3.1 Description and scope of the data processing
Upon each access to our website, our system will automatically collect data and information from the computer system of the accessing computer. The following data (hereinafter “Log Data”) will be collected:
- information regarding the browser type and version used (“User Agent”);
- the user’s operating system;
- information regarding the device type (e.g., mobile or desktop)
- the user’s Internet service provider;
- the user’s IP address (if executed by the services used - e.g., Google Analytics; in that case, explanations can be found in the relevant section of the service);
- date, time and duration of the access;
- websites from which the user’s system is referred to our website (“Referrers”);
- websites accessed by the user’s system through our website.
With the exception of the IP address, the aforementioned Log Data do not allow a reference to persons; a reference to persons can only be established through the allocation, or link, of the Log Data to an IP address.
3.2 Purpose of the data processing
The collection and processing of the Log Data, in particular, the IP address, is made for the purpose of providing the content of our website to the user, i.e., for the purpose of the communication between the user and our web and/or online offer. The temporary storage of the IP address is necessary for the duration of the respective communication. That storage is necessary to address the communications between the user and our web and/or online offer, or to use our web and/or online offer, respectively.
Any processing and storage of the IP address in log files in excess of the communications is made for the purpose of ensuring the functionality of our web and online offers, to optimise those offers, and to ensure the security of our IT systems.
In other respects, we will analyse those data for statistical purposes. This will be done in aggregated form, and individual users cannot be traced back.
3.3 Legal basis
The legal basis for the collection and processing of the Log Data, to the extent that they constitute personal data, is Article 6(1)(b) GDPR, as well as national legal bases (if any), which apply specifically.
The legal basis for the storage of the IP address in excess of the scope of the communication is Article 6(1)(f) GDPR (safeguarding of legitimate interests), as well as national legal bases (if any), which apply specifically.
3.4 Data deletion and storage period
The data will be erased once they are no longer necessary for the purpose of their collection. In the event of a collection of the data to provide the website, this will be the case once the respective session - the visit to the website - ends. The additional storage of Log Data, including the IP address, will be made for the purpose of system security for a period of no longer than seven days from the end of the access to the site by the user.
The additional processing and/or storage of Log Data is possible and admissible if the IP addresses of the users are deleted, or modified in such a manner that the Log Data can no longer be allocated to an IP address, after the expiry of the aforementioned storage period of seven days.
3.5 Option to object and remove
The collection of Log Data to provide the website, including their storage in log files within the limits set out above, is mandatory for the operation of the website. Therefore, the user has no option to object.
Different provisions apply to the processing of Log Data for analysis purposes, which is governed by the provisions of section 8 below - subject to the web analysis tools and the type of data analysis (personal/anonymous/pseudonym) used from time to time.