We use the consent tool “Real Cookie Banner” to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and the related consents. Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/.
The legal basis for the processing of personal data in this context is Art. 6 Para. 1 lit. c GDPR and Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we cannot manage your consents.
Legal basis
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.
We only process your data if at least one of the following conditions applies:
Consent (Article 6 paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data in a contact form.
Contract (Article 6 paragraph 1 lit. b GDPR): We process your data in order to fulfil a contract or pre-contractual obligations with you. For example, if we conclude a purchase contract with you, we need personal information in advance.
Legal obligation (Article 6 paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
Legitimate interests (Article 6 paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to be able to operate our website safely and economically efficiently. This processing is therefore a legitimate interest.
Other conditions such as the taking of recordings in the public interest and the exercise of public authority as well as the protection of vital interests do not generally apply to us. If such a legal basis should be applicable, it will be indicated at the appropriate point.
In addition to the EU regulation, national laws also apply:
In Austria, this is the Federal Law on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
In Germany, the Federal Data Protection Act, or BDSG for short, applies.
If other regional or national laws apply, we will inform you about them in the following sections.
Contact
If you have any questions about data protection or the processing of personal data, you will find the contact details of the person or body responsible (data protection officer) below:
Iuliana Jomiru
Atelier Heiss ZT Gmbh
E-mail: pr@atelier-heiss.at
Telephone: +43 1 585 38 55 – 0
Storage period
The fact that we only store personal data for as long as it is absolutely necessary to provide our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.
If you wish your data to be deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and if there is no obligation to store it.
We will inform you about the specific duration of the respective data processing below, provided we have further information about it.
Rights according to the General Data Protection Regulation
According to Articles 13 and 14 of the GDPR, we inform you of the following rights to which you are entitled in order to ensure fair and transparent processing of data:
According to Article 15 of the GDPR, you have a right to information about whether we process data about you. If this is the case, you have the right to receive a copy of the data and to be informed of the following information:
According to Article 16 GDPR, you have the right to rectification of data, which means that we must correct data if we find errors.
According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request that your data be erased.
According to Article 18 GDPR, you have the right to restriction of processing, which means that we can only store the data but not use it any further.
According to Article 20 GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.
According to Article 21 GDPR, you have the right to object, which, if enforced, will result in a change in the processing.
If the processing of your data is based on Article 6 (1) (e) (public interest, exercise of official authority) or Article 6 (1) (f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
If data is used to conduct direct advertising, you can object to this type of data processing at any time. We may no longer use your data for direct marketing after that.
If data is used to conduct profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling after that.
According to Article 22 GDPR, you may have the right not to be subjected to a decision based solely on automated processing (for example profiling).
According to Article 77 GDPR, you have the right to lodge a complaint. If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).
The following local data protection authority is responsible for our company:
Data Protection Authority Austria
Head: Mag. Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Telephone number: +43 1 52 152-0
Email address: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/
Security of data processing
In order to protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In this way, we make it as difficult as possible for third parties to deduce personal information from our data.
Communication
Data processed: e.g. telephone number, name, email address, form data entered. You can find more details about this in the respective contact type used
Storage period: Duration of the business transaction and the legal regulations
Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. b GDPR (contract), Art. 6 Para. 1 lit. f GDPR (legitimate interests)
If you contact us and communicate by telephone, email or online form, personal data may be processed. The data is processed to process and handle your question and the related business transaction. The data is stored for as long as this is required or as long as the law requires it.
Affected persons
The processes mentioned affect everyone who tries to contact us via the communication channels we provide.
Telephone
If you call us, the call data is stored pseudonymously on the respective device and by the telecommunications provider used. In addition, data such as name and telephone number can be sent by email afterwards and saved to answer the query. The data will be deleted as soon as the business case has been completed and legal requirements allow it.
If you communicate with us by email, data may be saved on the respective device (computer, laptop, smartphone, …) and data will be saved on the email server. The data will be deleted as soon as the business case has been completed and legal requirements allow it.
Online forms
If you communicate with us using an online form, data will be saved on our web server and may be forwarded to an email address of ours. The data will be deleted as soon as the business case has been completed and legal requirements allow it.
