Privacy Policy

Introduction and Overview

We have drafted this Privacy Policy (Version September 8, 2025-123048907) to inform you, in accordance with the provisions of the the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter ‘data’) we, as the controller – and the processors commissioned by us (e.g., providers) – process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We comprehensively inform you about the data we process about you.

Privacy policies usually sound very technical and use legal jargon. This Privacy Policy, however, aims to describe the most important things to you as simply and transparently as possible. To promote transparency, technical  terms are explained in a reader-friendly manner, links to further information are provided, and graphics are used. We thus inform you in clear and simple language that, within the scope of our business activities, we only process personal data when there is a corresponding legal basis. This is certainly not possible if one provides explanations that are as brief, unclear, and legal-technical as they often are on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information you were not yet aware of.
If you still have questions, we kindly ask you to contact the responsible body mentioned below or in the imprint, to follow the provided links, and to view further information on third-party sites. Our contact details can, of course, also be found in the imprint.

Scope

This Privacy Policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data, we mean information in the sense of Art. 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill for our services and products, whether online or offline. The scope of this Privacy Policy includes:

  • all online presences (websites, online shops) that we operate
  • Social media presences and email communication
  • mobile apps for smartphones and other devices

In short: This Privacy Policy applies to all areas where personal data is processed structurally within the company via the channels mentioned. Should we enter into legal relationships with you outside these channels, we will inform you separately if necessary.

Legal Bases

In the following Privacy Policy, we provide you with transparent information on the legal principles and regulations, i.e., the legal bases of the General Data Protection Regulation, which enable us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at  https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

  1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered contact form data.
  2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a purchase agreement with you, we require personal information beforehand.
  3. Legal Obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to retain invoices for accounting purposes. These usually contain personal data.
  4. Legitimate Interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Further conditions such as the performance of tasks carried out in the public interest and the exercise of official authority, as well as the protection of vital interests, generally do not apply to us. Should such a legal basis nevertheless be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
  • In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If further regional or national laws apply, we will inform you about them in the following sections.

Contact Details of the Controller

Should you have any questions regarding data protection or the processing of personal data, you will find the contact details of the controller below, in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR):

Gernot Schmerlaib
info@migliorart.com

Imprint: www.migliorart.com/impressum

Storage Duration

That we only store personal data for as long as is absolutely necessary for the provision of our services and products is a general criterion for us. This means that we delete personal data as soon as the reason for data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased, for example, for accounting purposes.

Should you wish for your data to be deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and as long as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing further below, provided we have more information on it.

Rights According to the General Data Protection Regulation

According to Articles 13, 14 GDPR, we inform you about the following rights that you are entitled to, to ensure fair and transparent data processing:

  • According to Article 15 GDPR, you have a right to information about whether we process your data. If this is the case, you have the right to receive a copy of the data and to know the following information:
    • for what purpose we carry out the processing;
    • the categories, i.e., the types of data that are processed;
    • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
    • how long the data is stored;
    • the existence of the right to rectification, erasure, or restriction of processing and the right to object to processing;
    • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
    • the origin of the data, if we did not collect it from you;
    • whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
  • According to Article 16 GDPR, you have a right to rectification of data, which means that we must correct data if you find errors.
  • According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the deletion of your data.
  • According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
  • According to Article 20 GDPR, you have the right to data portability, which means that we will provide your data to you in a common format upon request.
  • According to Article 21 GDPR, you have a right to object, which, if exercised, leads to a change in processing.
    • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.
    • If data is used for direct marketing, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
    • If data is used for profiling, you can object to this type of data processing at any time. We may then no longer use your data for profiling.
  • According to Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (e.g., profiling).
  • According to Article 77 GDPR, you have the right to lodge a complaint. This means you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority, whose website you can find at  https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the  Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible:

Website Builder Systems Introduction

Website Builder Systems Privacy Policy Summary
👥 Data Subjects: Website visitors
🤝 Purpose: Optimization of our services
📓 Processed Data: Data such as technical usage information like browser activity, clickstream activities, session heatmaps, as well as contact details, IP address, or your geographical location. More details can be found further down in this Privacy Policy and in the privacy policies of the providers.
📅 Storage Duration: depends on the provider
⚖️ Legal Bases: Art. 6(1)(f) GDPR (Legitimate Interests), Art. 6(1)(a) GDPR (Consent)

What are Website Builder Systems?

We use a website builder system for our website. Builder systems are special forms of a Content Management System (CMS). With a builder system, website operators can easily create a website without programming knowledge. In many cases, web hosts also offer builder systems. By using a builder system, your personal data can also be collected, stored, and processed. In this privacy text, we provide you with general information about data processing by builder systems. More detailed information can be found in the privacy policies of the providers.

Why Do We Use Website Builder Systems for our Website?

The biggest advantage of a builder system is its ease of use. We want to offer you a clear, simple, and well-arranged website that we can easily operate and maintain ourselves – without external support. A builder system now offers many helpful functions that we can use even without programming knowledge. This allows us to design our web presence according to our wishes and offer you an informative and pleasant time on our website.

What Data is Stored by a Builder System?

Exactly what data is stored naturally depends on the website builder system used. Each provider processes and collects different data from the website visitor. However, technical usage information such as operating system, browser, screen resolution, language and keyboard settings, hosting provider, and the date of your website visit are usually collected. Furthermore, tracking data (e.g., browser activity, clickstream activities, session heatmaps, etc.) can also be processed. In addition, personal data can also be collected and stored. This usually includes contact data such as email address, phone number (if you have provided it), IP address, and geographical location data. You can find out exactly what data is stored in the provider’s privacy policy.

How Long and where is the Data Stored?

We will inform you about the duration of data processing further below in connection with the website builder system used, provided we have more information on it. You can find detailed information about this in the provider’s privacy policy. In general, we only process personal data for as long as is absolutely necessary for the provision of our services and products. It is possible that the provider stores your data according to their own standards, over which we have no influence.

Right to Object

You always have the right to information, rectification, and erasure of your personal data. If you have any questions, you can also contact the controller of the website builder system used at any time. Contact details can be found either in our privacy policy or on the website of the respective provider.

You can delete, disable, or manage cookies that providers use for their functions in your browser. Depending on the browser you use, this works in different ways. Please note, however, that not all functions may then work as usual.

Legal Basis

We have a legitimate interest in using a website builder system to optimize our online service and present it to you efficiently and user-friendly. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (Legitimate Interests). However, we only use the builder system insofar as you have given your consent.

Insofar as the processing of data is not absolutely necessary for the operation of the website, the data will only be processed based on your consent. This particularly concerns tracking activities. The legal basis in this respect is Art. 6 para. 1 lit. a GDPR.

With this Privacy Policy, we have provided you with the most important general information regarding data processing. If you wish to learn more about this, you will find further information – if available – in the following section or in the provider’s privacy policy.

WordPress.Com Privacy Policy

WordPress.com Privacy Policy Summary
👥 Data Subjects: Website visitors
🤝 Purpose: Optimization of our services
📓 Processed Data: Data such as technical usage information like browser activity, clickstream activities, session heatmaps, as well as contact details, IP address, or your geographical location. More details can be found further down in this Privacy Policy.
📅 Storage Duration: It primarily depends on the type of data stored and the specific settings.
⚖️ Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is WordPress?

We use the well-known Content Management System WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

The company was founded in 2003 and quickly developed into one of the most well-known Content Management Systems (CMS) worldwide. A CMS is software that helps us design our website and present content beautifully and in an organized manner. Content can include text, audio, and video.
By using WordPress, your personal data can also be collected, stored, and processed. Generally, mainly technical data such as operating system, browser, screen resolution, or hosting provider are stored. However, personal data such as IP address, geographical data, or contact data can also be processed.

Why Do We Use WordPress on our Website?

We have many strengths, but actual programming is simply not one of our core competencies.

Nevertheless, we want to have a powerful and attractive website that we can manage and maintain ourselves. This is exactly what is possible with a website builder system or a content management system like WordPress. With WordPress, we don’t have to be programming experts to offer you a beautiful website. Thanks to WordPress, we can manage our website quickly and easily even without technical knowledge. If technical problems arise or we have special requests for our website, we still have our specialists who are at home with HTML, PHP, CSS, and the like.

Thanks to the easy usability and comprehensive features of WordPress, we can design our web presence according to our wishes and offer you a good user experience.

What Data is Processed by WordPress?

Non-personal data includes technical usage information such as browser activity, clickstream activities, session heatmaps, and data about your computer, operating system, browser, screen resolution, language and keyboard settings, internet provider, and date of page visit.

In addition, personal data is also collected. This primarily includes contact data (email address or phone number, if you provide them), IP address, or your geographical location.

WordPress can also use cookies to collect data. These often record data about your behavior on our website. For example, it can record which subpages you particularly like to view, how long you stay on individual pages, when you leave a page again (bounce rate), or which preferences (e.g., language selection) you have made. Based on this data, WordPress can also better adapt its marketing measures to your interests and user behavior. Consequently, the next time you visit our website, it will be displayed to you as you previously set it.

WordPress can also use technologies such as pixel tags (web beacons) to, for example, clearly identify you as a user and potentially offer interest-based advertising.

How Long and where is the Data Stored?

How long the data is stored depends on various factors. Specifically, it depends primarily on the type of data stored and the specific website settings. Generally, data in WordPress is deleted when it is no longer needed for its own purposes. Of course, there are exceptions, especially when legal obligations require longer data retention. Web server logs containing your IP address and technical data are deleted by WordPress or Automattic after 30 days. Automattic uses the data for this period to analyze traffic on its own websites (e.g., all WordPress sites) and resolve potential issues. Deleted content on WordPress websites is also kept in the trash for 30 days to allow for recovery; after that, it may remain in backups and caches until these are deleted. The data is stored on Automattic’s American servers.

How Can I Delete My Data or Prevent Data Storage?

You have the right and the option at any time to access your personal data and object to its use and processing. You can also file a complaint with a state supervisory authority at any time.

In your browser, you also have the option to individually manage, delete, or disable cookies. Please note, however, that disabled or deleted cookies may have negative effects on the functionality of our WordPress site. Depending on the browser you use, managing cookies works slightly differently. Under the “Cookies” section, you will find the corresponding links to the respective instructions for the most popular browsers.

Legal Basis

If you have consented to the use of WordPress, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when collected by WordPress.

Furthermore, we have a legitimate interest in using WordPress to optimize our online service and present it attractively to you. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interests). Nevertheless, we only use WordPress insofar as you have given your consent.

WordPress, or Automattic, processes your data, among other places, in the USA. Automattic is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at  https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Automattic uses so-called Standard Contractual Clauses (= Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are model templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Automattic commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other places, here:  https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More details on the privacy policy and what data is processed by WordPress and in what way, can be found at https://automattic.com/privacy/.

Web Analytics Introduction

Web Analytics Privacy Policy Summary
👥 Data Subjects: Website visitors
🤝 Purpose: Evaluation of visitor information for optimizing the website offering.
📓 Processed Data: Access statistics, which include data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. More details can be found with the respective Web Analytics Tool used.
📅 Storage Duration: depends on the Web Analytics Tool used
⚖️ Legal basis: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (f) GDPR (Legitimate interests)

What is Web Analytics?

On our website, we use software for evaluating the behavior of website visitors, commonly known as Web Analytics or Web Analysis. This involves collecting data that the respective analytics tool provider (also called a tracking tool) stores, manages, and processes. With the help of this data, analyses of user behavior on our website are created and made available to us as website operators. Additionally, most tools offer various testing options. For example, we can test which offers or content are most popular with our visitors. To do this, we show you two different offers for a limited period. After the test (a so-called A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytics procedures, user profiles can also be created, and the data can be stored in cookies.

Why Do We Use Web Analytics?

With our website, we have a clear goal in mind: we want to deliver the best web offering on the market for our industry. To achieve this goal, we want to offer the best and most interesting content, and on the other hand, ensure that you feel completely comfortable on our website. With the help of web analysis tools, we can examine the behavior of our website visitors more closely and then improve our web offering for both you and us accordingly. For example, we can see the average age of our visitors, where they come from, when our website is most visited, or which content or products are particularly popular. All this information helps us to optimize the website and thus best adapt it to your needs, interests, and wishes.

What Data is Processed?

Exactly what data is stored naturally depends on the analysis tools used. However, typically, data such as which content you view on our website, which buttons or links you click, when you access a page, which browser you use, which device (PC, tablet, smartphone, etc.) you use to visit the website, or which computer system you use is stored. If you have consented to the collection of location data, this can also be processed by the web analysis tool provider.

In addition, your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are personal data. However, your IP address is usually stored pseudonymized (i.e., in an unrecognizable and shortened form). For the purpose of testing, web analysis, and web optimization, no direct data such as your name, age, address, or email address is generally stored. All such data, if collected, is stored pseudonymized. This way, you cannot be identified as a person.

The following example schematically shows how Google Analytics works as an example of client-based web tracking with JavaScript code.

Schematic Data Flow in Google Analytics

How long the respective data is stored always depends on the provider. Some cookies store data for only a few minutes or until you leave the website again, while other cookies can store data for several years.

Data Processing Duration

We will inform you about the duration of data processing further below, provided we have more information. Generally, we process personal data only for as long as it is absolutely necessary for the provision of our services and products. If it is legally required, for example, in the case of accounting, this storage period may also be exceeded.

Right to Object

You also have the right and the option at any time to withdraw your consent to the use of cookies or third-party providers. This works either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Legal Basis

The use of Web Analytics requires your consent, which we obtained with our cookie popup. This consent constitutes, according to  Art. 6 (1) (a) GDPR (Consent)  serves as the legal basis for the processing of personal data, as may occur when collected by web analytics tools.

In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors to technically and economically improve our offering. With the help of web analytics, we can identify website errors, detect attacks, and improve economic efficiency. The legal basis for this is  Art. 6 para. 1 lit. f GDPR (legitimate interests) . Nevertheless, we only use the tools insofar as you have given your consent.

Since Web Analytics tools use cookies, we also recommend reading our general privacy policy on cookies. To find out exactly what data of yours is stored and processed, you should read the privacy policies of the respective tools.

Information on specific Web Analytics tools can be found – if available – in the following sections.

Cookie Consent Management Platform Summary
👥 Data Subjects: Website Visitors
🤝 Purpose: Obtaining and managing consent for certain cookies and thus the use of certain tools
📓 Processed Data: Data for managing the configured cookie settings such as IP address, time of consent, type of consent, individual consents. More details can be found with the respective tool used.
📅 Storage Duration: Depends on the tool used; expect periods of several years.
⚖️ Legal basis: Art. 6 (1) (a) GDPR (Consent), Art. 6 (1) (f) GDPR (Legitimate interests)

What is a Cookie Consent Management Platform?

On our website, we use Consent Management Platform (CMP) software, which facilitates the correct and secure handling of scripts and cookies used for both us and you. The software automatically creates a cookie popup, scans and controls all scripts and cookies, provides a legally required cookie consent for you, and helps both us and you keep track of all cookies. Most Cookie Consent Management tools identify and categorize all existing cookies. As a website visitor, you then decide whether or not to allow which scripts and cookies. The following graphic illustrates the relationship between the browser, web server, and CMP.

Consent Management Platform Overview

Why Do We Use a Cookie Management Tool?

Our goal is to offer you the best possible transparency in data protection. Furthermore, we are legally obliged to do so. We want to inform you as thoroughly as possible about all tools and cookies that can store and process your data. It is also your right to decide for yourself which cookies you accept and which you do not. To grant you this right, we first need to know exactly which cookies have landed on our website. Thanks to a cookie management tool that regularly scans the website for all existing cookies, we are aware of all cookies and can provide you with GDPR-compliant information about them. Through the consent system, you can then accept or reject cookies.

What Data is Processed?

Within our cookie management tool, you can manage each individual cookie yourself and have full control over the storage and processing of your data. Your consent declaration is stored so that we do not have to ask you every time you visit our website and so that we can prove your consent, if legally necessary. This is stored either in an opt-in cookie or on a server. The storage duration of your cookie consent varies depending on the provider of the cookie management tool. Most often, this data (such as pseudonymous user ID, time of consent, detailed information on cookie categories or tools, browser, device information) is stored for up to two years.

Data Processing Duration

We will inform you about the duration of data processing further below, provided we have more information. Generally, we process personal data only for as long as it is absolutely necessary for the provision of our services and products. Data stored in cookies is retained for varying lengths of time. Some cookies are deleted immediately after you leave the website, while others can remain stored in your browser for several years. The exact duration of data processing depends on the tool used; usually, you should expect a storage period of several years. You will generally find precise information about the duration of data processing in the respective privacy policies of the individual providers.

Right to Object

You also have the right and the option at any time to withdraw your consent to the use of cookies. This works either through our cookie management tool or through other opt-out functions. For example, you can also prevent data collection by cookies by managing, disabling, or deleting cookies in your browser.

Information on specific Cookie Management tools can be found – if available – in the following sections.

Legal Basis

If you consent to cookies, personal data about you will be processed and stored via these cookies. If, through your  consent (Article 6 (1) (a) GDPR) allows us to use cookies, this consent also simultaneously serves as the legal basis for the use of cookies and/or the processing of your data. To manage cookie consent and enable you to give consent, a Cookie Consent Management Platform software is used. The use of this software allows us to operate the website efficiently and in compliance with the law, which constitutes a  legitimate interest (Article 6 (1) (f) GDPR).

Explanation of Terms Used

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially with technical and legal topics. It often makes sense to use legal terms (e.g., personal data) or certain technical expressions (e.g., cookies, IP address). However, we do not want to use them without explanation. Below you will find an alphabetical list of important terms used that we may not have sufficiently addressed in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also list the GDPR texts here and add our own explanations where necessary.

Processor

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to controllers, there can also be so-called processors. This includes any company or person who processes personal data on our behalf. Processors can therefore include, in addition to service providers such as tax consultants, also hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Consent

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: Typically, on websites, such consent is obtained via a cookie consent tool. You are certainly familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to or consent to data processing. Most of the time, you can also make individual settings and thus decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data about you may be processed. In principle, consent can, of course, also be given in writing, i.e., not via a tool.

Personal Data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Explanation: Personal data are therefore all those data that can identify you as a person. These are usually data such as:

  • Name
  • Address
  • Email address
  • Postal address
  • Phone number
  • Date of birth
  • Identification numbers such as social security number, tax identification number, ID card number, or matriculation number
  • Bank details such as account number, credit information, account balances, and much more.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can determine at least the approximate location of your device and subsequently you as the account holder based on your IP address. Therefore, storing an IP address also requires a legal basis within the meaning of the GDPR. There are also so-called  “special categories” of personal data, which are also particularly worthy of protection. These include:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetic data, such as data obtained from blood or saliva samples
  • biometric data (these are information about psychological, physical, or behavioral characteristics that can identify a person).
    health data
  • data concerning sexual orientation or sex life

Profiling

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

Explanation: In profiling, various information about a person is collected to learn more about that person. In the web sector, profiling is often used for advertising purposes or credit checks. Web and advertising analytics programs, for example, collect data about your behavior and interests on a website. This results in a special user profile, with the help of which advertising can be specifically targeted to an audience.

Controller

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for the processing of your personal data and are therefore the “Controller”. If we pass on collected data to other service providers for processing, these are “Processors”. For this, a “Data Processing Agreement (DPA)” must be signed.

Processing

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Note: When we speak of processing in our privacy policy, we mean any type of data processing. This includes, as mentioned above in the original GDPR explanation, not only the collection but also the storage and processing of data.

All texts are protected by copyright.

Source: Privacy Policy created with the Privacy Policy Generator for Austria by AdSimple