At BORA, data protection is our top priority. With the help of this privacy policy, we would like to inform all persons who use this website about the type, scope and purposes of the processing of personal data.
Thank you for your interest in the information on our website!
With the help of this privacy policy, we would like to inform all persons who use this website about the type, scope and purposes of the processing of personal data. Personal data in this context is all information with which you as a user:can be personally identified on our website (theoretically, possibly via detours or by linking various data), including your IP address. Information that is stored in cookies is generally not personal or only personal in exceptional cases; however, this is covered by a special regulation that makes the permissibility of the use of cookies - depending on their purpose - largely dependent on the active consent of the user.
In a general section of this privacy policy, we provide you with information on data protection that generally applies to our processing of data, including the collection of data on our website. In particular, you as the data subject will be informed about the rights to which you are entitled. We endeavor to provide this information in gender-neutral language. If individual formulations do not yet take this into account, we would like to point out that this information applies to all people of all genders.
The terms used in our privacy policy and our data protection practices are based on the provisions of the EU General Data Protection Regulation ("GDPR") and other relevant national legislation.
Responsible within the meaning of the GDPR
BORA Vertriebs GmbH & Co KG
Innstraße 1
6342 Niederndorf
Austria
bora.webcare@bora.com
Data protection officer: Mr. Bernhard Johne
Other companies in the BORA Group are
On the one hand, personal data is collected from you if you expressly provide it to us; on the other hand, data, in particular technical data, is collected automatically when you visit our website. Some of this data is collected to ensure that our website functions correctly. Other data may be used for analysis purposes. However, you can generally use our website without having to provide any personal data.
When you contact us, your data will be used to process the contact request and its handling as part of the fulfillment of pre-contractual rights and obligations. The processing of your data is necessary to process and respond to your inquiry, otherwise we will not be able to respond to your inquiry, or only to a limited extent. The data may be stored in a customer and prospect database on the basis of our legitimate interest in direct marketing.
We will delete your inquiry and your contact data if your inquiry has been conclusively answered and there are no statutory retention periods to prevent deletion, e.g. in the context of subsequent contract processing. This is usually the case if there has been no further contact with you for three years.
When you register for our email newsletter, you give your consent to be contacted for advertising purposes in the form of newsletters. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR and our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.
When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller named at the beginning. Once you have unsubscribed, your e-mail address will be deleted from our newsletter mailing list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for other legally permitted purposes.
The data of newsletter subscribers is logged, as we are obliged to be able to prove registrations. For technical reasons, this information is stored on a personalized basis for each subscriber. The data is not used to monitor individual users, but to adapt the content of the newsletter to the subscriber.
To send newsletters, we use the instant messaging service WhatsApp Business from WhatsApp LLC, 1601 Willow Road Menlo Park, California 94025, USA via the service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin.
Registration for the WhatsApp newsletter takes place using the double opt-in procedure. After registering via a CTA or QR code, you will be sent a message asking you to confirm that you would like to receive news from us via WhatsApp.
You can pause the receipt of WhatsApp messages at any time with the "Stop" message.
The only mandatory information for sending the newsletter is your telephone number. After your confirmation, your telephone number will be forwarded to our Sendinblue GmbH for the purpose of sending the newsletter and will be processed and stored there. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
If you communicate with us via WhatsApp, certain data that you share with the app will be stored and processed by WhatsApp. In particular, this includes information provided by the user such as messages, photos, videos, billing data and stored profile pictures. WhatsApp states that this data is only stored end-to-end encrypted. Some metadata is collected by WhatsApp without encryption. This includes phone number, location, IP address, information about your device, type and frequency of app use, location and information about the time and recipient of the messages you send. According to WhatsApp's privacy policy, this information is sometimes shared with other meta-companies, including Facebook and Instagram, which are based in the USA. In some cases, such data is also shared with external companies, service providers or partners.
Data processing can also take place in the USA. In the opinion of the European Court of Justice, an adequate level of data protection cannot currently be assumed in the USA.
WhatsApp uses so-called standard contractual clauses in accordance with Art. 46 (2) and (3) GDPR (https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de) as the basis for processing or transferring data to countries outside the EU. Through these clauses, WhatsApp undertakes to comply with the EU data protection standard when processing your data, even if the data is transferred to third countries such as the USA and processed and stored there. You can find out more about this in WhatsApp's privacy policy at https://www.whatsapp.com/legal/privacy-policy-eea/?locale=de_DE
To the extent permitted by law, we use your e-mail address, which we have received in connection with the sale of a product or service, for direct advertising of similar goods or services. You can object to the use of your e-mail address for direct advertising at any time with effect for the future. The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR and Art. 7 para. 3 GDPR.
