used to evaluate certain personal aspects about you. This is especially done to analyze or predict things like your work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

The “Controller” is the person, company, authority, agency, or other body that decides, alone or with others, why and how your personal data is processed.

A “Processor” is a person, company, authority, agency, or other body that processes personal data on behalf of the Controller.

Our legal grounds for processing data

Following Article 13 of the GDPR, we're sharing the legal reasons why we process your data. If we don't mention a specific legal reason elsewhere in this Privacy Policy, here's the general rule: When we ask for your permission, we're relying on Article 6(1)(a) and Article 7 of the GDPR. If we're processing data to provide our services, fulfill contracts, or answer your questions, it's based on Article 6(1)(b) of the GDPR. When we need to process data to meet our legal duties, that falls under Article 6(1)(c) of the GDPR. And if we're processing data because it's in our legitimate interest, then Article 6(1)(f) of the GDPR is the basis. Finally, if we ever need to process your personal data to protect your life or someone else's, Article 6(1)(d) of the GDPR is the legal ground.

How we keep your data safe

In line with Article 32 of the GDPR, we take appropriate technical and organizational steps to keep your data safe. We consider things like the latest technology, how much it costs, what kind of data we're handling, why we're processing it, and the potential risks to your rights and freedoms. Our goal is to make sure the security matches the risk.

These steps include making sure your data stays confidential, accurate, and available. We do this by controlling who can physically access the data, as well as who can access, input, transfer, and separate it. We've also put procedures in place to make sure you can exercise your data rights, that data can be deleted, and that we can react quickly if there's a data breach. Plus, we think about data protection right from the start when we're developing or choosing our hardware, software, and processes. This is all part of our commitment to 'data protection by design and by default' (Article 25 GDPR).

Working with Service Providers and Other Companies

If we share your data with other people or companies (like service providers or other third parties), transfer it to them, or give them access, we only do this if we're allowed by law (for example, if sharing data with third parties, such as payment providers, is necessary to fulfill our contract with you, as per GDPR rules), if you've given us your permission, if there's a legal obligation, or if it's based on our legitimate interests (like when we use agents, web hosts, etc.).

If we hire third parties to process data for us under a 'data processing agreement,' we do this according to Art. 28 GDPR.

Transfers to Countries Outside the EU/EEA

If we process your data in a country outside the European Union (EU) or European Economic Area (EEA), or if we use third-party services or share data with third parties there, we only do this if it's necessary to fulfill our contractual duties (or pre-contractual ones), if you've given your consent, if there's a legal obligation, or if it's based on our legitimate interests. Unless allowed by law or contract, we only process data in a country outside the EU/EEA if the special conditions of Art. 44 ff. GDPR are met. This means, for example, that processing happens based on special safeguards, like an officially recognized decision that the country has a data protection level similar to the EU (e.g., for the USA through the 'Privacy Shield') or by following officially recognized special contractual obligations (known as 'Standard Contractual Clauses').

Your Rights Regarding Your Data

You have the right to ask for confirmation if your data is being processed, and to get information about this data, as well as further details and a copy of your data, according to Art. 15 GDPR.

Also, according to Art. 16 GDPR, you have the right to ask for your data to be completed or corrected if it's inaccurate.

As per Art. 17 GDPR, you can ask for your data to be deleted right away, or alternatively, as per Art. 18 GDPR, you can request that its processing be restricted.

You also have the right to receive the data you've provided to us, as per Art. 20 GDPR, and to ask for it to be transferred to other data controllers.

Furthermore, according to Art. 77 GDPR, you have the right to file a complaint with the relevant supervisory authority.

Right to Withdraw Consent

You have the right to withdraw any consent you've given, according to Art. 7 Para. 3 GDPR, with future effect.

Right to Object

You can object to the future processing of your data at any time, as per Art. 21 GDPR. This objection can specifically be against processing for direct marketing purposes.

Cookies and Your Right to Object to Direct Marketing

Cookies are just small files that get saved on your computer. They can hold different bits of info. Basically, a cookie helps remember things about you (or your device) while you're browsing our website or even after you leave.

