Table of Contents
- Automatic Data Retention
- Rights in accordance with the General Data Protection Regulation
- Evaluation of Visitor Behaviour
- TLS encryption with https
Unfortunately, these subjects sound rather technical due to their nature, but we have put much effort into describing the most important things as simply and clearly as possible.
Automatic Data Retention
Every time you visit a website nowadays, certain information is automatically created and saved, just as it happens on this website.
Whenever you visit our website such as you are doing right now, our webserver (computer on which this website is saved/stored) automatically saves data such as
- the address (URL) of the accessed website
- browser and browser version
- the used operating system
- the address (URL) of the previously visited site (referrer URL)
- the host name and the IP-address of the device the website is accessed from
- date and time
in files (webserver-logfiles).
Generally, webserver-logfiles stay saved for two weeks and then get deleted automatically. We do not pass this information to others, but we cannot exclude the possibility that this data will be looked at in case of illegal conduct.
Our website uses HTTP-cookies to store user-specific data.
What exactly are cookies?
Every time you surf the internet, you use a browser. Common browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.
Cookies save certain parts of your user data, such as e.g. language or personal page settings. When you re-open our website, your browser submits these “user specific” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers every cookie has its own file, in others such as Firefox, all cookies are stored in one single file.
There are both first-party cookies and third-party coookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites (e.g. Google Analytics). Every cookie is individual, since every cookie stores different data. The expiration time of a cookie also varies – it can be a few minutes, or up to a few years. Cookies are no software-programs and contain no computer viruses, trojans or any other malware. Cookies also cannot access your PC’s information.
This is an example of how cookie-files can look:
purpose: differentiation between website visitors
expiration date: after 2 years
A browser should support these minimum sizes:
- at least 4096 bytes per cookie
- at least 50 cookies per domain
- at least 3000 cookies in total
Which types of cookies are there?
There are 4 different types of cookies:
These cookies are necessary to ensure the basic function of a website. They are needed when a user for example puts a product into their shopping cart, then continues surfing on different websites and comes back later in order to proceed to the checkout. Even when the user closed their window priorly, these cookies ensure that the shopping cart does not get deleted.
These cookies collect info about the user behaviour and record if the user potentially receives any error messages. Furthermore, these cookies record the website’s loading time as well as its behaviour within different browsers.
These cookies care for an improved user-friendliness. Thus, information such as previously entered locations, fonts or data in forms stay saved.
These cookies are also known as targeting-Cookies. They serve the purpose of delivering individually adapted advertisements to the user. This can be very practical, but also rather annoying.
Upon your first visit to a website you are usually asked which of these cookie-types you want to accept. Furthermore, this decision will of course also be saved in a cookie.
How can I delete cookies?
If you want change or delete cookie-settings and would like to determine which cookies have been saved to your browser, you can find this info in your browser-settings:
If you generally do not want to allow any cookies at all, you can set up your browser in a way, to notify you whenever a potential cookie is about to be set. This gives you the opportunity to manually decide to either permit or deny the placement of every single cookie. The settings for this differ from browser to browser. Therefore, it might be best for you to search for the instructions in Google. If you are using Chrome, you could for example put the search phrase “delete cookies Chrome” or “deactivate cookies Chrome” into Google.
How is my data protected?
If you want to learn more about cookies and do not mind technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.
Rights in accordance with the General Data Protection Regulation
- right to rectification (article 16 GDPR)
- right to erasure (“right to be forgotten“) (article 17 GDPR)
- right to restrict processing (article 18 GDPR)
- righ to notification – notification obligation regarding rectification or erasure of personal data or restriction of processing (article 19 GDPR)
- right to data portability (article 20 GDPR)
- Right to object (article 21 GDPR)
- right not to be subject to a decision based solely on automated processing – including profiling – (article 22 GDPR)
If you think that the processing of your data violates the data protection law, or that your data protection rights have been infringed in any other way, you can lodge a complaint with your respective regulatory authority. For Austria this is the data protection authority, whose website you can access at https://www.data-protection-authority.gv.at/.
Evaluation of Visitor Behaviour
TLS encryption with https
We use https to transfer information on the internet in a tap-proof manner (data protection through technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information. You can recognise the use of this safeguarding tool by the little lock-symbol, which is situated in your browser’s top left corner, as well as by the use of the letters https (instead of http) as a part of our web address.
What is Mapbox API?
Why do we use Mapbox API on our website?
We strongly believe that the comprehensive service we offer with our products and services should also extend to our website. In fact, we want all our content to be of use to you. Of course this also includes maps that show you the way to our business.
What data are stored by Mapbox API?
If you open one of our subpages containing an online map by Mapbox, data about your user behaviour may be collected and stored. This is essential for the integrated online maps to work properly. Moreover, Mapbox may pass on the collected data (excluding personal data) to third parties. This may happen either if the data transfer is necessary for legal reasons, or if Mapbox explicitly instructs another company to do so. Any map contents are transmitted directly to your browser and thus integrated into our website.
Mapbox automatically collects certain technical information when requests are made to the APIs. This includes your IP address, browser information, your operating system, the request’s content, restricted location and usage data, the URL of the website you visited and the date and time of your website visit. According to Mapbox, this data is only used to improve their own products. Mapbox also collects randomly generated IDs in order to analyse user behaviour and determine the number of active users.
If you use one of our subpages and interact with an online map, Mapbox will set the following cookie in your browser:
Purpose: We have not yet been able to find out more detailed information about the purpose of this cookie.
Expiry date: after one year
Note: In our tests we did not find any cookie in the Chrome browser, however, we did find it in other browsers.
Where and how long are data stored?
The collected data is stored and processed on American servers which are operated by Mapbox. For security reasons, your IP address is stored for 30 days, after which it is deleted. Randomly generated IDs (no personal data) that analyse the use of the APIs are deleted after 36 months.
How can I delete my data or prevent data retention?
You reserve the right to access your personal data at any time, as well as to object to them being used and processed. Any cookies that the Mapbox API may set can be managed, deleted or deactivated in your browser at any time. However, this may prevent the service from working properly. The process of managing, deleting or deactivating cookies works a little differently for each browser. Below you will find links to the instructions for the most popular browsers: