Privacy
Introduction and overview
Thank you for your interest in our company. The safety of your data within our systems is of the utmost importance to us. Our aim is to manage your personal data with the utmost of care and to employ all necessary technical and organisational security measures to protect your data from abuse and loss.
Below, we inform you of which personal data we process or will process as the controller and have or will have processed by subcontracted processors (e.g. providers), and what rights you have regarding our processing of your data in accordance with the General Data Protection Regulation (EU) 2016/679 and applicable national law.
Scope of application
This privacy policy applies to all personal data processed by us in the company and to all personal data processed by companies subcontracted by us (data processors). In accordance with article 4 number 1 of the GDPR, personal data encompasses information such as a person’s name, email address and postal address. The scope of application for this privacy policy encompasses the following channels:
- Our website, www.liechtensteincollections.at
- Our social media presence and email communication
- Mobile apps for smartphones and other devices
If we enter into legal relationships with you outside these channels, we will inform you separately.
Legal basis
Personal data is processed based on the EU ORDINANCE 2016/679 OF THE EUROPEAN PARLIAMENT AND EUROPEAN COUNCIL from the 27th of April 2016. This EU General Data Protection Regulation can be viewed on EU-Lex, which grants access to EU law, here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.
We only process your data when at least one of the following conditions applies:
- Consent (article 6 paragraph 1 a of the GDPR): You grant us your consent to process data for a specific purpose. One example would be to store the data provided by you in a contact form.
- Contract (article 6 paragraph 1 b of the GDPR): We process your data to complete or fulfil a contract with you or any precontractual obligations. If we enter into a purchase contract with you, for example, we require certain personal information in advance.
- Legal obligation (article 6 paragraph 1 c of the GDPR): When we process your data because we are subject to a legal obligation. For example, we are legally obliged to keep invoices for bookkeeping purposes. These generally contain personal information.
- Legitimate interests (article 6 paragraph 1 f of the GDPR): In the case of legitimate interests that do not restrict your basic rights, we reserve the right to process personal data. We must process certain data to be able to operate our website securely, economically and efficiently.
In addition to the EU act, national laws also apply:
- In Austria, this is the Federal Law to Protect Natural Entities in the Processing of Personal Data (Data Protection Act or DSG).
- In Germany, the Federal Data Protection Act, or BDSG, applies.
Insofar as additional regional or national laws apply, we will inform you in the sections below.
Name and address of the controller
Party responsible for processing personal data:
Fürstliche Sammlungen Art Service GmbH
Address: Fürstengasse 1, 1090 Vienna
Tel: +43 1 319 13 91–0
Email: [email protected]
Legal notice: link
Duration of storage
We only store personal data for as long as absolutely necessary for the provision of our services and products. As soon as the grounds for data processing no longer exist, the personal data will be deleted. In some cases, we are legally obliged to store certain data after the original purpose no longer applies, e.g. for accounting purposes.
If you want your data to be deleted, or if you revoke your consent for data processing, the data will be deleted as quickly as possible as long as there is no storage obligation.
You can find out more about the durations of storage that apply to individual tools and services under the relevant section of this privacy policy.
Security of data processing
In order to protect personal data, we have taken technical and organisational measures for the security of your data in accordance with article 25 of the GDPR, ‘Data Protection by Design and by Default’.
Where possible, we use encryption (coding messages so that only those with rights can read them) and pseudonymisation (replacing personal information with artificial IDs) when handling personal data. This makes it as difficult as possible for third parties to access personal information from the data.
Data transfer to third countries
We only transfer or process data in countries outside the EU (third countries) if you consent to this processing, if required by law or if contractually necessary, and only if generally permitted. In most cases, your consent is the grounds upon which we have your data processed in third countries. If personal data is processed in third countries such as the USA, where many software manufacturers offer their services and base their servers, this may mean that personal data is processed and stored in unexpected ways.
We would like to expressly inform you that the European Court of Justice currently deems the level of protection for data transfer into the USA insufficient. Data processing by US services (such as Google Analytics) can lead to data being processed and stored without anonymisation. Furthermore, the US authorities may access individual data. Collected data may also be linked to data from other services provided by the same company if you have a user account. Where possible, we try to use servers within the EU if this option is available.
We will inform you regarding data transfer to third countries in the relevant sections of this privacy policy.
TLS encryption with https
We use https to securely transfer data online (data protection by design, article 25 paragraph 1 of the GDPR). By using TLS (transport layer security), an encryption protocol to securely transfer data online, we can ensure the protection of confidential data. You can identify when this security measure is being used to transfer data by the small lock symbol at the top left of your browser and the use of ‘https’ (rather than ‘http’) as part of our URL.
Rights according to the General Data Protection Regulation
In accordance with article 13 of the GDPR, you have the following rights as a data subject:
- According to article 15 of the GDPR, you have the right to be informed as to whether we are processing your data. If this applies, you have the right to receive a copy of the data and be provided with the following information:
- For what purpose we are processing the data
- What categories of data are being processed
- Who is receiving this data and, if the data is being transferred to third countries, how security can be guaranteed
- How long the data will be stored for
- The existence of a right to correction, deletion or restriction of processing and your right to object to processing
- That you can complain to a supervisory authority
- The origin of the data if it was not collected from you directly
- Whether profiling is carried out, whether the data is evaluated automatically to produce a personal profile for you.
- According to article 16 of the GDPR, you have the right to correct your data. If you inform us of any errors in your data, we will carry out corrections.
- Article 17 of the GDPR states that you have the right to deletion (‘right to be forgotten’). If you decide to exercise this right, we will delete your data.
- In accordance with article 18 of the GDPR, you have the right to the restriction of processing. We may store your data but no longer use it.
- Article 19 of the GDPR states that you have the right of data portability. If you wish, we will provide you with your data in a standard format.
- In accordance with article 21 of the GDPR, you have the right to object. When exercised, this changes the processing.
- If your data is being processed based on article 6 paragraph 1 e (public interest, exercising official authority) or article 6 paragraph 1 f (legitimate interest), you can object to the processing. We will then review as quickly as possible whether we can legally comply with this objection.
- If data is being used to carry out direct marketing, you can object to this type of data processing at any time. We are then no longer permitted to use your data for direct marketing.
- If data is being used to carry out profiling, you can object to this type of data processing at any time. We are then no longer permitted to use your data for profiling.
- In accordance with article 22 of the GDPR, you have the right to not be subjected to a decision based solely on automated processing (such as profiling) in some circumstances.
If you believe that the processing of your data violates data protection law or your data protection rights are being otherwise infringed upon, you are free to lodge a complaint with the responsible supervisory authority. For Austria, this is the Data Protection Authority, which can be reached at https://www.dsb.gv.at/. In Germany, there is a data protection agent for each federal state. For more information, you can contact the Federal Commissioner for Data Protection (BfDI). The following local data protection authority is responsible for our company:
Austrian Data Protection Authority
Head: Dr Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Tel: +43 1 52 152-0
Email: [email protected]
Website: https://www.dsb.gv.at/
Communication
Summary
Data subject: Anyone that communicates with us via telephone, email or online form.
Processed data: e.g. telephone number, name, email address, data entered into forms. You can find more details with the relevant contact method
Purpose: Communicating with clients, business partners etc.
Duration of storage: Duration of business case and statutory regulations
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 b of the GDPR (contract), article 6 paragraph 1 f of the GDPR (legitimate interest)
If you contact us and communicate via telephone, email or online form, your personal data may be processed.
The data is processed for the completion and processing of your requests and related business transactions. This data is deleted as soon as the business case has ended or as soon as required by legal requirements.
Data subjects
The processes mentioned affect everyone that uses the communication methods provided by us to contact us.
Telephone
If you call us, the call data is stored on the end device and by the telecommunication provider under a pseudonym. Furthermore, data such as your name and telephone number may also be sent via email and stored in order to respond to your request. This data is deleted as soon as the business case has expired or as soon as required by legal requirements.
If you communicate with us via email, data will be stored on the relevant end device (computer, laptop, smartphone...) and data will be saved to the email server. This data is deleted as soon as the business case has expired or as soon as required by legal requirements.
Online forms
When you communicate with us via an online form, data will be stored on our web server and forwarded to an email address within our company. This data is deleted as soon as the business case has expired or as soon as required by legal requirements.
