Gebrüder Nittnaus Gols GmbH
Untere Hauptstraße 105
Austria – 7122 Gols
Tel.: +43 – (0)2173 – 2186
Fax: +43 – (0)2173 – 2186-4
We have written this data protection declaration (version 07/27/2020) to explain to you in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 what information we collect, how we use data and what options you have as a visitor to this website.
Unfortunately, it is in the nature of things that these explanations sound very technical, but we have tried to describe the most important things as simply and clearly as possible.
Automatic data storage
When you visit websites these days, certain information is automatically created and stored, including on this website.
If you visit our website as you are now, our web server (computer on which this website is stored) automatically saves data such as
- the address (URL) of the accessed website
- Browser and browser version
- the operating system used
- the address (URL) of the previously visited page (referrer URL)
- the host name and the IP address of the device from which access is made
- Date and Time
in files (web server log files).
As a rule, web server log files are stored for two weeks and then automatically deleted. We do not pass this data on, but we cannot rule out that this data will be viewed in the event of illegal behavior.
Our website uses HTTP cookies to save user-specific data.
In the following we explain what cookies are and why they are used so that you can better understand the following data protection declaration.
What exactly are cookies?
Whenever you surf the Internet, you are using a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites save small text files in your browser. These files are called cookies.
Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser sends the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings that you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly from our side, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other “pests”. Cookies cannot access information on your PC either.
For example, cookie data can look like this:
Usage: Differentiation of website visitors
Expiry Date: after 2 years
A browser should be able to support these minimum sizes:
- At least 4096 bytes per cookie
- At least 50 cookies per domain
- At least 3000 cookies in total
What types of cookies are there?
The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the data protection declaration. At this point we would like to briefly discuss the different types of HTTP cookies.
There are 4 types of cookies:
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues surfing on other pages and only goes to checkout later. These cookies do not delete the shopping cart, even if the user closes his browser window.
These cookies collect information about user behavior and whether the user receives any error messages. These cookies are also used to measure the loading time and the behavior of the website in different browsers.
These cookies ensure better user-friendliness. For example, entered locations, font sizes or form data are saved.
These cookies are also called targeting cookies. They serve to deliver customized advertising to the user. That can be very practical, but also very annoying.
When you visit a website for the first time, you will usually be asked which of these types of cookies you would like to allow. And of course this decision is also saved in a cookie.
How can I delete cookies?
If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:
If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. For each individual cookie, you can decide whether or not to allow the cookie. The procedure is different depending on the browser. It is best to search for the instructions in Google with the search term “delete cookies Chrome” or “deactivate cookies Chrome” in the case of a Chrome browser.
Which cookies are currently used?
What about my data protection?
The so-called “cookie guidelines” have existed since 2009. It states that the storage of cookies requires your consent. Within the EU countries, however, there are still very different reactions to these guidelines. In Austria, however, this directive was implemented in Section 96 (3) of the Telecommunications Act (TKG).
If you want to know more about cookies and don’t shy away from technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Storage of personal data
Personal data that you transmit to us electronically on this website, such as name, e-mail address, address or other personal information in the context of submitting a form or comments in the blog, are saved by us together with the time and the IP Address is only used for the specified purpose, stored securely and not passed on to third parties.
We therefore only use your personal data for communication with those visitors who expressly request contact and for processing the services and products offered on this website. We do not pass on your personal data without your consent, but we cannot rule out that this data will be viewed in the event of illegal behavior.
If you send us personal data by email – outside of this website – we cannot guarantee the secure transmission and protection of your data. We recommend that you never send confidential data unencrypted by e-mail.
Data transfer when concluding a contract for online shops, dealers and dispatch of goods
We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the companies entrusted with the delivery of the goods or the payment service providers and credit institutions commissioned with the payment processing. A further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, e.g. for advertising purposes.
The basis for data processing is Art. 6 Para. 1 lit. b GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.
Rights according to the General Data Protection Regulation
According to the provisions of the GDPR and the Austrian Data Protection Act (DSG), you have the following rights:
- Right to rectification (Article 16 GDPR)
- Right to cancellation (“right to be forgotten”) (Article 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to notification – obligation to notify in connection with the correction or deletion of personal data or the restriction of processing (Article 19 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR)
- Right not to be subject to a decision based solely on automated processing – including profiling (Article 22 GDPR)
If you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you can complain to the supervisory authority, which is the data protection authority in Austria whose website you can find at https://www.dsb.gv.at/.
