Version 01V00 | 21.07.2022
Below you can find the contact information regarding the controllor of processing as well as the data protection manager.
Controller of Processing
Data Protection Manager
Dorian Kopez, Sebastian Peneder
We take organizational, contractual and technical safety precautions according to the state of the art to make sure to comply with formalities of the data protection laws as well as protection of the data used by us against incindental or deliberate manipulation, loss, destruction or unauthorized access.
The safety measures notably include the encrypted transmission of all data between your browser and our server.
Personal data will only be transferred to third parties if it is necessary – for instance if required for contractual purposes in accordance to DSGVO Art. 6 para1 lit. b, or on the basis of legitimate interests of economic and efficient operations for our business in accordance to DSGVO Art. 6 para. 1 lit. f.
While commissioning subcontractors to provide our services, we take legal precautions as well as technical and organizational measurements to ensure the safety of personal data in accordance with the data protection law.
When contacting us (via mail) the users information regarding the processing of your contact request will be used in accordance to DSGVO Art. 6 para. 1lit.b.
The users‘ data can be saved in our Customer-Relationship-Management System ("CRM System") or a similar requesting organization.
The CRM-System of our choice is „DWI“ – which is a specially programmed solution, that is hosted on an ISO-certified Server (ISO 27001; ISO 27002) by the Provider Digimagical GmbH (Legstattgasse 4-6/25, 3001 Mauerbach). Regarding storage digitalwerk likes to refer to the basis of legitimate interests (efficient and fast processing of user requests).
The website digitalwerk.agency is hosted by Webflow Inc., located at 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter: Webflow). When you visit our website, Webflow collects various log files including your IP addresses.
Webflow is a tool for creating and hosting websites. Webflow stores cookies or uses other recognition technologies that are necessary for the presentation of the page, to provide certain website functions and to ensure security (necessary cookies).
The use of Webflow is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in ensuring that our website is presented as reliably as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
We have concluded a contract on data processing (AVV) with the provider named above. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
We collect data on the basis of legitimate interests in accordance to DSGVO Art. 6 para. 1 lit. f. about every access to the server in service (so-called server log files). The access data include the name of the requested website, data file, date and time of access, transferred amount of data, message about successfull call, browser type version, the users` operating system, referrer URL (previously visited page), IP-adress as well as the requesting provider.
For safety reasons (f.e. for the purpose of clearing up misuse or fraud in connection with the access) log file informations are stored for a maximum of seven days and deleted afterwards.
Data, for which a storage for evidence is neccessary, is excluded from erasure until clarification of the incident.
Cookies consist of information, which are transferred from our own or a third parties‘ server to the users browser , where they are stored for a later retrieval. Cookies can be small files or similar types of information storage.
We use session-cookies, which are only active for the duration of the current visit on one of our websites (f.e. to save log-in files or basket functions, hence making the use of our online services possible)
In a session cookie a randomly generated and unique identification number is stored, a so-called session-ID. Furthermore the cookie contains information about its origins and storage period - they are not able to secure any other data. The deletion of the session-cookie will take place, when the usage of our online services is completed f.e. a logging-off is performed or the browser is closed.
If the storage via cookie on their computer is not desired by the user, they are asked to deactivate the corresponding option in their browser system settings. Secured cookies can be deleted in their browser system settings.The exclusion of cookies can lead to functional restrictions regarding our online services.
Following cookies are used on the digitalwerk-website „digitalwerk.agency“:
Cookie name: _ga
Category of data: Statistic
Purpose of cookie: Serves as differentiation between users
Placed by: Google
Storage period: 2 years
Cookie name: _fbp
Category of data: Statistic
Purpose of cookie: Serves as differentiation between users and enables the delivery of targeted advertising
Placed by: Meta (formerly Facebook)
Storage period: 3 months
Google is certified in accordance with the privacy-shield agreement which guarantees to abide the european data protection law.
For further details please click here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
On our account Google will use this information to evaluate the usage of our online services by users, to compile reports about activities within our online services and to perform further services associated with usage of our online services and internet use. Thereby processed data can be used to create user profiles by using pseudonyms.
We use Google Analytics to display advertisements within the ad services of Google and their partners only to users, which have shown interest in our online services or show certain characterics (for instance interest in certain topics or products, which are determined by the visited website). By using Remarketing Audiences we like to ensure that our ads correspond with the users potential interest and are not annoying.
