Data protection notice as of: 04.05.2022
In this data protection notice we inform you about the type, purpose and scope of the processing of your personal data. This data protection notice applies to the processing of your personal data as part of the provision of our services online and offline, but above all to this website and our social media presence.
All terms used are not gender specific.
Responsible for data processing:
Hans-Georg Schaffler Webdesign
Owner: Hans-Georg Schaffler
Address: In der Weiz 52, 8160 Weiz, AUSTRIA
Phone: +43 664 3884700
The protection and security of your personal data are important to us. This website therefore stores and processes data exclusively in accordance with the Austrian and European General Data Protection Regulation (GDPR). As a user, you consent to data processing in the sense of this declaration. You can find the current version of the GDPR at:
This data protection declaration only applies to this website. If you are forwarded to other pages via links on our pages, you can find out more about how your data is handled on the forwarded website. Your personal data (e.g. title, name, address, email address, telephone and fax number, date of birth, text input) will only be processed by us in accordance with the provisions of Austrian data protection law. The following regulations inform you about the type, scope and purpose of the collection, processing and use of personal data.
Types of data processed
- Contact details (e.g. telephone numbers, email addresses)
- Inventory data (e.g. names, addresses)
- Content data (e.g. text entries, photos, videos)
- Contract data (e.g. subject matter of the contract)
- Payment details (e.g. account details)
- Usage data (e.g. websites visited)
- Location data (e.g. position of the device)
- Meta / communication data (e.g. IP addresses)
Categories of data subjects
- Customers, business partners, interested parties
- Visitors and users of the online offer
Purpose of processing
- Provision of our online offer
- Ease of use
- Communication with customers, business partners, interested parties, users
- Provision of contractual services
- Fulfillment of legal documentation requirements
- Safety measures
- Marketing & Advertising
Processing of special categories of personal data
A processing of sensitive personal data according to Art. 9 GDPR and Art. 10 GDPR does not take place.
Overview of the legal bases
- Consent (Art. 6 para. 1 lit. a GDPR)
The data subject has given their consent to the processing of their personal data for one or more specific purposes.
- Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR)
The processing is necessary for the fulfillment of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that take place at the request of the data subject.
- Fulfillment of a legal obligation (Art. 6 para. 1 lit. c GDPR)
The processing is necessary to fulfill a legal obligation to which the person responsible for the processing is subject.
- Preservation of legitimate interests (Art. 6 para. 1 lit. f GDPR)
Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh this.
Rights of the persons affected
According to Austrian data protection law and the European GDPR, you as the person concerned have extensive rights. Above all, these rights should ensure more transparency. Your rights as a data subject are the right to information about your personal data, to correction, deletion, restriction of processing, objection to processing and data portability (only in the case of a contractual relationship or consent) and to withdraw consent at any time (Art. 15 to 21 GDPR).
The easiest way for you as a data subject to exercise your rights is to send an email to firstname.lastname@example.org. In addition, by sending a message by post, making personal contact, as well as via the contact form on the website.
In addition, you always have the right to lodge a complaint with the data protection authority regarding the processing of your personal data. The contact details of the data protection authority are:
Telefon: +43 1 521 52-25 69
Your data will be deleted as soon as the respective contract with you has been fulfilled and there is no longer any legal obligation to store the data. Your data will generally be deleted after seven years; Retention period according to § 132 BAO.
Statutory / legal retention obligations or contractual obligations e.g. personal data must continue to be stored in relation to customers from warranty or compensation or to contractual partners. (Art. 6 para. 1 lit. c GDPR)
Contact form, email, phone, social media
If you contact us using the form on the website, via e-mail, phone or social media, the data you provide (e-mail addresses, names, addresses, telephone and fax numbers, date of birth, text input, etc.) will be used for the purpose of processing the request and in the event of Follow-up questions stored with us for 12 months. We do not pass on this data without your consent. The data entered is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent informally by email to us at any time.
The data you have entered will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. completed processing of your request). Statutory provisions remain unaffected (retention periods).
Inventory data (customer and contract data)
We collect, process and use personal data only insofar as they are necessary for the establishment, content or change of the legal relationship. This is done on the basis of Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures. We collect, process and use personal data on the use of our website (usage data) only insofar as this is necessary to enable the user to use the service. The customer data collected will be deleted after the business relationship has ended. Statutory retention periods remain unaffected.
Automatic data storage
When you visit our website, various information is automatically stored on the web server of the hosting provider.
We host our website with our processor Lederhaas IT Solutions, Schönberg 3, 8411 Hengsberg, Austria.
Only connection data are processed for the mere provision of the website. This processing is based on our legitimate interest in accordance with. Art. 6 para. 1 lit. f GDPR (absolute technical necessity to provide this website).
Personal data is processed to operate the website and to call up other functions. You can read details about the individual functions and services here in this data protection declaration.
Server log files
When you visit this website, the browser used on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and stored until it is automatically deleted:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the file called up,
- Website from which access is made (referrer URL),
- Browser used and, if applicable, the operating system of your computer and the name of
- your access provider.
The possibility to use this data on the legal basis according to Art. 6 para. 1 lit. f GDPR for purposes like
- ensuring a smooth connection to the website,
- ensuring comfortable use of our website,
- the evaluation of system security and stability as well as
- for further administrative purposes
is currently being used by us. Under no circumstances will the data collected be used to draw conclusions about you personally. The duration of the processing is limited to 14 days.
What is a cookie?
Cookies are small text files that are created by the website you are visiting and that contain data. They are stored on the visitor’s computer in order to give the user access to various functions. A session cookie is temporarily stored on the computer while the visitor is navigating through the website. This cookie is deleted when the user closes his internet browser or after a certain period of time (i.e. when the session expires). A permanent cookie remains on the visitor’s computer until it is deleted.
Types of cookies
- Temporary cookies (session cookies)
Session cookies are only temporarily stored on the computer and are deleted when the browser is closed.
- Permanent cookies
Permanent cookies remain stored on the computer even after the browser is closed. E.g. Language settings for the next visit are saved in these cookies.
- Essential cookies
Essential cookies are absolutely necessary for the smooth operation of a website.
- Marketing cookies
These cookies are used for advertising purposes, e.g. to assign a specific user profile to a user and thereby show the user advertising appropriate to his surfing behavior.
- First-party cookies
These cookies are set by the website operator himself.
- Third-party cookies
These cookies are mostly set by so-called social networks (so-called third parties) to process the usage behavior of the website visitor.
Storage duration of cookies
The storage duration of cookies varies depending on the type and function of the cookie. If our cookie notice does not provide any information on the storage period, the storage period can be up to 2 years.
How can I refuse and delete cookies?
If you deactivate cookies, the functionality of this website may be restricted. Cookies that are required to carry out the electronic communication process or to provide certain functions you require (e.g. comment function, shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR saved. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services.
For more information about cookies, including information on how to set, organize, block or delete cookies, visit www.allaboutcookies.org. The website www.allaboutcookies.org provides detailed instructions on how cookies are set and deleted, depending on the browser type.
Your cookie settings
As a user, you can make your personal cookie settings in our cookie notice (pop-up window). If you give us your consent to the setting of cookies, we will process this data on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time.
Otherwise, only cookies (essential cookies) are set that are absolutely necessary for the operation of the website. We act on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR).
If you want to change your cookie settings, click on the following button:
Integration of third party services
We integrate services (content and functions) from third-party providers on our website in order to display their content such as fonts, videos, images, etc.
If we obtain the consent of the user for this, the processing of the data takes place on the legal basis of the consent of the user (Art. 6 para. 1 lit. a GDPR). Otherwise, we process the user’s data on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR).
Social plugins (“plugins”) from the social network facebook.com can be integrated into our website. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. These plugins can display content such as graphics, text contributions, videos or elements for interaction on the website. You can see the list and appearance of the Facebook social plugins here: https://developers.facebook.com/docs/plugins/
Details can be found here:
We use the Shield Security Plugin for the purpose of securing our online offer. The provider of this plugin is Fernleaf Systems Limited, Suite 4, 2 Mount Oriel, Belfast BT8 7HR, Northern Ireland, UK.
Our website uses this service to protect against viruses, malware and other attacks by criminals. Shield Security protects our website and thus all visitors to our website from viruses and malware.
This data processing is based on our legitimate interest in accordance with Art. 6 Paragraph 1 lit. f GDPR (absolute technical necessity for the provision of this website).
Shield Security currently uses the following cookies:
- The Shield Security plugin never stores any sensitive, personally identifiable information in any cookie at any time.
- A cookie is used to register the closure of the Shield Plugin security badge to prevent repeated display to the visitor
Cookie name: icwp-badgeState
Cookie lifetime: 1 day
- In the case that the Shield Security Plugin needs to redirect a visitor or any request, it may use a cookie to prevent repeated/infinite redirect loops.