Legal basis
The processing of the data is based on the following legal basis:
6 Para. 1 lit. a GDPR (consent): You give us your consent to save your data and to continue to use it for the purposes related to the business case;
6 Para. 1 lit. b GDPR (contract): There is a need to fulfill a contract with you or a processor such as the telephone provider or we need to process the data for pre-contractual activities, such as preparing an offer;
6 Para. 1 lit. f GDPR (legitimate interests): We want to handle customer inquiries and business communication in a professional setting. For this, certain technical facilities such as email programs, exchange servers and mobile phone operators are necessary in order to be able to communicate efficiently.
Order processing contract (AVV)
Like most companies, we do not work alone, but also use the services of other companies or individuals ourselves. By involving various companies or service providers, we may pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called order processing contract (AVV). The most important thing for you to know is that the processing of your personal data is carried out exclusively in accordance with our instructions and must be regulated by the AVV.
As a company and website owner, we are responsible for all data that we process from you. In addition to those responsible, there may also be so-called processors. This includes any company or person that processes personal data on our behalf. To be more precise and according to the GDPR definition: any natural or legal person, public authority, institution or other body that processes personal data on our behalf is considered a processor.
Content of a data processing contract
As already mentioned above, we have concluded a data processing agreement with our partners who act as data processors. First and foremost, this states that the data processor processes the data to be processed exclusively in accordance with the GDPR. The contract must be concluded in writing, but in this context, electronic contract conclusion is also considered “written”. The personal data is only processed on the basis of the contract. The contract must contain the following:
The contract also contains all of the obligations of the data processor. The most important obligations are:
Web hosting
Data processed: IP address, time of website visit, browser used and other data. You can find more details below or from the web hosting provider used.
Storage period: depends on the respective provider, but usually 2 weeks
Legal basis: Art. 6 Para. 1 lit.f GDPR (legitimate interests)
When the browser connects to your computer (desktop, laptop, tablet or smartphone) and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, on the other hand, the web server must also store data for a while to ensure proper operation.
The purposes of data processing are:
What data is processed?
Even while you are currently visiting our website, our web server usually automatically saves data such as
in files, the so-called web server log files
How long is data stored?
The above data is usually stored for two weeks and then automatically deleted. We do not pass this data on, but cannot rule out that this data will be viewed by authorities in the event of illegal behavior.
Legal basis
The legality of the processing of personal data in the context of web hosting arises from Art. 6 Paragraph 1 Letter f of GDPR (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the company on the Internet in a secure and user-friendly manner and to be able to pursue attacks and claims arising from this if necessary.
There is usually a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.
Website modular systems
Data processed: Data such as technical usage information such as browser activity, clickstream activities, session heatmaps as well as contact details, IP address or your geographical location. You can find more details about this further down in this data protection declaration and in the providers’ data protection declaration.
Storage period: depends on the provider
Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interests), Art. 6 Para. 1 lit. a GDPR (consent)
We use the Elementor website construction kit system from Elementor Ltd., a US provider, for our website to create and edit this website. You can find more information about their terms and conditions here:
Elementor Terms & Conditions
Elementor Cookie Policy
Elementor Privacy Policy
Right of objection
You always have the right to information, correction and deletion of your personal data. If you have any questions, you can contact the person responsible for the website construction kit system used at any time. You can find contact details either in our privacy policy or on the website of the relevant provider.
You can delete, deactivate or manage cookies that providers use for their functions in your browser. Depending on which browser you use, this works in different ways. Please note, however, that not all functions may then work as usual.
Legal basis
We have a legitimate interest in using a website construction kit system to optimize our online service and to present it to you in an efficient and user-friendly manner. The legal basis for this is Art. 6 Para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use the kit if you have given your consent.
If the processing of data is not absolutely necessary for the operation of the website, the data will only be processed on the basis of your consent. This particularly applies to tracking activities. The legal basis in this respect is Art. 6 Para. 1 lit. a GDPR.
With this data protection declaration, we have provided you with the most important general information about data processing. If you would like to find out more about this, you will find further information – if available – in the following section or in the provider’s data protection declaration (see above).
WordPress.com data protection declaration
We use WordPress.com, a website construction kit system, for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.
WordPress and Elementor process your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can entail various risks for the legality and security of data processing.
WordPress uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, WordPress undertakes to comply with the European data protection level when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The data processing conditions (Data Processing Agreements), which correspond to the standard contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements/.
You can find out more about the data processed through the use of WordPress.com in the privacy policy at https://automattic.com/de/privacy/.
Data processing agreement (AVV) WordPress.com
We have concluded a data processing agreement (AVV) with WordPress.com within the meaning of Article 28 of the General Data Protection Regulation (GDPR). You can read what a data processing agreement is exactly and, above all, what must be included in a data processing agreement in our general section “Data Processing Agreement (DPA)”.
