Privacy policy according to Art. 13 DSGVO
Last updated: 11. August 2022
Call cookie settings
Thank you for your interest in the information on our website!
With the help of this privacy policy, we would like to inform the users of our website about the nature, scope and purposes of the processing of personal data. Personal data in this context is all information with which you can be personally identified as a user of our website, including your IP address and information that is stored in cookies.
In a general section in this privacy statement, we still provide you with information on data protection that generally applies to our processing of data, including data collection on our website. In particular, you as data subjects will be informed of the rights to which you are entitled.
The terms used in our Privacy Policy and our data protection practices are governed by the provisions of the EU’s General Data Protection Regulation („GDPR“) and other relevant national legal provisions.
Person responsible in the sense of the DSGVO
Steinebank e.U.
FN 537003k
Kallham 159
4720 Kallham
Austria
E: office@steinebank.at
T: +43 (0)676 609 59 30
F: +43 (0)7276 30 898 30
Data Protection Officer:
Mr. Martin Sumereder
m.sumereder@steinebank.at
Privacy Coordinator:
Mr. Martin Sumereder
m.sumereder@steinebank.at
Data collection on our website
On the one hand, personal data is collected from you if you expressly inform us of this; on the other hand, data, in particular technical data, is collected automatically when you visit our website. Part of this data is collected to ensure error-free operation of our website. Other data can be used for analysis. However, you can generally use our website without having to provide any personal information.
You can learn more about this and the technologies we use on our website here:
Technologies on our website
Cloudflare
On our website, the service Cloudflare is used as a so-called content delivery network (CDN) as well as a security service. The provider is Cloudflare Inc, 101 Townsend Street, San Francisco, California 94107, USA, („Cloudflare“).
ATTENTION! Within the scope of this service, data transfer to the USA takes place or cannot be ruled out.
A CDN is a service that helps deliver content from our website, especially large media files such as images, faster with the help of regional servers connected over the Internet. Delivering content through servers near you reduces average website load times.
Cloudflare prepares both web optimizations and security services. Cloudflare blocks threats and limits misuse of server resources and bandwidth. Our website will be much more powerful and less vulnerable to spam or other attacks thanks to Cloudflare.
Cloudflare uses cookies and processes data of the users of our website.
If you visit our website, your requests will be routed through the server of Cloudflare. Statistical access data about visits to our website are collected.
Access data includes:
– Your IP address,
– the website(s) of our Internet presence that you have accessed,
– Type and version of the Internet browser you use,
– the operating system you are using,
– the Internet page from which you have accessed our website (referrer URL),
– Your length of stay on our website and
– the frequency with which our Internet pages are called up.
This data helps Cloudflare in particular to detect new threats and to ensure a high security standard for the operation of our website.
Your data is processed to maintain the security and functionality of the CDN and to optimize our loading times. The use of cookies by Cloudflare is done for security reasons to ensure the trustworthiness of an end device and is absolutely necessary for the security function. This constitutes a legitimate interest within the meaning of Art 6 para. 1 lit. f GDPR.
Cloudflare keeps data logs only as long as necessary and this data is deleted within 24 hours in most cases. However, there is information that Cloudflare stores indefinitely as part of its permanent logs in order to improve Cloudflare’s overall performance. However, this data is not personal and is anonymized by Cloudflare. The data in question can be found at https://www.cloudflare.com/application/privacypolicy/.
For more information on the handling of data transferred to Cloudflare, please see Cloudflare’s privacy policy: https://www.cloudflare.com/security-policy (in English).
Cookies and Local Storage
We use cookies on our website to make our internet presence more user-friendly and functional. Some cookies remain stored on your terminal device.
Cookies are small data packets that are exchanged between your browser and the/our web server when you visit our website. These do not cause any harm and only serve to recognize the website visitor. Cookies can only store information supplied by your browser, i.e. information that you yourself have entered into the browser or that is present on the website. Cookies cannot execute code and cannot be used to access your terminal device.
The next time you visit our website with the same terminal device, the information stored in cookies may subsequently be sent back either to us („first-party cookie“) or to a third-party web application to which the cookie belongs („third-party cookie“). Through the stored and returned information, the respective web application recognizes that you have already called up and visited the website with the browser of your end device.