Personalized communication can take place on the basis of an evaluation of the following information:
We also send information about our products and current sales promotions by post. You can object to receiving mailings by post or email at any time.
Purpose: promotional communication
Category: Marketing
Recipient: EU
Processed data: Usage data, inventory data, address and contact data
Legal basis: Art. 5 para. 2 GDPR and Art. 6 para. 1 lit. f.
We collect and process personal data for the online booking of meeting appointments. We use the "Microsoft Bookings" service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The connection to the service is only established when you access the online booking function via a button on our website.
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active
We would like to point out that you are not obliged to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use another of the contact options offered to make an appointment. The legal basis for data transmission, storage and processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. You have the option of withdrawing your consent to data processing or objecting to the use of the data at any time. In this case, the intended contact with the user is no longer possible or communication that has already begun can no longer be continued.
Further information on the handling of user data by Microsoft can be found at https://privacy.microsoft.com /privacystatement.
On our website, we offer job applicants the opportunity to apply online using a corresponding form. In order to be included in the application process, applicants must provide us with all the personal data required for a well-founded and informed assessment and selection via the form.
The required information includes general personal details (name, address, telephone or electronic contact details) as well as performance-specific proof of the qualifications required for a position. In addition, health-related information may be required, which must be given special consideration under labor and social law in the interest of the applicant's social protection.
When the form is sent, the applicant data is transmitted to us in encrypted form in accordance with the state of the art, stored by us and evaluated exclusively for the purpose of processing the application. The
legal basis for this processing is generally Art. 6 para. 1 lit. b GDPR in conjunction with Art. 26 para. 1 BDSG. § Section 26 (1) BDSG, in the sense of which the application process is considered to be the initiation of an employment contract.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data such as information on severely disabled status) are requested from applicants as part of the application procedure, processing is carried out in accordance with Art. Art. 9 para. 2 lit. b. GDPR, so that we can exercise the rights arising from labor law and social security and social protection law and fulfill our obligations in this regard.
Cumulatively or alternatively, the processing of special categories of data may also be based
on Art. 9 para. 1 lit. h GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant's ability to work, for medical diagnostics, health or social care or treatment or for the management of health or social care systems and services.
If the applicant is not selected in the course of the evaluation described above or if an applicant withdraws their application prematurely, their data submitted on the form will be deleted after 6 months at the latest following a corresponding notification. This period is calculated on the basis of our legitimate interest in being able to answer any follow-up questions about the application and, if necessary, to comply with our obligations to provide evidence under the regulations on equal treatment of applicants. In
the event of a successful application, the data provided will be processed on the basis of Art. 6 para. 1 lit. b GDPR i.V.m. § Section 26 (1) BDSG for the purposes of implementing the employment relationship.
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Meta Platforms, Inc. (USA)
Purpose: Web analysis, tracking (conversion)
Category: Marketing
Recipient: EU, USA
Processed data: IP address, user data, details of the website visit
Data subjects: Users
Technology: JavaScript call, cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search /participant-detail?id=a2zt0000000GnywAAC&status=Active
Website: www.facebook.com
Further information:
https://de-de.facebook.com/privacy/policy
https://de-de.facebook.com/business/help /742478679120153
Our website uses the meta pixel service of the social network Facebook for the analysis, optimization and economic operation of our online offering.
With the help of meta pixels, Meta is able to determine the visitors to our website as a target group for the display of personalized ads. Accordingly, we use meta pixels to display the advertisements placed by us only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Meta (so-called "custom audiences"). With the help of meta pixels, we also want to ensure that our meta ads correspond to the potential interest of users and are not annoying. With the help of meta pixels, we can also track the effectiveness of meta ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a meta ad (so-called "conversion").
Your actions are stored in one or more cookies. These cookies enable Meta to match your user data (such as IP address, user ID) with the data of your Facebook account. The data collected is anonymous and cannot be viewed by us and can only be used in the context of advertisements. You can prevent the link to your Facebook account by logging out before taking any action.
To set which types of advertisements are displayed to you within Facebook, you can go to the page set up by Meta and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads
The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
Provider: LinkedIn Ireland Unlimited Company, Ireland, parent company: LinkedIn Corporation (USA)
Purpose: Conversion tracking, web analytics
Category: Marketing
Recipient: EU, USA
Processed data: IP address, website visit details, online-related data
Data subjects: Website visitors, LinkedIn users
Technology: JavaScript call, cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search /participant-detail?id=a2zt0000000L0UZAA0&status=Active
Website: https://www.linkedin.com/
Further information:
https://www.linkedin.com/legal/privacy-policy
https://www.linkedin.com/help/lms/answer/85787 https://www.linkedin.com/help/linkedin/answer/87150/linkedinmarketinglosungen-und-die-datenschutz-grundverordnung-dsgvo-?lang=de
Our website uses LinkedIn Insight Tag, a web analysis service. This service records and analyzes LinkedIn users on our website. This gives us insights into our target groups. It also allows us to measure the attractiveness of our offers and services as well as the success of LinkedIn campaigns.
