ZUTUUN

Privacy

Table of Contents

  • 1. Privacy
  • 2. Automatic data storage
  • 3. Cookies
  • 4. Storage of personal data
  • 5. Rights pursuant to the General Data Protection Regulation
  • 6. Analysis of visitor behaviour
  • 7. TLS encryption with https
  • 8. Google Maps privacy statement
  • 9. Google Analytics privacy statement
  • 10. Google Analytics IP anonymisation
  • 11. Google Analytics reports on demographic characteristics and interests
  • 12. Newsletter privacy statement
  • 13. Sendinblue privacy statement
1. Privacy

We have compiled this privacy statement (version 13.05.2020-111287478) so that we can clarify, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679, what information we gather, how we use data and what kind of decision-making options you have as a visitor to this website.
While these explanations may sound very technical in nature, we have made every effort to describe the most important points as simply and clearly as possible.

2. Automatic data storage

When you visit websites nowadays, certain information is automatically generated and stored; this is also the case on this website.
Whenever you visit our website, just as you are doing right now, our web server (the computer on which this website is stored) will automatically save data such as

  • the address (URL) of the website
  • the type of browser and browser version
  • the operating system used
  • the address (URL) of the website visited prior to our website (referrer URL)
  • the host name and IP address of the device from which the website is visited
  • Date and time
Web server log files are usually stored for two weeks and then automatically deleted. We will never pass on these data, although we cannot rule out the possibility that these data might be accessed in the course of any unlawful behaviour.

3. Cookies

Our website uses HTTP cookies in order to store data specific to the user.
We explain below what cookies are and why they are used, so you can gain a better understanding of the following privacy statement.

What exactly are cookies?

Every time you surf the Internet, you use a browser. Popular browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are referred to as cookies.
One thing cannot be denied: cookies are really handy little helpers. Almost all websites use cookies. To be more specific, they are HTTP cookies, since there are also other cookies for other areas of application. HTTP cookies are small files which our website stores on your computer. These cookie files are automatically stored in the cookie folder, the “brain” of your browser, if you like. A cookie is made up of a name and a value. When we define a cookie, one or more attributes must also be specified.
Cookies are used to store certain user data about you, such as language or personal page settings. When you visit our website again, your browser will transmit the “user-related” information back to our website. The cookies allow our website to recognise who you are and offer you the settings you’re used to. While some browsers give each cookie its own file, others, like Firefox, store all cookies in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are directly generated by our website, third-party cookies are generated by partner websites (e.g. Google Analytics). Each cookie must be evaluated on an individual basis, since each cookie stores different data. The expiry time of a cookie also varies from just a couple of minutes to a couple of years. Cookies are not software programs and cannot contain viruses, trojans or other “pests”. Furthermore, cookies cannot be used to access information on your PC.
Here is an example of what cookie data can look like:
Name: _ga
Value: GA1.2.1326744211.152111287478-9
Intended use: to distinguish between website visitors
Expiration date: after 2 years
A browser should be able to support the following minimum sizes:

  • At least 4096 bytes per cookie
  • At least 50 cookies per domain
  • At least 3000 cookies in total

What types of cookies are there?

The question of which specific cookies we use mainly depends on the services used and is explained in the following sections of the privacy statement. We would like to briefly introduce the different types of HTTP cookies here.
A distinction is made between 4 types of cookies:

Essential cookies

These cookies are essential for ensuring basic website functions. These cookies are required, for example, when a user places a product in their shopping cart, then continues surfing on other pages before heading to the checkout later on. Thanks to these cookies, the shopping cart is not emptied, even if the user closes their browser window.

Useful cookies

These cookies gather information about user behaviour and whether the user encounters any error messages. These cookies are also used to measure the loading time and the behaviour of the website when different browsers are used.

Target-oriented cookies

These cookies ensure a better user experience. For example, input locations, font sizes or form data are stored.

Advertising cookies

These cookies are also called targeting cookies. They are designed to deliver customised advertising to the user. This can be very practical, but also very irritating.
You will usually be asked which of these types of cookies you wish to accept the first time you visit a website. And your decision is, of course, also stored in a cookie.

How can I delete cookies?

It is up to you how and whether you want to use cookies. Irrespective of which service or website the cookies originate from, you will always have the possibility to delete, deactivate or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.
If you would like to find out which cookies have been stored in your browser when changing or deleting your cookie settings, this information can be found in your browser settings:
Chrome: delete, activate and manage cookies in Chrome
Safari: manage cookies and website data with Safari
Firefox: delete cookies in order to remove data that websites have placed on your computer
Internet Explorer: delete and manage cookies
Microsoft Edge: delete and manage cookies

If you choose in principle to refuse all cookies, you can set up your browser in such a way that it always informs you when a cookie is about to be saved. This allows you to decide with each individual cookie whether you want to allow the cookie or not. The procedure varies from one browser to another. It is best to google the instructions with the search term “Delete cookies Chrome” or “Disable cookies Chrome” if you are using a Chrome browser.

What about the protection of my data?

The so-called Cookie Directive has been in place since 2009. It stipulates that the storage of cookies requires your consent. However, there are still very different approaches to this directive within the EU. This directive has nevertheless been incorporated into Sec. 96 (3) of the Telecommunications Act (TKG) in Austria.
If you would like to know more about cookies and are not put off by technical documentation, then we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called the “HTTP State Management Mechanism”.

4. Storage of personal data

Personal data that you provide to us electronically on this website, such as your name, email address, postal address or any other personal details, when you fill in a form or submit comments on the blog, together with the time and IP address, shall be used only for the purpose stated in each case, stored securely and not disclosed to third parties.
We shall therefore use your personal data only to communicate with visitors who have explicitly requested contact and for the processing of the services and products that we offer on this website. We will never pass on your personal data without your consent, although we cannot exclude the possibility that these data might be accessed in the course of any unlawful behaviour.
When you send us personal data by email – i.e. outside this website – we cannot guarantee secure transmission and the protection of your data. We recommend that you never send confidential data by email without encryption.

5. Rights pursuant to the General Data Protection Regulation

You are entitled to the following rights in accordance with the provisions of the GDPR and the Austrian Data Protection Act (DSG):

  • Right to rectification (Article 16 GDPR)
  • Right to erasure ("right to be forgotten") (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to notification – notification obligation regarding rectification or erasure of personal data or restriction of processing (Article 19 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object (Article 21 GDPR)
  • Right not to be subjected exclusively to a decision based on automated processing, which includes profiling (Article 22 GDPR)
If you believe that the processing of your data infringes upon data protection law or your rights under data protection law have otherwise been violated, you may lodge a complaint with the supervisory authority, which in Austria is the Data Protection Authority, the website of which can be found at: https://www.dsb.gv.at/.

6. Analysis of visitor behaviour

In the following privacy statement, we inform you as to whether and how we analyse data from your visit to this website. The data collected is usually analysed anonymously and we are not able to draw any conclusions about you personally from your behaviour on this website.
More information about possible ways to object to this analysis of your visit data can be found in the following privacy statement.

7. TLS encryption with https

We use https to securely transmit data over the Internet (Data protection by design and by default, Article 25 (1) GDPR). We are able to ensure the protection of confidential data by using TLS (Transport Layer Security), which is an encryption protocol for the secure transmission of data over the Internet. The use of this data transmission safeguard can be recognised by the small padlock symbol at the upper left of the browser and the use of the https scheme (instead of http) as part of our Internet address.

8. Google Maps privacy statement

Our website uses Google Maps from the company Google Inc. The company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services in European territory. Google Maps allows us to better display locations and therefore adapt our service to your needs. The use of Google Maps means that data are transferred to Google and stored on Google’s servers. We would now like to go into more detail about what Google Maps is, why we use this Google service, what data are stored and how you can prevent this.