Cookies contain the following information:
- Cookie name
- Name of the server from which the cookie originally originated
- Cookie-ID-number
- A date when the cookie is automatically deleted
Depending on their purpose and function, we divide cookies into the following categories:
- Technically necessary cookies to ensure the technical operation and basic functions of our website. This type of cookie is used, for example, to maintain your settings while you navigate the website; or they can ensure that important information is retained throughout the session (e.g. login, shopping cart).
- Statistics cookies to understand how visitors interact with our website by collecting and analyzing information anonymously only. In this way, we gain valuable insights to optimize both the website and our products and services.
- Marketing cookies to set targeted advertising activities for users on our website.
- Unclassified cookies are cookies that we are currently working with individual cookie providers to classify.
Depending on the storage period, we also divide cookies into session and permanent cookies. Session cookies store information used during your current browser session. These cookies are automatically deleted when you close the browser. No information remains on your end device. Persistent cookies store information between two visits to the website. Based on this information, you will be recognized as a returning visitor on your next visit and the website will respond accordingly. The lifetime of a persistent cookie is determined by the cookie provider.
The legal basis for the use of technically necessary cookies is based on our legitimate interest in the technically flawless operation and smooth functionality of our website pursuant to Art 6 para. 1 lit. f DSGVO. Our website cannot function properly without these cookies. The use of statistics and marketing cookies requires your consent pursuant to Art 6 para. 1 lit. a DSGVO. You can withdraw your consent to the use of cookies in accordance with Art 7 para. 3 DSGVO at any time for the future. The consent is voluntary. If it is not granted, no disadvantages will arise. For more information about the cookies we actually use (in particular, their purpose and storage duration), please refer to this Privacy Policy and to the information about the cookies we use in our Cookie Banner.
You can also set your Internet browser to generally prevent cookies from being saved on your end device or to ask you each time whether you agree to cookies being set. Once cookies have been set, you can delete them at any time. You can find out how all this works in detail in the help function of your browser.
Please note that a general deactivation of cookies may lead to functional restrictions on our website.
On our website, we also use so-called local storage functions (also called „local storage“). In the process, data is stored locally in the cache of your browser, which continues to exist and can be read even after you close the browser – as long as you do not delete the cache or it is the session storage.
Third parties cannot access the data stored in the local storage. As far as special plugins or tools use the local storage functions, this is described with the respective plugin or tool.
If you do not want plugins or tools to use local storage features, then you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.
Facebook-Pixel
Purpose: Marketing
Recipient country: USA
On our website, the Facebook Pixel service of the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook“), is used for the analysis, optimization and economic operation of our online offer.
ATTENTION! Within the scope of this service, data transfer to the USA takes place or cannot be ruled out.
With the help of Facebook Pixel, it is possible for Facebook, on the one hand, to determine the visitors to our website as a target group for the display of ads (so-called „Facebook Ads“). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called „Custom Audiences“). With the help of Facebook Pixel, we also want to make sure that our Facebook Ads match the potential interest of the users and are not harassing. With the help of Facebook Pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called „conversion“).
Your actions are thereby stored in one or more cookies. These cookies allow Facebook to match your user data (such as IP address, user ID) with your Facebook account data. The collected data is anonymous and not visible to us and is only used in the context of advertisements. You can prevent the link with your Facebook account by logging out before you take any action.
The processing of your data is based on your consent within the meaning of Art 6 para. 1 lit. a DSGVO. You can revoke this consent at any time with effect for the future.
For more information about how Facebook processes personal data, including the legal bases on which Facebook relies and how data subjects can exercise their rights against Facebook, please see Facebook’s Data Policy at https://de-de.facebook.com/policy.php.
To set which types of advertisements are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions there regarding the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads
The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
General instructions on the display of Facebook ads can be found at:https://de-de.facebook.com/policy.php
Specific information and details about Facebook Pixel and how it works can be found in Facebook’s help section: https://de-de.facebook.com/business/help/651294705016616
Google Analytics
Purpose: Statistics
Recipient country: USA
On our website, we use the functions of the web analysis service Google Analytics to analyze user behavior and to optimize our website. The provider of this service is Google Ireland Limited, Barrow Street, Dublin 4, Ireland („Google“).
ATTENTION! Within the scope of this service, data transfer to the USA takes place or cannot be ruled out. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection in the case of data transfer to the USA and that there are therefore various risks (such as possible access by US intelligence services, among others).
Google Analytics uses cookies, which allows an analysis of the use of our website.