We have 'temporary cookies' (also called 'session cookies') which disappear once you close your browser after visiting our site. These might remember what's in your shopping cart or if you're logged in. Then there are 'permanent' or 'persistent' cookies that stick around even after you close your browser. They can keep you logged in if you come back after a few days, or remember your interests for things like showing you relevant ads. 'Third-party cookies' come from other companies, not directly from us. If they're just our cookies, we call them 'first-party cookies'.

We might use both temporary and permanent cookies, and we explain all this in more detail in our privacy policy.

If you'd rather not have cookies saved on your computer, you can easily turn them off in your browser's settings. You can also delete any cookies that are already there. Just keep in mind that blocking cookies might mean some parts of our website won't work as well.

If you want to generally opt out of cookies used for online marketing, especially for tracking, you can do so through the US website https://optout.aboutads.info/?c=2&lang=EN or the EU website https://www.youronlinechoices.com/. You can also stop cookies from being saved by changing your browser settings. But remember, this might mean you can't use all the features of our website.

Deleting Your Data

The data we process will be deleted or its processing restricted according to Art. 17 and 18 GDPR. Unless specifically stated otherwise in this privacy policy, the data we store will be deleted as soon as it's no longer needed for its original purpose and if there are no legal reasons to keep it. If data isn't deleted because it's needed for other legally permitted purposes, its processing will be restricted. This means the data is blocked and won't be used for other purposes. For example, this applies to data that must be kept for commercial or tax reasons.

According to German legal requirements, data is kept for 10 years (e.g., books, records, reports, booking vouchers, commercial books, tax-relevant documents, etc., as per §§ 147 Para. 1 AO, 257 Para. 1 No. 1 and 4, Para. 4 HGB) and 6 years (e.g., commercial letters, as per § 257 Para. 1 No. 2 and 3, Para. 4 HGB).

In Austria, legal requirements mean data is kept for 7 years (e.g., accounting records, receipts/invoices, accounts, business papers, income and expense statements, etc., as per § 132 Para. 1 BAO), 22 years for property-related documents, and 10 years for documents related to electronically supplied services, telecommunications, broadcasting, and TV services provided to non-businesses in EU member states using the Mini-One-Stop-Shop (MOSS).

Processing for Business Purposes

Additionally, we process
- Contract data (e.g., contract subject, duration, customer category).
- Payment data (e.g., bank details, payment history)
from our customers, interested parties, and business partners. We do this to provide contractual services, customer care, marketing, advertising, and market research.

Online Booking and Your Account

We process our customers' data when they use our online booking tool. This helps them choose and order products and services, pay for them, and get them delivered or fulfilled.

The data we process includes basic info, communication details, contract info, and payment data. This applies to our customers, interested parties, and other business partners. We process this data to provide contractual services, run our online shop, handle billing, delivery, and customer service. For this, we use session cookies to remember your shopping cart and permanent cookies to keep you logged in.

We process this data based on Art. 6 Para. 1 lit. b (for processing orders) and c (for legally required archiving) GDPR. The information marked as required is essential for setting up and fulfilling the contract. We only share data with third parties for delivery, payment, or as allowed by law and our obligations to legal advisors and authorities. Data is only processed in countries outside the EU/EEA if it's necessary to fulfill the contract (e.g., if you request delivery or payment there).

When you register, log in again, or use our online booking tools, we save your IP address and the time of your action. We do this based on our legitimate interests and your interest in protection against misuse and unauthorized use. We generally don't share this data with third parties, unless it's necessary to pursue our claims or if there's a legal obligation to do so, as per Art. 6 Para. 1 lit. c GDPR.

Data is deleted after legal warranty and similar obligations expire. We check every three years if we still need to keep the data. If there are legal archiving duties, data is deleted once those periods end (e.g., commercial law (6 years) and tax law (10 years) retention periods).

Services We Provide Under Contract

We process data from our contract partners, interested parties, and other clients or customers (all referred to as 'contract partners') according to Art. 6 Para. 1 lit. b GDPR. We do this to provide our contractual or pre-contractual services to them. The type, scope, purpose, and necessity of this data processing depend on the specific contract.

