top of page

Privacy Policy

Preamble

With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter also referred to shortly as "data") that we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the provision of our services and especially on our websites, mobile applications, and external online presences, such as our social media profiles (hereinafter collectively referred to as the "online offering").

The terms used are not gender-specific.

Effective Date: November 1, 2023 Controller

Sarah Shrestha, MSc

Am Rababach 33

9020 Klagenfurt Austria

Email Address:

shrestha.sarah@gmail.com

Overview of Processing Activities

The following overview summarizes the types of processed data, the purposes of their processing, and refers to the affected individuals. Types of Processed Data

Location data, contact data, content data, usage data, meta-, communication, and procedural data Categories of Data Subjects

Communication partners, users Purposes of Processing

Contact inquiries and communication, security measures, reach measurement, management and response to inquiries, feedback, marketing, profiles with user-related information, provision of our online offering and user-friendliness, information technology infrastructure

Relevant legal bases according to the GDPR: Below, you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or domicile may apply. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

Consent (Art. 6(1) lit. a) GDPR) - The data subject has given consent to the processing of their personal data for a specific purpose or purposes. Contractual performance and pre-contractual inquiries (Art. 6(1) lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures requested by the data subject. Legitimate interests (Art. 6(1) lit. f) GDPR) - Processing is necessary to protect the legitimate interests of the controller or a third party, except where the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, override those legitimate interests.

National data protection regulations in Austria: In addition to the GDPR, there are national data protection regulations in Austria. This includes the Austrian Data Protection Act (Datenschutzgesetz – DSG). The Data Protection Act contains special provisions, in particular regarding the right to information, the right to correction or deletion, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making in individual cases.

Note on the applicability of GDPR and Swiss DPA: These data protection notices serve both to provide information according to the Swiss Federal Act on Data Protection (Swiss DPA) and the General Data Protection Regulation (GDPR). For this reason, please note that, due to broader spatial application and comprehensibility, the terms of the GDPR are used. In particular, the terms used in the Swiss DPA, such as "processing" of "personal data," "overriding interest," and "particularly sensitive personal data," are replaced by the terms "processing" of "personal data," "legitimate interest," and "special categories of data" used in the GDPR. However, the legal meaning of these terms is still determined within the scope of the applicability of the Swiss DPA according to the Swiss DPA.

Security Measures

In accordance with legal requirements and considering the state of technology, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, availability, and separation thereof. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. Additionally, we consider the protection of personal data already in the development or selection of hardware, software, and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

TLS/SSL Encryption (https): To protect user data transmitted through our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.

Transmission of Personal Data

In the course of our processing of personal data, it may occur that data is transmitted to other entities, companies, legally independent organizational units, or individuals or disclosed to them. Recipients of this data may include, for example, IT service providers or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.

Data Transmission within the Organization: We may transmit personal data to other units within our organization or grant them access to this data. If this transmission is for administrative purposes, the transfer of data is based on our legitimate business and operational interests or occurs if it is necessary for the fulfillment of our contractual obligations or if there is consent from the data subjects or a legal permission.

Use of Cookies

Cookies are small text files or other storage markers that store information on end devices and retrieve information from end devices. For example, they may store the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or the functions used in an online offering. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as generating analyses of visitor traffic.

Information on Consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not legally required. Consent is not necessary, in particular, when storing and retrieving information, including cookies, is absolutely necessary to provide users with a telemedia service expressly requested by them (i.e., our online offering). Cookies that are usually considered strictly necessary include cookies with functions related to the display and functionality of the online offering, load balancing, security, storage of user preferences and choices, or similar purposes related to providing the main and ancillary functions of the online offering requested by users. Revocable consent is clearly communicated to users and includes information about the respective use of cookies.

Information on Data Protection Legal Bases:

The processing of users' personal data using cookies is based on whether we request consent from users. If users consent, the legal basis for processing their data is the declared consent. Otherwise, data processed using cookies is based on our legitimate interests (e.g., in the operational operation of our online offering and improving its usability) or, if the use of cookies is necessary for the fulfillment of our contractual obligations, to fulfill our contractual obligations. The purposes for which we process cookies will be clarified in this privacy policy or as part of our consent and processing processes.

Storage Duration: Regarding the storage duration, the following types of cookies are distinguished:

Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g., browser or mobile application).

Permanent Cookies: Permanent cookies remain stored even after the end device is closed. For example, login status can be saved, or preferred content can be displayed directly when the user revisits a website. Likewise, data collected from users using cookies can be used for reach measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent, and the storage duration can be up to two years.

General Information on Revocation and Objection (Opt-Out): Users can revoke their given consents at any time and object to processing in accordance with legal requirements. Users can restrict the use of cookies in their browser settings (which may also limit the functionality of our online offering). Objection to the use of cookies for online marketing purposes can also be declared on the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Legal Bases: Legitimate interests (Art. 6(1) lit. f) GDPR). Consent (Art. 6(1) lit. a) GDPR).

Additional Information on Processing Processes, Procedures, and Services:

Processing of Cookie Data Based on Consent: We use a cookie consent management procedure in which users' consents to the use of cookies or the processing and providers mentioned as part of the cookie consent management procedure can be obtained, managed, and revoked by users. The consent declaration is stored to avoid having to repeat the query and to be able to prove the consent in accordance with legal obligations. Storage can be done server-side and/or in a cookie (so-called opt-in cookie or using comparable technologies) to be able to assign the consent to a user or their device. Subject to individual information about providers of cookie management services, the following information applies: The storage duration of the consent can be up to two years. In this process, a pseudonymous user identifier is generated and stored with the time of consent, information about the scope of consent (e.g., which categories of cookies and/or service providers), and the browser, system, and device used; Legal basis: Consent (Art. 6(1) lit. a) GDPR).

Provision of Online Services and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

  • Processed Data Types:

    • Usage data (e.g., visited web pages, interest in content, access times)

    • Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status)

    • Content data (e.g., entries in online forms)

  • Data Subjects:

    • Users (e.g., website visitors, users of online services)

  • Purposes of Processing:

    • Provision of our online offering and user-friendliness

    • Information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.)

    • Security measures

  • Legal Bases:

    • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

Further Information on Processing Processes, Procedures, and Services:

  • Provision of Online Offering on Rented Storage Space:

    • For providing our online offering, we use storage space, computing capacity, and software obtained from a server provider (also known as "web hoster").

    • Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

  • Collection of Access Data and Logfiles:

    • Access to our online offering is logged in "Server Logfiles." These may include the address and name of accessed web pages and files, date and time of access, transferred data volumes, success message of access, browser type and version, the user's operating system, referrer URL (previously visited page), and typically, IP addresses and the requesting provider.

    • Server logfiles may be used for security purposes, such as avoiding server overload (especially in the case of abusive attacks like DDoS attacks) and ensuring the server's load and stability.

    • Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

    • Data Deletion: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data required for evidence purposes is excluded from deletion until the respective incident is conclusively clarified.

  • Wix: Hosting and Software for Website, Blog, and Other Online Offerings:

    • Service Provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel

    • Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

    • Website: Wix

    • Privacy Policy: Wix Privacy Policy

    • Data Processing Agreement: Wix Data Processing Agreement

    • Basis for Data Transfer to Third Countries: EU-US Data Privacy Framework (DPF)

    • Additional Information: As part of the services provided by Wix, data may be transmitted to Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA, based on standard contractual clauses or an equivalent data protection guarantee in the context of further processing on behalf of Wix.

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, phone, or via social media) and within existing user and business relationships, the information of the inquiring individuals is processed to the extent necessary to respond to contact inquiries and any requested measures.

  • Processed Data Types:

    • Contact details (e.g., email, phone numbers)

    • Content data (e.g., entries in online forms)

    • Usage data (e.g., visited web pages, interest in content, access times)

    • Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status)

  • Data Subjects:

    • Communication partners

  • Purposes of Processing:

    • Contact inquiries and communication

    • Management and response to inquiries

    • Feedback (e.g., collecting feedback via online form)

    • Provision of our online offering and user-friendliness

  • Legal Bases:

    • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

    • Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR)

Further Information on Processing Processes, Procedures, and Services:

  • Contact Form:

    • When users contact us through our contact form, email, or other communication channels, we process the data provided in this context to handle the stated concerns.

    • Legal Bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as "reach measurement") serves to evaluate the visitor flows of our online offering and may include pseudonymous values such as behavior, interests, or demographic information about visitors, such as age or gender. With the help of reach analysis, we can recognize, for example, at what time our online offering or its functions or content are most frequently used or invite reuse. Likewise, we can track which areas need optimization.

In addition to web analysis, we may also use test procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles may be created for these purposes, i.e., data summarized for a usage process, and information may be stored and read from this in a browser or end device. The information collected includes, in particular, visited web pages and elements used there, as well as technical information such as the browser used, the computer system used, and information about usage times. If users have agreed to the collection of their location data to us or the providers of the services we use, location data can also be processed.

IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, clear user data (such as email addresses or names) is not stored in the context of web analysis, A/B testing, and optimization, but pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, only the information stored in their profiles for the purposes of the respective procedures.

  • Processed Data Types:

    • Usage data (e.g., visited web pages, interest in content, access times)

    • Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status)

  • Data Subjects:

    • Users (e.g., website visitors, users of online services)

  • Purposes of Processing:

    • Reach measurement (e.g., access statistics, detection of recurring visitors)

    • Profiles with user-related information (creation of user profiles)

    • Provision of our online offering and user-friendliness

  • Security Measures:

    • IP masking (pseudonymization of the IP address)

  • Legal Bases:

    • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

Further Information on Processing Processes, Procedures, and Services:

  • Google Analytics 4:

    • We use Google Analytics to measure and analyze the usage of our online offering based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It is used to assign analysis information to an end device, to recognize which content users have accessed within one or more usage processes, which search terms they have used, revisited, or interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users referring to our online offering and technical aspects of their end devices and browsers. Pseudonymous profiles of users are created with information from the use of various devices, and cookies may be used. Google Analytics does not log and store individual IP addresses for EU users. However, Analytics provides rough geographical location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, not accessible, and not used for further purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: Google Analytics; Privacy Policy: Google Privacy Policy; Data Processing Agreement: Google Ads Data Processing Terms; Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (Google Ads Data Processing Terms); Opt-Out: Opt-Out Plugin, Settings for Displaying Ad Inserts: Ad Settings. More Information: Google Ads Services (Types of processing and processed data).

Presence on Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with active users or to provide information about us.

Please note that user data may be processed outside the European Union. This may pose risks to users because, for example, the enforcement of user rights could be made more difficult.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created based on user behavior and resulting interests. These user profiles can, in turn, be used to display advertisements within and outside the networks that presumably correspond to the users' interests. For these purposes, cookies are usually stored on users' computers, storing user behavior and interests. Furthermore, data may be stored in user profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in).

For a detailed presentation of the respective processing methods and options for objection (opt-out), we refer to the privacy policies and information of the operators of the respective networks.

Also, in the case of information requests and the assertion of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. If you still need assistance, you can contact us.

  • Processed Data Types:

    • Contact data (e.g., email, phone numbers)

    • Content data (e.g., entries in online forms)

    • Usage data (e.g., visited web pages, interest in content, access times)

    • Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status)

  • Data Subjects:

    • Users (e.g., website visitors, users of online services)

  • Purposes of Processing:

    • Contact requests and communication

    • Feedback (e.g., collecting feedback via online form)

    • Marketing

  • Legal Bases:

    • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

Further Information on Processing Processes, Procedures, and Services:

  • Instagram:

    • Social network

    • Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

    • Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

    • Website: Instagram

    • Privacy Policy: Instagram Privacy Policy

  • Facebook Pages:

    • Profiles within the social network Facebook

    • We, together with Meta Platforms Ireland Limited, are responsible for the collection (but not further processing) of data from visitors to our Facebook page (so-called "Fanpage"). This data includes information about the types of content users view or interact with, or the actions they take (see "Things you and others do and provide" in Facebook's data policy: Facebook Data Policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device information" in Facebook's data policy: Facebook Data Policy). As explained in Facebook's data policy under "How do we use this information?" Facebook also collects and uses information to provide analytical services, so-called "Page Insights," for page operators so that they gain insights into how people interact with their pages and associated content. We have entered into a special agreement with Facebook ("Information on Page Insights," Page Insights Data Use Policy), which regulates, among other things, which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e., users can address requests for information or deletion directly to Facebook). The rights of users (in particular, information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (Page Insights Data Use Policy)

    • Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland

    • Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

    • Website: Facebook

    • Privacy Policy: Facebook Privacy Policy

    • Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (Facebook Data Transfer Addendum)

    • Further Information: Joint Responsibility Agreement

Plugins and Embedded Functions as well as Content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This may include, for example, graphics, videos, or maps (hereinafter collectively referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore necessary for the presentation of this content or functions. We endeavor to use only content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. "Pixel tags" can be used to evaluate information, such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on users' devices and may include technical information about the browser and operating system, referring websites, visit times, as well as other information about the use of our online offering and may also be linked to such information from other sources.

  • Processed Data Types:

    • Usage data (e.g., visited web pages, interest in content, access times)

    • Meta-, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status)

    • Location data (information about the geographical position of a device or person)

  • Data Subjects:

    • Users (e.g., website visitors, users of online services)

  • Purposes of Processing:

    • Provision of our online offering and user-friendliness

  • Legal Bases:

    • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

Further Information on Processing Processes, Procedures, and Services:

  • Google Fonts (Access from Google Server):

    • Purpose: Access to fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to currentness and loading times, their uniform presentation, and consideration of possible license restrictions. The provider of the fonts is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) that is necessary for providing the fonts depending on the devices used and the technical environment is transmitted. This data can be processed on a server of the font provider in the USA. When users visit our online offering, their browsers send their browser HTTP requests to the Google Fonts Web API (i.e., a software interface for retrieving fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) from Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referring URL (i.e., the website on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent, and referring URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. In the Google Fonts Web API, the user agent must adjust the font to the browser type generated for the respective browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregated usage statistics are published on the "Analytics" page of Google Fonts. Finally, the referring URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations based on the number of font requests can be generated. According to Google's own information, Google does not use any of the information collected by Google Fonts to create profiles of end users or to display targeted ads.

    • Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

    • Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

    • Website: Google Fonts

    • Privacy Policy: Google Privacy Policy

    • Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF)

    • Further Information: Google Fonts FAQ - Privacy

  • Google Maps:

    • Purpose: We integrate the maps of the "Google Maps" service from the provider Google. The processed data may include, in particular, IP addresses and location data of the users.

    • Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland

    • Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR)

    • Website: Google Maps

    • Privacy Policy: Google Privacy Policy

    • Basis for Third-Country Transfer: EU-US Data Privacy Framework (DPF)

bottom of page