This agreement is required by law because WordPress.com processes personal data on our behalf. It clarifies that WordPress.com may only process data it receives from us in accordance with our instructions and must comply with the GDPR. The link to the data processing agreement (DPA) can be found at https://wordpress.com/support/data-processing-agreements/.
Google Analytics
Data processed: Access statistics that contain data such as access locations, device data, access duration and time, navigation behavior, click behavior and IP addresses. You can find more details about this further down in this privacy policy. Storage period: depends on the properties used
Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)
We use the analysis tracking tool Google Analytics (GA) from the American company Google Inc. on our website. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is stored in a cookie and sent to Google Analytics. The reports we receive from Google Analytics help us better adapt our website and service to your needs. Below we will go into more detail about the tracking tool and inform you, above all, about which data is stored and how you can prevent it. Google Analytics is a tracking tool that is used to analyze our website traffic. In order for Google Analytics to work, a tracking code is built into the code of our website. When you visit our website, this code records various actions that you perform on our website. As soon as you leave our website, this data is sent to the Google Analytics servers and stored there. Google processes the data and we receive reports about your user behavior. Why do we use Google Analytics on our website? Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal. The statistically evaluated data shows us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that it is easier for interested people to find on Google. On the other hand, the data helps us to better understand you as a visitor. We therefore know exactly what we need to improve on our website in order to offer you the best possible service. The data also helps us to carry out our advertising and marketing measures in a more individual and cost-effective way. After all, it only makes sense to show our products and services to people who are interested in them.
What data is stored by Google Analytics?
Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This is how Google Analytics recognizes you as a new user. The next time you visit our site, you will be recognized as a “returning” user. All data collected is stored together with this user ID. This is what makes it possible to evaluate pseudonymous user profiles.
In order to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. The Google Analytics 4 property is the default for every newly created property. Alternatively, you can also create the Universal Analytics property. Depending on the property used, data is stored for different lengths of time.
Using identifiers such as cookies and app instance IDs, your interactions on our website are measured. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated through Google Analytics can be linked to third-party cookies. Google does not share Google Analytics data unless we as the website operator approve it. Exceptions may apply if required by law.
The following cookies are used by Google Analytics:
Name: _ga
Value: 2.1326744211.152112240225-5
Purpose: By default, analytics.js uses the cookie _ga to store the user ID. Basically, it is used to distinguish between website visitors.
Expiry date: after 2 years
Name: _gid
Value: 2.1687193234.152112240225-1
Purpose: The cookie is also used to distinguish between website visitors
Expiry date: after 24 hours
Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to reduce the request rate. If Google Analytics is provided via the Google Tag Manager, this cookie is given the name _dc_gtm_ <property-id>.
Expiry date: after 1 minute
Name: AMP_TOKEN
Value: no information
Purpose: The cookie has a token that can be used to retrieve a user ID from the AMP Client ID service. Other possible values indicate a logout, a request, or an error.
Expiry date: after 30 seconds to a year
Name: __utma
Value: 1564498958.1564498958.1564498958.1
Purpose: This cookie can be used to track your behavior on the website and measure performance. The cookie is updated every time information is sent to Google Analytics.
Expiry date: after 2 years
Name: __utmt
Value: 1
Purpose: The cookie is used like _gat_gtag_UA_<property-id> to throttle the request rate.
Expiry date: after 10 minutes
Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.
Expiry date: after 30 minutes
Name: __utmc
Value: 167421564
Purpose: This cookie is used to determine new sessions for returning visitors. This is a session cookie and is only stored until you close the browser again.
Expiry date: After closing the browser
Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: The cookie is used to identify the source of visitors to our website. This means that the cookie stores where you came to our website from. This could have been another page or an advertisement.
Expiry date: after 6 months
Name: __utmv
Value: not specified
Purpose: The cookie is used to store user-defined user data. It is always updated when information is sent to Google Analytics.
Expiry date: after 2 years
Note: This list cannot claim to be complete, as Google constantly changes its choice of cookies.
Here we show you an overview of the most important data collected with Google Analytics:
Heatmaps: Google creates so-called heatmaps. Heatmaps show exactly the areas you click on. This gives us information about where you are on our site.
Session duration: Google defines the session duration as the time you spend on our site without leaving it. If you have been inactive for 20 minutes, the session ends automatically.
Bounce rate: A bounce occurs when you only view one page on our website and then leave our website again.
Account creation: When you create an account or place an order on our website, Google Analytics collects this data.
IP address: The IP address is only displayed in abbreviated form so that no clear assignment is possible.
Location: The IP address can be used to determine the country and your approximate location. This process is also known as IP location determination.
Technical information: The technical information includes your browser type, your internet provider or your screen resolution.
Source of origin: Google Analytics and we are of course also interested in which website or advertisement you came to our site from.
Other data includes contact details, any ratings, playing media (e.g. when you play a video on our site), sharing content via social media or adding to your favorites. The list is not exhaustive and only serves as a general guide to data storage by Google Analytics.
How long and where is the data stored?
Google has its servers distributed around the world. Most servers are located in America and consequently your data is mostly stored on American servers. You can find out exactly where the Google data centers are located here: https://www.google.com/about/datacenters/locations/?hl=de
Your data is distributed across various physical data carriers. This has the advantage that the data can be accessed more quickly and is better protected against manipulation. There are corresponding emergency programs for your data in every Google data center. If, for example, Google’s hardware fails or natural disasters paralyze servers, the risk of a service interruption at Google remains low.
The retention period of the data depends on the properties used. When using the newer Google Analytics 4 properties, the retention period for your user data is set to 14 months. For other so-called event data, we have the option of choosing a retention period of 2 months or 14 months.
For Universal Analytics properties, Google Analytics has a standard retention period of 26 months for your user data. Your user data will then be deleted. However, we have the option of choosing the retention period for user data ourselves. We have five options available for this:
In addition, there is also the option that data will only be deleted if you no longer visit our website within the period we have chosen. In this case, the retention period will be reset each time you visit our website again within the specified period.
When the specified period has expired, the data will be deleted once a month. This retention period applies to your data linked to cookies, user recognition and advertising IDs (e.g. cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a merging of individual data into a larger unit.
How can I delete my data or prevent data storage?
Under European Union data protection law, you have the right to receive information about your data, to update it, to delete it or to restrict it. You can use the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js) to prevent Google Analytics from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only deactivates data collection by Google Analytics.
If you generally want to deactivate, delete or manage cookies, you will find the corresponding links to the respective instructions for the most popular browsers under the “Cookies” section.
Legal basis
The use of Google Analytics requires your consent, which we have obtained with our cookie popup. According to Art. 6 Para. 1 lit. a GDPR (consent), this consent represents the legal basis for the processing of personal data, as may occur when data is collected using web analytics tools.
In addition to the consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. With the help of Google Analytics, we can detect errors on the website, identify attacks and improve profitability. The legal basis for this is Art. 6 Para. 1 lit. f GDPR (legitimate interests). However, we only use Google Analytics if you have given your consent.
Google processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.
Legality and security of data processing.
Google uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
We hope we have been able to provide you with the most important information about data processing by Google Analytics. If you want to find out more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.
Web design
Data processed: Which data is processed depends heavily on the services used. This usually includes IP address, technical data, language settings, browser version, screen resolution and browser name. You can find more details about this in the web design tools used.
Storage period: depends on the tools used
Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)
When you visit our website, web design elements can be integrated into our pages that can also process data. Of course, the exact data involved depends heavily on the tools used. Fonts such as Google Fonts, for example, automatically transfer information such as language settings, IP address, browser version, browser screen resolution and browser name to the Google servers.
Duration of data processing
How long data is processed is very individual and depends on the web design elements used. If cookies are used, for example, the storage period can be as little as a minute or as long as a few years. Please find out more about this. We recommend that you read our general text section on cookies and the privacy statements of the tools used. There you will usually find out which cookies are used exactly and what information is stored in them. Google font files, for example, are stored for one year. This is intended to improve the loading time of a website. In principle, data is only ever stored for as long as it is necessary to provide the service. If required by law, data can also be stored for longer.
Right of objection
You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. You can also prevent data collection through cookies by managing, deactivating or deleting cookies in your browser. However, there is also data under web design elements (mostly fonts) that cannot be deleted quite so easily. This is the case when data is automatically collected directly when a page is accessed and transmitted to a third-party provider (such as Google). In this case, please contact the support of the relevant provider. In the case of Google, you can reach support at https://support.google.com/?hl=de.