The data we process includes basic details of our contract partners (e.g., names and addresses), contact info (e.g., email addresses and phone numbers), contract data (e.g., services used, contract content, communication about the contract, contact person names), and payment data (e.g., bank details, payment history).

Generally, we don't process special categories of personal data, unless it's part of a commissioned or contractual processing.

We process data that's necessary to set up and fulfill contractual services. We'll let you know if certain information is required, especially if it's not obvious to our contract partners. We only share data with external individuals or companies if it's necessary for a contract. When processing data given to us as part of an order, we follow the client's instructions and legal requirements.

When you use our online services, we might save your IP address and the time of your action. We do this based on our legitimate interests and your interest in protection against misuse and unauthorized use. We generally don't share this data with third parties, unless it's necessary to pursue our claims as per Art. 6 Para. 1 lit. f GDPR, or if there's a legal obligation to do so as per Art. 6 Para. 1 lit. c GDPR.

Data is deleted when it's no longer needed to fulfill contractual or legal obligations, or to handle any warranty and similar duties. We check every three years if we still need to keep the data; otherwise, legal retention periods apply.

Administration, Financial Accounting, Office Organization, Contact Management

We process data for administrative tasks, organizing our operations, financial accounting, and following legal obligations like archiving. We use the same data here that we process when providing our contractual services. The legal bases for processing are Art. 6 Para. 1 lit. c GDPR and Art. 6 Para. 1 lit. f GDPR. This processing affects customers, interested parties, business partners, and website visitors. Our purpose and interest in processing this data are for administration, financial accounting, office organization, and data archiving – basically, tasks that help us keep our business running, fulfill our duties, and provide our services. Data deletion related to contractual services and communication follows the details mentioned for those processing activities.

We disclose or transfer data to tax authorities, advisors like tax consultants or auditors, and other fee collection agencies and payment service providers.

Also, based on our business interests, we store information about suppliers, event organizers, and other business partners, for example, for future contact. We generally keep this business-related data permanently.

Business Analysis and Market Research

To run our business effectively and understand market trends, as well as the wishes of our contract partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc. We process basic data, communication data, contract data, payment data, usage data, and metadata based on Art. 6 Para. 1 lit. f GDPR. The people affected by this include contract partners, interested parties, customers, visitors, and users of our online services.

These analyses are for business evaluations, marketing, and market research. We might look at registered users' profiles, including details about the services they've used. The analyses help us improve user-friendliness, optimize our offerings, and boost business efficiency. These analyses are solely for our use and are not shared externally, unless they are anonymous analyses with aggregated values.

If these analyses or profiles contain personal data, they will be deleted or anonymized when the user cancels their account, or otherwise two years after the contract ends. All other general business analyses and trend determinations are made anonymously whenever possible.

Privacy Notes for Job Applications

We only process applicant data for the purpose and within the scope of the application process, in line with legal requirements. We process applicant data to fulfill our (pre-)contractual obligations during the application process, as per Art. 6 para. 1 lit. b. GDPR and Art. 6 para. 1 lit. f. GDPR, for example, if data processing becomes necessary for legal procedures (in Germany, § 26 BDSG also applies).

The application process requires you to provide us with your applicant data. If we offer an online form, the necessary data will be marked; otherwise, it's clear from the job descriptions. Generally, this includes personal details, postal and contact addresses, and application documents like cover letters, CVs, and certificates. You can also voluntarily provide us with additional information.

By submitting your application to us, you agree to your data being processed for the application process, as described in this privacy policy.

If you voluntarily share special categories of personal data (as per Art. 9 para. 1 GDPR) during the application process, we'll also process it according to Art. 9 para. 2 lit. b GDPR (e.g., health data like severe disability status or ethnic origin). If we ask for special categories of personal data (as per Art. 9 para. 1 GDPR) during the application process, we'll also process it according to Art. 9 para. 2 lit. a GDPR (e.g., health data if it's needed for the job).

If available, you can send us your applications using an online form on our website. Your data will be securely encrypted when transmitted to us, using the latest technology.
You can also send us your applications via email. However, please note that emails are generally not encrypted, and you'll need to handle the encryption yourself. We can't take responsibility for the security of your application during email transmission between you and our server. That's why we recommend using an online form or sending it by post instead. You always have the option to mail your application to us.