Information about the use of the website such as browser type/version, operating system used, the previously visited page, host name of the accessing computer (IP address), time of server request are usually transmitted to a Google server and stored there. We have concluded a contract with Google for this purpose.
On our behalf, Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. According to Google, the IP address transmitted by your browser is not merged with other data from Google.
We use Google Analytics only with IP anonymization enabled by adding the code „anonymizeIP“ to this website. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases is the full IP address transmitted to a Google server and shortened there.
During the website visit, the following data is collected, among others:
- the pages you have called up, your „click path
- Achievement of „website goals“ (conversions, e.g. newsletter sign-ups, downloads, purchases)
- Your user behavior (for example, clicks, dwell time, bounce rates)
- Your approximate location (region)
- Your IP address (in shortened form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- Your Internet provider
- the referrer URL (via which website / via which advertising medium you came to our website)
The data about the use of our website will be deleted immediately after the end of the retention period set by us in each case. Google Analytics gives us the following options for the retention period: 14 months, 26 months, 38 months, 50 months, do not delete automatically. You can ask us at any time for the current retention period set by us.
The processing of your data with the help of Google Analytics is based on your express consent within the meaning of Art 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future.
In addition, you can prevent the collection of data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/
For more information about Google’s use of data, settings and opt-out options, please see Google’s privacy policy at https://policies.google.com/privacy.
The data processing terms and conditions for Google products and the standard contractual clauses for data transfers to third countries can be found at https://business.safety.google/adsprocessorterms/.
Google Fonts
Purpose: External media
Recipient country: USA
Our website uses so-called web fonts provided by Google for the uniform display of fonts. Google Fonts ist ein Dienst von Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“).
ATTENTION! Within the scope of this service, data transfer to the USA takes place or cannot be ruled out.
To display web fonts from Google, the browser you are using must connect to Google’s servers. This gives Google knowledge that our website was accessed via your IP address. Also, the IP address of the browser of the end device of the visitor to our website is stored by Google. If your browser does not support web fonts, a default font is used by your terminal.
Through each Google Font request, information such as language settings, screen resolution, version, and browser name are automatically transmitted to Google servers in addition to the IP address. In any case, the usage data collected allows Google to determine the popularity of fonts. Google publishes the results on internal analysis pages (e.g. Google Analytics).
With Google Fonts, we can use fonts on our own website and do not have to upload them to our server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web, this saves data volume and is a great advantage especially when using mobile devices. When you visit us, the low file size ensures fast loading time. Furthermore, Google Fonts are secure web fonts and support all major browsers.
Google stores requests for CSS assets on its servers for one day. This allows us to use fonts with the help of a Google stylesheet. The font files are stored by Google for one year. To delete data ahead of time, you need to contact Google support ( https://support.google.com ).
Your data will only be processed with your express consent in accordance with Art 6 para. 1 lit a DSGVO.
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/
For more information about Google Fonts, please visit https://developers.google.com/fonts/faq and read Google’s privacy policy: https://policies.google.com/privacy
The data processing terms and conditions for Google products and the standard contractual clauses for data transfers to third countries can be found at https://business.safety.google/adsprocessorterms/.
Google Maps
Purpose: External media
Recipient country: USA
On our website, the Google Maps service is integrated in order to better display geographical information about locations for users. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“).
ATTENTION! Within the scope of this service, data transfer to the USA takes place or cannot be ruled out.
Google Maps is an online map service that makes geographical information more readable for you as a user via a terminal device. Among other things, directions are displayed or map sections of a location can be integrated into a website.
When you start Google Maps, your browser connects to Google’s servers. This gives Google knowledge that our website was accessed via your IP address. The use of Google Maps enables Google to collect and process data about the use of the service.
For the provision of this service, Google Maps processes, among other things, entered search terms as well as latitude and longitude coordinates in addition to your IP address. If you use the route planner function of Google Maps, the entered start address will also be saved. This data processing occurs solely through your voluntary use of Google Maps and is not within our control.
We would like to point out that when this service is executed, Google (currently) sets a setting cookie called „NID“. Google Maps does not currently offer us the option to run this service in a mode without this cookie. The NID cookie contains information about your user behavior, which Google uses to optimize its own services and to provide individual, personalized advertising for you.
Google anonymizes data in server logs by deleting a portion of the IP address and cookie information after 9 and 18 months, respectively.