LinkedIn members also have the option to opt out of LinkedIn conversion tracking and to block and delete cookies or deactivate demographic features at https://www.linkedin.com/psettings/advertising/. In LinkedIn's settings, there is no separate opt-out option for third-party impressions or click tracking for campaigns that run on LinkedIn, as all underlying campaigns respect the settings of LinkedIn members.
The information collected by the LinkedIn Insight tag about the use of our website is encrypted. LinkedIn anonymizes the data within 7 days. The data is deleted again within 90 days. As the site operator, we do not receive any personal data, only reports on demographic information, information about the respective jobs for our target groups and the success of LinkedIn campaigns.
Provider: Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest")
Purpose: Tracking (Conversion)
Category: Marketing
Recipient: EU, USA (possible)
Processed data: IP address, details of the website visit
Data subject: Website visitor
Technology: JavaScript call, cookies
Legal basis: Consent
Website: www.pinterest.com
Further information: https://policy.pinterest.com/de/privacy-policy
Our website uses the conversion tracking service of the social network Pinterest of Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest").
This technology enables us to show our website visitors who have already shown an interest in our site and our content/offers and who are Pinterest members relevant advertisements and offers on Pinterest.
For this purpose, a so-called conversion tracking pixel from Pinterest is integrated on our pages, via which Pinterest is informed when you visit our website that you have accessed our website and which parts of our offer you were interested in.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. This can be revoked at any time with effect for the future.
You can deactivate the collection of data for the display of interest-based advertising on Pinterest at any time in your Pinterest account settings at https://www.pinterest.de/settings (there under "Customization" the button "Use information from our partners to better tailor the recommendations and ads on Pinterest to you") or at https://help.pinterest.com/de/article/personalization-and-data#info-ad (there deactivate the checkbox under "Disable customization").
Further information on Pinterest's data protection can be found at: https://policy.pinterest.com/de/privacy-policy
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Integration of video content, collection of statistical data
Category: Statistics
Recipient: EU, USA
Processed data: IP address, website visit details, user data
Data subjects: Users
Technology: JavaScript access, cookies, device fingerprinting, local storage
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search /participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.youtube.com
Further information:
https://www.youtube.com/intl/ALL_at/howyoutubeworks/user-settings/privacy/
https://policies.google.com/privacy https://safety.google/intl/de/principles/
https://support.google.com/youtube/answer/10364219?hl=de
We use the YouTube service on our website to embed external videos.
We have activated the extended data protection mode on YouTube. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch a video. However, the transfer of data to YouTube partners is not excluded by the extended data protection mode.
As soon as a YouTube video is started on our website, a connection to the YouTube servers is established. This tells YouTube which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. This can be prevented by logging out of your account.
Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable technologies (e.g. device fingerprinting). YouTube also uses local storage on your device. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts.
Provider: Vimeo Inc, 555 West 18th Street New York, New York 10011, USA
Purpose: Integration of video content
Category: External media
Recipient: USA
Processed data: IP address, details of the website visit
Data subject: Website visitor
Technology: JavaScript call, cookies
Legal basis: Consent
Website: https://www.vimeo.com
Further information: https://vimeo.com/privacy (in English)
Videos from the Vimeo platform are integrated on our website.
When you access the web pages of our online offering that are equipped with a Vimeo plugin, a connection to the Vimeo servers is established and the plugin is displayed. This transmits your IP address to the Vimeo server, as well as information about which of our web pages you have visited. If you are logged in to Vimeo as a member, Vimeo assigns this information to your personal user account. When you use the plugin, e.g. by clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website.
If you want to prevent the transmission and storage of data about you and your behavior on our website by Vimeo, you must log out of Vimeo before you visit our site.
We use cookies on our website to make our internet presence more user-friendly and functional. Some cookies remain stored on your end device.
Cookies are small data packets that are exchanged between your browser and our web server when you visit our website. They do not cause any damage and are only used to recognize website visitors. Cookies can only store information that is supplied by your browser, i.e. information that you have entered into the browser yourself or that is available on the website. Cookies cannot execute code and cannot be used to access your end device.