Legal basis
If you have consented to the use of web design tools, the legal basis for the corresponding data processing is this consent. According to Art. 6 Para. 1 lit. a GDPR (consent), this consent represents the legal basis for the processing of personal data, as may occur when collected by web design tools. We also have a legitimate interest in improving the web design on our website. After all, only then can we provide you with a beautiful and professional web offering. The corresponding legal basis for this is Art. 6 Para. 1 lit. f GDPR (legitimate interests). However, we only use web design tools if you have given your consent. We would like to emphasize this again here.
Information on specific web design tools – if available – can be found in the following sections.
Adobe Fonts
We use Adobe Fonts, a web font hosting service, on our website. The service provider is the American company Adobe Inc. The Irish company Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland, is responsible for the European area.
Adobe processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can entail various risks for the legality and security of data processing.
Adobe uses so-called standard contractual clauses (= Art. 46, Paragraphs 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Adobe undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
You can find more information about the data processed and the standard contractual clauses at Adobe at https://www.adobe.com/de/privacy/eudatatransfers.html.
Google Fonts Privacy Policy
Data processed: Data such as IP address and CSS and font requests
You can find more details about this further down in this privacy policy.
Storage period: Font files are stored by Google for one year
Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)
Google Fonts
We use Google Fonts on our website. These are the “Google fonts” from Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
You do not have to log in or enter a password to use Google fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don’t need to worry about your Google account data being sent to Google while you use Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will look at exactly how the data storage works in more detail.
With Google Fonts, we can use fonts on our own website and don’t have to upload them to our own server. Google Fonts is an important building block for keeping the quality of our website high. All Google fonts are automatically optimized for the web and this saves data volume and is a big advantage especially for use on mobile devices. When you visit our site, the small file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can partially distort texts or entire web pages. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We use Google Fonts so that we can present our entire online service as beautifully and consistently as possible.
What data is stored by Google?
When you visit our website, the fonts are reloaded via a Google server. This external call transmits data to the Google servers. This is how Google recognizes that you or your IP address are visiting our website. The Google Fonts API was developed to reduce the use, storage and collection of end user data to what is necessary for the proper provision of fonts. API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software sector.
Google Fonts stores CSS and font requests securely with Google and is therefore protected. The collected usage figures enable Google to determine how well the individual fonts are received. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google web service BigQuery to examine and move large amounts of data.
However, it should be noted that every Google Font request automatically transfers information such as language settings, IP address, browser version, browser screen resolution and browser name to Google servers. It is not clear whether this data is also stored or is not clearly communicated by Google.
How long and where is the data stored?
Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. This enables us to use the fonts with the help of a Google style sheet. A style sheet is a format template that can be used to quickly and easily change the design or font of a website, for example.
The font files are stored by Google for one year. Google’s goal is to fundamentally improve the loading time of websites. If millions of websites refer to the same fonts, they are cached after the first visit and immediately appear on all other websites visited later. Sometimes Google updates font files to reduce file size, increase language coverage and improve design.
How can I delete my data or prevent data storage?
The data that Google stores for a day or a year cannot simply be deleted. The data is automatically sent to Google when the page is accessed. To be able to delete this data early, you must contact Google Support at https://support.google.com/?hl=de&tid=112240225. In this case, you can only prevent data storage if you do not visit our site.
Unlike other web fonts, Google allows us unrestricted access to all fonts. This means we have unlimited access to a sea of fonts and can get the most out of our website. You can find out more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=112240225. Although Google addresses data protection-related issues there, it does not contain really detailed information about data storage. It is relatively difficult to get really precise information about stored data from Google.
Legal basis
If you have consented to the use of Google Fonts, the legal basis for the corresponding data processing is this consent. According to Art. 6 Para. 1 lit. a GDPR (consent), this consent represents the legal basis for the processing of personal data, as may occur when Google Fonts collects data.
We also have a legitimate interest in using Google Font to optimize our online service. The corresponding legal basis for this is Art. 6 Para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use Google Font if you have given your consent.
Google processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can involve various risks for the legality and security of data processing.
Google uses so-called standard contractual clauses (= Art. 46. Para. 2 and 3 GDPR) as the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard contractual clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which also correspond to the standard contractual clauses for Google Fonts, can be found at https://business.safety.google/adsprocessorterms/.
You can also read about which data is generally collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/.
Google Fonts Local Privacy Policy
On our website we use Google Fonts from Google Inc. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the European area. We have integrated the Google fonts locally, i.e. on our web server – not on Google’s servers. This means there is no connection to Google servers and therefore no data transfer or storage.
All texts are protected by copyright.
Source: Created with the data protection generator from AdSimple