Location and activity data are stored – depending on your decision – either 3 or 18 months and then deleted. You can also manually clear the history at any time via your Google account. If you want to completely prevent your location tracking, you need to turn off the „Web and App Activity“ section in your Google Account.
You can find more detailed information in Google’s privacy policy, which you can access here: https://www.google.com/policies/privacy/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/
The data processing terms and conditions for Google products and the standard contractual clauses for data transfers to third countries can be found at https://business.safety.google/adsprocessorterms/.
Google Marketing Platform / Google Ad Manager (former Doubleclick)
Purpose: Marketing
Recipient country: USA
The Google Marketing Platform / Google Ad Manager service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“) is used on our website for the purpose of analyzing, optimizing and economically operating our online offer.
ATTENTION! Within the scope of this service, data transfer to the USA takes place or cannot be ruled out.
This is done by means of a pseudonymous identification number (pID), which your browser receives and is assigned to it. Through this pID, the service can recognize which ads have already been displayed to you and which have been called. The data is used for cross-site advertising by enabling Google to identify the pages visited.
The information generated is transferred by Google to a server in the USA for evaluation and stored there. A transfer of data by Google to third parties only takes place due to legal regulations or in the context of order data processing. Under no circumstances will Google merge their data with other data collected by Google.
The processing of your data is based on your consent within the meaning of Art 6 para. 1 lit. a DSGVO. You can revoke this consent at any time with effect for the future.
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/
For more information on data use by Google, as well as on setting and objection options, please see Google’s privacy policy at https://policies.google.com/technologies/ads and the settings for the display of advertising by Google at https://adssettings.google.com/authenticated.
Data processing conditions for Google advertising products: Information on services Data processing conditions between data controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms
Google Tag Manager
Our website uses the Google Tag Manager service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“).
ATTENTION! Within the scope of this service, data transfer to the USA takes place or cannot be ruled out.
When you start Google Tag Manager, your browser connects to Google’s servers. This gives Google knowledge that our website was accessed via your IP address.
Tag Manager is a service that allows us to manage website tags through an interface. This allows us to include code snippets such as tracking codes or conversion pixels on websites without interfering with the source code. In this case, the data is only forwarded by the tag manager, but not collected or stored. The Tag Manager itself is a cookie-less domain and does not process any personal data, as it serves purely to manage other services in our online offering. The Tag Manager takes care of resolving other tags, which in turn may collect data. However, the Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain for all tracking tags implemented with Tag Manager.
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/
Further information on data protection can be found on the following Google web pages:
Privacy policy: https://policies.google.com/privacy
FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
Terms of Use Google Tag Manager: https://marketingplatform.google.com/intl/de/about/analytics/tag-manager/use-policy/
Google Ads Data Processing Terms including Standard Contractual Clauses for Third Country Transfers: https://business.safety.google/adsprocessorterms/
Hosting
As part of the hosting of our website, all data to be processed in connection with the operation of our website is stored. This is necessary to enable the operation of the website. We therefore process the data accordingly on the basis of our legitimate interest pursuant to Art 6 para. 1 lit. f DSGVO in the optimization of our website offer. To provide our online presence, we use the services of web hosting providers to whom we provide the above-mentioned data as part of order processing pursuant to Art 28 DSGVO.
Contact
When contacting us, your data will be used for processing the contact request and its handling in the context of the fulfillment of pre-contractual rights and obligations pursuant to Art. 6 para. 1 lit. b DSGVO used. The processing of your data is necessary for the handling and answering of your inquiry, otherwise we will not be able to answer your inquiry or at best only to a limited extent. The information may be used on the basis of our legitimate interest according to. Art 6 par. 1 lit. f DSGVO on direct marketing are stored in a customer and prospect database.
We will delete your inquiry and your contact data if your inquiry has been answered conclusively and the deletion does not conflict with any legal retention periods, e.g. in the context of subsequent contract processing. This is usually the case if there has been no contact with you for three years in a row.
ProvenExpert
Our website uses the plugin ProvenExpert from Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, Germany („ProvenExpert“) to conduct reviews of our services.
When you visit one of our pages equipped with a ProvenExpert plugin, a connection to the servers of ProvenExpert is established. This tells the server which of our pages you have visited.
When you perform a rating, ProvenExpert stores your email address and the associated log file as inventory data. When you perform a rating, ProvenExpert stores your email address and the associated log file as inventory data. The storage of this data is necessary to prevent misuse. Furthermore, you can also provide voluntary information (e.g. name and company), which will then also be stored by ProvenExpert.