The next time you visit our website with the same device, the information stored in cookies may subsequently be sent back either to us ("first-party cookie") or to a third-party web application to which the cookie belongs ("third-party cookie"). Through the stored and returned information, the respective web application recognizes that you have already accessed and visited the website with the browser of your end device.
Cookies contain the following information:
Depending on their intended use and function, we divide cookies into the following categories:
Depending on the storage period, we also divide cookies into session and permanent cookies. Session cookies store information that is used during your current browser session. These cookies are automatically deleted when you close your browser. No information remains on your end device. Persistent cookies store information between two visits to the website. This information is used to recognize you as a returning visitor on your next visit and the website responds accordingly. The lifespan of a permanent cookie is determined by the provider of the cookie.
The legal basis for the use of technically necessary cookies is based on our legitimate interest in the technically flawless operation and smooth functionality of our website. Our website cannot function properly without these cookies. The use of statistics and marketing cookies requires your consent. You can revoke your consent to the use of cookies at any time for the future. Consent is voluntary. If it is not given, there are no disadvantages. Further information about the cookies we actually use (in particular about their purpose and storage duration) can be found in this privacy policy and in the information about the cookies we use in our cookie banner.
You can also set your Internet browser so that the storage of cookies on your device is generally prevented or you are asked each time whether you agree to the setting of cookies. Once cookies have been set, you can delete them at any time. You can find out how all this works in detail in the help function of your browser.
Please note that a general deactivation of cookies may lead to functional restrictions on our website.
We also use local storage functions (also known as "local storage") on our website. This means that data is stored locally in your browser's cache and can continue to exist and be read even after you close the browser - unless you delete the cache or it is session storage.
Third parties cannot access the data stored in Local Storage. If special plugins or tools use the LocalStorage functions, this is described in the respective plugin or tool.
If you do not want plugins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions
Provider: DataReporter GmbH, Zeileisstraße 6, 4600 Wels, Austria
Purpose: Consent Management
Category: Technically required
Recipient: EU, AT
Processed data: IP address, consent data Data subjects: Users
Technology: JavaScript call, cookies, swarm crawler
Legal basis: Legitimate interest, consent (swarm crawler for evaluating search results)
Website: https://www.datareporter.eu/
Further information: https://www.datareporter.eu/de/privacystatement.html
We use the Webcare tool on our website for consent management. Webcare records and stores the decision of the respective user of our website. Our consent banner ensures that statistical and marketing technologies such as cookies or external tools are only set or started if the user has given their express consent to their use.
For this purpose, we store information on the extent to which the user has confirmed the use of cookies. The user's decision can be revoked at any time by accessing the cookie settings and managing the declaration of consent. Existing cookies are deleted after consent is withdrawn. A cookie is also set to store information about the status of the user's consent, which is indicated in the cookie details. Furthermore, the IP address of the respective user is transmitted to the DataReporter server when this service is accessed. The IP address is neither stored nor associated with any other data of the user, it is only used for the correct execution of the service.
With the help of Webcare, our website is regularly analyzed for technologies relevant to data protection law. This analysis is only carried out for those users who have expressly given their consent (for statistical or marketing purposes). The search results of the users are evaluated by Webcare in anonymized form and only in relation to technologies and used to fulfill our information obligations. To start the swarm crawler technology, a request is sent to our servers and the IP address of the user is transmitted for the purpose of data transfer. Servers are selected that are geographically close to the respective location of the user. It can be assumed that for users within the EU, a server located within the EU will also be selected. The user's IP address is not stored and is removed immediately after the end of the communication.
Provider: Cloudflare Inc, 101 Townsend Street, San Francisco, California 94107, USA
Purpose: Content Delivery Network
Category: Technically required
Recipient: USA
Processed data: IP address, details of the website visit
Data subjects: Users
Technology: JavaScript call, cookies
Legal basis: Legitimate interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participantsearch/participant-detail?id=a2zt0000000GnZKAA0&status=Active
Website: https://www.cloudflare.com/
Further information:
https://www.cloudflare.com/de-de/privacypolicy/
https://www.cloudflare.com/de-de/application/privacypolicy/
The Cloudflare service is used on our website as a content delivery network (CDN) and as a security service.
A CDN is a service that helps to deliver the content of our website, especially large media files such as images, more quickly with the help of regional servers connected via the Internet. Providing content via servers in your area reduces the average loading time of a website.
Cloudflare offers both web optimization and security services. Cloudflare blocks threats and limits misuse of server resources and bandwidth. Cloudflare makes our website significantly more powerful and less susceptible to spam or other attacks.
Cloudflare uses cookies and processes data of the users of our website.
If a user accesses our website, requests are routed via the Cloudflare server. This collects statistical access data about the visit to our website.
The access data includes:
This data helps Cloudflare in particular to identify new threats and ensure a high standard of security for the operation of our website.
The data is processed to maintain the security and functionality of the CDN and to optimize our loading times. The use of cookies by Cloudflare is for security reasons to ensure the trustworthiness of an end device and is absolutely necessary for the security function.
Cloudflare only retains data logs for as long as necessary and in most cases this data is deleted within 24 hours. However, there is information that Cloudflare retains indefinitely as part of its permanent logs in order to improve Cloudflare's overall performance. However, this data is not personal and is anonymized by Cloudflare.
Purpose: Technically necessary
Recipient country: EU
Legal basis: Legitimate interest
Our website uses the Friendly Captcha service from the provider Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany ("FriendlyCapcha") to protect against misuse by non-human visitors (bots) and to prevent spam.
Friendly Captcha is used to check whether the data input on our website is made by a human or by an automated program. Friendly Captcha
does not let the visitor solve manual picture puzzles, but generates a cryptographic task which is
solved by your browser completely automatically in the background. Based on the technical information collected, the difficulty can be adjusted to make it more difficult for possible bots to proceed.
According to our information, the following data is processed by Friendly Captcha for the automated processing of a task:
An anonymized counter per IP address is stored to set the task difficulty in order to detect malicious users and minimize the blocking of legitimate users. This data is stored separately from other data and cannot be linked to specific websites or users. The IP addresses are anonymized using a state-of-the-art hashing process so that you as a user of the website cannot be personally identified. No cookies are used by Friendly Captcha.
The legal basis for processing your data with the help of Friendly Captcha is our legitimate interest pursuant to Art. 6 (1) (f) GDPR in protecting our website from misuse.
Further information about Friendly Captcha can be found here:
https://friendlycaptcha.com/de/
For more information about Friendly Captcha's privacy policy, please see the following link: https://friendlycaptcha.com/de/legal/privacy-end-users/
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Web analytics, performance measurement, conversion tracking, collection of statistical data
Category: Statistics
Recipient: EU, USA
Processed data: IP address, website visit details, user data
Data subjects: Users
Technology: JavaScript call, cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search /participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy https://safety.google/intl/de/principles/ https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centers are located: https://www.google.com/about /datacenters/locations/
On our website, we use the functions of the web analysis service Google Analytics to analyze user behavior and to optimize our website. The reports provided by Google are used to analyze the performance of our website and to measure the success of possible campaigns via our website.
Google Analytics uses cookies that enable us to analyze the use of our website.
Information about the use of the website such as browser type/version, operating system used, the previously visited page, host name of the accessing computer (IP address), time of the server request are usually transmitted to a Google server and stored there. We have concluded a contract with Google for this purpose.
Google will use this information on our behalf to evaluate the use of our website, to compile reports on the activities within our website and to provide us with further services associated with the use of our website and the Internet. According to Google, the IP address transmitted by your browser will not be merged with other Google data.
We only use Google Analytics with IP anonymization activated by default. This means that the IP address of a user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by a user's browser as part of Google Analytics is not linked to other Google data.
During the website visit, user behavior is recorded in the form of so-called events. These can represent the following:
is also recorded:
This data is essentially processed by Google for its own purposes, such as profiling (without us being able to influence this).
The data on the use of our website will be deleted immediately after the end of the retention period set by us. Google Analytics specifies a standard retention period of 2 months for user and event data, with a maximum retention period of 14 months. This retention period also applies to conversion data. The following options are available for all other event data: 2 months, 14 months, 26 months (Google Analytics 360 only), 38 months (Google Analytics 360 only), 50 months (Google Analytics 360 only). We choose the shortest storage period that corresponds to our intended use. You can ask us at any time about the retention period we have currently set. Data whose retention period has been reached is automatically deleted once a month.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA), https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Purpose: Integration of fonts
Category: Statistics
Recipient: EU, USA (possible)
Processed data: IP address, language settings, screen resolution, version and name of the browser
Data subject: Website visitor
Technology: JavaScript call
Legal basis: Consent, Data Privacy Framework
Website: www.google.com
Further information:
https://developers.google.com/fonts/faq
https://policies.google.com/privacy https://www.google. com/about/datacenters/inside/locations/
Our website uses so-called web fonts provided by Google for the uniform display of fonts.
To display web fonts from Google, the browser you are using must connect to Google's servers. As a result, Google becomes aware that our website has been accessed via your IP address. Google also stores the IP address of the browser of the end device of the visitor to our website. If your browser does not support web fonts, a standard font will be used by your device.
In addition to the IP address, information such as language settings, screen resolution, version and browser name are automatically transmitted to Google servers with every Google font request. Google can use the collected usage data to determine the popularity of fonts. Google publishes the results on internal analysis pages (e.g. Google Analytics).
With Google Fonts, we can use fonts on our own website and do not have to upload them to our server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web, which saves data volume and is a great advantage, especially when using mobile devices. When you visit us, the low file size ensures a fast loading time. Furthermore, Google Fonts are secure web fonts and support all common browsers.
Google stores requests for CSS assets on its servers for one day. This enables us to use the fonts with the help of a Google stylesheet. The font files are stored by Google for one year. To delete data prematurely, you must contact Google support ( https://support.google.com ).
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Integration of map services
Category: Statistics
Recipient: EU, USA
Processed data: IP address, details of website visit, user data
Data subjects: Users
Technology: JavaScript call, cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search /participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy https://safety.google/intl/de/principles/ https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about /datacenters/locations/
The Google Maps service is integrated on our website in order to better display geographical information about locations for users.
Google Maps is an online map service that makes geographical information easier to read via an end device. Among other things, directions are displayed or map sections of a location are integrated into a website.
When Google Maps is accessed, the browser establishes a connection to Google's servers. This informs Google that our website has been accessed via the user's IP address. The use of Google Maps enables Google to collect and process data about the use of the service.
To provide this service, Google Maps processes search terms entered as well as latitude and longitude coordinates based on the IP address. If the route planner function of Google Maps is used, the starting address entered is also saved. This data processing is carried out exclusively by Google and is beyond our control.
We would like to point out that Google sets a cookie called "NID" when this service is executed. Google Maps does not currently offer us the option of operating this service in a mode without this cookie. The NID cookie contains information about your user behaviour, which Google uses to optimize its own services and to provide you with individual, personalized advertising.
Google anonymizes data in server logs by deleting part of the IP address and cookie information after 9 or 18 months. Location and activity data is stored for either 3 or 18 months and then deleted.
Users can also delete the history manually at any time via a Google account. To completely prevent location tracking, a user must deactivate the "Web and app activity" section in their Google account.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Personalized advertising, conversion tracking, remarketing, performance measurement of campaigns
Category: Marketing
Recipient: EU, USA
Processed data: IP address, website visit details, user data
Data subjects: Users
Technology: JavaScript call, cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search /participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centers are located:
https://www.google.com/about /datacenters/inside/locations/
The Google Ads service is used on this website for the purpose of advertising our products and services. Google Ads is Google's in-house online advertising system.
It is important for us to know whether an interested visitor ultimately becomes our customer. Conversion tracking is used to measure this. We also want to be able to address visitors to our website again in a targeted manner. We achieve this through so-called remarketing (retargeting).
Google Ads is used for both conversion tracking and remarketing, i.e. we can recognize what happened after you clicked on one of our ads. For this service to work, cookies are used and visitors are sometimes added to remarketing lists so that they are only shown certain advertising campaigns.
This is done by means of a pseudonymous identification number (pID), which is assigned to a user's browser. This pID enables the service to recognize which ads have already been displayed to a user and which have been accessed. The data is used to display advertisements across websites by enabling Google to identify the pages visited.
Our aim is to use Google Ads to target our website to those visitors who are actually interested in what we have to offer. Using the data from conversion tracking, we can measure the benefit of individual advertising measures and optimize our website for our visitors. Conversion can be measured through the use of cookies.
The information generated is transmitted by Google to a server in the USA for analysis and stored there. A transfer of data by Google to third parties only takes place on the basis of legal regulations or in the context of order data processing. Under no circumstances will Google link a user's data with other data collected by Google.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Management of tools and plugins
Category: Technically required
Recipients: EU, USA
Processed data: IP address
Data subjects: Users
Technology: JavaScript Call Legal basis:
Legitimate interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participantsearch/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centers are located:
https://www.google.com/about /datacenters/locations/
The Google Tag Manager service is used on our website.
The Tag Manager is a service that allows us to manage website tags via an interface. This allows us to add code snippets such as tracking codes or conversion pixels to websites without interfering with the source code. The Tag Manager only forwards the data, but neither collects nor stores it. The Tag Manager itself is a cookie-less domain and does not process any personal data, as it is used purely to manage other services in our online offering.
When the Google Tag Manager is started, the browser establishes a connection to Google's servers. These are mainly located in the USA. This informs Google that our website has been accessed via a user's IP address. The Tag Manager ensures the resolution of other tags, which in turn may collect data.
However, the Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with the Tag Manager.
As part of the hosting of our website, all data to be processed in connection with the operation of our website is stored. This is necessary to enable the operation of the website. We therefore process the data accordingly on the basis of our legitimate interest in optimizing our website offering. To provide our online presence, we use the services of web hosting providers to whom we make the above-mentioned data available as part of order processing.
Provider: Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta
Purpose: Analysis of user behavior
Category: Statistics
Recipient: EU Processed data: IP address, website visit details, online-related data
Data subjects: Website visitors
Technology: JavaScript call, cookies
Legal basis: Consent Website: https://www.hotjar.com
Further information:
https://www.hotjar.com/privacy
https://www.hotjar.com/policies/do-not-track/
Our website uses the Hotjar service to analyze user behavior and to create heat maps.
Hotjar allows us to record mouse and scroll movements and clicks, among other things. Hotjar can determine how long a user remains with the mouse pointer in a particular place. Hotjar uses this information to create so-called heat maps, which can be used to determine which areas of our website users prefer to view.
Hotjar's technology gives us a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, what they like and don't like, etc.) and this helps us to tailor our offering to our users' feedback.
Hotjar works with cookies and other technologies to collect data about the behavior of our users and their end devices, in particular IP address of the device (is only recorded and stored in anonymized form during your website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.
We use the open source service jsDelivr on our website to deliver the content of our website to various user devices as quickly and technically flawlessly as possible. The provider of this service is Prospect One sp. z o.o., Królewska 65A/1, PL-30-081 Kraków, Poland ("jsDelivr").
jsDelivr is a content delivery network (CDN) that mirrors the content on our website via various servers to ensure optimal accessibility worldwide. To make this possible, a CDN always uses servers that are geographically close to the respective user of our website. It can therefore be assumed that users within the EU are also supplied with content by servers within the EU. To display content, jsDelivr uses user data such as the IP address.
According to the provider, jsDelivr does not set any cookies or use any other tracking mechanisms, but is only necessary for the technical reasons mentioned above. The legal basis for the transfer of personal data is therefore our legitimate interest in the processing of your personal data in accordance with Art. 6 para. 1 lit. f GDPR.
jsDelivr retains personal data for as long as necessary to provide the service described or to comply with legal obligations.
To prevent this service, you can install a JavaScript blocker. However, this means that the website may no longer function as usual.
Further information on the use of your data can be found in the provider's privacy policy at https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net
Our website uses the Onlim live chat system from Onlim GmbH, Weintraubengasse 22, A-1020 Vienna, Austria ("Onlim").
By using the chat function, a direct connection to the Onlim servers is established. Your entries in the chat transmit data to the Onlim servers.
Onlim is used to collect and store pseudonymized data to operate the live chat system and to answer live support requests. Cookies are used for this purpose, which serve to recognize the user. The conversations are assigned a randomly generated pseudonym so that chatbot users cannot be identified and the anonymity of the user is therefore guaranteed.
The data collected includes, in particular, chat history, IP address at the time of the chat. If you are a logged-in user and have voluntarily provided additional information as part of this service, this additional data will also be processed. We only collect, process and use the data required to contact you as requested (e.g. e-mail address or telephone number) or to provide the information you have requested.
We use the Onlim live chat system to continuously improve our service quality. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
The data collected with Onlim will not be used to personally identify the visitor to this website without your consent and will not be merged with personal data about the bearer of the pseudonym.
Further information on Onlim's data protection can be found at: https://onlim.com/datenschutzerklaerung/
For technical reasons, in particular to ensure a functional and secure Internet presence, we process technically necessary data about access to our website in so-called server log files, which your browser automatically transmits to us.
The access data that we process includes
This data is not assigned to any natural person and is only used for statistical evaluations and for the operation and improvement of our website as well as for the security and optimization of our Internet offer. This data is only transmitted to our website host. This data is not combined or merged with other data sources. If there is any suspicion of unlawful use of our website, we reserve the right to check this data retrospectively. The data processing is based on our legitimate interest in the technically error-free presentation and optimization of our website.
The access data is deleted shortly after the purpose has been fulfilled, usually after a few days, unless further storage is required for evidence purposes. Otherwise, the data is stored until an incident has been finally clarified.
When you visit our website, we use the widely used SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser. The use of this procedure is based on our legitimate interest in the use of suitable encryption techniques.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments and kept up to date with the state of the art.
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Purpose: User analysis, conversion measurement
Category: Statistics
Recipient: USA
Processed data: IP address, details of the website visit
Data subjects: Users
Technology: JavaScript call, cookies
Legal basis: Consent, EU-US Data Privacy Framework, https://www.dataprivacyframework.gov/s/participantsearch/participant-detail?id=a2zt0000000KzNaAAK&status=Active
Further information:
https://privacy.microsoft.com/de-de/privacystatement
https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses
https://help.ads.microsoft.com/#apex/3/de/53056/2
Opt-out option: https://account.microsoft.com/privacy/ad-settings/signedout
The Microsoft Advertising (formerly Bing Ads) service is used on our website to analyze and optimize its economic operation.
Microsoft Advertising places cookies on users' devices that analyze user behavior on our website. This assumes that the user has reached our website via an advertisement from Microsoft Advertising. This provides us with information on the total number of users who clicked on such an ad, were redirected to our website and previously reached a specific target page (so-called conversion measurement). No IP addresses are stored and no personal information about the identity of our users is disclosed. Microsoft operates its own servers worldwide. Most of these are located in the USA.
Microsoft stores data for as long as is necessary to provide its own services or products or for legal purposes.
The following provisions apply not only to the collection of data on our website, but also to the processing of personal data in general.
Personal data is information that can be assigned to you individually. Examples of this include your address, name, postal address, e-mail address or telephone number. Information such as the number of users who visit a website is not personal data because it cannot be assigned to an individual person.
Legal basis for the processing of personal data
Unless more specific information is provided in this privacy policy (e.g. for the technologies used), we may process your personal data on the basis of the following legal bases:
Consent pursuant to Art. 6 para. 1 lit. a GDPR- the data subject has given their consent to the processing of their personal data for one or more specific purposes.
Performance of a contract and pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract.
Legal obligation pursuant to Art. 6 para. 1 lit. c GDPR- Processing is necessary for compliance with a legal obligation.
Protection of vital interests pursuant to Art. 6 para. 1 lit. d GDPR- Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
Legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR- Processing is necessary for the purposes of the legitimate interests pursued by the controller(s) or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Please note that in addition to the provisions of the GDPR, the national data protection regulations in your or our home country may apply.
Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.
We only pass on your personal data to third parties if:
Cooperation with processors
We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of an order processing contract, this is done in accordance with Art. 28 GDPR.
Transfer to third countries
If we process data in a third country or if this occurs in the context of the use of third-party services or disclosure or transfer of data to other persons or companies, this will only take place on the basis of the legal bases described above for the transfer of data.
Subject to express consent or contractual necessity, we process or have the data processed in accordance with Art. 44-49 GDPR only in third countries with a level of data protection recognized as adequate or on the basis of special guarantees, such as a contractual obligation through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection regulations.
If no explicit storage period is specified when data is collected (e.g. as part of a declaration of consent), we are obliged to delete personal data in accordance with Art. 5 para. 1 lit. e GDPR as soon as the purpose of its processing no longer exists. In this context, we would like to point out that statutory retention obligations to which we are subject constitute a legitimate purpose for the further processing of the personal data collected.
In principle, we store and retain data in personal form until the end of a business relationship or until the expiry of applicable guarantee, warranty or limitation periods, and beyond that until the end of any legal disputes in which the data is required as evidence, or in any case until the end of the third year after the last contact with a business partner.
As part of the description of individual technologies on our website, you will find specific information on the storage duration of data. Our cookie table informs you about the storage duration of individual cookies. In addition, you always have the option of asking us directly about the specific storage duration of data. To do so, please use the contact details provided in this privacy policy.
Rights of data subjects
Affected persons have the right:
(i) in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
(ii) in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or incomplete personal data stored by us;
(iii) in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us under certain circumstances, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
(iv) in accordance with Art. 18 GDPR, to demand the (temporary) restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it, we no longer need the data but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
(v) in accordance with Art. 20 GDPR, to receive from us your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted directly to another controller; however, this only covers your personal data that we process with the aid of automated procedures after you have given your consent or on the basis of a contract;
(vi) pursuant to Art. 21 GDPR, insofar as your personal data is processed on the basis of our legitimate interest, to object to the processing of your personal data, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation;
(vii) in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future. Among other things, you have the option of revoking your consent to the use of cookies on our website with effect for the future by accessing our cookie settings;
(viii) pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority regarding the unlawful processing of your data by us. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Austria
Phone: +43 1 52 152-0
dsb@dsb.gv.at
You yourself decide on the use of your personal data. Should you therefore wish to exercise any of the above rights against us, you are welcome to contact us by e-mail at bora.webcare@bora.com or by post or telephone.
Please help us to clarify your request by answering questions from our responsible employees regarding the specific processing of your personal data. If there are reasonable doubts about your identity, we may request a copy of your ID.
If you have any questions about data protection, please contact us at dataprivacy@bora.com or using the other contact details provided in this privacy policy.