Cookie name: icwp-isredirect
Cookie lifetime: 7 seconds
- For registered/logged-in users, Shield Security plugin uses a cookie to track user sessions and control display of certain in-plugin admin notices.
Cookie name: wp-icwp-wpsf (was icwp-wpsf)
Cookie lifetime: 30 days
- For all visitors and users, Shield Security uses a temporary cookie (~600 seconds) to track registration of a visitors for the purposes of identifying bots on a site. This cookie doesn’t track visitor browsing activities, personal information, IP addresses, etc. It’s sole purpose is for tracking the state of the “NotBot” system which assists Shield in determining whether a visitor is a human or a bot
Cookie name: icwp-wpsf-notbot
Cookie lifetime: 600 seconds (though this may vary slightly with ongoing development)
- For all visitors and users, a temporary cookies is used to provide a nonce value for the NotBot system. This cookie is used to overcome limitations imposed by WP page caching plugins that don’t allow the updating of on-page nonce values. We send the nonce value via a cookie to ensure the client has access to the latest, valid nonce.
Again, this cookie doesn’t track anything or is linked to any users or visitors. It simply provide data required by the NotBot system to complete requests successfully.
Cookie name: shield-notbot-nonce
Cookie lifetime: 15 seconds (though this may vary slightly with ongoing development)
For logged-in users, the Shield Security plugin stores information on the username, the IP address and the time of last login and last activity.
This information is purged upon logout or data cleanup.
The Shield Security plugin has an Audit Trail feature that will log the following information:
- Audit Trail message that may include email addresses.
- Originating IP address of the request.
- Logged-in username (where applicable).
For logged-in users this represents information that may be used to locate (by IP address) and identify individuals and their activity on the site.
This information is stored for security purposes by the site administrator.
This data will be retained and then automatically purged from the database after a certain time period, as determined by the site administrator.
Alongside the Audit Trail, the traffic log is a useful tool to monitor the behaviour of requests of site visitors. This is critical in making important security determinations about a visitor.
This information is automatically purged by the plugin after a set time period, as determined by the site administrator, and defaults (at the time of writing) to 7 days.
ShieldNET is a distributed knowledge system for the tracking of malicious web visitors and agents. The Shield Security plugin periodically shares its knowledge of IP address behaviour, predominantly malicious bots, with ShieldNET, that then disseminates this knowledge (by request) to other Shield Security plugin installations.
All information is completely anonymised and aggregated, and there is never any link made between an IP address and the site from which the IP information has been received.
Therefore, there is no processing or storage of specific behaviours and personal information about an IP address and therefore no way to isolate and extract this information at any time.
The sole purpose for aggregation of this IP data is for security analysis and website security defense and protection.
Details can be found here:
Online presence in social media
On the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) we operate online presences within so-called “social media” in order to be able to communicate with users there or to provide information about our services.
We would like to point out that these social media can also process user data outside of the European Union and that this user data is processed in most cases for marketing and advertising purposes.
If you use these social media or networks (such as Facebook, Instagram, Pinterest, etc.), the terms and conditions and data processing guidelines of the respective operator apply.
The provider of the service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. Details can be found here:
Data protection notice: https://www.facebook.com/about/privacy
Additional data protection notice: https://www.facebook.com/legal/terms/information_about_page_insights_data
Opt-out (advertising settings): https://www.facebook.com/settings?tab=ads
The provider of the service is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland. Details can be found here:
Data protection notice: https://www.linkedin.com/legal/privacy-policy
Opt-out (advertising settings): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
This site uses SSL encryption for reasons of security and to protect the transmission of confidential content, such as the inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.
If the SSL encryption is activated, the data that you transmit to us cannot be read by third parties.
The provider uses technical and organizational security measures to protect the data stored by the provider against accidental or deliberate manipulation, loss, destruction or against access by unauthorized persons. Data transfers between service providers are carried out using the SSL (Secure Socket Layer) method. In this case, this software encrypts all information that is transmitted to and from supporters.
All data is stored on the server of this website or on the servers of our service providers, with whom contracts for order processing according to § 28 GDPR have been concluded with appropriate verification.
Updates to this privacy notice
We adjust the content of this data protection notice at regular intervals if this becomes necessary due to changes in the data processing we have carried out. We therefore ask you to inform yourself regularly about the content of our data protection notice.
For your information: Addresses, links and other contact information that are given here in this data protection notice may change over time.