If your application is successful, we might continue to process the data you provided for employment purposes. Otherwise, if your application for a job opening isn't successful, your data will be deleted. Your data will also be deleted if you withdraw an application, which you're free to do at any time.

Unless you legitimately withdraw your application, your data will be deleted after six months. This allows us to answer any follow-up questions about your application and meet our obligations under the Equal Treatment Act. Invoices for any travel expense reimbursements will be archived as required by tax laws.

Contacting us

When you get in touch with us (e.g., via contact form, email, phone, or social media), we process your details to handle your request, as per Art. 6 para. 1 lit. b) GDPR. Your details might be stored in a Customer Relationship Management system ('CRM System') or a similar system for managing inquiries.

We delete inquiries when they're no longer needed. We check this every two years, and we also follow legal archiving requirements.

Newsletter

Here's some info about our newsletter, including what it contains, how we handle sign-ups, sending, and statistics, and your rights to object. By subscribing to our newsletter, you agree to receive it and to the processes described.

What's in the newsletter: We only send newsletters, emails, and other electronic messages with promotional info (referred to as 'newsletters' from now on) if you've given us permission or if it's legally allowed. If the newsletter content is specifically described when you sign up, that description is what you're agreeing to. Otherwise, our newsletters contain info about our products, related details (like safety tips), special offers, promotions, and our company.

Double Opt-In and Logging: When you sign up for our newsletter, we use a 'double opt-in' process. This means after you sign up, you'll get an email asking you to confirm your subscription. This confirmation is important to make sure no one signs up with someone else's email address. We log newsletter sign-ups so we can prove the process followed legal requirements. This includes saving the time of sign-up and confirmation, as well as your IP address. Any changes to your data stored with our email service provider are also logged.

Sign-up details: To sign up for the newsletter, all you need to do is provide your email address. Optionally, we ask for your name so we can address you personally in the newsletters.

We send out newsletters and measure their success based on your consent, as per Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 107 para. 2 TKG, or based on legal permission as per § 107 para. 2 and 3 TKG.

We log the sign-up process because it's in our legitimate interest, as per Art. 6 para. 1 lit. f GDPR. We want to use a user-friendly and secure newsletter system that serves our business interests, meets your expectations, and also allows us to prove consent.

Cancellation/Withdrawal - You can cancel your newsletter subscription at any time, meaning you can withdraw your consent. You'll find a link to unsubscribe at the end of every newsletter. We might keep unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, so we can prove that consent was given previously. The processing of this data is limited to defending against potential claims. You can request individual deletion at any time, provided that the previous existence of consent is also confirmed.

Newsletter - Email Service Provider

We send out our newsletters using the email service provider Newstroll email marketing software, Marco Ahrendt, Maustäle 18, D 72793 Pfullingen. You can check out their privacy policy here: https://www.newstroll.de/datenschutz/. We use this service provider based on our legitimate interests, as per Art. 6 para. 1 lit. f GDPR, and a data processing agreement as per Art. 28 para. 3 S. 1 GDPR.

The email service provider might use recipient data in a pseudonymized way (meaning it's not linked to a specific user) to optimize or improve their own services. For example, they might use it for technical improvements to how newsletters are sent and displayed, or for statistical purposes. However, the service provider does not use our newsletter recipients' data to contact them directly or share it with third parties.

Newsletter - Measuring Success

Our newsletters contain a 'web beacon,' which is a tiny, pixel-sized file. When you open the newsletter, this file is retrieved from our server, or from our email service provider's server if we use one. When this happens, we collect technical info like details about your browser and system, your IP address, and the time you opened it.

We use this information to technically improve our services based on technical data, or to understand our target audience and their reading habits based on where they access the newsletter (which can be determined by IP address) and when they access it. Our statistical analysis also includes checking if newsletters are opened, when they're opened, and which links are clicked. While this info can technically be linked to individual newsletter recipients, neither we nor our email service provider (if used) aim to track individual users. Instead, these evaluations help us understand our users' reading habits so we can tailor our content to them or send different content based on their interests.