What is Google Maps?

Google Maps is an Internet map service provided by Google. Google Maps allows you to search online for the precise locations of cities, landmarks, accommodation or businesses using a PC, tablet or app. If companies are represented on Google My Business, additional information about the company is displayed next to their location. Map sections covering a location can be integrated into a website by means of HTML code, enabling the route to the location to be displayed. Google Maps displays the Earth’s surface as a road map or as an aerial or satellite image. Very accurate representations can be obtained thanks to the Street View images and the high-quality satellite images.

Why do we use Google Maps on our website?

Everything we do on this website is aimed at providing you with a useful and worthwhile experience on our website. We are able to provide you with the most important information regarding various locations by integrating Google Maps. You will see at a glance where our company headquarters are located. The directions will always show you the best or fastest way to reach us. You can obtain directions for routes by car, public transport, on foot or by bike. We consider the provision of Google Maps to be part of our customer service.

Which data are stored by Google Maps?

Google Maps needs to collect and store data about you in order to be able to offer its full service. This includes the search terms entered, your IP address as well as the latitude and longitude coordinates. When using the route planner function, the entered start address is also saved. Such data storage does, however, happen on the websites of Google Maps. We can only inform you about this, but have no influence over it whatsoever. Because we have integrated Google Maps into our website, Google will place at least one cookie (name: NID) in your browser. This cookie stores data about your user behaviour. Google primarily uses this data to optimise its own services and to provide you with individual, personalised advertising.

The following cookie is placed in your browser due to the integration of Google Maps:
Name: NID
Value: 188=h26c1Ktha7fCQTx8rXgLyATyITJ111287478-5
Intended use: NID is used by Google to adapt advertisements to your Google search. The cookie enables Google to “remember” your most frequently entered search queries or your previous interaction with ads. This means that you are always shown customised advertisements. The cookie contains a unique ID which is used by Google to collect your personal settings for advertising purposes.
Expiration date: after 6 months
Note: We cannot guarantee the integrity of the stored data. Modifications can never be ruled out, especially when using cookies. A separate test page, into which only Google Maps was integrated, has been created to identify the NID cookie.

For how long and where are the data stored?

The Google servers are located in data centres across the globe. Most of the servers are, however, located in America. This is why your data is mainly stored in the USA. You can find out exactly where the Google data centres are located here: https://www.google.com/about/datacenters/inside/locations/?hl=en
Google distributes the data across various data media. This means that the data can be accessed more rapidly and are better protected against any attempts at manipulation. Each data centre also has special emergency programs. For example, if there are any problems with the Google hardware or if a natural disaster cripples the servers, it is reasonably certain that the data will still be protected.
Google saves some data for a fixed period of time. Google only offers the possibility of deleting other data manually. The company also anonymises information (such as advertising data) in server logs by erasing part of the IP address and cookie information after 9 and 18 months respectively.

How can I erase my data or prevent data storage?

The automatic function to delete location and activity data that was introduced in 2019 allows the storage of location and web/app activity information for either 3 or 18 months, which is entirely up to you, and then deletes it. You can also manually delete these data from the history using your Google Account at any time. If you want to prevent your location from being tracked completely, you must pause the “Web and App activity” section in your Google Account. Click “Data and personalisation” and then the “Activity setting” option. You can switch the activities on or off here.
You can also deactivate, delete or manage individual cookies in your browser. The way this works will entirely depend on the browser you are using. The following instructions explain how cookies are managed in your browser:
Chrome: delete, activate and manage cookies in Chrome
Safari: manage cookies and website data with Safari
Firefox: delete cookies in order to remove data that websites have placed on your computer
Internet Explorer: delete and manage cookies
Microsoft Edge: delete and manage cookies
If you choose in principle to refuse all cookies, you can set up your browser in such a way that it always informs you when a cookie is about to be saved. This allows you to decide for each individual cookie whether you want to allow it or not.
Google is an active participant in the EU-U.S. Privacy Shield Framework, which ensures that personal data are transferred correctly and securely. More information about this can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. If you would like to find out more about Google’s data processing, we encourage you to read the company’s own privacy statement at https://policies.google.com/privacy?hl=en.