Instead of a classic registration, you also have the option to log in with one of your user accounts from a social network. In such a case, ProvenExpert will not receive any access data to your respective profile.
The use of ProvenExpert is in our interest to continuously improve our services through concrete feedback from our customers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Insofar as you voluntarily perform evaluations and provide information, the data processing is also based on your consent pursuant to. Art 6 par. 1 lit. a DSGVO.
Further information on the handling of user data can be found in ProvenExpert’s privacy policy at: https://www.provenexpert.com/de-de/datenschutzbestimmungen/
Server-Log-Files
For technical reasons, in particular to ensure a functional and secure Internet presence, we process technically necessary data about accesses to our website in so-called server log files, which your browser automatically transmits to us.
The access data we process include:
- Name of the retrieved website
- browser type used incl. Version
- Operating system used by the visitor
- the previously visited page of the visitor (referrer URL)
- Time of the server request
- Data volume transferred
- Host name of the accessing computer (IP address used)
This data is not assigned to any natural person and is only used for statistical evaluations and for the operation and improvement of our website as well as for the security and optimization of our Internet offering. This data is only transmitted to our website hoster. This data is not linked or merged with other data sources. If there is any suspicion of illegal use of our website, we reserve the right to check this data retrospectively. The data processing is based on our legitimate interest pursuant to Art 6 para. 1 lit. f DSGVO in the technically error-free presentation and optimization of our website.
The access data is deleted shortly after the purpose has been fulfilled, usually after a few days, unless further storage is required for evidence purposes. Otherwise, the data will be retained until final resolution of an incident.
SSL encryption
For your visit to our website, we use the widespread SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser. The use of this procedure is based on our legitimate interest according to. Art 6 par. 1 lit. f GDPR on the use of appropriate encryption techniques.
In addition, we use suitable technical and organizational security measures in accordance with the German Data Protection Act. Art 32 DSGVO to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments and kept state of the art.
WebCare
In order to obtain privacy-compliant consent for the use of cookies and tools on our website, we use DataReporter WebCare’s Consent Banner. This is a service provided by DataReporter GmbH, Zeileisstraße 6, 4600 Wels, Austria („DataReporter“).
For more information about this company, visit www.datareporter.eu. The Consent Banner captures and stores the decision of each user of our website. It is guaranteed by our Consent Banner that statistical and marketing cookies are only set when the user has given his explicit consent to their use.
For this purpose, we store information on the extent to which the user has confirmed the use of cookies. The user’s decision can be revoked at any time by accessing the cookie setting and managing the consent form. Existing cookies are deleted after revocation of consent. A cookie is also set to store information about the status of the user’s consent, which is indicated in the cookie details. Furthermore, the IP address of the respective user is transmitted to DataReporter servers when this service is called up. The IP address is neither stored nor associated with any other data of the user, it is only used for the correct execution of the service. The use of the above data is therefore based on our legitimate interest in the legally compliant design of our website pursuant to Art. 6 para. 1 lit. f DSGVO.
For more information, please see DataReporter’s privacy policy at https://www.datareporter.eu/de/privacystatement.html. Please feel free to direct inquiries about this service to office@datareporter.eu.
Webshop with customer account
We process data of our customers and contractual partners, in particular their master data, communication data, payment data, contract data in the context of the execution of order transactions in our webshop. This is done for the purpose of selecting and ordering the selected products and / or services, as well as their payment and delivery or execution.
The purpose of the processing is the provision of contractual services in the context of the operation of our webshop, the billing of deliveries and services, the delivery of products and the performance of services.
The processing is carried out for the fulfillment of the contract on the basis of Art. 6 para. 1 lit. b DSGVO and furthermore according to Art 6 par. 1 lit. c DSGVO to fulfill legal retention obligations based on commercial and tax regulations. In this context, the mandatory details for the fulfillment of the contract are specially marked as such when entered in our store system or we will inform you of them personally. We transmit the data to third parties only for the provision of our services (e.g. to involved transport or other auxiliary services such as subcontractors or telecommunication services), for the processing of payment transactions (e.g. to banks, payment service providers, tax authorities or advisors) or within the scope of our legal rights and obligations, as well as within the scope of our legitimate interest in the appropriate prosecution in accordance with the German Data Protection Act. Art 6 par. 1 lit. f DSGVO vis-à-vis legal advisors, courts and authorities in case of cause. The data is only processed in third countries if this is absolutely necessary for the fulfillment of the contract (e.g. at the customer’s request for delivery or payment) and insofar as appropriate data protection guarantees exist. Any other transfer of data to third parties will only take place with your express consent in accordance with Art. 6 para. 1 lit. a DSGVO.
Users can create a user account by viewing their orders, for example. User accounts are not publicly visible. If users have terminated their user account, their data with regard to the user account will be deleted, unless their retention is required for reasons of commercial or tax law in accordance with Art. 6 para. 1 lit. c DSGVO or on the basis of our legitimate interest to enforce the law in accordance with the German Data Protection Act. Art 6 par. 1 lit. f DSGVO is necessary. It is the responsibility of the users to back up their data before the end of the contract if the contract has been terminated.
Within the scope of registration and upon renewed registration and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests according to. Art 6 par. 1 lit. f DSGVO, as well as in the legitimate interest of the users themselves to protect against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary for the prosecution of our claims or there is a legal obligation to do so in accordance with the German Data Protection Act. Art. 6 Abs. 1 lit. c DSGVO.
The deletion of the data takes place after the expiry of legal warranty and damage compensation obligations or other contractual or legal obligations. Our customers and contractual partners are informed separately in this data protection declaration about further processing of data within the scope of marketing activities.
Youtube
Purpose: External media
Recipient country: USA
On our website we use the service „YouTube“ to embed videos. Provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (“YouTube”).
ATTENTION! Within the scope of this service, data transfer to the USA takes place or cannot be ruled out.
We have activated the extended privacy mode on YouTube. According to YouTube, this mode causes YouTube not to store information about visitors to this website before they watch a video. However, the disclosure of data to YouTube partners is not excluded by the extended data protection mode.
As soon as you start a YouTube video, a connection to YouTube’s servers is established. This gives YouTube knowledge of which of our pages you have visited. If you are logged into your YouTube account, you thereby enable YouTube to assign your surfing behavior directly to your personal profile. This can be prevented by logging out of your account.
Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable technologies (e.g. device fingerprinting). YouTube also uses the local storage on your end device. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.
YouTube is used in the interest of an appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time for the future.
The applicable YouTube privacy policy can be found at: https://www.google.com/policies/privacy/, opt-out option: https://adssettings.google.com/authenticated
Zendesk
On our website, we use a customer service platform Zendesk from Zendesk Inc, 989 Market Street #300, San Francisco, CA 94102, USA („Zendesk“) to handle customer inquiries.
ATTENTION! Within the scope of this service, data transfer to the USA takes place or cannot be ruled out.
We use this service to be able to answer user inquiries quickly and efficiently and possibly also to fulfill pre-contractual obligations. Zendesk only uses your data to forward your requests to us. There is no transfer of data to third parties. To use Zendesk, you must provide at least one correct email address. The service can also be used pseudonymously. In the course of processing service requests, it may be necessary to collect further data (e.g. first name, last name, address, etc.). The data transmitted to us is used exclusively for processing your request. The data provided will be treated confidentially. After processing the respective request, the data will be stored in Zendesk for documentation purposes and kept in accordance with legal requirements.
The use of Zendesk is of course voluntary and based on your consent according to Art 6 para. 1 lit. a DSGVO. If you do not agree, we provide alternative means of contact for submitting service requests by email, phone or mail. Furthermore, your data can also be processed according to. Art 6 par. 1 lit. b DSGVO are processed for the performance of a contract or the provision of pre-contractual measures.
For more information, please see Zendesk’s privacy policy: https://www.zendesk.de/company/customers-partners/privacy-policy/. If you have any questions, you can also contact Zendesk’s Privacy Officer directly at privacy@zendesk.com.
General information on data protection
The following provisions apply in their principles not only to the collection of data on our website, but also generally to other processing of personal data.
Personal data
Personal data is information that can be assigned to you individually. Examples include, but are not limited to, your address, name, mailing address, email address or phone number. Information such as the number of users visiting a website is not personal data because it is not assigned to a person.
Rechtsgrundlagen für die Verarbeitung von personenbezogenen Daten
Unless more specific information is provided in this Privacy Policy (e.g., for the technologies used), we may process personal data from you on the basis of the following legal grounds:
- Consent according to Art. 6 para. 1 lit. a DSGVO – The data subject has given his consent to the processing of his personal data for one or more specific purposes.