Hosting

The hosting services we use help us provide things like infrastructure and platform services, computing power, storage space, database services, security features, and technical maintenance – all to keep this online offering running smoothly.

In doing this, we and our hosting provider process inventory data, contact data, content data, contract data, usage data, meta-data, and communication data from customers, interested parties, and visitors to this online offering. We do this based on our legitimate interests in providing this online offering efficiently and securely, as per Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (data processing agreement).

Collecting Access Data and Log Files

We, or our hosting provider, collect data about every access to the server where this service is located (these are called server log files). We do this based on our legitimate interests, as per Art. 6 para. 1 lit. f GDPR. This access data includes the name of the website accessed, the file, the date and time of access, the amount of data transferred, a message about successful access, the browser type and version, your operating system, the referrer URL (the page you visited before), your IP address, and the requesting provider.

Log file information is stored for a maximum of 7 days for security reasons (e.g., to investigate abuse or fraud) and then deleted. Data that needs to be kept longer for evidence purposes is exempt from deletion until the specific incident is fully resolved.

Google Tag Manager

Google Tag Manager is a tool that lets us manage website tags through one interface (for example, integrating Google Analytics and other Google marketing services into our online offering). The Tag Manager itself (which implements the tags) doesn't process any personal user data. For information on how user personal data is processed, please refer to the details about Google services below. Usage policies: https://marketingplatform.google.com/intl/de/about/analytics/tag-manager/use-policy/.

Google Analytics

To help us understand how our website is doing and make it better for you, we use Google Analytics, which is a service from Google. We do this because it's in our best interest to improve our online presence (as allowed by GDPR rules). Google uses cookies for this. The info these cookies gather about how you use our website usually goes to a Google server in the USA, where it's stored.

Google is certified under the Privacy Shield agreement, which means they promise to follow European data protection laws (https://www.privacyshield.gov/ps/participant?id=a2zt000000001L5AAI&status=Active).

Google uses this information for us to see how people use our site, create reports on what's happening here, and offer other services related to website and internet use. They might create anonymous profiles of users from this data.

We only use Google Analytics with IP anonymization turned on. This means Google shortens your IP address within the EU or other countries in the European Economic Area. Only in rare cases will your full IP address be sent to a Google server in the USA and then shortened there.

Your browser's IP address won't be combined with other Google data. If you don't want cookies stored, you can adjust your browser settings. You can also stop Google from collecting and processing data related to your use of our website by downloading and installing this browser plugin: https://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser add-on, or if you're using a browser on a mobile device, please click this link to prevent Google Analytics from collecting data on this website in the future: Analytics-Opt-Out. This will place an opt-out cookie on your device. If you delete your cookies, you'll need to click this link again.

For more information on how Google uses data, and your options for settings and objections, please check Google's privacy policy (https://policies.google.com/technologies/ads) and the settings for Google ad displays (https://myadcenter.google.com/home).

User personal data is deleted or anonymized after 14 months.

Google Universal Analytics

We use Google Analytics in its 'Universal Analytics' form. 'Universal Analytics' is a Google Analytics method where user analysis is based on a pseudonymized user ID, creating a pseudonymized user profile with information from the use of various devices (known as 'cross-device tracking').

Building Audiences with Google Analytics

We use Google Analytics to show ads (placed within Google's and its partners' advertising services) only to users who have shown an interest in our online offering or who have certain characteristics (e.g., interests in specific topics or products, determined by the websites they've visited). We send this info to Google, and it's called 'Remarketing' or 'Google Analytics Audiences.' With Remarketing Audiences, we also want to make sure our ads match your potential interests.

Google AdWords and Conversion Measurement

Based on our legitimate interests (meaning we want to analyze, optimize, and run our online offering efficiently, as per Art. 6 para. 1 lit. f GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ('Google').

Google is certified under the Privacy Shield agreement, which guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use Google's online marketing method 'AdWords' to place ads within the Google advertising network (e.g., in search results, videos, on websites, etc.). This helps us show ads to users who are likely interested in them. It allows us to display ads for and within our online offering more precisely, so we only show you ads that potentially match your interests. For example, if you see ads for products you've shown interest in on other websites, this is called 'remarketing.' For these purposes, when you visit our website or other websites where the Google advertising network is active, Google immediately runs a code, and 'remarketing tags' (invisible graphics or code, also known as 'web beacons') are embedded into the website. These help store an individual cookie (a small file) on your device (similar technologies can also be used instead of cookies). This file records which websites you've visited, what content you're interested in, and which offers you've clicked, along with technical info about your browser and operating system, referring websites, visit time, and other details about your use of the online offering.

We also get an individual 'conversion cookie.' The information collected by this cookie helps Google create conversion statistics for us. However, we only find out the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. We don't receive any information that could personally identify users.

User data is processed pseudonymously within the Google advertising network. This means Google doesn't store or process your name or email address, for example. Instead, it processes relevant cookie-related data within pseudonymized user profiles. So, from Google's perspective, ads aren't managed and displayed for a specifically identified person, but for the cookie owner, regardless of who that cookie owner is. This doesn't apply if a user has explicitly allowed Google to process data without this pseudonymization. The information collected about users is sent to Google and stored on Google's servers in the USA.

For more information on how Google uses data, and your options for settings and objections, please check Google's privacy policy (https://policies.google.com/technologies/ads) and the settings for Google ad displays (https://myadcenter.google.com/home).

Facebook Pixel, Custom Audiences, and Facebook Conversion

To help us analyze, improve, and run our website effectively (which is in our legitimate interest, as per GDPR rules), we use something called the 'Facebook Pixel.' This is from Facebook Inc. in the USA, or Facebook Ireland Ltd. if you're in the EU.

Facebook is certified under the Privacy Shield agreement, which means they promise to follow European data protection laws (https://www.privacyshield.gov/ps/participant?id=a2zt0000000GnywAAC&status=Active).

The Facebook Pixel helps Facebook figure out who visits our website so we can show them relevant ads (we call these 'Facebook Ads'). So, we use it to make sure our ads are only seen by Facebook users who've shown interest in our site or have certain characteristics (like interests in specific topics or products, based on websites they've visited) that we share with Facebook – these are called 'Custom Audiences.' We also want to make sure our Facebook Ads are actually interesting to you and not annoying. Plus, the Facebook Pixel helps us see how well our ads are working for statistics and market research, by showing us if users came to our website after clicking on a Facebook ad (this is called a 'Conversion').

Facebook handles your data according to their Data Policy. You can find general info about Facebook Ads in their Data Policy here: https://www.facebook.com/about/privacy/. For specific details on the Facebook Pixel and how it works, check Facebook's Help Center: https://www.facebook.com/business/help/742478679120153.

You can say no to the Facebook Pixel collecting your data and using it for Facebook Ads. To control what kind of ads you see on Facebook, just visit the page Facebook has set up and follow their instructions for interest-based advertising settings: https://www.facebook.com/privacy/center/?entry_point=facebook_page_footer. These settings will apply across all your devices, whether you're on a desktop or mobile.

You can also opt out of cookies used for measuring reach and advertising through the Network Advertising Initiative's opt-out page (https://optout.networkadvertising.org/), and additionally through the US website (https://optout.aboutads.info/?c=2&lang=EN) or the European website (https://www.youronlinechoices.com/uk/your-ad-choices).

Our Social Media Pages

We have pages on social networks and platforms so we can chat with our customers, interested folks, and users there, and tell them about what we offer. When you visit these networks and platforms, their own terms and conditions and data processing policies apply.

Unless our privacy policy says otherwise, we process user data when you communicate with us on social networks and platforms, like posting on our pages or sending us messages.

Using Services and Content from Other Companies

On our website, we use content or service offerings from other companies (like videos or fonts, which we'll just call "content" from now on). We do this because it helps us analyze, improve, and run our online services effectively (as per GDPR Article 6, paragraph 1f).

This always means that these other companies need to know your IP address, because they can't send the content to your browser without it. So, your IP address is needed to show you this content. We try our best to only use content from providers who only use your IP address to deliver the content. These other companies might also use something called "pixel tags" (these are invisible images, sometimes called "web beacons") for statistics or marketing. These "pixel tags" help them see things like how many people visit certain pages on our website. This anonymous information can also be stored in cookies on your device. It might include technical details about your browser and operating system, which websites you came from, how long you visited, and other info about how you use our online services. It can also be linked with information from other sources.