Use of payment service providers
If you choose a payment method from the payment service provider Stripe (for example, if you pay by credit card or instant transfer), the payment will be processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland the information you provided during the ordering process along with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 Para. 1 lit. b GDPR. Your data will only be passed on for the purpose of processing payments with the payment service provider Stripe Payments Europe Ltd. and only insofar as it is necessary for this. More information on Stripe’s data protection can be found at the URL https://stripe.com/de/privacy#translation.
Evaluation of visitor behavior
In the following data protection declaration we inform you whether and how we evaluate data from your visit to this website. The data collected is usually evaluated anonymously and we cannot infer your person from your behavior on this website.
You can find out more about how to object to this analysis of the visit data in the following data protection declaration.
TLS encryption with https
We use https to transfer data securely on the Internet (data protection through technology design, Article 25 (1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognize the use of this data transfer protection by the small lock symbol in the top left of the browser and the use of the https (instead of http) scheme as part of our Internet address.
Web fonts from Adobe Typekit
This site uses so-called web fonts, which are provided by Adobe Typekit, for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to the Adobe Typekit servers. This gives Adobe Typekit knowledge that our website has been accessed via your IP address. Adobe Typekit web fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
We use the analysis tracking tool Google Analytics (GA) from the American company Google Inc. on our website. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is saved in a cookie and sent to Google Analytics. With the help of the reports we receive from Google Analytics, we can better tailor our website and our service to your needs. In the following, we will go into more detail about the tracking tool and, above all, inform you about which data is stored and how you can prevent this.
What is Google Analytics
Google Analytics is a tracking tool that is used to analyze the traffic on our website. In order for Google Analytics to work, a tracking code is built into the code of our website. When you visit our website, this code records various actions that you carry out on our website. As soon as you leave our website, this data is sent to the Google Analytics server and stored there.
Google processes the data and we receive reports on your user behavior. These reports can include the following:
- Target group reports: With target group reports, we get to know our users better and know more precisely who is interested in our service.
- Ad reports: Ad reports make it easier for us to analyze and improve our online advertising.
- Acquisition Reports: Acquisition reports give us helpful information on how we can get more people excited about our service.
- Behavioral Reports: This is where we learn how you interact with our website. We can understand which route you take on our site and which links you click.
- Conversion reports: Conversion is a process in which you carry out a desired action based on a marketing message. For example, when you go from being a pure website visitor to being a buyer or newsletter subscriber. With the help of these reports, we can find out more about how you receive our marketing measures. This is how we want to increase our conversion rate.
- Real-time reports: Here we always find out immediately what is happening on our website. For example, we can see how many users are reading this text.
Why do we use Google Analytics on our website?
Our goal with this website is clear: We want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal.
The statistically evaluated data show us a clear picture of the strengths and weaknesses of our website. On the one hand, we can optimize our site so that interested people can find it more easily on Google. On the other hand, the data helps us to better understand you as a visitor. We therefore know very well what we need to improve on our website in order to offer you the best possible service. The data also help us to carry out our advertising and marketing measures more individually and cost-effectively. After all, it only makes sense to show our products and services to people who are interested in them.
Which data is saved by Google Analytics?
Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This is how Google Analytics recognizes you as a new user. The next time you visit our site, you will be recognized as a “returning” user. All collected data is saved together with this user ID. This is the only way to evaluate pseudonymous user profiles.
Your interactions on our website are measured through identifiers such as cookies and app instance IDs. Interactions are all types of actions that you carry out on our website. If you also use other Google systems (such as a Google account), data generated by Google Analytics can be linked to third-party cookies. Google does not pass on any Google Analytics data unless we as the website operator approve it. Exceptions may be made if required by law.
The following cookies are used by Google Analytics:
Usage: By default, analytics.js uses the _ga cookie to save the user ID. Basically, it is used to differentiate between website visitors.