We only use Google Analytics with activated IP anonymisation. This means, that the user‘s IP adress will be shortened within the Member States of the European Union or in different Contracting States, which are parties to the Agreement on the European Economic Area.
Only in exceptional cases the full IP adress will be transmitted and shortened on a Google server in the US.
The user’s transmitted IP adress will not be merged with other data from Google. The user can prevent the storage of the cookie through deactivating the corresponding option in their browser system settings. In addition to that, the user has the possibility to prevent data capture through the cookie, so that no data will be processed by Google, by downloading and installing this Browser-Plugin available following this link: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information on data usage by Google, settings and possibility to appeal can be found on the following websites:
Google: https://www.google.com/intl/de/policies/privacy/partners („data usage by Google, when using one of our websites or apps of our partners“, https://www.google.com/policies/technologies/ads („data usage for advertising purposes“), https://www.google.de/settings/ads („administer information used by Google to display ads“).
Based on our legitimate interest (interest of analysis, economic and efficient operations for our online services in accordance to DSGVO Art. 6 para. 1 lit. f.) we use marketing and remarketing services („Google-Marketing-Services“) provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, („Google“).
Google is certified in accordance with the privacy-shield agreement which guarantees to abide the european data protection law. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The usage of Google-Marketing-Services allows us to show more targeted ads for and on our website, to only show ads to a user, who posed a potential interest. If a user is shown a product, for which he has shown interest on another website, it is called „Remarketing“.
For those purposes, when visiting our and other websites, on which Google-Marketing-Services are activated, a code will be immediately performed by Google and so called (re)marketing-tags (invisible graphics or code, also known as „web beacons“) are incorporated in the website.With help of those tags and code, an individual cookie - a small file will be secured on the user’s device (instead of cookies a similar technology can be used). Cookies can be set by different domains, for example: google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In those files the user data is stored (which website was requested, which content the user is interested in and which offers he clicked on, technical information about the browser and operating system, referring websites, time of access, as well as further information about usage of our online services). The user’s IP adress will also be collected, but will be shortened only within the Member States of the European Union or in different Contracting States, which are parties to the Agreement on the European Economic Area, according to Google Analytics. Only in exceptional cases the full IP adress will be transmitted and shortened on a Google server in the US. The user’s transmitted IP adress will not be merged with other data from other Google services. The above mentioned information can be connected with information from other sources by Google. When subsequently visiting another website, the user can be shown ads according to his interests.
The user data is processed pseudonymously by Google-Marketing-Services. This means that Google does not save the user‘s name or mail adress, it only processes the relevant cookie data per pseudonymous user profiles. Therefore for Google ads are not shown to a specific identified person but to a cookie-holder, regardless of who the cookie holder is. This will not apply if a user has given Google his consent to process his data without pseudomyzation. The user data collected by Google-Marketing-Services will be transmitted to and secured by Google on their servers in the US. One of the Google-Marketing-Services we use is the online-ad programme „Google AdWords“. In case of Google AdWords every AdWords-customer gets a different „Conversion-Cookie“. Therefore cookies can’t be retraced from the websites of AdWords-customers. The information collected by cookies is used to create Concersion-statistics for AdWords-customers, who chose Conversion tracking. AdWords-customers learn the total number of users, who clicked on their ad and where forwarded to website containing a Conversion-Tracking-Tag. They will not get information, by which a user can be identified.
Furthermore we can use „Google Optimizer“. Google Optimizer allows us to comprehend „A/B-Testings“, how changes effect the website (for instance changes concerning input-fields, designs, etc.) In those test purposes cookies are filed on a user’s device. But only pseudonymous data of the user will be processed.
We also can use „Google Tag Manager“ to incorporate and manage Google-Analysis and Marketing Services on our website.
If you want to object to advertisements regarding user’s interests by Google-Marketing-Services, you can use the settings and Opt-Out-possibilities provided by Google: https://www.google.com/ads/preferences
Within our online services, based on our legitimate interest (interest of analysis, economic and efficient operations for our online services, we us „Facebook-Pixel“ run by social network Facebook of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident in the European Union, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Facebook is certified in accordance with the privacy-shield agreement which guarantees to abide the european data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
By usage of Facebook-Pixel it is possible for Facebook to determine the visitors of our online services as target audience for displaying advertisements („Facebook-Ads“). We use Facebook- Pixel to display Facebook-Ads to Facebook-users, which have shown interest in our online services or show certain characterics (for instance interest in certain topics or products, which are determined by the visited website), which we transmit to Facebook (so called „Custom Audiences“). By using Facebook-Pixel we like to ensure that our Facebook-Ads correspond with the users potential interest and are not annoying. With Facebook-Pixel we also can determine the effectiveness of our Facebook-Ads for statistical and market research purposes – this way we can see if the user has been forwarded to our website via Facebook-Ad (so called „Conversion“).