Vimeo

We might embed videos from the "Vimeo" platform, which is provided by Vimeo Inc. in the USA. You can find their privacy policy here: https://vimeo.com/privacy. Just so you know, Vimeo might use Google Analytics. You can check out Google's privacy policy here (https://policies.google.com/privacy), find ways to opt out of Google Analytics here (https://tools.google.com/dlpage/gaoptout?hl=de), or adjust Google's settings for data use in marketing here (https://myadcenter.google.com/home).

YouTube

We embed videos from the "YouTube" platform, which is provided by Google LLC in the USA. You can find their privacy policy here: https://policies.google.com/privacy, and opt out here: https://myadcenter.google.com/home.

Google reCAPTCHA

We use a feature to detect bots, like when you fill out online forms ("reCAPTCHA"), which is provided by Google LLC in the USA. You can find their privacy policy here: https://www.google.com/policies/privacy/, and opt out here: https://myadcenter.google.com/home.

Google Maps

We use maps from the "Google Maps" service, which is provided by Google LLC in the USA. The data processed might include things like your IP address and location data. However, this isn't collected without your permission (usually through your mobile device settings). This data might be processed in the USA. You can find their privacy policy here: https://www.google.com/policies/privacy/, and opt out here: https://myadcenter.google.com/home.

Using Facebook Social Plugins

To help us analyze, improve, and run our website effectively (which is in our legitimate interest, as per GDPR rules), we use 'Social Plugins' (or 'plugins') from Facebook.com, which is run by Facebook Ireland Ltd. These plugins can show interactive stuff like videos, pictures, or text posts, and you'll recognize them by Facebook logos (like the white 'f' on a blue square, or the words 'Like' or a 'thumbs up' sign) or by the label 'Facebook Social Plugin.' You can see a list and how these Facebook Social Plugins look here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield agreement, which means they promise to follow European data protection laws (https://www.privacyshield.gov/ps/participant?id=a2zt0000000GnywAAC&status=Active).

When you visit a part of our website that has one of these plugins, your device connects directly to Facebook's servers. Facebook then sends the plugin's content straight to your device, and it gets built into our website. This means Facebook can create user profiles from the data they process. We don't have any control over how much data Facebook collects with these plugins, so we're telling you what we know.

When these plugins are included, Facebook gets information that you've visited that specific page on our website. If you're logged into Facebook, they can link your visit to your Facebook account. If you interact with the plugins, like clicking the Like button or leaving a comment, that info goes straight from your device to Facebook and is stored there. Even if you're not a Facebook member, Facebook might still find out and store your IP address. In Germany, Facebook says they only store an anonymized IP address.

You can find out more about why and how Facebook collects, processes, and uses data, as well as your rights and options for protecting your privacy, in Facebook's Data Policy: https://www.facebook.com/about/privacy/.

If you're a Facebook member and you don't want Facebook to collect data about you from our website and link it to your Facebook account, you need to log out of Facebook and delete your cookies before using our website. You can also adjust more settings and object to data use for advertising purposes within your Facebook profile settings here: https://www.facebook.com/privacy/center/?entry_point=facebook_page_footer, or through the US website https://optout.aboutads.info/?c=2&lang=EN or the EU website https://www.youronlinechoices.com/. These settings apply to all your devices, like desktops and mobile phones.

AddThis Sharing Features

We use the "AddThis" service (1595 Spring Hill Rd Suite 300 Vienna, VA 22182, USA) on our website to let you share our content on social networks. AddThis uses your personal info to make these sharing features work. It might also use anonymous info about you for marketing. This data is saved on your computer using "cookie" files. Privacy Policy: https://www.oracle.com/, Opt-Out: https://www.oracle.com/.

Created with Datenschutz-Generator.de by lawyer Dr. Thomas Schwenke
and adapted by the agency crosseye Marketing

These cookies don't share any data with other companies.

These cookies are only set if you agree.

More info: Facebook | Google