Expiry Date: after 2 years
Usage: The cookie is also used to distinguish website visitors
Expiry Date: after 24 hours
Usage: Used to lower the request rate. If Google Analytics is provided via Google Tag Manager, this cookie is named _dc_gtm_.
Expiry Date: after 1 minute
Value: not specified
Usage: The cookie has a token with which a user ID can be obtained from the AMP client ID service. Other possible values indicate a logout, a request, or an error.
Expiry Date: after 30 seconds up to a year
Usage: This cookie can be used to track your behavior on the website and measure performance. The cookie is updated every time information is sent to Google Analytics.
Expiry Date: after 2 years
Usage: The cookie is used like _gat_gtag_UA_ to throttle the request rate.
Expiry Date: after 10 minutes
Usage: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.
Expiry Date: after 30 minutes
Usage: This cookie is used to set new sessions for returning visitors. This is a session cookie and is only saved until you close the browser again.
Expiry Date: After closing the browser
Usage: The cookie is used to identify the source of traffic on our website. This means that the cookie saves where you came to our website from. That could have been another page or an advertisement.
Expiry Date: after 6 months
Value: no information
Usage:The cookie is used to save custom user data. It is always updated when information is sent to Google Analytics.
Expiry Date: after 2 years
Annotation: This list cannot claim to be complete, as Google changes the choice of cookies again and again.
Here we show you an overview of the most important data that is collected with Google Analytics:
Heatmaps: Google creates so-called heat maps. Via heatmaps you can see exactly those areas that you click on. That way we get information about where you are on our site.
Session duration: Google defines session duration as the time that you spend on our site without leaving the site. If you have been inactive for 20 minutes, the session ends automatically.
Bounce rate: A jump is when you only view one page on our website and then exit our website again.
Account creation: When you create an account or place an order on our website, Google Analytics collects this data.
IP address: The IP address is only shown in abbreviated form so that it cannot be clearly assigned.
Location: The country and your approximate location can be determined via the IP address. This process is also known as IP location determination.
Technical information: The technical information includes, among other things, your browser type, your Internet provider or your screen resolution.
Source of origin: Google Analytics or us are of course also interested in which website or which advertising you came to our site.
Further data are contact details, any ratings, the playing of media (e.g. when you play a video on our site), the sharing of content via social media or adding to your favorites. The list does not claim to be complete and only serves as a general guide to data storage by Google Analytics.
How long and where is the data stored?
Google has distributed your servers all over the world. Most of the servers are located in America and consequently your data is mostly stored on American servers. Here you can read exactly where the Google data centers are located: https://www.google.com/about/datacenters/inside/locations/?hl=de
Your data is distributed on various physical data carriers. This has the advantage that the data can be accessed more quickly and is better protected against manipulation. Every Google data center has appropriate emergency programs for your data. If, for example, the hardware at Google fails or natural disasters paralyze servers, the risk of a service interruption at Google remains low.
A standard retention period for your user data of 26 months is set for Google Analytics. Then your user data will be deleted. However, we have the option of choosing the retention period for user data ourselves. We have five options for this:
- Deletion after 14 months
- Deletion after 26 months
- Deletion after 38 months
- Deletion after 50 months
- No automatic deletion
When the specified period has expired, the data is deleted once a month. This retention period applies to your data that is linked to cookies, user identification and advertising IDs (e.g. cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is a merging of individual data into a larger unit.
How can I delete my data or prevent data storage?
If you generally want to deactivate, delete or manage cookies (independent of Google Analytics), there are separate instructions for each browser:
Google Analytics is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=211128222. We hope we were able to provide you with the most important information about data processing by Google Analytics. If you want to learn more about the tracking service, we recommend these two links: http://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de.
Google Analytics IP anonymization
We have implemented the IP address anonymization of Google Analytics on this website. This function was developed by Google so that this website can comply with the applicable data protection regulations and recommendations of the local data protection authorities if they prohibit the storage of the full IP address. The anonymization or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before the data is stored or processed.
You can find more information on IP anonymization at https://support.google.com/analytics/answer/2763052?hl=de.
Google Analytics add-on for data processing
We have concluded a direct customer contract with Google for the use of Google Analytics by accepting the “data processing addendum” in Google Analytics.
You can find out more about the addition on data processing for Google Analytics here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad