Information in accordance with §5 of the E-Commerce Act, §14 of the Unternehmensgesetzbuch, §63 of the Commercial Code and disclosure requirements under §25 of the Media Act.
Unfortunately, these subjects sound rather technical due to their nature, but we have put much effort into describing the most important things as simply and clearly as possible.
Automatic Data Retention
Every time you visit a website nowadays, certain information is automatically created and saved, just as it happens on this website.
Whenever you visit our website such as you are doing right now, our webserver (computer on which this website is saved/stored) automatically saves data such as
- the address (URL) of the accessed website
- browser and browser version
- the used operating system
- the address (URL) of the previously visited site (referrer URL)
- the host name and the IP-address of the device the website is accessed from
- date and time
in files (webserver-logfiles).
Generally, webserver-logfiles stay saved for two weeks and then get deleted automatically. We do not pass this information to others, but we cannot exclude the possibility that this data will be looked at in case of illegal conduct.
Our website uses HTTP-cookies to store user-specific data.
What exactly are cookies?
Every time you surf the internet, you use a browser. Common browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.
Cookies save certain parts of your user data, such as e.g. language or personal page settings. When you re-open our website, your browser submits these “user specific” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers every cookie has its own file, in others such as Firefox, all cookies are stored in one single file.
There are both first-party cookies and third-party coookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites (e.g. Google Analytics). Every cookie is individual, since every cookie stores different data. The expiration time of a cookie also varies – it can be a few minutes, or up to a few years. Cookies are no software-programs and contain no computer viruses, trojans or any other malware. Cookies also cannot access your PC’s information.
This is an example of how cookie-files can look:
purpose: differentiation between website visitors
expiration date: after 2 years
A browser should support these minimum sizes:
- at least 4096 bytes per cookie
- at least 50 cookies per domain
- at least 3000 cookies in total
Which types of cookies are there?
There are 4 different types of cookies:
These cookies are necessary to ensure the basic function of a website. They are needed when a user for example puts a product into their shopping cart, then continues surfing on different websites and comes back later in order to proceed to the checkout. Even when the user closed their window priorly, these cookies ensure that the shopping cart does not get deleted.
These cookies collect info about the user behaviour and record if the user potentially receives any error messages. Furthermore, these cookies record the website’s loading time as well as its behaviour within different browsers.
These cookies care for an improved user-friendliness. Thus, information such as previously entered locations, fonts or data in forms stay saved.
These cookies are also known as targeting-Cookies. They serve the purpose of delivering individually adapted advertisements to the user. This can be very practical, but also rather annoying.
Upon your first visit to a website you are usually asked which of these cookie-types you want to accept. Furthermore, this decision will of course also be saved in a cookie.
How can I delete cookies?
If you want change or delete cookie-settings and would like to determine which cookies have been saved to your browser, you can find this info in your browser-settings:
If you generally do not want to allow any cookies at all, you can set up your browser in a way, to notify you whenever a potential cookie is about to be set. This gives you the opportunity to manually decide to either permit or deny the placement of every single cookie. The settings for this differ from browser to browser. Therefore, it might be best for you to search for the instructions in Google. If you are using Chrome, you could for example put the search phrase “delete cookies Chrome” or “deactivate cookies Chrome” into Google.
How is my data protected?
If you want to learn more about cookies and do not mind technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Rights in accordance with the General Data Protection Regulation
- right to rectification (article 16 GDPR)
- right to erasure (“right to be forgotten“) (article 17 GDPR)
- right to restrict processing (article 18 GDPR)
- righ to notification – notification obligation regarding rectification or erasure of personal data or restriction of processing (article 19 GDPR)
- right to data portability (article 20 GDPR)
- Right to object (article 21 GDPR)
- right not to be subject to a decision based solely on automated processing – including profiling – (article 22 GDPR)
If you think that the processing of your data violates the data protection law, or that your data protection rights have been infringed in any other way, you can lodge a complaint with your respective regulatory authority. For Austria this is the data protection authority, whose website you can access at https://www.data-protection-authority.gv.at/.
TLS encryption with https
We use https to transfer information on the internet in a tap-proof manner (data protection through technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information. You can recognise the use of this safeguarding tool by the little lock-symbol, which is situated in your browser’s top left corner, as well as by the use of the letters https (instead of http) as a part of our web address.
