paw logo

Imprint

Data protection

We have prepared this privacy policy (version 17.07.2019-211098124) in order to provide you with information in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and the Data Protection Act (DSG) to explain what information we collect, how we use data and what choices you have as a visitor to this website.

Unfortunately, it is in the nature of things that these explanations sound very technical, but we have endeavoured to describe the most important things as simply and clearly as possible.

Automatic data storage

Nowadays, when you visit websites, certain information is automatically created and stored, including on this website.

When you visit our website as you are doing right now, our web server (computer on which this website is stored) automatically saves data such as

  • the address (URL) of the website accessed
  • Browser and browser version
  • the operating system used
  • the address (URL) of the previously visited page (referrer URL)
  • the host name and IP address of the device from which access is made
  • Date and time

in files (web server log files).

As a rule, web server log files are stored for a fortnight and then automatically deleted. We do not pass this data on, but we cannot rule out the possibility of this data being viewed in the event of unlawful behaviour.
The legal basis exists according to Article 6 paragraph 1 f GDPR (lawfulness of processing) is that there is a legitimate interest in enabling the error-free operation of this website by recording web server log files.

Rights under the General Data Protection Regulation

Rights of data subjects

According to the provisions of the GDPR and the Austrian Data Protection Act Data Protection Act (DSG) The following rights apply in principle:

  • Right to rectification (Article 16 GDPR)
  • Right to erasure ("right to be forgotten") (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to notification - notification obligation in connection with the rectification or erasure of personal data or the restriction of processing (Article 19 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object (Article 21 GDPR)

Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR)

Right of appeal

If you are of the opinion that we are processing your data unlawfully, we request that you contact us (office@preventatwork.at). You also have the right to complain directly to the Austrian Data Protection Authority, Wickenburggasse 8-10, 1080 Vienna, https://www.dsb.gv.at/ to complain.

Your trust is important to us. We would therefore be happy to answer any questions you may have regarding the processing of your personal data. If you have any questions that are not answered in this privacy policy, we will be happy to answer them at any time.

You can reach us under the following contact details

prevent AT work GmbH
office@preventatwork.at
Phone: +43 1 409 52 64

Cookies

Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

What exactly are cookies?

Whenever you surf the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites save small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically stored in the cookie folder, the "brain" of your browser, so to speak. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser transmits the user-related information back to our site. Thanks to cookies, our website knows who you are and offers you your usual default settings. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programmes and do not contain viruses, Trojans or other "malware". Cookies also cannot access information on your PC.

Cookie data can look like this, for example:

  • Name: _ga
  • Expiry time: 2 years
  • Use: Differentiation of website visitors
  • Example value: GA1.2.1326744211.152211098124

A browser should support the following minimum sizes:

  • A cookie should be able to contain at least 4096 bytes
  • At least 50 cookies should be stored per domain
  • A total of at least 3000 cookies should be able to be stored

What types of cookies are there?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly explain the different types of HTTP cookies.

A distinction can be made between 4 types of cookies:

Strictly necessary cookies
These cookies are necessary to ensure basic website functions. For example, these cookies are needed when a user places a product in the shopping basket, then continues surfing on other pages and only goes to the checkout later. These cookies ensure that the shopping basket is not deleted even if the user closes their browser window.

Functional cookies
These cookies collect information about user behaviour and whether the user receives any error messages. These cookies are also used to measure the loading time and the behaviour of the website with different browsers.

Target-orientated cookies
These cookies ensure better user-friendliness. For example, entered locations, font sizes or form data are saved.

Advertising cookies
These cookies are also known as targeting cookies. They are used to deliver customised advertising to the user. This can be very practical, but also very annoying.

When you visit a website for the first time, you are usually asked which of these cookie types you would like to allow. And of course this decision is also stored in a cookie.

How can I delete cookies?

You decide how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option of deleting cookies, only partially allowing them or deactivating them. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, activate and manage cookies in Chrome
Safari: Managing cookies and website data with Safari
Firefox: Delete cookies to remove data that websites have stored on your computer
Internet Explorer: Deleting and managing cookies
Microsoft Edge: Deleting and managing cookies

If you generally do not want to have cookies, you can set up your browser so that it always informs you when a cookie is to be set. You can then decide for each individual cookie whether or not to allow it. The procedure differs depending on the browser. It is best to search for the instructions in Google using the search term "delete cookies Chrome" or "deactivate cookies Chrome" in the case of a Chrome browser or replace the word "Chrome" with the name of your browser, e.g. Edge, Firefox, Safari.

What about my data protection?

The so-called "cookie guidelines" have been in place since 2009. These stipulate that the storage of cookies requires the consent of the website visitor (i.e. you). However, there are still very different reactions to these directives within the EU countries. In Austria, however, this directive has been implemented in Section 96 (3) of the Telecommunications Act (TKG).

If you would like to know more about cookies and do not shy away from technical documentation, we recommend https://tools.ietf.org/html/rfc6265the Request for Comments of the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

Storage of personal data

Personal data that you transmit to us electronically on this website, such as name, telephone number, e-mail address, company or other personal details in the context of submitting a form or comments in the blog, will only be used by us together with the time and IP address for the purpose stated in each case, stored securely and not passed on to third parties.

We therefore only use your personal data for communication with those visitors who expressly request contact and for processing the services and products offered on this website. We do not pass on your personal data without your consent, but we cannot rule out the possibility of this data being viewed in the event of unlawful behaviour.

If you send us personal data by e-mail - i.e. outside of this website - we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data unencrypted by e-mail.

The legal basis exists according to Article 6 paragraph 1 a GDPR (lawfulness of processing) is that you give us your consent to process the data you have entered. You can revoke this consent at any time - an informal e-mail is sufficient, you will find our contact details in the imprint.

Evaluation of visitor behaviour

In the following privacy policy, we inform you whether and how we analyse data from your visit to this website. The evaluation of the collected data is generally anonymous and we cannot draw any conclusions about your person from your behaviour on this website.

You can find out more about how to object to this analysis of visit data in the following privacy policy.

TLS encryption with https

We use https to transmit data tap-proof on the Internet (data protection through technology design Article 25(1) GDPR). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognise the use of this data transmission security by the small lock symbol at the top left of the browser and the use of the https scheme (instead of http) as part of our Internet address.

Google Fonts privacy policy

We use Google Fonts from Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website.

You do not need to log in or enter a password to use Google fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account data will be transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We will take a closer look at exactly how the data is stored.

What are Google Fonts?

Google Fonts (formerly Google Web Fonts) is an interactive directory of more than 800 fonts that can be used by the Google LLC for free use.

Many of these fonts are published under the SIL Open Font Licence, while others have been published under the Apache licence. Both are free software licences. This means we can use them freely without paying licence fees.

Why do we use Google Fonts on our website?

With Google Fonts, we can use fonts on our own website without having to upload them to our own server. Google Fonts is an important component in keeping the quality of our website at a high level. All Google fonts are automatically optimised for the web and this saves data volume and is a great advantage, especially for use on mobile devices. When you visit our site, the low file size ensures a fast loading time. Furthermore, Google Fonts are so-called secure web fonts. Different image synthesis systems (rendering) in different browsers, operating systems and mobile devices can lead to errors. Such errors can sometimes visually distort texts or entire websites. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) and works reliably on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod).

We therefore use Google Fonts so that we can present our entire online service as beautifully and uniformly as possible. According to Art. 6 para. 1 f lit. F GDPR, this already constitutes a "legitimate interest" in the processing of personal data. In this case, "legitimate interest" means both legal and economic or non-material interests that are recognised by the legal system.

What data is stored by Google?

When you visit our website, the fonts are reloaded via a Google server. This external call transmits data to the Google server. In this way, Google also recognises that you or your IP address is visiting our website. The Google Fonts API was developed to reduce the collection, storage and use of end user data to what is necessary for the efficient provision of fonts. Incidentally, API stands for "Application Programming Interface" and is used, among other things, as a data transmitter in the software sector.

Google Fonts stores CSS and font requests securely at Google and is therefore protected. Google can determine the popularity of the fonts through the collected usage figures. Google publishes the results on internal analysis pages, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google fonts. This data is published in the BigQuery database of Google Fonts. BigQuery is a web service from Google for companies that want to move and analyse large amounts of data.

However, it should be noted that every Google Font request also automatically transmits information such as IP address, language settings, browser screen resolution, browser version and browser name to the Google servers. It is not clear whether this data is also stored or whether it is clearly communicated by Google.

How long and where is the data stored?

Google stores requests for CSS assets for one day on your servers, which are mainly located outside the EU. This allows us to use the fonts with the help of a Google stylesheet. A stylesheet is a format template that can be used to quickly and easily change the design or font of a website, for example.

The font files are stored by Google for one year. Google's aim is to fundamentally improve the loading time of websites. If millions of websites refer to the same fonts, they are cached after the first visit and immediately reappear on all other websites visited later. Google sometimes updates font files to reduce the file size, increase language coverage and improve the design.

How can I delete my data or prevent data storage?

The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is accessed. To delete this data prematurely, you must contact Google support at https://support.google.com/?hl=de&tid=211098124 contact us. In this case, you can only prevent data storage if you do not visit our website.

Unlike other web fonts, Google allows us unrestricted access to all fonts. This means we have unlimited access to a sea of fonts and can therefore get the best out of our website. You can find out more about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=211098124. Although Google addresses data protection issues there, it does not provide any really detailed information about data storage. It is relatively difficult (almost impossible) to obtain really precise information from Google about stored data.

You can also find out which data is generally collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/ read more.

Google Analytics privacy policy

We use Google Analytics from Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on this website to statistically analyse visitor data. Google Analytics uses targeted cookies for this purpose.

Cookies from Google Analytics

  • _ga
    • Expiry time: 2 years
    • Use: Differentiation of website visitors
    • Example value: GA1.2.1326744211.152211098483
  • _gid
    • Expiry time: 24 hours
    • Use: Differentiation of website visitors
    • Example value: GA1.2.1687193234.152211098483
  • _gat_gtag_UA_
    • Expiry time: 1 minute
    • Use: Used to throttle the request rate. If Google Analytics is provided via the Google Tag Manager, this cookie is given the name _dc_gtm_ .
    • Exemplary value: 1

Further information on terms of use and data protection can be found at http://www.google.com/analytics/terms/de.html or under https://support.google.com/analytics/answer/6004245?hl=de.

Pseudonymisation

Our concern in terms of the GDPR is the improvement of our offer and our website. As the privacy of our users is important to us, the user data is pseudonymised. Data processing is carried out on the basis of the statutory provisions of Section 96 (3) TKG and Art. 6 EU GDPR (1) (a) (consent) and/or (f) (legitimate interest) of the GDPR.

Deactivation of data collection by Google Analytics

With the help of the Browser add-ons for deactivation of Google Analytics JavaScript (ga.js, analytics.js, dc.js), website visitors can prevent Google Analytics from using their data.

You can prevent Google from collecting the data generated by the cookie and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de

Google Analytics data processing addendum

We have concluded a direct customer contract with Google for the use of Google Analytics by accepting the "Data Processing Addendum" in Google Analytics.

You can find out more about the data processing addendum for Google Analytics here: https://support.google.com/analytics/answer/3379636?hl=de&utm_id=ad

Google Analytics IP anonymisation

We have implemented IP address anonymisation from Google Analytics on this website. This function was developed by Google so that this website can comply with the applicable data protection regulations and recommendations of the local data protection authorities if they prohibit the storage of the full IP address. The anonymisation or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place.

You can find more information on IP anonymisation at https://support.google.com/analytics/answer/2763052?hl=de.

Google Analytics reports on demographic characteristics and interests

We have activated the functions for advertising reports in Google Analytics. The reports on demographic characteristics and interests contain information on age, gender and interests. This allows us to get a better picture of our users without being able to assign this data to individual persons. You can find out more about the advertising functions at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can control the use of the activities and information of your Google account under "Advertising settings" on https://adssettings.google.com/authenticated via checkbox.

Google Analytics deactivation link

If you click on the following Deactivation link you can prevent Google from recording further visits to this website. Please note: Deleting cookies, using the incognito/private mode of your browser or using a different browser will result in data being collected again. 

Click on the button below to switch off Google Analytics tracking.
Opt-out

Opt-out from Google Analytics successful.

YouTube privacy policy

We use the video service YouTube, YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, on this website.

By accessing pages of our website that have integrated YouTube videos, data is transmitted to YouTube, stored and analysed.
If you have a YouTube account and are logged in, this data will be assigned to your personal account and the data stored in it.

You can find out which data is collected by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/  read more.

Cloudflare privacy policy

We use Cloudflare from Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) on this website to make our website faster and more secure. Cloudflare uses cookies and processes user data. Cloudflare, Inc. is an American company that provides a content delivery network and various security services. These services are located between the user and our hosting provider and act as a Reverse proxy for websites. We will try to explain exactly what this means below.

What is Cloudflare?

A Content Delivery Network (CDN), such as the one provided by Cloudflare, is nothing more than a network of servers connected via the Internet. Cloudflare has distributed such servers all over the world to bring websites to your screen faster. Simply put, Cloudflare creates copies of our website and places them on their own servers. Now, when you visit our website, a load balancing system ensures that the largest parts of our website are delivered from the server that can display our website to you the fastest. The data transfer route to your browser is significantly shortened by a CDN. This means that the content of our website is not only delivered to you by Cloudflare from our hosting server, but from servers all over the world. The use of Cloudflare is particularly helpful for users from abroad, as the site can be delivered from a server nearby. In addition to the fast delivery of websites, Cloudflare also offers various security services, such as DDoS protection or the web application firewall.

Why do we use Cloudflare on our website?

Of course, we want to offer you the best possible service with our website. Cloudflare helps us to make our website faster and more secure. Cloudflare offers us web optimisation as well as security services such as DDoS protection and web firewall. This also includes a Reverse proxy and the content distribution network (CDN). Cloudflare blocks threats and limits abusive bots and crawlers that waste our bandwidth and server resources. By storing our website on local data centres and blocking spam software, Cloudflare enables us to reduce our bandwidth usage by approximately 60%. Delivering content via a data centre near you and some web optimisation performed there reduces the average load time of a website by about half. According to Cloudflare, the "I'm Under Attack Mode" setting can further mitigate attacks by displaying a JavaScript calculation task that must be solved before a user can access a web page. Overall, this makes our website significantly more powerful and less susceptible to spam or other attacks.

What data is stored by Cloudflare?

Cloudflare generally only forwards data that is controlled by website operators. The content is therefore not determined by Cloudflare, but always by the website operator itself. Cloudflare may also collect certain information about the use of our website and process data that is sent by us or for which Cloudflare has received corresponding instructions. In most cases, Cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS log data and performance data for websites derived from browser activity. Log data helps Cloudflare to recognise new threats, for example. This enables Cloudflare to ensure a high level of security protection for our website. Cloudflare processes this data as part of its services in compliance with the applicable laws. This naturally also includes the General Data Protection Regulation (GDPR).

For security reasons, Cloudflare also uses a cookie. The cookie (__cfduid) is used to identify individual users behind a shared IP address and to apply security settings for each individual user. This cookie is very useful, for example, if you use our website from a location where there are a number of infected computers. However, if your computer is trustworthy, we can recognise this from the cookie. This means that you can surf our website unhindered despite infected PCs in the neighbourhood. It is also important to know that this cookie does not store any personal data. This cookie is absolutely necessary for the Cloudflare security functions and cannot be deactivated.

Cookies from Cloudflare

  • __cfduid
    • Expiry time: 1 year
    • Use: Security settings for each individual visitor
    • Example value: d798bf7df9c1ad5b7583eda5cc5e78211098124

Cloudflare also works with third-party providers. These may only process personal data under the instruction of Cloudflare and in accordance with the data protection guidelines and other confidentiality and security measures. Cloudflare does not pass on any personal data without our explicit consent.

How long and where is the data stored?

Cloudflare stores your information mainly in the USA and the European Economic Area. Cloudflare may transfer and access the information described above from around the world. In general, Cloudflare stores user-level data for domains in the Free, Pro and Business versions for less than 24 hours. For Enterprise domains that have Cloudflare Logs (formerly Enterprise LogShare or ELS) enabled, data can be stored for up to 7 days. However, if IP addresses trigger security alerts at Cloudflare, there may be exceptions to the above retention period.

How can I delete my data or prevent data storage?

Cloudflare only keeps data logs for as long as necessary and in most cases this data is deleted within 24 hours. Cloudflare also does not store any personal data, such as your IP address. However, there is information that Cloudflare stores indefinitely as part of its permanent logs in order to improve the overall performance of Cloudflare Resolver and to identify any security risks. You can find out exactly which permanent logs are stored at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/ read more. All data that Cloudflare collects (temporary or permanent) is cleansed of all personal data. All permanent logs are also anonymised by Cloudflare.

Cloudflare states in its privacy policy that it is not responsible for the content it receives. For example, if you ask Cloudflare whether you can update or delete your content, Cloudflare always refers to us as the website operator. You can also completely prevent the entire collection and processing of your data by Cloudflare by deactivating the execution of script code in your browser or by integrating a script blocker in your browser.

Cloudflare is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0.
You can find more information on data protection at Cloudflare at https://www.cloudflare.com/de-de/privacypolicy/

Status: 25.07.2019

Sources: Created with the Data protection generator from firmenwebseiten.at.

Furthermore: https://www.wko.at/service/wirtschaftsrecht-gewerberecht/muster-informationspflichten-website-datenschutzerklaerung.html 

paw logo

Centre for Health Management - Occupational Medicine, Safety Engineering, Occupational Psychology, Health Promotion

Menu

Legal

© 2023 prevent AT work GmbH. All rights reserved. 

en_GBEnglish
de_ATGerman it_ITItalian es_ESSpanish fr_FRFrench tr_TRTurkish nl_NL_formalDutch en_GBEnglish