Information in accordance with §5 of the E-Commerce Act, §14 of the Unternehmensgesetzbuch, §63 of the Commercial Code and disclosure requirements under §25 of the Media Act.
Object of the company: Fremdenführerin
Phone: +43 / 676 / 692 16 64
Member of: Wirtschaftskammer Niederösterreich
Laws re. professions: Gewerbeordnung: www.ris.bka.gv.at
Supervisory/Trade authority: Bezirkshauptmannschaft Krems
Job title: staatlich geprüfte Fremdenführerin
Awarding country: Österreich
Table of Contents
- Automatic Data Retention
- Storage of Personal Data
- Rights in accordance with the General Data Protection Regulation
- TLS encryption with https
Unfortunately, these subjects sound rather technical due to their nature, but we have put much effort into describing the most important things as simply and clearly as possible.
Automatic Data Retention
Every time you visit a website nowadays, certain information is automatically created and saved, just as it happens on this website.
Whenever you visit our website such as you are doing right now, our webserver (computer on which this website is saved/stored) automatically saves data such as
- the address (URL) of the accessed website
- browser and browser version
- the used operating system
- the address (URL) of the previously visited site (referrer URL)
- the host name and the IP-address of the device the website is accessed from
- date and time
in files (webserver-logfiles).
Generally, webserver-logfiles stay saved for two weeks and then get deleted automatically. We do not pass this information to others, but we cannot exclude the possibility that this data will be looked at in case of illegal conduct.
Storage of Personal Data
Any personal data you electronically submit to us on this website, such as your name, email address, home address or other personal information you provide via the transmission of a form or via any comments to the blog, are solely used for the specified purpose and get stored securely along with the respective submission times and IP-address. These data do not get passed on to third parties.
Therefore, we use personal data for the communication with only those users, who have explicitly requested being contacted, as well as for the execution of the services and products offered on this website. We do not pass your personal data to others without your approval, but we cannot exclude the possibility this data will be looked at in case of illegal conduct.
If you send us personal data via email – and thus not via this website – we cannot guarantee any safe transmission or protection of your data. We recommend you, to never send confidential data via email.
Rights in accordance with the General Data Protection Regulation
- right to rectification (article 16 GDPR)
- right to erasure (“right to be forgotten“) (article 17 GDPR)
- right to restrict processing (article 18 GDPR)
- righ to notification – notification obligation regarding rectification or erasure of personal data or restriction of processing (article 19 GDPR)
- right to data portability (article 20 GDPR)
- Right to object (article 21 GDPR)
- right not to be subject to a decision based solely on automated processing – including profiling – (article 22 GDPR)
If you think that the processing of your data violates the data protection law, or that your data protection rights have been infringed in any other way, you can lodge a complaint with your respective regulatory authority. For Austria this is the data protection authority, whose website you can access at https://www.data-protection-authority.gv.at/.
TLS encryption with https
We use https to transfer information on the internet in a tap-proof manner (data protection through technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information. You can recognise the use of this safeguarding tool by the little lock-symbol, which is situated in your browser’s top left corner, as well as by the use of the letters https (instead of http) as a part of our web address.
On our website we use Google Fonts, from the company Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).
To use Google Fonts, you must log in and set up a password. Furthermore, no cookies will be saved in your browser. The data (CSS, Fonts) will be requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, all requests for CSS and fonts are fully separated from any other Google services. If you have a Google account, you do not need to worry that your Google account details are transmitted to Google while you use Google Fonts. Google records the use of CSS (Cascading Style Sheets) as well as the utilised fonts and stores these data securely. We will have a detailed look at how exactly the data storage works.
What are Google Fonts?
Google Fonts (previously Google Web Fonts) is a list of over 800 fonts which href=”https://en.wikipedia.org/wiki/Google?tid=121388718”>Google LLC provides its users for free.
Many of these fonts have been published under the SIL Open Font License license, while others have been published under the Apache license. Both are free software licenses.
Why do we use Google Fonts on our website?
With Google Fonts we can use different fonts on our website and do not have to upload them to our own server. Google Fonts is an important element which helps to keep the quality of our website high. All Google fonts are automatically optimised for the web, which saves data volume and is an advantage especially for the use of mobile terminal devices. When you use our website, the low data size provides fast loading times. Moreover, Google Fonts are secure Web Fonts. Various image synthesis systems (rendering) can lead to errors in different browsers, operating systems and mobile terminal devices. These errors could optically distort parts of texts or entire websites. Due to the fast Content Delivery Network (CDN) there are no cross-platform issues with Google Fonts. All common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) are supported by Google Fonts, and it reliably operates on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We also use Google Fonts for presenting our entire online service as pleasantly and as uniformly as possible.
Which data is saved by Google?
Whenever you visit our website, the fonts are reloaded by a Google server. Through this external cue, data gets transferred to Google’s servers. Therefore, this makes Google recognise that you (or your IP-address) is visiting our website. The Google Fonts API was developed to reduce the usage, storage and gathering of end user data to the minimum needed for the proper depiction of fonts. What is more, API stands for „Application Programming Interface“ and works as a software data intermediary.
Google Fonts stores CSS and font requests safely with Google, and therefore it is protected. Using its collected usage figures, Google can determine how popular the individual fonts are. Google publishes the results on internal analysis pages, such as Google Analytics. Moreover, Google also utilises data of ist own web crawler, in order to determine which websites are using Google fonts. This data is published in Google Fonts’ BigQuery database. Enterpreneurs and developers use Google’s webservice BigQuery to be able to inspect and move big volumes of data.
One more thing that should be considered, is that every request for Google Fonts automatically transmits information such as language preferences, IP address, browser version, as well as the browser’s screen resolution and name to Google’s servers. It cannot be clearly identified if this data is saved, as Google has not directly declared it.
How long and where is the data stored?
Google saves requests for CSS assets for one day in a tag on their servers, which are primarily located outside of the EU. This makes it possible for us to use the fonts by means of a Google stylesheet. With the help of a stylesheet, e.g. designs or fonts of a website can get changed swiftly and easily.
Any font related data is stored with Google for one year. This is because Google’s aim is to fundamentally boost websites’ loading times. With millions of websites referring to the same fonts, they are buffered after the first visit and instantly reappear on any other websites that are visited thereafter. Sometimes Google updates font files to either reduce the data sizes, increase the language coverage or to improve the design.
How can I delete my data or prevent it being stored?
The data Google stores for either a day or a year cannot be deleted easily. Upon opening the page this data is automatically transmitted to Google. In order to clear the data ahead of time, you have to contact Google’s support at https://support.google.com/?hl=en-GB&tid=121388718. The only way for you to prevent the retention of your data is by not visiting our website.
Unlike other web fonts, Google offers us unrestricted access to all its fonts. Thus, we have a vast sea of font types at our disposal, which helps us to get the most out of our website. You can find out more answers and information on Google Fonts at https://developers.google.com/fonts/faq?tid=121388718. While Google does address relevant elements on data protection at this link, it does not contain any detailed information on data retention.
It proofs rather difficult to receive any precise information on stored data by Google.
On https://policies.google.com/privacy?hl=en-GB you can read more about what data is generally collected by Google and what this data is used for.
On our website we use Google Fonts, from the company Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).
We integrated Google Fonts locally, so on our own webserver and not on Google’s servers. Hence, there is no connection to Google’s servers and consequently no data transfer or retention.
What are Google Fonts?
Google Fonts was previously called Google Web Fonts. It is an interactive list with over 800 fonts which Google LLC offer for free use. With the use of Google Fonts, it is possible to utilise fonts without uploading them to your own server. For that matter, in order to prevent any transfer of information to Google’s servers, we downloaded the fonts to our own server. This way we comply with the data privacy and do not transmit any data to Google Fonts.
Unlike other web fonts, Google offers us unrestricted access to all its fonts. Thus, we have a vast sea of font types at our disposal, which helps us to get the most out of our website. You can find out more answers and information on Google Fonts at https://developers.google.com/fonts/faq?tid=121388718.
What is reCAPTCHA?
Why do we use reCAPTCHA on our website?
We only want to welcome people from flesh and bones on our side and want bots or spam software of all kinds to stay away. Therefore, we are doing everything we can to stay protected and to offer you the highest possible user friendliness. For this reason, we use Google reCAPTCHA from Google. Thus, we can be pretty sure that we will remain a “bot-free” website. Using reCAPTCHA, data is transmitted to Google to determine whether you genuinely are human. reCAPTCHA thus ensures our website’s and subsequently your security. Without reCAPTCHA it could e.g. happen that a bot would register as many email addresses as possible when registering, in order to subsequently “spam” forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.
What data is stored by reCAPTCHA?
reCAPTCHA collects personal user data to determine whether the actions on our website are made by people. Thus, IP addresses and other data Google needs for its reCAPTCHA service, may be sent to Google. Within member states of the European Economic Area, IP addresses are almost always compressed before the data makes its way to a server in the USA.
Moreover, your IP address will not be combined with any other of Google’s data, unless you are logged into your Google account while using reCAPTCHA. Firstly, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed in your browser. Then reCAPTCHA sets an additional cookie in your browser and takes a snapshot of your browser window.
The following list of collected browser and user data is not exhaustive. Rather, it provides examples of data, which to our knowledge, is processed by Google.
- Referrer URL (the address of the page the visitor has come from)
- IP-address (z.B. 2126.96.36.199)
- Information on the operating system (the software that enables the operation of your computers. Popular operating systems are Windows, Mac OS X or Linux)
- Cookies (small text files that save data in your browser)
- Mouse and keyboard behaviour (every action you take with your mouse or keyboard is stored)
- Date and language settings (the language and date you have set on your PC is saved)
- Screen resolution (shows how many pixels the image display consists of)
Google may use and analyse this data even before you click on the “I am not a robot” checkmark. In the Invisible reCAPTCHA version, there is no need to even tick at all, as the entire recognition process runs in the background. Moreover, Google have not given details on what information and how much data they retain.
The following cookies are used by reCAPTCHA: With the following list we are referring to Google’s reCAPTCHA demo version at https://www.google.com/recaptcha/api2/demo.
For tracking purposes, all these cookies require a unique identifier. Here is a list of cookies that Google reCAPTCHA has set in the demo version:
Purpose:This cookie is set by DoubleClick (which is owned by Google) to register and report a user’s interactions with advertisements. With it, ad effectiveness can be measured, and appropriate optimisation measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiry date: after one year
Purpose: This cookie collects website usage statistics and measures conversions. A conversion e.g. takes place, when a user becomes a buyer. The cookie is also used to display relevant adverts to users. Furthermore, the cookie can prevent a user from seeing the same ad more than once.
Expiry date: after one month
Purpose:We could not find out much about this cookie. In Google’s privacy statement, the cookie is mentioned in connection with “advertising cookies” such as “DSID”, “FLC”, “AID” and “TAID”. ANID is stored under the domain google.com.
Expiry date: after 9 months
Purpose: This cookie stores the status of a user’s consent to the use of various Google services. CONSENT also serves to prevent fraudulent logins and to protect user data from unauthorised attacks.
Expiry date: after 19 years
Purpose: Google uses NID to customise advertisements to your Google searches. With the help of cookies, Google “remembers” your most frequently entered search queries or your previous ad interactions. Thus, you always receive advertisements tailored to you. The cookie contains a unique ID to collect users’ personal settings for advertising purposes.
Expiry date: after 6 months
Purpose: This cookie is set when you tick the “I am not a robot” checkmark. Google Analytics uses the cookie personalised advertising. DV collects anonymous information and is also used to distinct between users.
Expiry date: after 10 minutes
Note: We do not claim for this list to be extensive, as Google often change the choice of their cookies.
How long and where are the data stored?
Due to the integration of reCAPTCHA, your data will be transferred to the Google server. Google have not disclosed where exactly this data is stored, despite repeated inquiries. But even without confirmation from Google, it can be assumed that data such as mouse interaction, length of stay on a website or language settings are stored on the European or American Google servers. The IP address that your browser transmits to Google does generally not get merged with other Google data from the company’s other services.
How can I delete my data or prevent data storage?
If you want to prevent any data about you and your behaviour to be transmitted to Google, you must fully log out of Google and delete all Google cookies before visiting our website or use the reCAPTCHA software. Generally, the data is automatically sent to Google as soon as you visit our website. To delete this data, you must contact Google Support at https://support.google.com/?hl=en-GB&tid=121388718.
If you use our website, you agree that Google LLC and its representatives automatically collect, edit and use data.
We use jQuery CDN services by the jQuery Foundation to deliver our website and our subpages to you quickly and easily on different devices. jQuery is distributed via the Content Delivery Network (CDN) of the American software company StackPath (LCC 2012 McKinney Ave. Suite 1100, Dallas, TX 75201, USA). This service stores, manages and processes your personal data.
A content delivery network (CDN) is a network of regionally distributed servers that are connected to each other via the Internet. Through this network content and especially very large files, can be delivered quickly – even in peak demand periods.
StackPath is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information at https://www.privacyshield.gov/participant?id=a2zt0000000CbahAAC&status=Active.
Also, you can find more information about StackPath’s data protection at https://www.stackpath.com/legal/privacy-statement/ and jQuery’s data protection at https://openjsf.org/wp-content/uploads/sites/84/2019/11/OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf.
In order to be able to deliver all the individual sub-pages of our website to you quickly and securely on all devices, we use the Content Delivery Network (CDN) BootstrapCDN of the American software company StackPath, LLC 2012 McKinney Ave. Suite 1100, Dallas, TX 75201, USA.
A content delivery network (CDN) is a network of regionally distributed servers that are connected to each other via the Internet. Through this network, content – especially very large files, can be delivered quickly, even with large peak loads.
StackPath is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. More information on this can be found at https://www.privacyshield.gov/participant?id=a2zt0000000CbahAAC&status=Active.
More information on data protection at StackPath or BootstrapCDN can be found at https://www.bootstrapcdn.com/privacy-policy/.