Data Protection Statement

6 Server logfiles

To optimise this website in relation to its system performance, user friendliness and the provision of useful information about our services, the provider of the website automatically collects and stores information in so-called server logfiles that your browser automatically transmits to us. This comprises the Internet Protocol address (IP address) of the accessing computer (including mobile devices), browser and language setting, operating system, referrer URL, your Internet service provider and the date/time.

This data is not merged with personal data sources. We reserve the right to check this data retrospectively if concrete indications of illegitimate use come to our knowledge and to pass on the data – if there has been a hacker attack – to law enforcement authorities. There is no passing on to third parties beyond this.

Legal basis: Art. 6 par. 1 line f GDPR

7 Data usage for Google services

We have concluded a contract with Google Ireland Limited (“Google”), a company registered and operated according to Irish law (register number: 368047) with its head office at Gordon House, Barrow Street, Dublin 4, Ireland. It can happen even so that data from Europe is transmitted to the USA, which we as a company cannot influence.

For the USA there is currently no resolution by the EU commission in accordance with Article 45 par. 1, 3 General Data Protection Regulation (GDPR). This means that the EU commission has not yet established whether the country-specific data protection standard of this country corresponds to that of the European Union in line with the GDPR (Article 46 suitable guarantees).

The GDPR sets out so-called suitable guarantees for data transmission to a third country or to an international organisation, Art. 46 par. 2, 3 GDPR. These are not given for the aforementioned destination country.

Potential risks that cannot currently be excluded for you as a data subject in relation to the aforementioned information are in particular:

• Your personal data could possibly be passed on by Google USA to other third parties (e.g. American authorities) beyond the actual purpose of order fulfilment.
• You may not be able to exert your right to access to information from Google USA.
• There may be a higher likelihood that incorrect data processing can occur, as the technical and organisational measures for protecting personal data do not correspond quantitatively and qualitatively to the full extent to the GDPR requirements.

With your consent to the processing of (advertising and marketing) cookies, you are explicitly agreeing to data transmission to the USA. You can withdraw this extent at any time by e-mail. The data processing that took place before the withdrawal of your consent is not affected by the revocation and is therefore in conformity with the law.

Legal basis: Art. 6 par. 1 line a GDPR

7.1 Google Analytics

This website uses the function “Activation of IP anonymisation” (i.e. that Google Analytics has been extended by the code “gat._anonymizeIp();”, in order to ensure an anonymised collection of IP addresses, so-called IP masking) This means that your IP address will be stored by Google in shortened form within Member States of the European Union or in other states that are contracting parties to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and shortened there in exceptional cases.

According to Google, Google will use the gained information to evaluate your use of the website, to compile reports about website activity and to provide further services to us relating to website usage and Internet usage. The IP address transmitted from your browser as part of Google Analytics is not merged with other Google data. Google may, however, transmit this information to third parties, insofar as this is legally mandatory or third parties are processing this data on behalf of Google. You can disable cookies using the relevant settings in your browser. We would like to point out, however, that in this case you may not be able to use all the functions of the websites to the full extent. Furthermore, you can prevent the collection of the data generated by the cookie relating to your website use (incl. your anonymised IP address), as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

You can find further information about usage conditions and data privacy under https://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de.

7.2 Use of Google Fonts

We use Google Fonts. The use of Google Fonts is without authentication and no cookies are sent to the Google Fonts API: If you have a Google account, none of your Google account details are transmitted to Google during the use of Google Fonts. Google only establishes the use of CSS and the used fonts and stores this data securely. You can find out more about these and other questions on https://developers.google.com/fonts/faq.

You can read which data is collected by Google and what this data is used for on https://www.google.com/intl/de/policies/privacy/.

7.3 Google Tag Manager

To identify your user behaviour, we use the so-called Google Tag Manager. The Google Tag Manager is a solution with which the marketer can manage website tags through an interface. The tool itself (that implements the tags) is a domain without cookies and does not collect any personal data. The tool triggers other tags, which may in certain circumstances collect data. Google Tag Manager does not access this data. If there has been a deactivation on a domain or cookie level, this remains in place for all tracking tags that were implemented with the Google Tag Manager.

Further information is available here: https://www.google.com/intl/de/tagmanager/faq.html.

Adobe Typekit

We use the Adobe Typekit service to design our website. This is a service provided by Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland, which gives us access to a library of fonts. To include the fonts we use, your browser must connect to an Adobe server in the USA and download the font required for our website. This allows Adobe to obtain information that our website was accessed from your IP address. For more information about Adobe, please refer to the Adobe Privacy Policy, which can be accessed here: https://www.adobe.com/de/privacy/policy.html By calling the libraries, a connection to the library operator is automatically triggered. For information about how Adobe Fonts uses your information, please visit https://typekit.com/ and read the Privacy Policy: https://www.adobe.com/de/privacy/policies/typekit.html

There is currently no adequacy finding for the USA by the EU Commission within the meaning of Article 45 (1), 3 of the Basic Data Protection Regulation (DSGVO). This means that the EU Commission has so far not positively determined that the country-specific level of data protection in this country corresponds to that of the European Union on the basis of the DSGVO (Article 46 suitable guarantees).

The DSGVO requires so-called suitable guarantees for a data transfer to a third country or to an international organization, Art. 46 (2), (3) DSGVO. There are no such guarantees for the above-mentioned country of destination.

Possible risks that cannot be excluded for you as a data subject in connection with the above-mentioned information are in particular.

Your personal data could possibly be disclosed by Adobe to other third parties (e.g.: US authorities) beyond the actual purpose of fulfilling the order.

You may not be able to assert or enforce your rights to information against Adobe on a sustained basis.

There may be a higher probability that data processing will not be correct, since the technical organizational measures for the protection of personal data do not fully comply with the requirements of the DSGVO in terms of quantity and quality.

With your consent to the processing of cookies, you explicitly consent to the transfer of data to the USA. You can revoke this consent at any time informally by e-mail. The data processing that took place prior to the revocation of your consent is not affected by the revocation and is therefore legally compliant.

Legal basis: Art. 6 par. 1 lit. a GDPR

8 Your rights

You have the following rights with respect to the personal data concerning you:

• Right to access, rectification and erasure
• Right to restriction of the processing
• Right to objection to the processing
• Right to data portability

Please direct your enquiries and concerns by e-mail to datenschutz@redux-gmbh.de or use the given contact details.

If you believe that we are contravening Austrian or European data protection law during the processing of data and have therefore infringed your rights, please contact us to clarify any questions.

You also have the right to complain to a supervisory authority, for example the Hessian data protection authority responsible for us:

The Hessian Commissioner for Data Protection and Freedom of Information, P.O. Box 3163, 65021 Wiesbaden, Phone: +49 611 1408 - 0, Fax: +49 611 1408 - 900 / 901,

https://datenschutz.hessen.de/

9 Changes to this privacy policy

We reserve the right to make adjustments to our data privacy policy from time to time. We publish all changes to the privacy policy on this page. Please note the current version of our privacy policy.

10 Disclaimer of liability

Redux GmbH assumes no responsibility for content on external websites referred to through links. Only the operators of linked external websites are responsible for their content.