Last Updated: March, 2022
Data Protection Decalaration
Provision of information pursuant to Art 13 of the General Data Protection Regulation 2016/679/EU ("GDPR") regarding the processing of personal data in the context of visiting and using the website [optimuse.com] ("Website")
Thank you for your interest in our website. The protection of your privacy is of high priority to us. Consequently, we only process your personal data on the basis of legal requirements set by the GDPR and other relevant legal provisions.
Data protection laws are generally relevant in case any processing of personal data is concerned. The terms used within the scope of this Data Protection Declaration are defined in and by the GDPR. As such, the broad definition of "processing" of personal data means any operation or set of operations performed on personal data. Any information allowing us or third parties to potentially identify you in person can be considered personal data, whereby you will be regarded as a data subject within the meaning of Art 4 item 1 GDPR.
You are not obligated to provide data. Data processed automatically when accessing the Website are either not personal data or are stored only for a short period of time (see point 2.1).
2.1 Processing of access data when visiting our Website
(a) Type and extent of data processing: You can visit our Website without providing any personal information. When you access our Website, only certain access data are processed automatically in so-called server log files. In particular, the following data are processed in this context: (i) name of visited website; (ii) browser type/version used; (iii) operating system of the user; (iv) previously visited website (referrer URL); (v) time of the server request; (vi) data volume transferred; (vii) host name of the accessing computer (IP address used). This information does not allow us to identify you personally; however, IP addresses are considered personal data within the meaning of the GDPR.
(b) Legal basis and purpose: The purpose of this data processing operation is to establish and maintain technical security with regards to our Website, improve the Website's quality and generate non-personal statistical information. The processing is based on our legitimate interest (Art 6 para 1 lit f GDPR) in achieving the mentioned purposes.
(c) Storage period: The server log files are, in general, automatically deleted after fourteen (14) days at the latest.
(a) Type and extent of data processing: When contacting us via the contact form provided on our Website, we will use your data as indicated in order to process your contact request and deal with it. The data processing involved is necessary to issue a response in respect of your request, as we would otherwise not be able to contact you. Details whose indication is mandatory are marked with a *-symbol; certain additional information may be provided voluntarily. Moreover, the respective elucidations of this point apply accordingly to the processing of data being entailed by direct contact requests executed via contact details provided on our Website, without making use of the contact form.
(b) Legal basis and purpose: Purpose of the data processing is to enable us an exchange with users of the Website. We answer your request on the basis of our legitimate interest (Art 6 para 1 lit f GDPR) in maintaining a properly functioning contact system, which is a prerequisite for the provision of any services. In case of repeated contact requests, we may also store your data for different purposes, of which you will be informed of separately.
(c) Storage period: We delete your requests as well as your contact data if the request has been answered conclusively. Your data are, in general, stored for a period of six (6) months and subsequently erased if we do not receive follow-up requests and if the data must not be further processed for different purposes.
(a) Type and extent of data processing: You may subscribe to our newsletter via the Website. You only have to provide your email address. The newsletter provides you with news about our services and will be sent exclusively to email addresses provided by interested users. If you no longer wish to receive the newsletter, you can unsubscribe at any time (withdrawing your consent) by notifying us of your wish via the contact address specified under point 1 or by clicking on the respective link at the end of a newsletter.
(b) Legal basis and purpose: The data mentioned above are processed in the form of a newsletter for the purpose of direct marketing and are necessary to send the newsletter. A newsletter or other electronic advertisements will in no case be sent without your prior consent (Art 6 para 1 lit a GDPR) which we obtain from you directly on our Website.
(c) Storage period: All data collected for the delivery of the newsletter shall be erased within seven (7) days after unsubscribing from the newsletter. Furthermore, we automatically erase your data in case you are inactive for a period of three (3) years (in which you do not interact with any newsletter provided by us).
Cookies are small data sets that are stored on your end device. They help us to make our offer more user-friendly. They are placed by a web server and sent back to it as soon as a new connection is established in order to recognise the user and his settings. In this sense, a cookie is a small local text file that assigns a specific identity consisting of numbers and letters to your end device.
Cookies can fulfil different purposes, e.g. helping to maintain the functionality of websites with regard to state of the art functions and user experience. The actual content of a specific cookie is always determined by the website that created it.
Cookies always contain the following information:
name of the cookie;
name of the server the cookie originates from;
ID number of the cookie;
an end date at the end of which the cookie is automatically deleted.
Cookies can be differentiated according to type and purpose as follows:
Necessary/Essential cookies: Technically necessary (also: essential) cookies are required for the proper functioning of websites by enabling basic functions, such as site navigation and access to protected areas. Without such cookies, a website regularly fails to be fully functional. Necessary cookies are always first-party cookies. They can only be deactivated in the settings of your browser by rejecting all cookies without exception (see below) and are also used on our Website legally permissible without obtaining prior consent.
Preference cookies: Preference cookies allow websites to remember information which affects their appearances or behaviour, for example, your preferred language or the region you are located in.
Analytics cookies: Performance cookies help website operators to understand how users interact with websites by collecting information and analysing it. Such cookies are thus used to collect information on user behaviour. In particular, the following information may be stored: accessed sub-pages (duration and frequency); order of pages visited; search terms used having led to the visit of the respective website; mouse movements (scrolling and clicking); country and region of access. These cookies allow to determine what a user is interested in and thereby adapt the content and functionality of a website to individual user needs.
Tracking cookies: Tracking cookies are used to track users on websites. Their purpose is to display advertisements which are relevant and attractive for the individual user an hence valuable for publishers and third-party advertisers. This is possible by means of analysing your user behaviour and determining interests on the basis of which tailored advertising becomes possible.
With regard to the storage period cookies can be further differentiated as follows:
Session cookies: Such cookies will be deleted without any action on your part as soon as you close your current browser session.
Persistent cookies: Such cookies (e.g. to save your language settings) remain stored on your end device until a previously defined expiration date or until you have them manually removed.
Furthermore, cookies may be differentiated by their subject of attribution:
First-party cookies: Such cookies are used by ourselves and placed directly from our Website. Browsers generally do not make them accessible across domains which is why the user can only be recognised by the page from which the cookie originates.
Third-party cookies: Such cookies are not placed by the website operator itself, but by third parties when visiting a specific website, in particular, for advertising purposes (e.g. to track surfing behaviour). They allow, for example, to evaluate different page views as well as their frequency.
You may edit your choice in regards to cookie preferences via "Edit Cookie Preferences" in the footer of the Website (e.g. withdraw your consent). Moreover, you have the option to customise your browser settings so that cookies are either generally declined or only allowed in certain ways (e.g. limiting refusal to third-party cookies). However, if you change your browser's cookie settings, our Website may no longer be fully usable. Via the browser settings, you also have the option to delete the entirety of cookies already stored on your end device. This corresponds to a withdrawal of your consent.
3.2 Local storage; session storage
We also use the so-called local storage/session storage (storage capacity of your browser software) to store certain data on your end device under the same conditions as cookies (cf. point 3.1). Your browser software maintains a separate local storage/session storage for each domain. In contrast to "cookies", this method is safer and faster because data are not transferred automatically to the respective server with every HTTP request but stored by your browser software. Additionally, a greater volume of data (at least 5 megabytes) can be stored. Please be aware that local storage data (other than session storage data) have no expiry date and will remain on your end device even after you have closed your browser session.
3.3 Tracking Pixel
We also use so-called tracking pixels (also: pixel tags or web beacons) to collect certain data via our Website. Tracking pixels are transparent images which are practically invisible as they consist of a single pixel. The tracking pixel is placed on a server and loaded therefrom as soon as a respective subpage of our Website is accessed. They allow us to track that a subpage was accessed as well as any subsequent user activity on this page for the purpose of tailored marketing activities. By means of the tracking pixel, in particular, the following information can be collected: (i) operating system used; (ii) browser type/version used; (iii) time of access; (iv) user behaviour on the visited page; (v) IP address and approximate location of the user.
Tracking pixels are used on our Website on the basis of our legitimate interest (Art 6 Abs 1 lit f GDPR) in analysing user accesses in a state of the art manner. As a tracking pixel is merely an image loaded from a server, its lifetime is limited to your current browser session. However, information collected via a tracking pixel may be subsequently stored in cookies (see point 3.1).
On our Website, we use links to the websites of third parties. If you click on one of these links, you will be forwarded directly to the respective page. For the website operators it is only evident that you have accessed our Website beforehand. Accordingly, we refer you, in general, to the separate data protection declarations of these websites.
5.1 Google services
The services outlined subsequently are provided to us by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland ("Google Ireland").
Google Ireland intends to process data of users in the EEA, where possible, in data centres situated in Europe; however, an outsourcing of processing activities to group companies, in particular to its parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, may take place. An overview of Google data centres can be viewed under https://www.google.com/about/datacenters/inside/locations/?hl=en.
5.1.1 Google Tag Manager
We use GTM on the basis of our legitimate interest (Art 6 para 1 lit f GDPR) consisting of an efficient and economically viable administration of the services implemented on our Website. [Anm.: Ohne Einwilligung auch nicht unproblematisch.] Processing follows the purpose of adapting our offer in order to better reflect the interests of our users by implementing services more effectively and generate statistical evaluations within this context.
5.1.2 Google Analytics
In the course of our use of Google Analytics, certain access data (cf. point 2.1) are transferred to and stored on Google servers. Based on our instructions, Google Ireland will use the information collected to analyse the use of our Website, draft reports on website activities and provide us with further services connected to the use of our Website and the Internet.
The IP address transferred by your browser in the context of Google Analytics is not merged with other Google data. In order to protect you as comprehensively as possible, we utilise IP anonymisa-tion by extending the code of our Website by "anonymizeIP". This ensures masking of your IP ad-dress, wherefore all data concerned are collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server and shortened there.
We base our use of Google Analytics on your prior consent (Art 6 para 1 lit a GDPR). The data concerning the use of our Website are deleted automatically after the retention period of fourteen (14) months, which we provided for, has expired.
On our Website we have implemented an API of Mapbox, Inc, 740 15th Street NW, 5th Floor, Washington DC 20005 ("Mapbox") in order to provide you with interactive geographical indications. Within this context, Mapbox acts as our processer in the sense of Art 28 GDPR.
The integration allows us, in particular, to present our location to users. In this context, Mapbox collects and processes certain access data (cf. point 2.1) such as your IP address being necessary to provide and maintain the service (in particular, establishing the respective connection and allowing necessary communication with its servers). Some data about the use of the service on our Website may be used by Mapbox to further improve their service.
If you access a site on our Website, where Mapbox is implemented, a connection to the servers of Mapbox will be established and certain information is stored on your end device by using cookies or similar technologies (cf. point 3). Any processing of your data takes place on the basis of our legitimate interests (Art 6 para 1 lit f GDPR) in designing our Website attractively for users and visually illustrate geographical information.
Any transfer of your data to the US by Mapbox due to the implementation of the service on our Website takes place on the basis of standard data protection clauses in the sense of Art 46 para 2 lit c GDPR adopted by the EU Commission.
For the purposes executing the data processing activities as indicated in the course of this Data Protection Declaration, we will transfer your personal data to the following recipients or make them available to them:
Within our organisation, your data will only be provided to those entities or employees who need them to fulfil their respectively our respective obligations.
Furthermore, (external) processors deployed by us receive your data if they need these data to provide their respective services (whereby the mere possibility to access personal data is sufficient). All deployed processors will process your data under strict observance of the requirements of the GDPR and solely based on our explicit instructions.
Within the context of our website, the following processors can have access to your personal data:
• Amazon Web Services Inc.
• Google Ireland Limited
• Wix.com Ltd
Lastly, we may transfer your data to independent, as far as this is strictly necessary and we are legally obliged to do so. Such controllers may be, for example, authorities or courts in the course of their statutory competence.
7. Rights of the data subject
You may decide to exercise any of the following rights concerning our processing of your personal data at any time free of charge by means of a notification being sent to one of the contact options outlined under point 1; we shall then answer your request as soon as possible and within one (1) month at the latest (in exceptional cases, restrictions on these rights are possible, for instance, if otherwise the rights of third parties would be affected):
• access to and further information concerning your individual data processed by us (right of access, Art 15 GDPR);
• rectification of wrongly recorded data or data that have become inaccurate or incomplete (right to rectification, Art 16 GDPR);
• erasure of data which (i) are not necessary in light of the purpose of data processing, (ii) are processed unlawfully, (iii) must be erased due to a legal obligation or an objection to the processing (right to erasure, Art 17 GDPR);
• temporary restriction of processing under certain circumstances (right to restriction of processing, Art 18 GDPR);
• withdrawal of consent granted for the processing of your personal data at any time; however, please note that the withdrawal of your consent does not retroactively affect the lawfulness of data processing based on such consent - it solely affects subsequent processing activities (right to withdraw; Art 7 para 3 GDPR);
• objection to any processing of your data being based on our legitimate interest on grounds relating to your particular situation or being executed for direct marketing purposes (right to object; Art 21 para 1 and 2 GDPR);
• transfer of your personal data which are processed on the basis of your consent in a machine-readable format to you or directly to another controller upon request (right to data portability; Art 20 GDPR);
• right to lodge a complaint with a supervisory authority in respect of our processing of your data; in Austria, a complaint has to meet the requirements laid out in § 24 Austrian Data Protection Act and has to be directed to the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, email: firstname.lastname@example.org, Phone: +43 1 52 152-0 (for the simplification of this process, the Austrian Data Protection Authority provides forms at: https://www.dsb.gv.at/dokumente).