When visiting our websites Facebook-Pixel will immediately be incorporated and a cookie - a small file will, can be secured on the user’s device. If you are subsequently logging in on Facebook or visiting already logged-in, the visit of our online service will be secured in your profile. The collected personal data is anonymous for us hence the user can not be identified by us. However Facebook secures and processes the data, so a connection can be made to a certain user profile which is used by Facebook and us for their own market research and advertising purposes. If data is sent to Facebook for comparison, it will be encrypted locally on the user’s browser and afterwards an encrypted transfer to Facebook, using a secured HTTPS connection, will take place. This only is the case if encrypted data needs to be in comparison with similar encrypted data of Facebook.
Based on our legitimate interest we use a service called „Custom Audiences from File“ from Facebook, Inc. Here mail-adresses of newsletter recipients are uploaded on Facebook. The upload process is encrypted. The purpose of the upload is to determine recipients of our Facebook-Ads. This way we like to ensure, that ads are only displayed to users, that have shown interest in our information and services.
The processing of data by Facebook takes place within the the scope of Facebooks data use policy.
Appropriate instructions for the display of Facebook-Ads can be found in the Facebook data use policy: https://www.facebook.com/policy.php. Specific informationen and details about Facebook-Pixel and their operating principle can be found in the help section of Facebook: https://www.facebook.com/business/help/651294705016616.
You can object to the collection of data via Facebook-Pixel and the processing of your data to display Facebook-Ads. To adjust the settings concerning which advertisements are shown on Facebook, you can visit Facebooks dedicated page and follow the instructions to change the settings for usage based advertisements: https://www.facebook.com/settings?tab=ads. These settings take place platform-independent – that means, that changes apply to all kinds of devices (PC, mobile devices, etc.).
Note: Please take into account, that Facebook does not feature an Opt-Out option at the time of writing - therefore it has to be implied by yourself. In case of disagreement, you have to remove the particular passage.
If you want to object to the usage of cookies, which are used for range measurement and advertising purposes, you can visit the Opt-Out page of the Network Advertising Initiative (https://optout.networkadvertising.org/) as well as the US-american website (https://www.aboutads.info/choices) or the european website (https://www.youronlinechoices.com/uk/your-ad-choices/).
Based on our legitimate interest (interest of analysis, economic and efficient operations for our online services in accordance to DSGVO Art. 6 para. 1 lit. f.) we use third party content offerings and services to corporate their content offerings and services, for instance corporating videos and fonts (throughout consistently used as content). This assumes that third parties of this content use the user’s IP-adress because the content can’t be sent to the browser without an IP-adress. Therefore an IP-adress is needed for displaying content. We endeavour to only use content, where the provider merely uses an IP-adress for delivering content. Third parties can use so called Pixel-Tags (invisible graphics or code, also known as „Web Beacons“) as well for stastical or marketing purposes. With the help of „Pixel-Tags“ information like traffic of visitors can be analyzed on subsites of the website. The pseudonymous data can be stored in cookies on the user’s device and include technical information about the browser and operating system, referring websites, time of access, as well as further information about usage of our online services. This information is used to be connected with other information from different sources.
The following description gives an overview over third parties and their respective content, including a link to their respective privacy policies, which contains further information on data processing and, as partly mentioned above, contradictory possibilites (so called Opt-Out):
Upon request users have the right to receive information on the stored personalised data free of charge.
Further users have the right on rectification of incorrect data, limitations of processing and deletion of personalised data if they assert their rights to data portability and lodge a complaint with the competent regulatory authority in the event of unlawful processing.
Likewise, users can revoke consent generally with implications for the future.
The deletion of data secured by us takes place, when it is no longer required for its intended purpose and provided that there are no statutory storage obligations objecting to the erasure. If a user’s data is not deleted, because it is needed for other legal purposes, the processing will be limited. This means that the data will be locked and not be used for other purposes, which applies to user data which has to be stored on the basis of comercial or fiscal reasons.
In principle, the storage of the data takes place for up to 10 years.
Users have the right to object future processing of their personalised data at any time according to legal guidelines.
Especially an objection to processing data for direct advertising can be made.