On our website we use Google Fonts, from the company Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).
To use Google Fonts, you must log in and set up a password. Furthermore, no cookies will be saved in your browser. The data (CSS, Fonts) will be requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, all requests for CSS and fonts are fully separated from any other Google services. If you have a Google account, you do not need to worry that your Google account details are transmitted to Google while you use Google Fonts. Google records the use of CSS (Cascading Style Sheets) as well as the utilised fonts and stores these data securely. We will have a detailed look at how exactly the data storage works.
What are Google Fonts?
Google Fonts (previously Google Web Fonts) is a list of over 800 fonts which href=”https://en.wikipedia.org/wiki/Google?tid=121551376”>Google LLC provides its users for free.
Many of these fonts have been published under the SIL Open Font License license, while others have been published under the Apache license. Both are free software licenses.
Why do we use Google Fonts on our website?
With Google Fonts we can use different fonts on our website and do not have to upload them to our own server. Google Fonts is an important element which helps to keep the quality of our website high. All Google fonts are automatically optimised for the web, which saves data volume and is an advantage especially for the use of mobile terminal devices. When you use our website, the low data size provides fast loading times. Moreover, Google Fonts are secure Web Fonts. Various image synthesis systems (rendering) can lead to errors in different browsers, operating systems and mobile terminal devices. These errors could optically distort parts of texts or entire websites. Due to the fast Content Delivery Network (CDN) there are no cross-platform issues with Google Fonts. All common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) are supported by Google Fonts, and it reliably operates on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We also use Google Fonts for presenting our entire online service as pleasantly and as uniformly as possible.
Which data is saved by Google?
Whenever you visit our website, the fonts are reloaded by a Google server. Through this external cue, data gets transferred to Google’s servers. Therefore, this makes Google recognise that you (or your IP-address) is visiting our website. The Google Fonts API was developed to reduce the usage, storage and gathering of end user data to the minimum needed for the proper depiction of fonts. What is more, API stands for „Application Programming Interface“ and works as a software data intermediary.
Google Fonts stores CSS and font requests safely with Google, and therefore it is protected. Using its collected usage figures, Google can determine how popular the individual fonts are. Google publishes the results on internal analysis pages, such as Google Analytics. Moreover, Google also utilises data of ist own web crawler, in order to determine which websites are using Google fonts. This data is published in Google Fonts’ BigQuery database. Enterpreneurs and developers use Google’s webservice BigQuery to be able to inspect and move big volumes of data.
One more thing that should be considered, is that every request for Google Fonts automatically transmits information such as language preferences, IP address, browser version, as well as the browser’s screen resolution and name to Google’s servers. It cannot be clearly identified if this data is saved, as Google has not directly declared it.
How long and where is the data stored?
Google saves requests for CSS assets for one day in a tag on their servers, which are primarily located outside of the EU. This makes it possible for us to use the fonts by means of a Google stylesheet. With the help of a stylesheet, e.g. designs or fonts of a website can get changed swiftly and easily.
Any font related data is stored with Google for one year. This is because Google’s aim is to fundamentally boost websites’ loading times. With millions of websites referring to the same fonts, they are buffered after the first visit and instantly reappear on any other websites that are visited thereafter. Sometimes Google updates font files to either reduce the data sizes, increase the language coverage or to improve the design.
How can I delete my data or prevent it being stored?
The data Google stores for either a day or a year cannot be deleted easily. Upon opening the page this data is automatically transmitted to Google. In order to clear the data ahead of time, you have to contact Google’s support at https://support.google.com/?hl=en-GB&tid=121551376. The only way for you to prevent the retention of your data is by not visiting our website.
Unlike other web fonts, Google offers us unrestricted access to all its fonts. Thus, we have a vast sea of font types at our disposal, which helps us to get the most out of our website. You can find out more answers and information on Google Fonts at https://developers.google.com/fonts/faq?tid=121551376. While Google does address relevant elements on data protection at this link, it does not contain any detailed information on data retention.
It proofs rather difficult to receive any precise information on stored data by Google.
On https://policies.google.com/privacy?hl=en-GB you can read more about what data is generally collected by Google and what this data is used for.