privacy policy

Introduction

With the following privacy policy, we would like to inform you about the types of personal data (hereinafter referred to as “data”) that we process for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter referred to collectively as “online offering”).

The terms used are not gender-specific.

Privacy settings

Controller

phirou e.U.
Silberwaldstraße 138
2231, Strasshof an der Nordbahn
Austria

E-Mail-Adress: office@phirou.at

Legal notice: https://www.webtane.com/legal-notice/

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons concerned.

Types of data processed

• Contact data.
• Content data.
• Contract data.
• Usage data.
• Meta/communication data.

Categories of persons concerned

• Communication partners.
• Users.

Purpose of processing

• Contact inquiries and communication.
• Security measures.
• Reach measurement.
• Tracking.
• Affiliate tracking.
• Management and response to inquiries.
• Feedback.
• Marketing.
• Profiles with user-related information.
• Provision of our online offering and user-friendliness.
• Technical infrastructure.

Relevant legal bases

Below is an overview of the GDPR legal bases on which we process personal data. Please be aware that in addition to the GDPR regulations, national data protection regulations may apply in your or our place of residence or establishment. If any specific legal bases are applicable in individual cases, we will inform you of this in the privacy policy.

• Consent (Art. 6 (1) (1) (a) GDPR) – The data subject has given their consent to the processing of their personal data for a specific purpose or several specific purposes.
• Performance of contract and pre-contractual inquiries (Art. 6 (1) (1) (b) GDPR) – The processing is necessary for the performance of a contract of which the data subject is a party, or for the performance of pre-contractual measures taken at the request of the data subject.
• Legitimate interests (Art. 6 (1) (1) (f) GDPR) – The processing is necessary for the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data outweigh those interests.

In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Austria. This includes in particular the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act – DPA). The Data Protection Act contains special regulations on the right to information, the right to rectification or erasure, the processing of special categories of personal data, the processing for other purposes and the transmission as well as automated decision-making in individual cases.

Security measures

In accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the likelihood and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure an appropriate level of protection.

These measures include, in particular, the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, availability and separation of the data concerned. In addition, we have established procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the endangerment of data. Furthermore, we take into account the protection of personal data already during the development or selection of hardware, software and procedures in accordance with the principle of data protection through technological design and by means of data protection-friendly default settings.

TLS encryption (https): To protect the data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

Deletion of data

The data processed by us is deleted in accordance with legal requirements as soon as the consent granted for its processing is revoked or other permissions cease to apply (e.g. if the purpose of the processing of this data is no longer valid or it is no longer necessary for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person.

Our data protection information may also contain further information on the storage and deletion of data that applies specifically to the respective processing.

Use of cookies

Cookies are small text files or other storage markers that store information on end devices and read information from end devices. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content or used functions of an online offering. Cookies can also be used for different purposes, such as the functionality, security and comfort of online offerings and the creation of analyses of visitor flows.

Notes on consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless legally not required. Consent is not necessary in particular if the storage and reading of the information, including cookies, is absolutely necessary to provide the telemedia service (i.e. our online offering) expressly requested by the users. The revocable consent is clearly communicated to the users and includes information on the respective use of cookies.

Notes on data protection legal bases: The legal basis for the processing of users’ personal data using cookies depends on whether we ask users for consent. If users consent, the legal basis for the processing of their data is the declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g. in an economic operation of our online offering and its improved usability) or, if carried out in the context of fulfilling our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. We clarify the purposes for which we process the cookies in this privacy policy or in the context of our consent and processing processes.

Duration of storage: With regard to the duration of storage, the following types of cookies are distinguished:

• Temporary cookies (also known as session or session cookies): Temporary cookies are deleted at the latest when a user leaves an online offer and closes their device (e.g. browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The data collected using cookies can also be used for reach measurement. If we do not provide users with explicit information about the type and duration of storage of cookies (e.g. as part of obtaining consent), users should assume that cookies are permanent and the storage duration can be up to two years.

You can revoke your consent at any time and also object to the processing of your data in accordance with legal requirements in Art. 21 GDPR. Users can also express their objection through the settings of their browser, such as by deactivating the use of cookies (which may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be expressed through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Further information on processing processes, procedures and services:

• Further notes on processing processes, procedures and services: Processing of cookie data based on consent: We use a cookie consent management procedure in which users’ consent to the use of cookies, or the processing and providers mentioned in the cookie consent management procedure, is obtained and can be managed and revoked by users. In this case, the consent statement is stored in order to avoid having to repeat the query and to demonstrate the consent in accordance with the legal requirement. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or using similar technologies) in order to assign the consent to a user or their device. Subject to individual information on the providers of cookie management services, the following notes apply: The storage period of the consent can be up to two years. In this case, a pseudonymous user identifier is formed and stored together with the time of consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) and the browser, system and device used.

Newsletters and electronic notifications

We only distribute newsletters, e-mails, and other electronic notifications (collectively “Newsletter”) with the recipient’s permission or with a legal permit. If the contents of a newsletter are specifically specified upon registration, they are decisive for the user’s consent. In addition, our newsletters contain information about our services and us.

To sign up for our newsletters, all you need to do is enter your email address. We may, however, request a name, a personal message in the newsletter, or other information, if they are required for the purposes of the newsletter.

Double-Opt-In: The registration for our newsletter is done in a so-called Double-Opt-In. That is, after registering, you will receive an email in which you will be asked to confirm your registration. This confirmation is required so that no one can register with a different email address. Registrations for the newsletter are protokolliert in order to demonstrate that the registration process complies with legal requirements. The storage of the Anmelde- und Bestätigungszeitpunkts, as well as the IP-Adresse, is included. Changes to your data stored with the shipping service provider are also protokollotted.

Removal and restriction of processing: We can keep the entered email addresses for up to three years based on our legitimate interests before deleting them in order to prove previously given consent. The processing of these data will be limited to the purpose of possible claim defense. Individual revocation requests are always possible, as long as the previous existence of an authorization is confirmed. In the event of a requirement to permanently monitor for errors, we reserve the right to store the email address alone in a Sperrliste (also known as a “Blocklist”).

The administration of the registration process is carried out in accordance with our legitimate interests in order to ensure its proper operation. So far as we delegate email delivery to a third party, we do so on the basis of our legitimate interests in an efficient and secure delivery system.

Content:

Information about us, our services, promotions, and offers.

• Types of processed data: Personal data (e.g. names, addresses); Contact data (e.g. email, telephone numbers); Meta, communication and procedural data (e.g. IP addresses, timestamps, identification numbers, consent status); Usage data (e.g. visited websites, interest in content, access times).
• Affected parties: Communication partners.
• Purposes of processing: Direct marketing (e.g. via email or mail).
• Legal basis: Consent (Art. 6 (1) lit. a) GDPR); Legitimate interests (Art. 6 (1) lit. f) GDPR).
• Opt-out option: You can unsubscribe from our newsletter at any time, i.e. revoke your consent or object to further receipt. A link to unsubscribe from the newsletter can be found at the bottom of each newsletter, or you can use one of the contact options listed above, with a preference for email, for this purpose.

Additional information on processing processes, procedures and services:

GetResponse: Email marketing platform; Service provider: GetResponse Sp. z o.o., Arkonska 6, A3, Gdansk (80-387), Poland; Legal basis: Legitimate interests (Art. 6 (1) lit. f) GDPR); Website: https://www.getresponse.com/; Privacy policy: https://www.getresponse.com/legal/privacy; Standard Contractual Clauses (ensuring level of data protection when processing in third countries): https://www.getresponse.com/legal/standard-contractual-clauses.

Provision of the online service and web hosting

We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the contents and functions of our online services to the user’s browser or device.

• Types of data processed: usage data (e.g. visited websites, interest in content, access times); meta/communication data (e.g. device information, IP addresses); content data (e.g. inputs into online forms).
• Affected parties: users (e.g. website visitors, users of online services).
• Purposes of processing: provision of our online service and user-friendliness; technical infrastructure (operation and maintenance of information systems and technical equipment (computers, servers, etc.)); security measures.
• Legal basis: legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing processes, procedures and services:

• Provision of online offer and web hosting: We process user data in order to provide them with our online services. To this end, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.
• Processed data types: Usage data (e.g. visited websites, interest in content, access times); Meta/communication data (e.g. device information, IP addresses); Content data (e.g. inputs in online forms). Affected persons: Users (e.g. website visitors, users of online services). Purposes of processing: Provision of our online offer and user-friendliness; Technical infrastructure (operation and maintenance of information systems and technical equipment (computers, servers, etc.)); Security measures. Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR);
• Collection of access data and logfiles: Access to our online offer is logged in the form of so-called “server logfiles”. Server logfiles include the address and name of the retrieved websites and files, the date and time of access, transmitted data volumes, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. Server logfiles can be used for security purposes, for example to prevent overloading of servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability of servers, and on the other hand to ensure the utilization of servers and their stability. Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Deletion of data: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is required for evidence purposes is exempt from deletion until the final clarification of the respective incident.
• E-mail sending and hosting: The web hosting services we use also include the sending, receiving and storing of e-mails. For these purposes, we process the addresses of the recipients and senders as well as further information regarding the e-mail dispatch (e.g. involved providers) and the contents of the respective e-mails. The aforementioned data may also be processed for the purpose of detecting spam. Please note that e-mails are generally not encrypted when transmitted on the Internet. E-mails are usually encrypted during transport, but (unless a so-called end-to-end encryption process is used) not on the servers from which they are sent and received. Therefore, we cannot accept responsibility for the transmission of e-mails between the sender and receipt on our server. Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).”

Management of contact and inquiries

When contacting us (e.g. via contact form, email, phone or social media) and in the context of existing user and business relationships, the data of the person making the inquiry will be processed as necessary to answer the inquiries and any requested measures.

• Types of data processed: Contact data (e.g. email, phone numbers); content data (e.g. input in online forms); usage data (e.g. visited websites, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
• Affected parties: communication partners.
• Purposes of processing: ontact requests and communication; management and response to requests; feedback (e.g. collecting feedback through online form); provision of our online offering and user friendliness.
• Legal bases: legitimate interests (Art. 6 (1) lit. f GDPR); contract fulfillment and pre-contractual requests (Art. 6 (1) lit. b GDPR).”

Further information on processing processes, procedures and services:

• Contact form: When users contact us through our contact form, email, or other communication channels, we process the data provided to us in this context in order to handle the matter raised. Legal basis: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), Legitimate interests (Art. 6(1)(f) GDPR).

Web Analysis, Monitoring and Optimization

Web analysis (also known as “reach measurement”) is used to evaluate the flow of visitors to our online offerings and can include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymized values. Using reach analysis, we can, for example, identify the times at which our online offerings or their functions or content are most frequently used or invite reuse. We can also track which areas need optimization. In addition to web analysis, we can also use test methods to test and optimize different versions of our online offerings or their components, for example. Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created and information can be stored and read in a browser or end device for these purposes. The information collected includes, in particular, visited websites and the elements used there, as well as technical information such as the used browser, the computer system used, and information on usage times. If users have agreed to the collection of their location data by us or by the providers of the services we use, location data can also be processed.

The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect the users. In general, no clear data of the users (such as email addresses or names) are stored in the context of web analytics, A/B testing and optimization, but pseudonyms. That is, we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

• Processed data types: Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Content data (e.g., entries in online forms).
• Affected persons: Users (e.g., website visitors, users of online services).
• Purposes of processing: reach measurement (e.g. access statistics, recognition of recurring visitors); profiles with user-related information (creation of user profiles); tracking (e.g. interest-/behavior-related profiling, use of cookies); provision of our online offer and user-friendliness.
• Security measures: IP masking (pseudonymization of the IP address).
• Legal bases: consent (Art. 6 para. 1 s. 1 lit. a) GDPR).

Further information on processing processes, procedures and services:

• Google Analytics: Web analysis, reach measurement, and measurement of user flows; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1) lit. a GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms; Standard contractual clauses (ensuring data protection level when processing in third countries): https://business.safety.google/adsprocessorterms; Right to object (Opt-Out): Opt-Out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, settings for display of advertisements: https://adssettings.google.com/authenticated; Further information: https://privacy.google.com/businesses/adsservices (types of processing and data processed).

Onlinemarketing

We process personal data for the purpose of online marketing, which may include the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on users’ potential interests and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (called a “cookie”) or similar methods are used to store the user’s data relevant for displaying the aforementioned content. This data can include, for example, viewed content, visited websites, used online networks, but also communication partners and technical information such as the used browser, the used computer system, and information on usage times and used functions. If users have consented to the collection of their location data, these can also be processed.

The users’ IP addresses are also stored. However, we use available IP masking methods (i.e., pseudonymization by truncating the IP address) to protect users. In general, no clear data of users (such as email addresses or names) are stored within the context of online marketing procedures, but rather pseudonyms. This means that we as well as the providers of online marketing procedures do not know the users’ actual identity, but only the data stored in their profiles.

The data in the profiles is usually stored in cookies or similar methods. These cookies can later also be read out on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content, as well as supplemented with other data and stored on the server of the online marketing procedure provider.

Exceptionally, clear data can be assigned to the profiles. This is the case if, for example, users are members of a social network whose online marketing procedure we use and the network connects the users’ profiles with the aforementioned data. We ask you to note that users may enter into additional agreements with the providers, for example by consenting during registration.

In principle, we only have access to aggregated information about the success of our advertisements. However, within the context of so-called conversion measurement, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a contract with us.

Unless otherwise stated, please assume that cookies used will be stored for a period of two years.

• Processed data types: usage data (e.g. visited websites, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
• Affected parties: users (e.g. website visitors, users of online services).
• Purposes of processing: reach measurement (e.g. access statistics, identification of recurring visitors); tracking (e.g. interest-/behavioral profiling, use of cookies); marketing; profiles with user-related information (creation of user profiles).
• Security measures: IP masking (pseudonymization of IP address).
• Right to object (opt-out): We refer to the privacy policies of the respective providers and the opt-out options specified for the providers (so-called “opt-out”). If no explicit opt-out option has been specified, it is possible to disable cookies in the settings of your browser. However, this may restrict functions of our online offer. Therefore, we also recommend the following opt-out options, which are offered in summary for respective regions: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Worldwide: https://optout.aboutads.info.

Affiliate programs and affiliate links

We include so-called affiliate links or other references (which may include search masks, widgets, or discount codes) to the offerings and services of third parties in our online offering (collectively referred to as “affiliate links”). If users follow the affiliate links or subsequently use the offerings, we may receive a commission or other benefits from these third parties (collectively referred to as “commission”).

In order to track whether users have used the offerings of an affiliate link set by us, it is necessary for the respective third parties to know that users have followed an affiliate link within our online offering. The assignment of affiliate links to the respective business transactions or other actions (e.g. purchases) serves solely the purpose of commission calculation and is lifted as soon as it is no longer required for this purpose.

For the purposes of the aforementioned assignment of affiliate links, affiliate links can be supplemented with certain values that are part of the link or can be stored otherwise, e.g. in a cookie. These values may include, in particular, the originating website (referrer), the time, an online identification of the operator of the website on which the affiliate link was located, an online identification of the respective offering, the type of link used, the type of offering, and an online identification of the user.

Notes on legal bases: If we ask users for their consent to the use of third parties, the legal basis for the processing of data is consent. Otherwise, the data of users is processed on the basis of our legitimate interests (i.e. interest in efficient, economical, and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

• Types of data processed: contract data (e.g. subject of contract, term, customer category); usage data (e.g. visited websites, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
• Affected persons: users (e.g. website visitors, users of online services).
• Purposes of processing: affiliate tracking.
• legal bases: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Plugins and embedded functions as well as content

We include functional and content elements in our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third parties”). These may include graphics, videos, or maps (hereinafter referred to collectively as “content”).

The integration always requires that the third parties processing these content receive the IP addresses of the users because they could not send the content to the users’ browser without the IP address. The IP address is therefore necessary for the display of this content or functions. We make an effort to use only such content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the users’ device and may include, among other things, technical information about the browser and operating system, referring websites, time of visit, and other information about the use of our online offering, as well as be linked to such information from other sources.

• Types of data processed: usage data (e.g. visited websites, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
• Affected parties: users (e.g. website visitors, users of online services).
• Purposes of processing: provision of our online offering and user friendliness.

Change and update of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as the changes to the data processing operations carried out by us make this necessary. We will inform you as soon as the changes require any action on your part (e.g. consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and we ask you to check the information before contacting them.

Rights of the affected persons

As a person affected, you have various rights under the GDPR, which result in particular from Art. 15 to 21 GDPR:

• Right to object: You have the right to object at any time, on grounds arising from your particular situation, to the processing of personal data concerning you based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
• Right to revoke consent: You have the right to revoke any consent you have given at any time.
• Right to information: You have the right to request confirmation as to whether or not data concerning you is being processed, and, where that is the case, to request information on the data and further information and copies of the data in accordance with the legal requirements.
• Right to rectification: You have the right to demand that data concerning you be rectified or completed in accordance with the legal requirements.
• Right to erasure and restriction of processing: Sou have the right to demand that data concerning you be erased in accordance with the legal requirements or alternatively, that processing of the data be restricted in accordance with the legal requirements.
• Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used, and machine-readable format or to demand the transmission of such data to another controller in accordance with the legal requirements.
• Right to complain to supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that the processing of personal data concerning you infringes the GDPR.

Definitions of terms

In this section, you will find an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are particularly defined in Art. 4 GDPR. The legal definitions are binding. The following explanations are intended to serve primarily to understand. The terms are sorted alphabetically.

• Affiliate-Tracking: In affiliate tracking, links are recorded that refer users from linking websites to websites with product or other offers. The operators of the linking websites may receive a commission if users follow these so-called affiliate links and subsequently take advantage of the offers (e.g. purchase goods or use services). For this purpose, it is necessary for the providers to be able to track whether users who are interested in certain offers subsequently take advantage of them at the instigation of the affiliate links. Therefore, it is necessary for the functionality of affiliate links that they are supplemented with certain values that become part of the link or are otherwise stored, e.g. in a cookie. These values include in particular the source website (referrer), the time, an online identification of the operator of the website on which the affiliate link was located, an online identification of the respective offer, an online identification of the user, and tracking-specific values such as ad ID, partner ID, and categorizations.
• Personal data: “Personal data” refers to all information relating to an identified or identifiable natural person (hereinafter “affected person”); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identification such as a name, an identification number, location data, an online identification (e.g. a cookie) or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
• Profiles with user-related information: Processing “profiles with user-related information” or simply “profiles” includes any automated processing of personal data that involves the use of this personal data to evaluate certain personal aspects relating to a natural person (depending on the type of profile formation, different information may be relevant to the demography, behavior, and interests, such as the interaction with websites and their content, etc.). To predict (e.g. the interests in certain content or products, the click behavior on a website or the location). Cookies and web beacons are often used for profiling purposes.
• Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offer and may include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, website owners can, for example, see when visitors visit their website and what content they are interested in. This allows them to, for example, better tailor the content of their website to the needs of their visitors. Pseudonymous cookies and web beacons are often used for the purpose of reach analysis in order to recognize returning visitors and thus obtain more accurate analyses of the use of an online offer.
• Tracking: “Tracking” refers to the ability to trace the behavior of users across multiple online offers. As a rule, behavioral and interest information is stored in cookies or on the servers of the providers of tracking technologies (so-called profiling) with regard to the online offers used. This information can then be used, for example, to display advertisements to users that are likely to match their interests.
• Responsible: The “responsible” is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
• Processing: “Processing” is any operation or set of operations performed with or without the aid of automated procedures in connection with personal data. The term is broad and covers practically any handling of data, whether it is the collection, evaluation, storage, transmission or deletion of data.