Last updated: May 27, 2024
Thank you for your interest in the information on our website!
With the help of this privacy policy, we would like to inform all persons who use this website about the nature, scope and purposes of processing personal data. Personal data in this context is all information that can be used to personally identify you as a user of our website (theoretically, possibly via detours or by combining various data), including your IP address. Information stored in cookies is generally not personal or is only in exceptional cases personal; however, this is covered by a special regulation which makes the permissibility of cookie use — depending on their purpose — largely dependent on the active consent of users.
In a general section of this privacy statement, we provide you with data protection information that generally applies to our processing of data, including data collection on our website. In particular, as a data subject, you will be informed of the rights to which you are entitled.
We strive to provide this information in gender-neutral language. If individual formulations do not yet take this into account, we would like to point out that this information applies to all people of all genders.
The terms used in our privacy policy and our data protection practice are based on the provisions of the EU General Data Protection Regulation (“GDPR”) and other relevant national legal provisions.
Walnut digital
Pechestrasse 1
6020 Innsbruck
austria
Data protection coordinator
Mr. Lukas Schmelcher
On the one hand, personal data from you is collected when you expressly provide it to us, and on the other hand, data, in particular technical data, is automatically collected when you visit our website. Some of this data is collected to ensure that our website functions correctly. Other data may be used for analysis purposes. In principle, however, you can use our website without having to provide any information about yourself.
We use cookies on our website to make our website more user-friendly and functional. Some cookies remain stored on your device.
Cookies are small data packets that are exchanged between your browser and the web server (s) when you visit our website. These do not cause any damage and are only used to recognize website visitors. Cookies can only store information that is delivered by your browser, i.e. information that you have entered into the browser yourself or is available on the website. Cookies cannot execute code and cannot be used to access your device.
The next time you visit our website using the same device, the information stored in cookies can then be returned either to us (“first-party cookie”) or to a web application from the third-party manufacturer to which the cookie belongs (“third-party cookie”). Through the stored and returned information, the respective web application recognizes that you have already accessed and visited the website using the browser on your device.
Cookies contain the following information:
Depending on their purpose and function, we divide cookies into the following categories:
Depending on the storage period, we also divide cookies into session and persistent cookies. Session cookies store information that is used during your current browsing session. These cookies are automatically deleted when you close the browser. This does not leave any information on your device. Persistent cookies store information between two visits to the website. Based on this information, you are recognized as a returning visitor the next time you visit and the website reacts accordingly. The lifespan of a persistent cookie is determined by the cookie provider.
The legal basis for using technically necessary cookies is based on our legitimate interest in the technically flawless operation and smooth functionality of our website. Our website cannot function properly without these cookies. The use of statistical and marketing cookies requires your consent. You can withdraw your consent to the use of cookies at any time in the future. Consent is voluntary. If it is not granted, there will be no disadvantages. More information about the cookies we actually use (in particular about their purpose and storage period) can be found in this privacy policy and in the information about the cookies we use in our cookie banner.
You can also set your Internet browser to generally prevent cookies from being saved on your device or to ask you each time whether you agree to the use of cookies. Once cookies have been set, you can delete them at any time. You can find out how all of this works in detail in your browser's help function.
Please note that a general deactivation of cookies may result in functional restrictions on our website.
We also use so-called local storage functions (also known as “local storage”) on our website. Data is stored locally in your browser's cache, which continues to exist and can be read even after you close the browser — provided that it does not delete the cache or it is session storage.
The data stored in local storage cannot be accessed by third parties. Insofar as special plugins or tools use local storage functions, this is described in the respective plugin or tool.
If you do not want plugins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: web analysis, performance measurement, conversion tracking, collection of statistical data
Category: Statistics
Recipient: EU, USA
processed data: IP address, website visit details, user data
Affected persons: Users
Technology: JavaScript call, cookies
legal basis: consent, data privacy framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Site: https://www.google.com
More information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centers are located: https://www.google.com/about/datacenters/locations/
On our website, we use the functions of the web analysis service Google Analytics to analyze usage behavior and to optimize our website. The reports provided by Google are used to analyze the performance of our website and to measure the success of potential campaigns via our website.
Google Analytics uses cookies, which enable an analysis of the use of our website.
Information about the use of the website, such as browser type/version, operating system used, the previously visited page, host name of the accessing computer (IP address), time of the server request, is usually transmitted to a Google server and stored there. We have signed a contract with Google for this.
On our behalf, Google will use this information to evaluate the use of our website, to compile reports on activities within our website and to provide us with other services related to the use of our website and Internet usage. According to Google, the IP address transmitted by your browser is not combined with other data from Google.
We only use Google Analytics with IP anonymization activated by default. This abbreviates the IP address of a user by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there. According to Google, the IP address transmitted by a user's browser as part of Google Analytics is not linked to other Google data.
During a visit to the website, user behavior is recorded in the form of so-called events. These can represent the following:
The following is also recorded:
This data is mainly processed by Google for its own purposes, such as profiling (without our influence).
The data about the use of our website will be deleted immediately after the end of the storage period set by us in each case. Google Analytics gives us 2 months as standard for the retention period of user and event data, with the maximum retention period being 14 months. This retention period also applies to conversion data. For all other event data, the following options are available: 2 months, 14 months, 26 months (Google Analytics 360 only), 38 months (Google Analytics 360 only), 50 months (Google Analytics 360 only). We choose the shortest storage period that corresponds to our intended use. You can ask us at any time about the storage period currently set by us.
Data whose storage period has been reached is automatically deleted once a month.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA), https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Purpose: integration of fonts
Category: Statistics
Recipient: EU, USA (possible)
processed data: IP address, language settings, screen resolution, version and name of the browser
Affected: Website visitors
Technology: JavaScript call
Legal basis: consent, data privacy framework
Site: www.google.com
More information: https://developers.google.com/fonts/faq https://policies.google.com/privacy https://www.google.com/about/datacenters/inside/locations/
Our website uses so-called web fonts, which are provided by Google, to uniformly display fonts.
To display web fonts from Google, the browser you use must connect to Google's servers. As a result, Google becomes aware that our website has been accessed via your IP address. Google also stores the IP address of the browser of the user's device to our website. If your browser does not support web fonts, a standard font is used by your device.
In addition to the IP address, information such as language settings, screen resolution, version and browser name is automatically transmitted to Google servers. In any case, Google can determine the popularity of fonts through the collected usage data. Google publishes the results on internal analysis pages (e.g. Google Analytics).
With Google Fonts, we can use fonts on our own website and don't have to upload them to our server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web, which saves data volume and is a major advantage, especially when using mobile devices. When you visit us, the low file size ensures a quick load time. Furthermore, Google Fonts are secure web fonts and support all common browsers.
Google stores requests for CSS assets on its servers for one day. This allows us to use the fonts using a Google style sheet. The font files are stored by Google for one year. To delete data prematurely, you must contact Google Support ( https://support.google.com ).
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA)
Purpose: Protection against misuse, prevention of spam
Category: Technical Required
Recipient: EU, USA
processed data: IP address, website visit details
Affected persons: Users
Technology: JavaScript call, cookies, local storage
Legal basis: Legitimate interest, data privacy framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Site: https://www.google.com
More information:
https://policies.google.com/privacy https://developers.google.com/recaptcha/
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centers are located: https://www.google.com/about/datacenters/locations/
Our website uses the Google reCAPTCHA service to protect against misuse by non-human visitors (bots) and to prevent spam.
When reCAPTCHA starts, the browser connects to Google's servers. As a result, Google becomes aware that our website has been accessed via the IP address of a user.
reCAPTCHA is intended to check whether data is entered on our website by a person or by an automated program. To do this, reCAPTCHA analyses the user's behavior based on various characteristics. This analysis starts automatically as soon as the user starts our website. reCAPTCHA evaluates various information for analysis.
According to our information, the following data is processed by Google:
The data collected during the analysis is forwarded to Google and used by Google. The reCAPTCHA analyses run completely in the background.
Cookies are used to provide the service. These cookies require a unique identifier for tracking purposes. According to Google, the IP address will not be merged with other data from other Google services unless a user is logged into their Google account while using the reCAPTCHA plug-in. In addition, reCAPTCHA also uses local storage on the user's device to store data.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Management of tools and plugins
Category: Technical Required
Recipient: EU, USA
processed data: IP address
Affected persons: Users
Technology: JavaScript call
Legal basis: Legitimate interest, data privacy framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Site: https://www.google.com
More information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centers are located: https://www.google.com/about/datacenters/locations/
The Google Tag Manager service is used on our website.
Tag Manager is a service that allows us to manage website tags via an interface. This allows us to integrate code snippets such as tracking codes or conversion pixels on websites without interfering with the source code. The data is only forwarded by Tag Manager, but neither collected nor stored. The Tag Manager itself is a cookie-free domain and does not process any personal data, as it only serves to manage other services in our online offering.
When you start Google Tag Manager, the browser connects to Google's servers. These are mainly found in the USA. As a result, Google becomes aware that our website has been accessed via a user's IP address.
The Tag Manager resolves other tags, which in turn may collect data. However, Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this will persist for all tracking tags that are implemented with the Tag Manager.
As part of hosting our website, all data processed in connection with the operation of our website is stored. This is necessary to enable the website to operate. We therefore process the data accordingly on the basis of our legitimate interest in optimising our website offering. To provide our online presence, we use services from web hosting providers, to whom we provide the above data as part of order processing.
When you contact us, your information will be used to process the contact request and process it as part of fulfilling pre-contractual rights and obligations. The processing of your data is necessary to process and answer your request, otherwise we cannot answer your request or can only answer it to a limited extent. The information can be stored in a customer and interested party database based on our legitimate interest in direct marketing.
We will delete your request and contact details provided that your request has been answered conclusively and the deletion does not conflict with any legal retention periods, e.g. as part of subsequent contract processing. This is usually the case when there has been no contact with you for a period of three years.
For technical reasons, in particular to ensure a functional and secure Internet presence, we process technically necessary data about accesses to our website in so-called server log files, which your browser automatically transmits to us.
The access data that we process includes:
This data is not assigned to natural persons and is only used for statistical evaluations and to operate and improve our website as well as to security and optimize our Internet offering. This data is only transmitted to our website host. This data is not connected or combined with other data sources. If there is a suspicion of illegal use of our website, we reserve the right to check this data retrospectively. Data processing is based on our legitimate interest in the technically error-free presentation and optimization of our website.
The access data is deleted shortly after the purpose has been completed, usually after a few days, unless further storage is required for evidentiary purposes. Otherwise, the data will be kept until an incident is finally resolved.
We use the common SSL (Secure Socket Layer) method for your visit to our website in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock icon in the status bar of your browser. The use of this procedure is based on our legitimate interest in using appropriate encryption techniques.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments and kept up to date with the latest technology.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: integration of video content, collection of statistical data
Category: Statistics
Recipient: EU, USA
processed data: IP address, website visit details, user data
Affected persons: Users
Technology: JavaScript access, cookies, device fingerprinting, local storage
legal basis: consent, data privacy framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Site: https://www.youtube.com
More information: https://www.youtube.com/intl/ALL_at/howyoutubeworks/user-settings/privacy/
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://support.google.com/youtube/answer/10364219?hl=de
On our website, we use the YouTube service to integrate external videos.
We have activated the extended data protection mode on YouTube. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch a video. However, the extended data protection mode does not preclude the transfer of data to YouTube partners.
As soon as a YouTube video is started on our website, a connection to YouTube's servers is established. This gives YouTube information about which of our pages you have visited. If you are logged into your YouTube account, this allows YouTube to associate your surfing behavior directly with your personal profile. This can be prevented by logging out of your account.
In addition, after you start a video, YouTube can save various cookies on your device or use comparable technologies (such as device fingerprinting). YouTube also uses local storage on your device. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve usability, and prevent fraud attempts.
The principles of the following provisions apply not only to data collection on our website, but also to other processing of personal data in general.
Personal data is information that can be assigned to you individually. Examples include your address, name, postal address, email address or telephone number. Information such as the number of users who visit a website is not personal data because it does not allow any attribution to an individual person.
Unless more specific information is provided in this privacy policy (e.g. with regard to the technologies used), we may process your personal data on the basis of the following legal bases:
Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our home country.
Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.
We will only share your personal information with third parties if:
We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of an order processing contract, this is done in accordance with Art. 28 GDPR.
If we process data in a third country or if this is done as part of the use of third-party services or disclosure or transfer of data to other persons or companies, this is only done on the basis of the legal bases set out above for the transfer of data.
Subject to express consent or contractual necessity, we process or have the data processed in accordance with Art. 44-49 GDPR only in third countries with a level of data protection recognized as adequate or on the basis of special guarantees, such as a contractual obligation through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection regulations.
We would like to expressly point out that on July 10, 2023, the EU Commission adopted an adequacy decision on the EU-US data protection framework (Data Privacy Framework) in accordance with Article 45 (1) GDPR. As a result, organizations or companies (as data importers) in the USA that are registered on a public list as part of the self-certification of the Data Privacy Framework offer an appropriate level of protection for data transmission. Whether the specific provider of a service is already certified can be found here: https://www.dataprivacyframework.gov/s/participant-search
The Data Privacy Framework provides a valid legal basis for the transfer of personal data to the USA. This creates binding guarantees to comply with all requirements of the ECJ; for example, it provides that access by US intelligence services to EU data is limited to a necessary and proportionate level and that a court is created to review data protection, to which individuals in the EU also have access.
If we transfer data to the USA at all or if we use a service provider based in the USA, we refer to this explicitly in this privacy policy (see in particular the description of the technologies on our website).
It should be noted that apart from significant improvements, the Data Privacy Framework is only partially valid and only applies to data transfers to those data importers in the USA that appear on the public list of certified organizations/companies.
What can the transfer of personal data to the USA mean for you as a user and what risks are there in this context?
Risks for you as a user, insofar as data importers in the USA who are not covered by the Data Privacy Framework are affected, are in any case the powers of the US secret services and the legal situation in the USA, which, in the opinion of the ECJ, currently ensure an appropriate level of data protection. These include the following points:
Legally compliant transfer of data to the USA based on standard contractual clauses with data importers who do not fall under the Data Privacy Framework?
In June 2021, the European Commission adopted new standard contractual clauses (Standard Contractual Clauses SCC) by Decision 2021/914/EU. These create a new legal basis for data transfer that does not have the same level of data protection as in the EU.
Legally compliant transfer of data to the USA based on consent?
If data is transferred to a service provider based in the USA who is not covered by the Data Privacy Framework and this data transfer is based on express consent, we will inform you about this explicitly in this privacy policy, in particular in the description of the technologies used on our website.
What measures do we take to make a data transfer to the USA legally compliant?
Insofar as US providers offer the option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and that access by US authorities is not possible.
If no express storage period is specified when collecting data (e.g. as part of a declaration of consent), we are in accordance with Art. 5 para. 1 lit. e GDPR obliged to delete personal data as soon as the purpose of their processing no longer exists. In this context, we would like to point out that legal storage obligations, to which we are subject, represent a legitimate purpose for the further processing of the personal data collected from them.
We generally store and store data in personal form until the end of a business relationship or until the expiry of applicable warranty, warranty or limitation periods, and also until the termination of any legal disputes in which the data is required as proof, or in any case until the end of the third year after the last contact with a business partner.
As part of the description of individual technologies on our website, there are specific references to the storage period of data. In our cookie table, you will be informed about the storage period of individual cookies. In addition, you always have the option of asking us directly about the specific storage period of data. To do so, please use the contact details provided in this privacy policy.
Data subjects have the right to:
The responsible supervisory authority for walnuts digitalist:
Austrian data protection authority
Barichgasse 40-42, 1030 Wien, Austria
Phone: +43 1 52 152-0, dsb@dsb.gv.at
You yourself decide how to use your personal data. Should you therefore wish to exercise any of the above rights against us, you are welcome to send an e-mail to office@walnuts.digital contact us.
Please help us to specify your request by answering questions from our responsible employees regarding the specific processing of your personal data. If there are justified doubts about your identity, we may be required to provide you with a copy of your ID.
If you have any questions about data protection, please contact us at office@walnuts.digital or using the other contact details listed in this privacy policy.
innsbruck, on May 27, 2024
.png)