Legal basis
The data is processed on the following legal basis:
- Article 6 paragraph 1 a of the GDPR (consent): You grant us your consent to store your data and use it for purposes relating to the business case
- Article 6 paragraph 1 b of the GDPR (contract): It is necessary to complete a contract with you or a processor, e.g. the telephone provider, or we have to process the data for precontractual purposes, e.g. preparing a quote
- Article 6 paragraph 1 f of the GDPR (legitimate interest): We want to process customer requests and business communication in a professional manner. Certain technical features, such as an email programme, exchange server and mobile phone operator, are required in order to efficiently communicate.
MailChimp
Summary
Data subject: Newsletter subscribers
Purpose: Direct marketing via email, notifications regarding system-relevant events
Processed data: Data entered upon registration (at least an email address).
Duration of storage: Duration of the subscription
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest)
What is MailChimp?
We use services provided by the newsletter company MailChimp on this website. MailChimp is operated by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. Thanks to MailChimp, we can very easily inform you of the latest news via a newsletter. Below, we cover this email marketing service in more detail, and inform you of the most important aspects relevant to data protection.
MailChimp is a cloud-based newsletter management service. ‘Cloud-based’ means that we do not have to install MailChimp on our computers or servers. Instead, we use the service via IT infrastructure available on an external server via the internet. This method of software use is also called SaaS (software as a service).
MailChimp lets us select from a broad range of various email types. Regardless of what we want to achieve with our newsletter, we can carry out individual campaigns, regular campaigns, auto responders (automatic emails), A/B tests, RSS campaigns (sending at predefined times and at predefined frequencies) and follow-up campaigns.
Why do we use MailChimp on our website?
We use newsletters to stay in contact with you and keep you up to date with news about our company and our services. We are always looking for the simplest and best solutions for these marketing measures. That’s why we chose MailChimp’s newsletter management service. Although the software is very easy to use, it offers a large range of helpful features. We can design interesting and appealing newsletters very quickly. The design templates available let us design each newsletter uniquely, and ‘responsive design’ means that our content is also perfectly displayed on your smartphone (or other mobile end device).
Tools such as A/B testing and comprehensive analysis options let us quickly see how our newsletter has been received by you. This lets us react, and improve our services.
Another benefit is MailChimp’s cloud system. Data is not stored or processed directly on our server.
What data is saved by MailChimp?
The Rocket Science Group LLC (MailChimp) operates online platforms that let us contact you with our newsletters. If you subscribe to our newsletter via our website, you confirm your membership to a MailChimp email list via email. So that MailChimp can prove that you have added yourself to the ‘list provider’, the date of entry and your IP address will be saved. Furthermore, MailChimp also saves your email address, name, physical address and demographic information such as language and location.
This information is used to send you emails and to facilitate other MailChimp functions (such as evaluating the newsletter).
MailChimp also shares information with third parties in order to provide better services. MailChimp shares some data with advertising partners of third parties in order to better understand customers’ interests and concerns so that more relevant content and more targeted marketing can be provided.
‘Web beacons’ (these are small graphics in HTML emails) let MailChimp establish whether the email has been received and/or opened, and whether links have been clicked. All of this information is saved to MailChimp servers. This gives us statistic evaluations so we can see how well our newsletter was received by you. This means we can better improve our services and adapt them to meet your needs.
MailChimp may also use this data to improve its own services. This allows, for example, the sending of emails to be technically optimised or tailored to the recipient’s location (country).
The following cookies may be used by MailChimp. This is not a complete list of cookies, just a selection intended to serve as an example:
Name: AVESTA_ENVIRONMENT
Value: Prod
Purpose: This cookie is necessary to make Mailchimp services available. It is always used when a user has registered for a newsletter mailing list.
Expiration: After the session ends
Name: ak_bmsc
Value: F1766FA98C9BB9DE4A39F7
0A9E5EEAB55F6517348A70000011
11870406-3
Purpose: This cookie is used to differentiate between human users and bots. This allows secure reports about website use to be created.
Expiration: After 2 hours
Name: bm_sv
Value: A5A322305B4401C2451FC
22FFF547486~FEsKGvX8eov
CwTeFTzb8//I3ak2Au…
Purpose: This cookie is from MasterPass Digital Wallet (a MasterCard service) and is used to securely and easily offer a visitor the option of a virtual payment process. The user is identified on the website anonymously.
Expiration: After 2 hours
Name: _abck
Value: 8D545C8CCA4C3A505
79014C449B045111870406-9
Expiration: After 1 year
Sometimes, you may open our newsletter using the link provided in order to gain a better view. This may be because your email programme is not working or the newsletter is not being displayed properly. The newsletter is then displayed via a MailChimp website. MailChimp also uses cookies on its own websites. This means that personal data may be processed by MailChimp and its partners (e.g. Google Analytics). This data collection is the responsibility of MailChimp, and we have no influence over this. You can find out exactly how and why the company uses cookies in MailChimp’s ‘cookie statement’ (https://mailchimp.com/legal/cookies/).
Where and for how long will the data be stored?
In principle, the data will be stored on MailChimp’s servers indefinitely, and only deleted when requested by you. You can have your contact deleted by us. This permanently removes all of your personal data for us, and anonymises it in MailChimp reports. You can also request the deletion of your data directly through MailChimp. This would mean all of your data there would be removed, and we would receive a notification from MailChimp. Once we have received your email, we have 30 days to delete your contact from all connected integrations.
As MailChimp is an American company, all data collected is also stored on American servers.
How can I delete my data and/or prevent data storage?
You can revoke your consent to receive our newsletter in future by clicking on the link at the bottom of a newsletter at any time. If you click on the unsubscribe link to unsubscribe, your data will be deleted at MailChimp.
If you use a link in our newsletter to access a MailChimp website and cookies are set to your browser, you can delete or deactivate these cookies at any time. You can find information about deactivating, deleting and managing cookies in general in the cookies section of this privacy policy.
Legal basis
Our newsletter is sent through MailChimp based on your consent (article 6, paragraph 1 a of the GDPR). This means we can only send you a newsletter if you have actively registered for this. If consent is not necessary, then the newsletter is sent based on a legitimate interest in direct marketing (article 6 paragraph 1 f) insofar as this is legally permissible. We log your registration process so that we can always prove that this complies with our laws.
MailChimp also processes your data abroad, including in the USA. We would like to inform you that the European Court of Justice currently deems the level of protection for data transfer into the USA insufficient. This may entail various risks regarding the lawfulness and security of data processing.
MailChimp uses standard contractual clauses as the basis for data processing when recipients are based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and especially the USA) or data forwarding to these areas (article 46 paragraphs 2 and 3 of the GDPR). Standard contractual clauses (SCC) are templates provided by the EU Commission and ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, MailChimp obligates itself to uphold the European level of data protection when processing your relevant data, even if this data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and related standard contractual clauses here.
You can find the MailChimp Data Processing Addendum, which complies to standard contractual clauses, here: https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.
You can find out more about the use of cookies by MailChimp here: https://mailchimp.com/legal/cookies/. Information about privacy at MailChimp can be found here: https://mailchimp.com/legal/privacy/.
MailChimp’s data processing contract
We have entered into a contract regarding data processing (Data Processing Addendum) with MailChimp. This contract serves to secure your personal data and ensure that MailChimp upholds the applicable data protection regulations and does not pass your personal data on to third parties.
You can find more information about this contract here: https://mailchimp.com/legal/data-processing-addendum/.
Web hosting
Summary
Data subject: Website visitors
Purpose: Professional website hosting and ensuring operation
Processed data: IP address, time of website visit, browser used and more data
Duration of storage: Depends on individual provider, generally 2 weeks
Legal basis: Article 6 paragraph 1 f of the GDPR (legitimate interest)
What is web hosting?
Each time you visit a website like this, certain information - including personal data - is automatically generated and stored.
If you want to view a website on your end device screen (e.g. PC, laptop, tablet, smartphone), you use a programme known as a web browser. Examples of browsers include Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari.
The web browser must connect to another computer, on which the website code is stored: the web server. Operating a web server is a complicated and expensive task, which is generally taken on by professional providers. They offer web hosting, and ensure that the website’s data is reliably stored without error.
When the browser on your end device makes a connection and while data is being transferred to and from a web server, personal data may be processed. Your computer saves data, but the web server must also save data to guarantee proper operation.
Why do we process personal data?
Purposes of data processing include:
- Professional website hosting and ensuring operation
- Upholding operational and IT security
- Anonymous evaluation of access behaviour to improve our services and, if applicable, to pursue criminal investigations or claims
What data is processed?
When you access a website, the web hosting provider automatically logs data such as
- The full URL of the accessed website (e.g. link)
- Type of end device used
- Browser and browser version (e.g. Chrome 95)
- Operating system used (e.g. Windows 11)
- The URL of the page you visited before (referrer URL) (e.g. link)
- The host name and IP address of the accessing device (e.g. COMPUTERNAME and 194.23.43.121)
- Date and time
- in files known as web server log files.
How long will the data be stored for?
This data is generally stored for two weeks before being automatically deleted. We do not pass this information on without permission, but cannot rule out that this data may be viewed by the authorities in the case of unlawful conduct.
Legal basis
The use of professional hosting services offered by a provider is necessary to securely present the company online in a user-friendly manner, and in order to pursue any attacks or resulting claims. This is our legitimate interest in the sense of article 6 paragraph 1 f of the GDPR.
There is a contract regarding data processing between us and the hosting provider in compliance with article 28 f of the GDPR, which guarantees data protection and data security.
Hosting provider
Service: internex.at – Business Class Hosting
Provider: internex GmbH, Lagerstrasse 15, 3950 Gmünd
Cookies
Summary
Data subject: Website visitors
Purpose: Depends on the individual cookie. You can find more details below or from the manufacturer of the software being used to set the cookie.
Processed data: Depends on the individual cookie. You can find more details below or from the manufacturer of the software being used to set the cookie.
Duration of storage: Depends on the individual cookie, can vary from hours to years
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest)
What are cookies?
Our website uses HTTP cookies to save user-specific data.
Below, we explain what cookies are and why they are used.
Whenever you use the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites save small text files to your browser. These files are called cookies.
Almost all websites use HTTP cookies. These cookie files are automatically saved to the cookie folder. A cookie consists of a name and a value. When defining a cookie, one or more attributes must be entered.
For our website, user data such as language or personal page settings are stored in the cookies. If you revisit our site, the browser informs our page of this. Thanks to the cookies, the website knows who you are and offers you the settings you are accustomed to. In some browsers, each cookie has its own file. In others, such as Firefox, all cookies are stored in one single file.
There is a difference between first party cookies and third party cookies. First party cookies are generated from our website, while third party cookies are set by partner websites (e.g. Google Analytics). Each cookie should be evaluated individually, as each cookie stores different data. The expiration date for a cookie can vary from a couple of minutes to a couple of years. Cookies are not software programmes and do not contain viruses, Trojans or other malware. Cookies cannot access information on your computer.
Cookie data may look as follows:
Name: _ga
Value: GA1.2.1326744211.152111870406-9
Purpose: Differentiating between website visitors
Expiration: After 2 years
What types of cookies are used?
What cookies we use depends on the services used. First of all, we’d like to briefly cover the different types of HTTP cookies. The International Chamber of Commerce (ICC) differentiates between four cookie categories:
Essential cookies
These cookies are required to ensure basic website functions. For example, these cookies are needed to allow a user to place an item in their shopping basket then carry on visiting other pages before completing checkout. These cookies mean that the shopping basket is not deleted, even if the user closes the browser window.
Functional cookies
These cookies collect data about user behaviour and whether the user is shown any error notifications. These cookies are also used to measure the website’s loading time and performance in various browsers.
Performance cookies
These cookies serve to provide a better user experience. For example, these save entered location data, font sizes or form data.
Advertising cookies
These cookies are also called targeting cookies. They serve to provide the user with individually tailored advertising.
Usually, you are asked upon your first visit to a website which of these cookie types you wish to allow. This decision is also stored in a cookie.
You can find more technical information about cookies on the ‘HTTP State Management Mechanism for the Request for Comments for the Internet Engineering Task Force’ (IETF) page at https://tools.ietf.org/html/rfc6265.
Purpose of data processing via cookies
The purpose of processing depends on the relevant cookie. You can find details regarding the purpose of data processing via the cookies used on this website below.
What data is processed?
What data is processed and/or stored depends on the individual cookie. You will find details on the data processed and/or stored by the individual cookies used on this website below.
Duration of storage for cookies
The duration of storage depends on the individual cookie. Some cookies store data for just a couple of minutes or until you leave the website, while other cookies can remain stored on a computer for several years. Below, you will find details regarding the duration of storage for the cookies used on this website.
You can also manually delete all cookies at any time using your browser (see also ‘right to object’). Cookies based on consent will be deleted after your consent has been revoked at the latest, whereby the legality of any storage up until that point shall remain unaffected.
Right to object - how can I delete cookies?
You can decide whether and how cookies are used. Depending on which service or which website the cookies are form, you have the option to delete, deactivate or only partially permit cookies. For example, you can block third party cookies but allow all other cookies.
You can find information about the cookies saved to your browser and how to change your cookie settings or delete cookies in your browser settings:
Chrome: Deleting, activating and managing cookies in Chrome
Safari: Managing cookies and website data with Safari
Firefox: Deleting cookies to remove data stored on your computer by websites
Internet Explorer: Deleting and managing cookies
Microsoft Edge: Deleting and managing cookies
If you do not want data to be stored in cookies, you can set up your browser to inform you each time a cookie is set and only allow this on a case-by-base basis. You can delete cookies already stored on your computer or deactivate cookies at any time. The process varies depending on the browser, so it’s best to Google the instructions by using search terms such as ‘delete cookies’ or ‘deactivate cookies’ together with the name of your browser, e.g. Chrome, Edge, Firefox, Safari.
Legal basis
The 2009 amendment to ‘Data Protection Guidelines for Electronic Communication’ (known as the cookie guideline, 2009/136/EG) states that cookies may only be stored based on consent (article 6 paragraph 1 a of the GDPR). For Austria, the guideline is implemented in section 165 paragraph 3 of the applicable version of the Telecommunication Act from 2021.
In the case of essential cookies and insofar as there is no consent, legitimate interests apply (article 6 paragraph 1 f of the GDPR) that are usually economic in nature. We want to ensure that visitors to our website have a pleasant user experience, and certain cookies are often necessary to this end.
Insofar as non-essential cookies are used, this takes place only with your consent. The legal basis is therefore article 6 paragraph 1 a of the GDPR.
Below, you will find more details regarding the cookies used on this website.
Cookie consent management
Summary
Data subject: Website visitors
Purpose: Collecting and managing consent for certain cookies and the use of certain tools
Processed data: Data to manage preferred cookie settings such as IP address, time of consent, type of consent, individual consents. You can find more details accompanying the relevant tool.
Duration of storage: Data remains in storage as long as it is still required for the relevant purpose.
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest)
What is a cookie consent management platform?
On this website, we use a consent management platform (CMP) software programme that makes it easier for us and you to correctly and securely deal with any scripts and cookies used. The software scans and checks all scripts and cookies, and automatically creates a cookie pop-up that lets you as the user select which cookies you wish to expressly consent to.
You decide yourself whether and which scripts and cookies you allow or don’t allow before your data is collected.
Why do we use a cookie management tool?
As the operator of this website, we are legally obliged to obtain your express consent regarding the use of cookies. The cookie management tool regularly and automatically scans all areas of our website and summarises all information about the scripts and cookies found that you need for your consent in compliance with the regulations of the GDPR. You can accept or reject cookies using the consent system.
What data is processed?
The cookie management tool can be used to manage the individual cookies used on this website yourself, so you have the best possible control over the processing and storage of your data. Your granted consent will be stored so you no longer have to answer the question each time you visit our website, and we can also provide evidence of your consent if legally required. This will either be stored on an opt-in cookie or on a server. Depending on the provider of the cookie management tool, the duration of storage for your cookie consent may vary. Generally, this data (such as pseudonymised user ID, time of consent, details regarding cookie categories or tools, browser, device information) is stored for up to two years.
Duration of data processing
In general, we only process personal data for as long as absolutely necessary for the provision of our services and products. Data stored in cookies may be stored for varying lengths of time. Some cookies are deleted when you leave the website, while others can remain on your browser for years. The precise duration of data processing depends on the tool used. You can find out more about the durations of storage that apply to individual tools and services under the relevant section of this privacy policy.
Right to withdraw
You have the right and possibility to withdraw your consent regarding the use of cookies at any time. This is either done via our cookie management tool or other opt-out functions. For example, you can prevent data collection by cookies by managing, deactivating or deleting cookies in your browser.
You can find information regarding special cookie management tools in the following sections.
Legal basis
If you consent to cookies, your personal data will be processed and stored via these cookies. If we are permitted to use cookies based on your consent (article 6 paragraph 1 a of the GDPR), this consent is also the legal basis for the use of cookies and/or processing of your data. A cookie consent management platform software programme is used in order to manage cookie consent and to facilitate your consent. The use of this software allows us to operate the website in the most efficient way and comply with the law. This is our legitimate interest in the sense of article 6 paragraph 1 f of the GDPR. We only use cookie management tools insofar as you have granted your consent.
Consent Manager
Summary
Data subject: Website visitors
Purpose: Collecting and managing consent for certain cookies and the use of certain tools
Processed data: Data to manage preferred cookie settings such as IP address, browser type, time of consent, type of consent, individual consents
Duration of storage: As long as your user settings are active, a new request will appear after two years
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest)
What is Consent Manager?
We use ‘Consent Manager’ on this website. This is a cookie banner solution provided by consentmanager AB, Sweden (Håltgelvågen 1b, 72348 Västerås, Sweden, [email protected]) in order to obtain your consent for data processing and/or the use of cookies or similar functions.
Why do we use Consent Manager on our website?
As the operator of this website, we are legally obliged to obtain your express consent regarding the use of cookies. Consent Manager regularly and automatically scans all areas of our website and summarises all information about the scripts and cookies found that you need for your consent in compliance with the regulations of the GDPR.
What data is processed by Consent Manager?
Consent Manager can be used to manage the individual cookies used on this website yourself, so you have the best possible control over the processing and storage of your data. Your granted consent will be stored so you no longer have to answer the question each time you visit our website, and we can also provide evidence of your consent if legally required. Your decision is stored in a cookie. The following information may be hereby collected and transferred to Consent Manager: Your IP address, technical information about your browser type, time of consent, type of consent, individual consents.
How long will the data be stored for?
‘Consent Manager’ stores your data for as long as your user settings are active. You will be asked for your consent again two years after adjusting your user settings. The new user settings will then be stored for the same period again.
How can I delete my data and/or prevent data storage?
You have the right and opportunity to object to the processing of your personal data by Consent Manager at any time. Please email [email protected].
To find out more about the data processed by Consent Manager, please see the privacy policy available to view here.
Cloudflare
Cloudflare summary
Data subject: Website visitors
Purpose: Optimisation of our services (speeding up the website’s loading speed)
Processed data: Data such as IP address, contact and log info, security fingerprint and performance data for websites
Duration of storage: The data is generally stored for less than 24 hours.
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest)
What is Cloudflare?
We use services provided by Cloudflare Inc. (101 Townsend St., San Francisco, CA 94107, USA) on this website to make our site faster and more secure. To this end, Cloudflare uses cookies and processes user data. Cloudflare Inc. is an American company that offers a content delivery network as well as various security services. These services focus on data transfer between the user and our hosting provider.
A content delivery network (CDN), such as Cloudflare, is a network of connected servers. Cloudflare has servers distributed all over the world so that websites can be brought to your screen more quickly. Cloudflare makes copies of this website and stores them to its own servers. When you visit our website, a system of performance sharing ensures that the majority of our website is delivered by the server that can display our website the fastest. A CDN therefore considerably speeds up data transfer to your browser. This means that the content of our website is not only delivered by our hosting server, but servers from around the whole world. The use of Cloudflare is especially useful for users accessing the website internationally, as the website can be delivered from a nearby server. As well as the rapid delivery of websites, Cloudflare also offers security services such as DDoS protection or the web application Firewall.
Why do we use Cloudflare on our website?
Cloudflare helps us to make our website faster and more secure. The services offered by Cloudflare encompass web optimisation and security services such as DDoS protection and a web firewall. These also include a reverse proxy and a content distribution network (CDN). Cloudflare blocks threats and restricts abuse by bots and crawlers that waste our bandwidth and server resources. By saving our website to local data centres and blocking spam software, Cloudflare reduces our bandwidth use by around 60%. Providing content via a local data centre and some web optimisation carried out there reduces the average website loading speed by half. According to Cloudflare, the ‘I’m Under Attack Mode’ can be used to weaken further attacks by displaying a JavaScript calculation that must be solved before a user can access a website. Overall, our website is therefore considerably more able to perform and less susceptible to spam and other attacks.
What data is processed by Cloudflare?
Cloudflare generally only passes on data managed by website operators. The content is therefore not chosen by Cloudflare, but by the website operator. In certain circumstances, Cloudflare collects certain information regarding the use of our website and processes data sent by us or for which Cloudflare has received specific instructions. In most cases, Cloudflare receives data such as IP address, contact and log info, security fingerprint and performance data for websites. Log data helps Cloudflare to identify new threats, for example. This means that Cloudflare can guarantee a high level of protection for our website. Cloudflare processes this data within the realm of services while upholding applicable law. This also includes the General Data Protection Regulation (GDPR).
Cloudflare also uses a cookie for security reasons. The cookie (__cfduid) is used to identify individual users behind a jointly used IP address and to apply security settings for each individual user. This cookie is very helpful, for example, when you visit our website from a location where other computers are infected. If your computer is trustworthy, we can identify it using the cookie. So you can surf our website without restrictions or worries despite there being infected computers nearby. This cookie does not store any personal data. It is essential for Cloudflare’s security functions and cannot be deactivated.
Cloudflare cookies
Name: __cfduid
Value: d798bf7df9c1ad5b7583ed
a5cc5e78111870406-3
Purpose: Security settings for each individual visitor
Expiration: After 1 year
Cloudflare also works with third parties These may only process personal data upon instructions from Cloudflare and in compliance with data protection regulations and other confidentiality and security measures. Without our explicit consent, Cloudflare never passes on personal data.
Where and for how long will the data be stored?
Cloudflare predominantly stores your data in the USA and European Economic Area. Cloudflare can transfer and access the information described from the around the world. In general, the Free, Pro and Business versions of Cloudflare store data at user level for domains for less than 24 hours. For enterprise domains that have activated Cloudflare logs (formerly Enterprise LogShare or ELS), data can be stored for up to 7 days. If IP addresses set off Cloudflare security alarms, there may be exceptions to the durations of storage stated above.
How can I delete my data and/or prevent data storage?
Cloudflare stores data logs for as long as necessary, and this data is usually deleted within 24 hours. Cloudflare does not store personal data, such as your IP address. There is information that Cloudflare saves for an indefinite period of time as part of its permanent logs in order to improve the general performance of Cloudflare Resolver and recognise any security risks. Please see this link to find out which permanent logs are saved. All data collected by Cloudflare (temporarily or permanently) is cleared of any personal data. All permanent logs are also anonymised by Cloudflare.
Cloudflare states in its privacy policy that the company is not responsible for the content you receive. If, for example, you request that Cloudflare update or delete your content, Cloudflare will refer you back to us as the website operator. You can completely prevent any collection and processing of your data by Cloudflare by deactivating script code in your browser or installing a script blocker to your browser.
Legal basis
If you have granted your consent for Cloudflare to be used, the legal basis for related data processing is this consent. In accordance with article 6 paragraph 1 a of the GDPR (consent), this consent is the legal basis for the processing of personal data as takes place when Cloudflare collects data.
Cloudflare serves to optimise and make our online service more secure. This is our legitimate interest in the sense of article 6 paragraph 1 f of the GDPR. We only use Cloudflare insofar as you have granted your consent.
Cloudflare also processes data abroad, including in the USA. We would like to inform you that the European Court of Justice currently deems the level of protection for data transfer into the USA insufficient. This may entail various risks regarding the lawfulness and security of data processing.
Cloudflare uses standard contractual clauses approved by the EU Commission as the basis for data processing when recipients are based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and especially the USA) or data forwarding to these areas (article 46 paragraphs 2 and 3 of the GDPR). These clauses obligate Cloudflare to uphold the level of data protection standard in the EU when processing relevant data outside the EU. These clauses are based on an implementation decision of the EU Commission. You can find the decision and the clauses here.
You can find further information regarding privacy at Cloudflare at https://www.cloudflare.com/de-de/privacypolicy/
Algolia
Summary
Data subject: Website visitors
Purpose: Optimising our services
Processed data: Data such as search terms, your IP address
Duration of storage: 90 days
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest)
What is Algolia?
We use Algolia Search technology on this website. This is provided by Algolia SAS, 55 Rue d’Amsterdam, 75008 Paris, France
Why do we use Algolia on our website?
Algolia guarantees a quick, precise search function on our website.
What data is saved by Algolia?
When using Algolia Search functions, it is necessary to save your IP address and your search (search term and time of search). This information is generally transferred to an Algolia server in Europe or the USA and stored there. As the website operator, we have no influence on this data processing.
Duration of data processing
The data is stored on Algolia servers for 90 days.
Legal basis
This use serves our interest in making content on this website easy for users to find. This is our legitimate interest in the sense of article 6 paragraph 1 f of the GDPR. You can find more information regarding the handling of user data in Algolia’s privacy policy: here.
Vimeo
Summary
Data subject: Website visitors
Purpose: Optimising our services (displaying high-quality videos on the website)
Processed data: Data such as contact data, data regarding user behaviour, information about your device and your IP address
Duration of storage: Until you leave the website
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest)
What is Vimeo?
We use the video portal Vimeo to display videos on this website. This portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plug-in, we can display videos directly on this website. Personal data may be hereby transferred to Vimeo. As the website operator, we have no influence on this data processing.
Why do we use Vimeo on our website?
Our aim as the operator of this website is to offer you, the user, the best possible experience. The Vimeo video services lets us present you with high-quality content directly on this website.
What data is saved by Vimeo?
When you access a page on this website that contains a Vimeo video, your browser connects to Vimeo servers. This results in a transfer of data. Your data is collected, saved and processed on Vimeo servers. Regardless of whether you have a Vimeo account, Vimeo will collect data about you. This includes your IP address, technical information about your browser type, your operating system and very basic device information. Furthermore, Vimeo stores information about which website you are using to access the Vimeo service and what actions (web activity) you are carrying out on this website. This web activity data includes session duration, bounce rate or which button you clicked on our website with an integrated Vimeo function. Vimeo uses cookies and similar technology to track and store these actions.
If you are a registered member of Vimeo and are currently logged in, even more data may be collected as there may already be further cookies saved to your browser. Your actions on our website will also be linked to your Vimeo account directly. To prevent this, you should log out of Vimeo before using our website.
You can find out more about Vimeo’s use of cookies at https://vimeo.com/cookie_policy.
Where and for how long will the data be stored?
Vimeo is headquartered in White Plains in the state of New York (USA). Their services are offered worldwide. The company uses computer systems, databases and servers in the USA and other countries. Your data may therefore be stored and processed on servers in the USA. Vimeo stores your data until the company no longer has a commercial reason to continue the storage. The data is then deleted or anonymised.
How can I delete my data and/or prevent data storage?
You always have the opportunity to manage cookies in your browser to your preferences. If you do not want Vimeo to use cookies to collect information about you, for example, you can delete or deactivate cookies in your browser settings at any time. If you are a registered member of Vimeo, you can also manage the cookies used in your Vimeo settings.
You can find information about deactivating, deleting and managing cookies in general in the cookies section of this privacy policy.
Legal basis
If you have granted your consent for your data to be processed and stored via integrated Vimeo elements, this consent serves as the legal basis for data processing (article 6 paragraph 1 a of the GDPR). Vimeo is used to optimise our online services. This is our legitimate interest in the sense of article 6 paragraph 1 f of the GDPR. We only use integrated Vimeo elements insofar as you have granted your consent. Vimeo sets cookies to your browser to save data. We therefore recommend that you read our privacy text about cookies precisely and view the privacy policy and cookie guidelines for the individual provider.
Vimeo processes your data abroad, including in the USA. We would like to inform you that the European Court of Justice currently deems the level of protection for data transfer into the USA insufficient. This may entail various risks regarding the lawfulness and security of data processing.
Vimeo uses standard contractual clauses as the basis for data processing when recipients are based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and especially the USA) or data forwarding to these areas (article 46 paragraphs 2 and 3 of the GDPR). Standard contractual clauses (SCC) are templates provided by the EU Commission and ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, Vimeo obligates itself to uphold the European level of data protection when processing your relevant data, even if this data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and related standard contractual clauses here.
You can find more information about standard contractual clauses at Vimeo here.
You can find out more about the use of cookies at Vimeo at https://vimeo.com/cookie_policy, while https://vimeo.com/privacy provides insight into data protection at Vimeo.
Sketchfab
Summary
Data subject: Website visitors
Purpose: Optimising our services (displaying 3D models on the website)
Processed data: Data such as contact data, data regarding user behaviour, information about your device and your IP address may be saved.
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest)
What is Sketchfab?
We show 3D models of artworks on this website using the Sketchfab Viewer plugin. This service is operated by Sketchfab, Inc., Sketchfab HQ, 1123 Broadway ‚ #501 (25th St), New York City, NY 10010 USA. Their European base is Sketchfab, 99 Rue de La Verrerie, 75004 Paris, France.
Why do we use Sketchfab on our website?
Our aim as the operator of this website is to offer you, the user, the best possible experience. The Sketchgab Viewer lets us present you with high-quality 3D content directly on this website.
What data is saved by Sketchfab?
When you access a page on this website that contains the Sketchfab plugin, your browser connects to Sketchfab servers. This results in a transfer of data. Your data is collected, saved and processed on Sketchfab servers. Regardless of whether you have a Sketchfab account, Sketchfab will collect data about you. This includes your IP address, the address of the website you visit, browser type and settings, date and time of request, and how you used Sketchfab.
If you are a registered member of Sketchfab and are currently logged in, even more data may be collected as there may already be further cookies saved to your browser. Your actions on our website will also be linked to your Sketchfab account directly. To prevent this, you should log out of Sketchfab before using our website.
You can find out more about Sketchfab’s use of cookies at https://sketchfab.com/privacy#cook.
How can I delete my data and/or prevent data storage?
You always have the opportunity to manage cookies in your browser to your preferences. If you do not want Sketchfab to use cookies to collect information about you, for example, you can delete or deactivate cookies in your browser settings at any time.
You can find information about deactivating, deleting and managing cookies in general in the cookies section of this privacy policy.
If you are a registered member of Sketchfab, you can also manage the cookies used in your Sketchfab settings.
Legal basis
If you have granted your consent for your data to be processed and stored via integrated Sketchfab elements, this consent serves as the legal basis for data processing (article 6 paragraph 1 a of the GDPR). Sketchfab is used to optimise our online services. This is our legitimate interest in the sense of article 6 paragraph 1 f of the GDPR. We only use embedded Sketchfab elements insofar as you have granted your consent. Sketchfab sets cookies to your browser to save data. We therefore recommend that you read our privacy text about cookies precisely and view the privacy policy and cookie guidelines for the individual provider.
Sketchfab processes your data abroad, including in the USA. We would like to inform you that the European Court of Justice currently deems the level of protection for data transfer into the USA insufficient. This may entail various risks regarding the lawfulness and security of data processing.
Sketchfab uses standard contractual clauses as the basis for data processing when recipients are based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and especially the USA) or data forwarding to these areas (article 46 paragraphs 2 and 3 of the GDPR). Standard contractual clauses (SCC) are templates provided by the EU Commission and ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, Sketchfab obligates itself to uphold the European level of data protection when processing your relevant data, even if this data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and related standard contractual clauses here.
You can find out more about the use of cookies at Sketchfab at https://sketchfab.com/privacy#cook, while http://sketchfab.com/privacy provides insight into data protection at Sketchfab.
Google Maps
Summary
Data subject: Website visitors
Purpose: Optimising our services
Processed data: Data such as search terms entered, your IP address and latitude and longitude coordinates
Duration of storage: Depends on data stored
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest)
What is Google Maps?
We use Google Maps, provided by Google Inc., on this website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. Google Maps lets us better display locations, and therefore adapt our service to your needs. The use of Google Maps causes data to be transferred to Google and stored on Google servers.
Google Maps is an internet map service provided by Google. Google Maps lets you use a computer, tablet or app to view the precise locations of cities, sights, accommodation or companies. When companies are represented on Google My Business, the business’ location and other information is displayed. In order to display directions, maps of a location may be embedded into a website using HTML code. Google Maps shows the Earth’s surface as a road map or satellite image. Thanks to Street View images and high-quality satellite images, very precise visualisations are possible.
Why do we use Google Maps on our website?
Our aim as the operator of this website is to offer you, the user, the best possible experience. By embedding Google Maps, we can portray the location of places on an interactive map. You see at a glance where these locations are, and can also request suggested directions. You can view directions for travelling by car, public transport, on foot or by bike.
What data is saved by Google Maps?
So that Google Maps can offer its service in full, the company must collect, process and store data. This includes search terms entered, your IP address and latitude and longitude coordinates. If you use the route planner function, the start address you entered will also be saved. This data storage takes place on the Google Maps website. We can only inform you of this but have no influence over the process.
As we have embedded Google Maps into our website, Google will save at least one cookie (name: NID) to your browser. This cookie saves data about your user behaviour. Google primarily uses this data to optimise its own services, and to provide you with individual, personalised advertising.
Name: NID
Value: 188=h26c1Ktha7fCQTx8r
XgLyATyITJ111870406-5
Purpose: NID is used by Google to adjust ads to your Google search. The cookie helps Google ‘remember’ your most commonly used search requests or your previous interactions with ads. This means you always receive tailored advertisements. The cookie contains a unique ID that Google uses to collect your personal settings for marketing purposes.
Expiration: After 6 months
Note: The type and number of cookies saved by Google Maps may change over time. The list of cookies currently in use can be found in your privacy settings.
Where and for how long will the data be stored?
Google servers are located in data centres all around the world. Most servers, however, are located in the USA. Therefore, your data is also increasingly stored in the USA. You can find out where Google data centres are located here.
Google distributes the data across various data carriers. This makes the data more readily available, and better protected from any attempted manipulation. Each data centre has special emergency programmes. If, for example, there are problems with Google hardware or natural disasters leave some servers offline, the risk of Google’s services being disrupted remains low.
Google saves some data for a set period of time. For other data, Google offers the option of manual deletion. Furthermore, the company also anonymises information (such as advertising data) in server logs, whereby part of the IP address and cookie data is deleted after 9 or 18 months.
How can I delete my data and/or prevent data storage?
The automatic deletion function for location and activity data introduced in 2019 means that geolocation data and web/app activity data - depending on your decision - is stored for either 3 or 18 months before being deleted. This data may also be manually deleted from the process at any time using a Google account. If you want to prevent geolocation entirely, you must pause ‘web and app activity’ in your Google account. Click ‘data and personalisation’ and then select the option ‘activity settings’. You can switch activities on or off here.
You can also deactivate, delete or manage individual cookies in your browser. You can find information about deactivating, deleting and managing cookies in general in the cookies section of this privacy policy.
If you do not want any cookies at all, you can set up your browser to inform you when there is any attempt to save a cookie. This means you can decide whether to allow the cookie or not on a case-by-case basis.
Please note that your data may be stored and processed outside the EU when you use this tool. Most third countries (including the USA) are not considered secure under current European privacy law. Data may not therefore be simply transferred to insecure third countries and processed there unless there is a suitable guarantee (such as the EU standard contractual clauses) between us and the non-European service provider.
Legal basis
If you have granted your consent for Google Maps to be used, the legal basis for related data processing is this consent. In accordance with article 6 paragraph 1 a of the GDPR (consent), this consent is the legal basis for the processing of personal data as takes place when Google Maps collects data. Google Maps is used to optimise our online services. This is our legitimate interest in the sense of article 6 paragraph 1 f of the GDPR. We only use Google Maps insofar as you have granted your consent.
Google processes your data abroad, including in the USA. We would like to inform you that the European Court of Justice currently deems the level of protection for data transfer into the USA insufficient. This may entail various risks regarding the lawfulness and security of data processing.
Google uses standard contractual clauses as the basis for data processing when recipients are based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and especially the USA) or data forwarding to these areas (article 46 paragraphs 2 and 3 of the GDPR). Standard contractual clauses (SCC) are templates provided by the EU Commission and ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, Google obligates itself to uphold the European level of data protection when processing your relevant data, even if this data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and related standard contractual clauses here.
Google Ads Data Processing Terms, which comply with standard contractual clauses, can be found here.
If you want to find out more about data processing at Google, we recommend consulting the company’s own privacy policy at https://policies.google.com/privacy?hl=de.
Web analytics
Summary
Data subject: Website visitors
Purpose: Evaluation of visitor information to optimise web services.
Processed data: Access statistics, including data such as location of access, device data, duration and time of access, navigation behaviour, click behaviour and IP address. You can find more details accompanying the web analytics tool.
Duration of storage: Depends on web analytics used
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest)
What is web analytics?
We use web analytics software to evaluate the behaviour of website visitors on this website. Data is collected for management and processing by the analytics/tacking tool provider. This data allows the creation of analyses of our website users’ behaviour, which are then provided to us as the website operator. Most tools also offer various test options. So we can test which services or content are best received by our visitors. We show you two different options for a set period of time. After the test (known as an A/B test), we know which product or content visitors to our website found more interesting. User profiles can also be created for such test processes, and the data stored in cookies.
Why do we use web analytics?
Our aim as the operator of this website is to offer you, the user, the best possible experience. Web analysis tools let us investigate the conduct of our website visitors in more detail, then improve our online presence for you and us accordingly. So we might find out how old our visitors are on average, where they come from, when our website receives the most visitors or which content or products are particularly popular. All of this information helps us to optimise the website and adapt it to your needs, interests and preferences.
What data is processed?
What data is saved depends on the analysis tools being used. Generally, what content you view on this website, which buttons or links you click on, when you access a page, which browser you use, what end device you use to visit the website (e.g. computer, laptop, tablet, smartphone) and/or which computer system you use are among the data saved. If you have granted your consent to the collection of location data, this may also be processed by the web analysis tool provider.
Your IP address will also be saved. IP addresses are personal data under the General Data Protection Regulation (GDPR). Your IP address is, however, usually stored under a pseudonym (in a shortened, unidentifiable form). For the purpose of the test, web analysis and web optimisation, no direct data such as your name, age, address or email address is stored. All of this data is stored under a pseudonym if it is collected. So you cannot be personally identified.
How long the relevant data is stored for depends on the relevant provider. Some cookies store data for just a couple of minutes or until you leave the website, while other cookies can remain stored on a computer for several years.
Duration of data processing
We only process personal data for as long as absolutely necessary for the provision of our services and products. If, for example, storage is required by law (e.g. for accounting purposes), the storage duration may be exceeded beyond what is necessary. We inform you of the duration of data processing below insofar as we have additional information.
Right to withdraw
You also have the right and possibility to withdraw your consent regarding the use of cookies and/or third party cookies at any time. This is either done via our cookie management tool or other opt-out functions. For example, you can prevent data collection by cookies by deactivating or deleting cookies in your browser.
Legal basis
The use of web analytics requires your consent, which we obtain via our cookie management tool. In accordance with article 6 paragraph 1 a of the GDPR (consent), this consent is the legal basis for the processing of personal data as takes place when the web analytics tool collects data.
By analysing the behaviour of website visitors, we can improve our services both technically and contentually. Web analytics help us recognise errors on the website, identify attacks and improve profitability. This is our legitimate interest in the sense of article 6 paragraph 1 f of the GDPR. We only use web analytics insofar as you have granted your consent.
As cookies are used by web analytics tools, we recommend reading about cookies in our general privacy policy. You can find information about the type of personal data saved and processed by the individual tools in the privacy policies for the individual web analytics tools used on this website.
Google Analytics
Summary
Data subject: Website visitors
Purpose: Evaluation of visitor information to optimise web services
Processed data: Access statistics, including data such as location of access, device data, duration and time of access, navigation behaviour, click behaviour and IP address
Duration of storage: Depends on the properties used, 14 or 26 months
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest)
What is Google Analytics?
On this website, we use the analytics/tracking tool Google Analytics (GA) provided by American company Google Inc. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe.
Google Analytics collects data regarding your actions on our website. If, for example, you click on a link, this action will be saved to a cookie and transferred to Google Analytics. The reports we receive from Google Analytics let us better adapt our website and our service to your needs.
A tracking code is embedded into our website code to ensure that Google Analytics works. When you visit our website, this code records various actions you carry out on the website. As soon as you leave the website, this data is transferred to the Google Analytics server and stored there.
Google processes this data and we receive reports about your user behaviour. These may include the following reports:
- Target group reports: Target group reports let us get to know our users better so we know who is interested in our services.
- Advertising reports: Advertising reports make it easier for us to analyse and improve our online marketing.
- Acquisition reports: Acquisition reports provide us with helpful information as to how we can get more people excited about our services.
- Behaviour reports: These let us know how you interact with our website. We can track how you work your way through our website and which links you click on.
- Conversion reports: Conversion is the process whereby you carry out a preferred action based on a marketing message. For example, if you turn from a website visitor into a buyer or newsletter subscriber. These reports help us find out more about how our marketing campaigns are received by you. So we can increase our conversion rate.
- Real-time reports: Here, we find out what is currently happening on this website in real time. For example, we may find out how many users are reading this text right now.
Why do we use Google Analytics on our website?
Our aim as the operator of this website is to offer you, the user, the best possible experience. Statistically evaluated data shows us a clear image of our website’s strengths and weaknesses. On one hand, we can optimise our website so that it is found by interested parties more easily on Google. On the other, the data also helps us to understand you, the visitor, better. We therefore know very precisely what we need to improve on our website so that we can offer you the best possible service. The data also helps us to carry out our advertising and marketing activities in a more targeted, cost-effective manner.
What data is saved by Google Analytics?
Google Analytics uses a tracking code to generate a random, unique ID connected to your browser cookie. So Google Analytics will recognise you as a new user. The next time you visit our website, you will be recognised as a ‘returning’ user. All data collected will be stored together with this user ID. This makes it possible to evaluate pseudonymised user profiles.
In order to analyse our website with Google Analytics, a property ID must be added to the tracking code. The data is stored in the Google Analytics 4-Property. Identifiers such as cookies and app IDs are used to measure your interactions on this website. Interactions are all types of actions you carry out on this website. If you use other Google systems (e.g. a Google account), data generated via Google Analytics may be linked with third party cookies. As the website operator, we have not consented to Google Analytics data being passed on. There may be exceptions if this is required by law.
Google Analytics uses the following cookies:
Name: _ga
Value: 2.1326744211.152111870406-5
Purpose: As standard, analytics.js uses the cookie _ga to store the user ID. This serves to differentiate between website visitors.
Expiration: After 2 years
Name: _gid
Value: 2.1687193234.152111870406-1
Purpose: The cookie serves to differentiate between website visitors
Expiration: After 24 hours
Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: This is used to reduce the requirement rate. If Google Analytics is provided via Google Tag Manager, this cookie will be called _dc_gtm_ <property-id>.
Expiration: After 1 minute
Name: AMP_TOKEN
Value: No entry
Purpose: This cookie has a token that can be used to view a user ID via the AMP client ID service. Other possible values indicate logging off, a request or an error.
Expiration: After 30 seconds, up to a year
Name: __utma
Value: 1564498958.15644
98958.1564498958.1
Purpose: This cookie can be used to track your behaviour on the website and measure performance. The cookie is updated each time that information is sent to Google Analytics.
Expiration: After 2 years
Name: __utmt
Value: 1
Purpose: The cookie is used as _gat_gtag_UA_<property-id> to reduce the requirement rate.
Expiration: After 10 minutes
Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to identify new sessions. It is updated each time that new data or information is sent to Google Analytics.
Expiration: After 30 minutes
Name: __utmc
Value: 167421564
Purpose: This cookie is used to recognise new sessions for returning visitors. This is a session cookie and will only be stored until you close the browser.
Expiration: Until the browser is closed
Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: This cookie is used to identify the source of visitors to this website. This means that the cookie saves where you accessed our website from. This may be another website or an advertisement.
Expiration: After 6 months
Name: __utmv
Value: No entry
Purpose: This cookie is used to store user-defined user data. It is always updated each time that information is sent to Google Analytics.
Expiration: After 2 years
Note: The type and number of cookies saved by Google Analytics may change over time. The list of cookies currently in use can be found in your privacy settings.
Heatmaps: Google creates Heatmaps. Heatmaps let you precisely see the areas on which you are clicking. This means we are informed where you are on our website.
Session duration: Google uses the term ‘session duration’ to describe the amount of time you spend on our website without leaving. If you are inactive for 20 minutes, the session ends automatically.
Bounce rate: A bounce is when you just view one page on this website then leave the website.
Account creation: When you create an account or place an order on this website, Google Analytics collects this data.
IP address: The IP address is only displayed in a shortened form so that the user cannot be personally identified.
Location: The IP address can be used to roughly estimate your country and general location. This process is called IP geolocation.
Technical information: Technical information includes your browser type, your internet provider and your screen resolution.
Source: Data regarding which website or advertisement you accessed our site from is collected.
Further details include contact details, any reviews, any media played, sharing content via social media or adding the website to your favourites.
Where and for how long will the data be stored?
Google has distributed its servers all around the world. Most servers are located in the USA, so your data will generally be stored on American servers. You can find out where Google data centres are located here.
Your data is distributed across various physical data carriers. This has the benefit that the data can be accessed more quickly and is better protected from manipulation. There are suitable emergency programmes for your data in any Google data centre. If, for example, Google’s hardware fails or natural disasters leave some servers offline, the risk of Google’s services being disrupted remains low.
Data is stored in Google Analytics 4-Properties for 14 months. For Universal Analytics Properties, Google Analytics stores your user data for a set time of 26 months. After this period, your user data will be deleted.
Once this set period has expired, data is deleted once a month. This storage period applies to your data linked with cookies, user recognition and marketing IDs (e.g. DoubleClick domain cookies). Report results are based on aggregated data and are stored independently from user data. Aggregated data is a collection of individual data to form a larger unit.
How can I delete my data and/or prevent data storage?
According to European Union data protection law, you have the right to receive information about your data as well as to update, delete or restrict the processing of your data. You can use a browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js) to prevent Google Analytics from using your data. You can download and install the browser add-on here. Please note that this add-on only prevents data collection by Google Analytics.
You can find information about deactivating, deleting and managing cookies in general in the cookies section of this privacy policy.
Legal basis
The use of Google Analytics requires your consent, which we obtain via our cookie management tool. In accordance with article 6 paragraph 1 a of the GDPR (consent), this consent is the legal basis for the processing of personal data as takes place when the web analytics tool collects data.
By analysing the behaviour of website visitors, we can improve our services both technically and contentually. Google Analytics help us recognise errors on the website, identify attacks and improve profitability. This is our legitimate interest in the sense of article 6 paragraph 1 f of the GDPR. We only use Google Analytics insofar as you have granted your consent.
Google processes your data abroad, including in the USA. We would like to inform you that the European Court of Justice currently deems the level of protection for data transfer into the USA insufficient. This may entail various risks regarding the lawfulness and security of data processing.
Google uses standard contractual clauses as the basis for data processing when recipients are based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and especially the USA) or data forwarding to these areas (article 46 paragraphs 2 and 3 of the GDPR). Standard contractual clauses (SCC) are templates provided by the EU Commission and ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, Google obligates itself to uphold the European level of data protection when processing your relevant data, even if this data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and related standard contractual clauses here.
Google Ads Data Processing Terms, which comply with standard contractual clauses and also apply to Google Analytics, can be found here.
We hope we have been able to provide you with the most important information surrounding data processing by Google Analytics. If you want to find out more about the tracking service, we recommend these two links: here and here.
Google Analytics IP anonymisation
We have implemented Google Analytics IP address anonymisation on this website. This function has been developed by Google so that this website can uphold the applicable data protection conditions and recommendations of local data protection authorities if these forbid the storage of complete IP addresses. IP anonymisation/masking takes place as soon as the IP addresses reach the Google Analytics data collection network and before the data is stored or processed.
You can find out more about IP anonymisation here.
Google Analytics reports on demographic characteristics and interests
We have activated Google Analytics functions for marketing reports. The reports on demographic characteristics and interests include information on age, gender and interests. This means we can gain a better image of our users without being able to allocate this data to individual people. You can find out more about marketing functions here.
You can end the use of activities and information from your Google account by ticking the checkbox under ‘ad settings’ here.
Google Analytics deactivation link
When you click on the following deactivation link, you can prevent Google from collecting data during future visits to this website. Please note: deleting cookies, using your browser’s incognito/private mode or using another browser will lead to data being collected.
Google Analytics data processing add-on
We have a direct customer contract with Google regarding the use of Google Analytics, in which we have accepted the ‘data processing add-on’ in Google Analytics.
You can find out more about the Google Analytics data processing add-on here.
Google Tag Manager
Summary
Data subject: Website visitors
Purpose: Organising individual tracking tools
Processed data: Google Tag Manager itself does not store any data. The data is collected by the web analytics tools’ tags.
Duration of storage: Depends on web analytics used
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest)
What is Google Tag Manager?
We use Google Tag Manager, provided by Google Inc., on our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. Tag Manager is one of many helpful marketing products supplied by Google. Google Tag Manager lets us use, centrally integrate and manage code fragments for the various tracking tools we use on this website.
Google Tag Manager is an organisational tool that lets us centrally integrate and manage website tags via a user interface. Tags are small code fragments that, for example, track your activity on this website. To this end, JavaScript code fragments are used in our website’s source text. The tags often come from Google’s own products such as Google Ads or Google Analytics, but tags from other companies can also be embedded and managed through the manager. These tags take on various tasks. They may collect browser data, feed marketing tools with data, integrate buttons, set cookies and track users across multiple websites.
Why do we use Google Tag Manager on our website?
In order to optimise our website for you and everyone interested in our products and services, we need various tracking tools, such as Google Analytics. The data collected by these tools show us what interests you most, where we can improve our services and who we should target with our services. We have to integrate suitable JavaScript codes into our website so that this tracking works. In principle, we could integrate each code fragment for each individual tracking tool into our source text separately. However, this takes time and it’s difficult to keep a clear overview. That’s why we use Google Tag Manager. We can simply integrate the required scripts and manage them from one place. Google Tag Manager also offers an easy-to-use user interface and does not require programming knowledge.
What data is stored by Google Tag Manager?
Tag Manager itself is a domain that does not set cookies or save data. It simply functions as a ‘manager’ for implemented tags. The data is collected by the individual tags of various web analysis tools. The data is forwarded to the tracking tools in Google Tag Manager, but not stored here.
In contrast, analysis tools like Google Analytics collect, store and process various data about your online behaviour, mostly with the help of cookies. You can find out more about data processing by individual analysis and tracking tools under the relevant section of this privacy policy. In our Tag Manager account settings, we have allowed Google to receive anonymised data from us. This only covers the use of Tag Manager, not your data saved via code fragments. We allow Google and others to receive selected data in an anonymised format. We therefore agree to the anonymised transfer of our website data. Google hereby deletes all information that could be used to identify our website. Google collates the data with data from hundreds of other anonymous websites and creates user trends within the framework of benchmarking measures. In benchmarking, our results are compared with those of our competitors. Processes can then be optimised based on the information collected.
Where and for how long will the data be stored?
When Google saves data, this is saved to Google’s own servers. These servers are distributed all around the world. Most are located in the USA. You can find out where Google servers are located here.
Please read our privacy texts regarding the individual tools to find out how long the tools store your data for.
How can I delete my data and/or prevent data storage?
Google Tag Manager does not set any cookies itself; it simply manages tags from various tracking websites. Our privacy texts on individual tracking tools will provide you with more detailed information on how to delete and/or manage your data.
Please note that your data may be stored and processed outside the EU when you use this tool. Most third countries (including the USA) are not considered secure under current European privacy law. Data may not therefore be simply transferred to insecure third countries and processed there unless there is a suitable guarantee (such as the EU standard contractual clauses) between us and the non-European service provider.
Legal basis
The use of Google Tag Manager is based on your consent, which we obtain via our cookie pop-up. In accordance with article 6 paragraph 1 a of the GDPR (consent), this consent is the legal basis for the processing of personal data as takes place when the web analytics tool collects data. Google Tag Manager can be used to improve profitability. This is our legitimate interest in the sense of article 6 paragraph 1 f of the GDPR. We only use Google Tag Manager insofar as you have granted your consent.
Google processes your data abroad, including in the USA. We would like to inform you that the European Court of Justice currently deems the level of protection for data transfer into the USA insufficient. This may entail various risks regarding the lawfulness and security of data processing.
Google uses standard contractual clauses as the basis for data processing when recipients are based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and especially the USA) or data forwarding to these areas (article 46 paragraphs 2 and 3 of the GDPR). Standard contractual clauses (SCC) are templates provided by the EU Commission and ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, Google obligates itself to uphold the European level of data protection when processing your relevant data, even if this data is stored, processed and managed in the USA. These clauses are based on an implementation decision of the EU Commission. You can find the decision and related standard contractual clauses here.
Google Ads Data Processing Terms, which comply with standard contractual clauses and also apply to Google Tag Manager, can be found here.
If you want to find out more about Google Tag Manager, we recommend reading the FAQs here.
Data protection in relation to applications and during the application process
Summary
Data subject: Anyone communicating with us via telephone, email or letter as part of an application process
Processed data: Name, title, address, telephone number, date of birth, education, job experience, salary expectations and any data or images contained in your CV, references or other submitted documents
Purpose: Carrying out the application process
Duration of storage: Duration of business relationship and legal relationship, capped at three years after the end of the application process
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest), obligation to provide evidence during a proceeding under the General Equality Act (AGG).
If you apply for a job with us, your personal data may be processed.
Your data is only passed on to internal entities and departments within our company that are responsible for the specific application process. Your personal application data is not passed on to third parties.
If the application process results in an employment agreement, the transferred data will be stored for the purpose of processing the employment. Legal requirements will be upheld. If no employment contract is entered into with the applicant, the application documents will be deleted after the applicant has been notified of the final decision and within the statutory deadline, insofar as the controller has no legitimate interest that contradicts this deletion and insofar as no mutual agreement has been made regarding the retention of application documents as evidence.
Data subjects
The processes mentioned affect everyone that uses the communication methods provided by us to contact us as part of an application process.
How long will the data be stored for?
Your personal data is stored for the duration of the business case, always in compliance with statutory regulations. It will be deleted no later than three years after the end of application process.
How can I delete my data and/or prevent data storage?
You have the right and opportunity to object to the processing of your personal data by us at any time. Please email [email protected].
Legal basis
You grant us your consent to store your data and use it for purposes relating to the business case. In accordance with article 6 paragraph 1 a of the GDPR (consent), this consent is the legal basis for the processing of personal data.
We want to operate the application process in a professional manner. Certain technical features, such as an email programme, exchange server and mobile phone operator, are required in order to efficiently communicate. This is our legitimate interest in the sense of article 6 paragraph 1 f of the GDPR. Another legitimate interest in this sense is an obligation to provide evidence during a proceeding under the General Equality Act (AGG).
Data protection in relation to a visit of the Princely Archive
Summary
Data subject: Anyone that wants to access the Princely Archive
Processed data: e.g. name, title, address, telephone number, research interest
Purpose: Documentation of access
Duration of storage: Permanent archiving of user logs in the Princely Archive
Legal basis: Article 6 paragraph 1 a of the GDPR (consent), article 6 paragraph 1 f of the GDPR (legitimate interest)
If you want to access the Princely Archive, your personal data may be processed. Before you can access the materials, you are obliged to fill out a user log on site. This will be permanently stored in our archive beyond the duration of your access. This processing of your personal data is required to uphold the controller’s legitimate interest because we must permanently document who has accessed our archive.
Data subjects
These processes affect all data subjects that want to access the Princely Archive.
How long will the data be stored for?
Your personal data will be collected using a user log, which is permanently stored in our archive beyond the duration of your access.
How can I delete my data and/or prevent data storage?
You have the right and opportunity to object to the processing of your personal data by us at any time. Please email [email protected].
Legal basis
You grant us your consent to store your data and use it for purposes relating to the business case. In accordance with article 6 paragraph 1 a of the GDPR (consent), this consent is the legal basis for the processing of personal data.
We want to document who has accessed which parts of the Princely Archive. We therefore store the user log you filled out at the beginning of your research in our archive. This is our legitimate interest in the sense of article 6 paragraph 1 f of the GDPR.
Data protection regarding tours and events at the Liechtenstein Garden Palace and City Palace
Fürstliche Sammlungen Art Service GmbH asks you to note that the exhibition spaces in the Liechtenstein Garden Palace and City Palace, as well as events and tours in both palaces, are operated by the Liechtenstein Gruppe AG group. The contract regarding a booked tour or event is made with the Liechtenstein Gruppe AG group. Please see the website for applicable legal conditions: www.palaisliechtenstein.com.
Version and updates
Version 1.0 from 1.3.2022
We reserve the right to edit this privacy policy as required to reflect technical developments as well as legal changes and/or new products/services.