- Contract fulfillment and pre-contractual measures according to Art. 6 para. 1 lit. b DSGVO – The processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures.
- Legal obligation according to Art. 6 para. 1 lit. c DSGVO – The processing is necessary for compliance with a legal obligation.
- Protection of vital interests according to Art. 6 para. 1 lit. d DSGVO – The processing is necessary to protect the vital interests of the data subject or another natural person.
- Legitimate interests according to Art. 6 para. 1 lit. f DSGVO – The processing is necessary to protect the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Please note that in addition to the provisions of the GDPR, national data protection regulations in your or our home country may apply.
Transmission of personal data
Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.
We will only share your personal information with third parties if:
- You can change your according to Art. 6 Abs. 1 lit. a DSGVO have given their express consent to this,
- the disclosure according to Art. 6 Abs. 1 lit. f DSGVO is necessary for the protection of legitimate interests and for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
- for passing on after Art. 6 Abs. 1 lit. c DSGVO a legal obligation exists, as well as this is legally permissible and / or
- it according to Art. 6 Abs. 1 lit. b DSGVO is necessary for the processing of contractual relationships with you.
Cooperation with processors
We carefully select our service providers who process personal data on our behalf. If we commission third parties with the processing of personal data on the basis of a contract processing agreement, this is done in accordance with Art. 28 DSGVO.
Transfer to third countries
If we process data in a third country or do so in the context of using third-party services or disclosing or transferring data to other persons or companies, this will only be done for the reasons outlined above for the transfer of data.
Subject to express consent or contractual necessity, we only process or have data processed in third countries with a recognized level of data protection or on the basis of special guarantees, such as contractual obligation through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection regulations in accordance with Art. 44 – 49 DSGVO.
Storage duration
Unless an explicit storage period is specified at the time of collection (e.g., as part of a declaration of consent), we are required to store data pursuant to Art. 5 Abs. 1 lit. e DSGVO obliged to delete personal data as soon as the purpose for processing has ceased to exist. In this context, we would like to point out that legal retention obligations constitute a legitimate purpose for the processing of personal data.
As a matter of principle, we store and retain data in personal form until the termination of a business relationship or until the expiry of applicable guarantee, warranty or limitation periods, and beyond that until the termination of any legal disputes in which the data are required as evidence, or in any case until the expiry of the third year after the last contact with a business partner.
Rights of data subjects
Data subjects have the right:
- pursuant to Art. 15 DSGVO, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- in accordance with Art. 16 DSGVO, to immediately demand thecorrection of incorrect or completion of your personal data stored by us;
- pursuant to Art. 17 DSGVO to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- pursuant to Art. 18 DSGVO, the restriction of processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;
- in accordance with Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
- pursuant to Art. 21 DSGVO, insofar as your personal data is processed on the basis of our legitimate interest, to object to the processing of your personal data, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
- according to Art. 7 par. 3 DSGVO revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future. Among other things, you have the option to revoke your once granted consent to the use of cookies on our website with effect for the future by accessing our cookie settings.
- in accordance with Art. 77 DSGVO to complain to a supervisory authority regarding the unlawful processing of your data by us. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
The competent supervisory authority for Steinebank e.U. is:
Austrian Data Protection Authority
Barichgasse 40-42, 1030 Wien, Österreich
Tel.: +43 1 52 152-0, dsb@dsb.gv.at
Assertion of data subject rights
You yourself decide on the use of your personal data. Therefore, if you wish to exercise any of your above rights against us, you are welcome to contact us by email at office@steinebank.at or by mail, as well as by telephone.
Please submit a copy of an official photo ID together with your request for clear identification and assist us in specifying your request by answering questions from our responsible staff regarding the processing of your personal data. Please indicate in your request in which role (employee, applicant, visitor, supplier, customer, etc.) and in which period you have been in relationship with us. This enables us to process your request in a timely manner.
Protection of personal data
The security of your personal data is of particular concern to us. We therefore meet in accordance with Art. 32 DSGVO taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects‘ rights, deletion of data, and response to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware and software, in accordance with the principle of data protection through technology design and through data protection-friendly default settings in accordance with Art. 25 of the GDPR.
We also transfer our understanding of security to the processors we use.
Actuality of this privacy policy
Due to further developments or due to changed legal requirements, it may become necessary to adapt this data protection declaration from time to time. You can access and print out the current data protection declaration at any time here on this page.
If you have any questions regarding data protection, please contact us at office@steinebank.at or at the other contact details listed in this data protection declaration.
Kallham, on August 11, 2022
About cookies
Cookies are small text files that are placed on your computer, tablet computer or smartphone when you visit a website with the help of your browser. These files do not cause any harm and only serve to recognize the website visitor. The next time you visit the website with the same terminal device, the information stored in cookies may subsequently be sent back either to the website („first party cookie“) or to another website to which the cookie belongs („third party cookie“).
You can set your browser to generally prevent cookies from being saved or to ask you each time whether you agree to cookies being set. Once cookies have been set, you can delete them at any time. You can find out how this works in the help function of your browser. An explanation for Firefox, Microsoft Internet Explorer and Google Chrome browsers can be found at this link: http://www.meine-cookies.org/cookies_verwalten/index.html.
Required
Technically necessary cookies are used to enable the technical operation of a website and to make it functionally usable for you. The use is based on our legitimate interest to offer a technically flawless website. However, you can generally disable cookie use in your browser.
Name |
Purpose |
Creator |
Storage duration |
Domain |
AWSALBCORS |
ensures the functionality and usability of the site and is used to track errors. |
1 week |
widget-mediator.zopim.com |
|
CookieConsent |
contains the information to what extent the user has confirmed the use of cookies. |
6 months |
www.steinebank.at |
|
cookieconsent_mode |
contains the information to what extent the user has confirmed the use of cookies. |
DataReporter GmbH |
12 months |
www.steinebank.at |
cookieconsent_status |
contains the information to what extent the user has confirmed the use of cookies. |
DataReporter GmbH |
12 months |
www.steinebank.at |
CookieScriptConsent |
contains the information to what extent the user has confirmed the use of cookies. |
6 months |
www.steinebank.at |
|
copol_www_steinebank_at_optout |
contains the information to what extent the user has confirmed the use of cookies. |
www.steinebank.at |
||
PHPSESSID |
counts the number of session and assigns an anonymous identifier to each visitor. |
PHP |
Session |
www.steinebank.at |
redx_csrftoken |
ensures the functionality and usability of the site and is used to track errors. |
CSRF |
Session |
www.steinebank.at |
REDX_RESPONSIVE_DESKTOP |
save settings and preferences of the user such as the current language setting. |
1 month |
www.steinebank.at |
|
REDX_RESPONSIVE_VIEWPORT |
ensures the functionality and usability of the site and is used to track errors. |
1 month |
www.steinebank.at |
|
ssm_au_c |
save settings and preferences of the user such as the current language setting. |
Session |
www.steinebank.at |
|
__cf_bm |
ensures the functionality and usability of the site and is used to track errors. |
CloudFlare |
30 minutes |
.myfonts.net |
__zlcmid |
ensures the functionality and usability of the site and is used to track errors. |
Zopim |
12 months |
www.steinebank.at |
__zlcprivacy |
counts the number of session and assigns an anonymous identifier to each visitor. |
Zopim |
www.steinebank.at |
Statistik
Statistics cookies collect information about how websites are used in order to consequently improve their attractiveness, content and functionality. A use takes place only with your consent and only as long as you have not deactivated the respective cookie.
Name |
Purpose |
Creator |
Storage duration |
Domain |
_ga |
contains information to enable the distinction of users of the site. Collects data about the user’s visits, such as which pages are relevant. |
|
2 years |
www.steinebank.at |
_gat |
contains information to enable the distinction of users of the site. Collects data about the user’s visits, such as which pages are relevant. |
|
1 minute |
www.steinebank.at |
_gid |
contains information to enable the distinction of users of the site. Collects data about the user’s visits, such as which pages are relevant. |
|
1 day |
www.steinebank.at |
Marketing
Marketing cookies come from external advertising companies and are used to collect information about the websites visited by the user. A use takes place only with your consent and only as long as you have not deactivated the respective cookie.
Name |
Purpose |
Creator |
Storage duration |
Domain |
NID |
registers a unique ID that identifies and recognizes the user. Used for targeted advertising. |
|
6 months |
www.google.com |
_dc_gtm_UA-352682-1 |
registers a unique ID that identifies and recognizes the user. Used for targeted advertising. |
|
1 minute |
www.steinebank.at |
_gcl_au |
registers a unique ID that identifies and recognizes the user. Used for targeted advertising. |