Introduction
In accordance with the General Data Protection Regulation (GDPR), we inform you about how we process your personal data when you use our website.
Responsible body
wunderweiss GmbH
Am Rosendorn 10
2345 Brunn am Gebirge, Austria
office@wunderweiss.com
Collection and processing of personal data
Various personal data is collected when you visit our website. The type and manner of collection depends on the respective services and functions that you use.
Hosting bei AWS (Amazon Web Services)
Our website is hosted on Amazon Web Services (AWS) servers, which are operated in an EU region. AWS is a cloud service provider that helps us to ensure the availability and performance of our website. Data may also be transferred to AWS servers outside the EU. AWS processes the data only on the basis of our instructions and acts as a processor.
Use of Cloudflare
To improve the security and loading speed of our website, we use the content delivery network (CDN) service Cloudflare. Cloudflare ensures that content is delivered quickly and securely in response to your request. When using Cloudflare, log data such as your IP address, access numbers and requested content may be processed. However, this data is used exclusively for security purposes and to optimise the service. Cloudflare is a US-based company and we have entered into a data processing agreement with Cloudflare to ensure that your data is processed in accordance with the GDPR.
Plausible Analytics (self hosted)
To analyse the use of our website, we use Plausible Analytics, a data protection-friendly web analytics solution that works without the use of cookies and does not store any personal data such as IP addresses or user behaviour. Plausible is hosted by us, which means that your data is processed exclusively on our servers. The data collected is used exclusively to improve the user experience and optimise our website.
Processing of personal data
The following personal data is processed when you use our website:
- IP address: Used for the security service and the delivery of content by Cloudflare.
- Usage data: Anonymised data on your interactions on our website (e.g. pages visited, duration of visit, devices used).
- Server logs: Collection of technical data to ensure the operability and security of our website.
Legal basis for data processing
Your personal data is processed on the following legal bases:
- Art. 6 para. 1 lit. f GDPR: Legitimate interest in the secure and optimised provision of our website and the analysis of website usage.
- Art. 6 para. 1 lit. f GDPR: To fulfil contractual obligations (e.g. provision of our website).
Data transfer to third parties
Your personal data will only be passed on to third parties if this is required by law or if you have given your express consent. For example, your data will be transmitted to Amazon Web Services (AWS) and Cloudflare in order to provide technical services.
Storage duration
Your personal data will only be stored for as long as is necessary for the stated purposes or until a statutory retention period has expired.
- Data from Cloudflare and logs: Are usually stored for 30 days.
- Data from Plausible Analytics: Are anonymised and only stored for a period of up to 30 days.
Your rights as a data subject
Under the GDPR, you have various rights that you can assert against us:
- Right to information (Art. 15 GDPR): You can request information about which of your personal data we process.
- Right to rectification (Art. 16 GDPR): If your personal data is incorrect or incomplete, you can request a correction.
- Right to erasure (Art. 17 GDPR): Under certain conditions, you can request the erasure of your data.
- Right to restriction of processing (Art. 18 GDPR): You can request the restriction of the processing of your personal data under certain conditions.
- Right to data portability (Art. 20 GDPR): You may request that your data be transmitted to you or another controller in a structured, commonly used and machine-readable format.
- Right to object (Art. 21 GDPR): You can object to the processing of your personal data at any time for reasons arising from your particular situation.
To exercise your rights, please contact us at the address given above.
Security
We use technical and organisational security measures to protect your personal data from loss, misuse, unauthorised access and other risks. This includes regular security updates and the use of SSL encryption for the secure transmission of your data.
Changes to this privacy policy
We reserve the right to amend this privacy policy if necessary in order to adapt it to new legal requirements or technical developments. The current version can be found on our website.
If you have any further questions, please do not hesitate to contact us!