9. Google Analytics privacy statement

Our website uses the analysis tracking tool Google Analytics (GA) of the American company Google Inc. The company Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services in European territory. Google Analytics collects data about your actions on our website. When you click on a link, for example, this action is stored in a cookie and sent to Google Analytics. We use the reports that we receive from Google Analytics to better customise our website and services to meet your needs. We go into more detail about the tracking tool below and in particular inform you about which data are stored and how you can prevent this.

What is Google Analytics?

Google Analytics is a tracking tool that is used to analyse the data traffic on our website. A tracking code is built into the code of our website in order for Google Analytics to work. This code tracks various actions that you perform on our website whenever you visit. As soon as you leave our website, this data are sent to the Google Analytics servers and stored there. Google processes the data and we receive reports about your user behaviour. This can include the following reports:

  • Target group reports: we are able to learn more about our users through target group reports and know more precisely who is interested in our service.
  • Advertisement reports: we can analyse and improve our online advertising more easily through advertisement reports.
  • Acquisition reports: acquisition reports provide us with helpful information on how we can attract more people to our service.
  • Behavioural reports: this is where we learn how you interact with our website. We are able to trace which route you have taken on our site and which links you click on.
  • Conversion reports: when we talk about conversion, we are talking about a process in which you perform a desired action based on a marketing message. This is when, for example, you change from just a website visitor to a buyer or newsletter subscriber. These reports allow us to learn more about how our marketing efforts are being received by you. We want to increase our conversion rate in this way.
  • Real-time reports: this is where we always find out immediately what is currently happening on our website. For instance, we are able to see how many users are currently reading this text.

Why do we use Google Analytics on our website?

Our objective with this website is clear: we want to offer you the best possible service. The statistics and data from Google Analytics help us to achieve this goal.
The data, analysed statistically, give us a clear overview of the strengths and weaknesses of our website. On the one hand, we have the possibility of optimising our website so that it can be found more easily by those interested in Google. On the other hand, the data help us to better understand you as a visitor. As a result, we are well aware of what we have to improve on our website so that we can offer you the best possible service. The data also help us to carry out our advertising and marketing measures in a more individual and cost-effective way. It only really makes good sense to present our products and services to people who are interested in them.

Which data are stored by Google Analytics?

By using a tracking code, Google Analytics generates a random, unique ID that is associated with your browser cookie. This is how Google Analytics recognises you as a new user. You will be recognised as a “returning” user the next time you visit our site. All gathered data will be stored together with this User ID. This is the only way to analyse pseudonymous user profiles.
Your interactions on our website are measured by identifiers such as cookies and app instance IDs. Interactions are defined as being any type of action you perform on our website. If you also use other Google systems (such as a Google account), data that have been generated by Google Analytics can be linked to third-party cookies. Google does not pass on any Google Analytics data, except with our permission as website operator. Exceptions may occur if required by law.
The following cookies are used by Google Analytics:
Name: _ga
Value:2.1326744211.152111287478-5
Intended use: analytics.js uses the cookie _ga by default to store the user ID. In principle, it serves to differentiate between website visitors.
Expiration date: after 2 years
Name: _gid
Value:2.1687193234.152111287478-1
Intended use: the cookie is also used to differentiate between website visitors
Expiration date: after 24 hours
Name: _gat_gtag_UA_
Value: 1
Intended use: is used to lower the request rate. If Google Analytics is deployed through the Google Tag Manager, this cookie is given the name _dc_gtm_.
Expiration date: after 1 minute
Name: AMP_TOKEN
Value: no data
Intended use: the cookie has a token which is used to retrieve a User ID from the AMP Client ID Service. Other possible values refer to a logout, a request or an error.
Expiration date: after 30 seconds up to one year
Name: __utma
Value:1564498958.1564498958.1564498958.1
Intended use: this cookie can be used to trace your behaviour on the website and measure performance. The cookie is updated whenever information is sent to Google Analytics.
Expiration date: after 2 years
Name: __utmt
Value: 1
Intended use: The cookie is used like _gat_gtag_UA_ to restrict the request rate.
Expiration date: after 10 minutes
Name: __utmb
Value:3.10.1564498958
Intended use: this cookie is used to define new sessions. It is updated every time new data or information is sent to Google Analytics.
Expiration date: after 30 minutes
Name: __utmc
Value: 167421564
Intended use: this cookie is used to define new sessions for returning visitors. These are session cookies and are only stored until you close the browser.
Expiration date: after closing the browser
Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Intended use: the cookie is used to identify the source of the visitor traffic generated by our website. This means that the cookie will store from where you accessed our website. This may have been a different page or an advertisement.
Expiration date: after 6 months
Name: __utmv
Value: no data
Intended use: the cookie is used to store user-defined user data. The cookie is always updated whenever information is sent to Google Analytics.
Expiration date: after 2 years
Note: this list cannot be considered complete, since Google is always changing the choice of its cookies.
This section provides you with an overview of the most important data collected with Google Analytics:
Heat maps: Google creates so-called heat maps. Heat maps display precisely those areas you have clicked on. This is how we get information about where you are currently “travelling” on our site.
Session duration: Google defines session duration as the amount of time you spend on our website without actually leaving. The session will end automatically if you have been inactive for 20 minutes.
Bounce rate: we talk about a bounce when a visitor to our website only views one page and then leaves our website.
Account creation: Google Analytics will collect information about you when you create an account or place an order on our website.
IP address: the IP address is only shown in abbreviated form, preventing a clear assignment from being possible.
Location: the IP address can be used to determine the country and your approximate location. This process is also called IP-location determination.
Technical information: technical information includes your browser type, Internet service provider, screen resolution, etc.
Source of origin: Google Analytics and ourselves are naturally also interested in which website or which advertisement brought you to our website.
Other data includes contact information, any reviews, media play (e.g. when you play a video on our website), sharing content through social media or adding to your favourites. The list makes no claim to be exhaustive and is only intended as a general guide to the storage of data by Google Analytics.

How long and where are the data stored?

Google has distributed its servers around the world. However, most of the servers are located in America and as a result your data are stored mainly on American servers. You can find out exactly where the Google data centres are located here: https://www.google.com/about/datacenters/inside/locations/?hl=en
Your data are distributed across multiple physical data media. This has the benefit of ensuring that the data can be retrieved more quickly and are protected better against any kind of manipulation. There are appropriate emergency programmes for your data in every Google data centre. If, for example, Google’s hardware fails or servers are crippled by natural disasters, the risk of service interruption remains low with Google.
Google Analytics has a retention period of 26 months for your user data as standard. Your user data will then be deleted. Nevertheless, we have the possibility of choosing the retention period of user data ourselves. There are five options available for this purpose:

  • Deletion after 14 months
  • Deletion after 26 months
  • Deletion after 38 months
  • Deletion after 50 months
  • No automatic deletion
Once the specified period has expired, the data are deleted once a month. This retention period covers your data linked to cookies, user recognition and advertising IDs (e.g. DoubleClick domain cookies). Reporting results are based on aggregated data and stored independently of user data. Aggregated data involve the merging of individual data into a larger unit.

How can I delete my data or prevent data storage?

The European Union’s data protection legislation grants you the right to obtain information about your data, update them, erase them or restrict them. You can prevent Google Analytics from using your data by using the browser add-on for deactivating Google Analytics JavaScript (ga.js, analytics.js, dc.js). The browser add-on can be downloaded and installed at https://tools.google.com/dlpage/gaoptout?hl=en. Please note that this add-on only deactivates data collection by Google Analytics.
If you want to fundamentally deactivate, delete or manage cookies (independent of Google Analytics), each browser has its own instructions:
Chrome: delete, activate and manage cookies in Chrome
Safari: manage cookies and website data with Safari
Firefox: delete cookies in order to remove data that websites have placed on your computer
Internet Explorer: delete and manage cookies
Microsoft Edge: delete and manage cookies
Google Analytics is an active participant in the EU-U.S. Privacy Shield Framework, which ensures that personal data are transferred correctly and securely. More information about this can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=111287478. We trust we have provided you with the most important information about the data processing of Google Analytics. We recommend the following two links if you would like to learn more about the tracking service: http://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=en.

10. Google Analytics IP anonymisation

We have implemented the anonymisation of IP addresses by Google Analytics on this website. This function was developed by Google to ensure that this website complies with the applicable data protection regulations and recommendations of local data protection authorities to the extent that they prohibit storage of the full IP address. The IP is anonymised or masked as soon as the IP addresses are received by the Google Analytics data collection network and before the data are saved or processed.
More information about IP anonymisation can be found at https://support.google.com/analytics/answer/2763052?hl=en.

11. Google Analytics reports on demographic characteristics and interests

We have activated the advertising reporting features in Google Analytics. The reports on demographic characteristics and interests contain information on age, gender and interests. This allows us to get a better overview of our users – without having to assign this data to specific individuals. More about the advertising functions can be found at https://support.google.com/analytics/answer/3450482?hl=en_AT&utm_id=ad.
You can stop the use of the activities and information of your Google Account under “Advertising settings” at https://adssettings.google.com/authenticated via the checkbox.

12. Newsletter privacy statement

By subscribing to our newsletter, you provide us with the personal data specified above and give us the right to contact you by email. The data stored as part of your registration for the newsletter will be used solely for our newsletter and will not be passed on to others.
Should you unsubscribe from the newsletter – the link to do so can be found at the bottom of every newsletter – we will then delete all the data that were saved when you registered for the newsletter.

13. Sendinblue privacy statement

You can subscribe to our newsletter free of charge through our website. We use the Sendinblue email service for our newsletter to ensure that this works. This is a service provided by the German company Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin.
We would, of course, be delighted if you registered for our newsletter. This would allow us to keep you up to date with the latest news and first-hand information about what is happening in our company. You should be aware, however, that when you register for the newsletter, any information that you provide (such as your email address or first and last name) will be stored and managed on our server and at Sendinblue. This also includes personal data. Your IP address, for example, will be saved in addition to the time and date of registration. When registering, you also give your consent for us to send you the newsletter and we also refer you to this privacy statement.
The newsletter service also provides us with helpful analysis options. This means that when we distribute a newsletter, for example, we can find out if and when you opened the newsletter. The software also identifies and tracks whether and on which link you click in the newsletter. This information will greatly help us to adapt and optimise our service to your wishes and concerns. Ultimately, we obviously want to offer you the best possible service. In addition to the data already referred to above, we also store data about your user behaviour.
The consent you have given to this data processing can be revoked at any time. This can be done, for example, by clicking on the unsubscribe link directly in the newsletter. Once you have unsubscribed, your personal data will be deleted from our server and from Sendinblue’s servers, which are based in Germany. You have a right to obtain information about the personal data stored about you free of charge and, if applicable, also a right to erase, blocking or rectification.
If you would like to obtain more detailed information about data processing, we recommend that you read the company’s privacy policy at https://de.sendinblue.com/legal/privacypolicy/ und zudem auch noch folgende Informationsseite unter https://de.sendinblue.com/informationen-newsletter-empfaenger/