Preisvergleich Internet Services AG agrees to respect and protect your privacy. Wherever possible, we use anonymised data to store information.
In providing our services, we respect the law of Austria, which stipulates some of the strictest requirements with regard to data protection, telecommunications law etc. For your security, our business activity is subject to this law and we are available to answer any questions regarding data protection.
Personal data is information concerning data subjects (natural persons) whose identity is determined or at least can be determined (e.g. name, address, email address or IP address).
2. Data collected during use of our website
When you use our website, we collect the following data:
- IP address and IP location
- Referrer URL (the website from which you arrived at the current website)
- User agent string (browser type, device type, operating system, language)
- The number, duration and time of interactions with our website
In particular, we use the IP address to defend against attacks, for billing purposes with our merchants, for geolocalisation (to city level) and for optional session recognition. The geographical information obtained in this way cannot under any circumstances be used to determine a specific place of residence.
We store your personal data only for as long as is required in order to fulfil the above purposes and to comply with our contractual or legal obligations. If we no longer need your personal data, we will delete it from our systems and records or we will anonymise it so that you can no longer be identified.
3. Direct communication
If you contact us via a contact form on our website, by email, by phone or by fax, we will use the personal data that you have voluntarily provided (e.g. your email address, name, telephone number, fax number and your enquiry) for the purpose of processing and recording your enquiry.
Based on your consent to receive our newsletter, we will process the personal data that you have voluntarily provided (name, email address, any country and topic selection) for the purposes of sending newsletters. You can revoke this consent at any time by clicking on the link provided at the end of each newsletter with future effect.
We use the "Inxmail" service from Inxmail GmbH, with its registered office in Freiburg, to send our newsletter. The data stored during registration will be transmitted to and stored by Inxmail GmbH. Following registration, Inxmail will send you an email to confirm your subscription. In addition, Inxmail offers various analysis options regarding how the newsletter is opened and used, such as on how many users an email was sent to, whether emails were rejected and whether users unsubscribed from the list after receiving an email.
You can find more information on privacy at Inxmail at: https://www.inxmail.de/datenschutz
As a "sub-processor", Bringe Informationstechnik GmbH, with its registered office in Karlsruhe, provides Inxmail GmbH with the following IT services:
- Server hardware and internet connection
- Backup storage (for a maximum of 30 days)
5. Registration for forum/product reviews/merchant reviews
When you use the comments function on our forum or when you submit product or merchant reviews, information on the time of creation is stored in addition to your comment and, together with the user name that you voluntarily selected, is published on the website. In addition, your IP address is logged and stored. The IP address is stored for security reasons so that any misuse can be detected and in case a data subject submits a comment that infringes the rights of third parties or posts illegal content. We need your email address so that we can contact you if a third party objects to your published content on the grounds that it is unlawful. We reserve the right to delete unlawful comments.
We also give you the option to sign up for our service using Facebook Connect. To sign up, you will be forwarded to the Facebook website, where you can log in with your user data. This will link your Facebook profile and our service. When this link is created, we automatically receive your public profile (name) and your email address from Facebook Inc. This information is essential for the use of our services, in order to enable identification.
The following cookies are set by us:
Session cookie for documenting marketing campaigns
Login cookie to detect new or regular customers
Configuration cookie to store settings related to the operation of the web application (e.g. pre-selection of the countries of origin for merchant offers or pre-selection of sort criteria for merchant offers)
Configuration cookie to store the displayed number of merchant offers on product pages
Configuration cookie to store the overriding of the user agent switch between mobile and web
Protects against cross-site request forgery (CSRF) attacks
Configuration cookie to store the deactivation of sticky bottom ads
Configuration cookie to store the deactivation of site branding
In your browser settings, you can specify whether cookies may be set or not.
Microsoft Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB
Apple Safari: https://support.apple.com/kb/ph21411?locale=en_GB
Mozilla Firefox (disable third-party cookies): https://support.mozilla.org/en-US/kb/disable-third-party-cookies
7. Disclosure of data
We will not disclose the personal data that we collect about you when you use our website and services to third parties, unless this is necessary for the provision of our services or we are obliged to do so in order to fulfil a legal/regulatory obligation.
Furthermore, your personal data will also be processed by our service providers ("data processors") on our behalf. Specifically, these data processors include suppliers of marketing tools, IT service providers, providers of other tools and software solutions, IT maintenance services and other providers of similar services. All of our data processors process your data exclusively based on a contract in accordance with the provisions of data protection laws. The processing is performed only on our behalf and based on our instructions for the purposes described.
Please see below for an overview of our data processors:
7.1 Use of IBM Digital Analytics
Data collected by IBM Digital Analytics
During your visit to our website, certain information transmitted by your browser will be collected and analysed. The information will be collected by mean of a pixel that is integrated into every website. The following data is collected:
- IP address - processed anonymously (irreversible deletion of the last three digits)
- Request (file name of the requested file)
- Demography based on IP location
- Browser type/version
- Browser language
- Operating system used
- Internal resolution of the browser window
- Screen resolution
- Device type
- Java and JS use
- Cookie usage
- Colour depth
- Referrer URL
- Time of access
- Form contents (in the case of free text fields, e.g. name and password, only "completed" or "not completed" is transmitted)
Opt-out from IBM Digital Analytics
You can object to data processing by IBM at the following link: IBM Digital Analytics opt-out
7.2 Use of Google Analytics
Parts of our website and our mobile applications use Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics collects information about your use of this application, which is usually transmitted to a Google server in the USA and stored there. If IP anonymisation is activated in this application, your IP address is truncated by Google beforehand within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full address be transferred to a Google server in the USA and saved there. Google uses this information on behalf of this application's operator to evaluate your use of the application, to compile reports about application activity and to provide further services relating to application and internet usage to the operator of this application. The IP address sent by the application for the purposes of Google Analytics is not combined with other data from Google. In mobile applications, you can deactivate the storage of usage information and the recording of data generated relating to your use of the application (including your IP address) by Google, as well as the processing of this data by Google in the application under "More" -> "Google Analytics".
We draw your attention to the fact that, within this application, the code "ga('set','anonymizeIp', true);" has been added to Google Analytics to ensure that IP addresses collected are anonymised (IP masking).
7.3 Use of ÖWA
Our website uses the scalable central measurement system (SCMS) of Österreichische Webanalyse (ÖWA) to determine statistical values for the use of our services. Anonymous measured values are collected. This reach measurement method uses either a cookie with the identifier "oewabox.at" or a signature created from various automatically transmitted information on your computer to recognise computer systems. IP addresses are not stored as part of this process and are only processed in anonymised form. This method of measuring reach was developed taking privacy into account. The aim of the reach measurement process is to statistically calculate usage intensity and the number of users of a website. Individual users are never identified. The system also does not deliver any advertising. The usage statistics collected by ÖWA are published on a monthly basis and can be viewed at http://www.oewa.at/basic/online-angebote.
You can object to data processing by SCMS at the following links:
7.4 Use of IVW
Our website (geizhals.de only) uses the scalable central measurement system (SCMS) of INFOnline GmbH to determine statistical values for the use of our services.
Anonymous measured values are collected. This reach measurement method uses either a cookie with the identifier "ioam.de", "ivwbox.de", a local storage object or a signature created from various automatically transmitted browser information to recognise computer systems. IP addresses are only processed in anonymised form.
This method of measuring reach was developed taking privacy into account. The aim of the reach measurement process is to statistically calculate usage intensity and the number of users of a website. Individual users are never identified. Your identity always remains protected. You will not receive advertising via the system. For websites that are members of the Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V. (IVW - http://www.ivw.eu) or take part in the "internet facts" study of the Arbeitsgemeinschaft Online-Forschung e.V. (AGOF - www.agof.de), usage statistics are published monthly by the AGOF and the Arbeitsgemeinschaft Media-Analyse e.V. (ag.ma - www.agma-mmc.de), as well as the IVW, and can be viewed at http://www.agof.de , http://www.agma-mmc.de and http://www.ivw.eu.
In addition to publishing measurement data, IVW regularly reviews the SCMS method to ensure usage in compliance with rules and data protection requirements.
Further information on the SCMS can be found on the website of INFOnline GmbH ( https://www.infonline.de ), which operates the SCMS, the data protection website of AGOF ( http://www.agof.de/datenschutz ) and the data protection website of IVW ( http://www.ivw.eu ).
You can object to data processing by SCMS at the following links:
7.5 Use of Google DFP
Our websites use Google DoubleClick server technologies. This is a service provided by DoubleClick, a company of Google Ireland Limited, Ireland. The DoubleClick server enables us to control advertising. Google uses DoubleClick DART cookies for this purpose, which use information about user visits to the website and other websites, to display certain ads based on "frequency capping". This is a method of defining the frequency of advertisements based on standardised criteria.
However, you may disable the use of DoubleClick DART cookies at any time.
To do this, you will need to follow these instructions to deactivate cookies from Google: http://www.google.com/settings/ads/plugin?hl=en-GB or https://adssettings.google.com/
In addition to this, the DoubleClick DART cookies also enable "click fraud detection", which can exclude spam attacks and the illegal manipulation of Google server structures. For this purpose, Google stores the IP addresses of the requesting server for a period of nine months. However, these IP addresses are only used for the purposes of fraud detection and are then permanently deleted. Advertising analyses are not performed based on IP addresses.
In addition, you can disable personalised Google advertising that is shown when you visit one of the more than two million websites whose operators cooperate with Google, as well as personalised advertising from over 100 other online advertising networks:
8. Online advertising
8.1 Usage-based online advertising
Usage-based online advertising, also known as "online behavioural advertising" (OBA), is a technology that uses the anonymous collection and processing of your usage behaviour to enable advertising to be displayed that is optimised for you and targets your predicted interests. As a user, you benefit from receiving advertising that is more likely to fit your interests and from the fact that less randomly distributed advertising is delivered. A cookie is stored on your computer to record your usage behaviour. Cookies are small text files that are placed on your computer's hard drive and enable returning users to be recognised but do not enable you to be personally identified.
They record information about your activities on our websites (e.g. browsing behaviour, sub-pages of our website visited, clicked advertising banners etc.).
Since, in accordance with applicable law, it cannot be entirely ruled out that the collected data could be indirectly associated with an individual, all usage data is stored using a pseudonym, making personal identification almost impossible. The IP address transmitted by your computer for technical reasons is anonymised/pseudonymised and is not used for the controlled display of advertising as described above.
You can find more information on usage-based online advertising on the website of the European Advertising Standards Alliance (EASA):
If you no longer wish to receive usage-based ads, you can click on the following links to object to and disable the collection of data:
8.2 Tag-in-tag advertising
Nowadays, online advertising is often integrated via media agencies. They represent a variety of advertisers. In order to manage advertising materials centrally and control their display on publishers' sites (= our website), the media agency's own ad server is often used in addition to the publisher's ad server. This process is called tag-in-tag placement. As a result of this, personal data (e.g. IP addresses) is sometimes then processed or cookies set.
We currently have agreements with the following agencies for the placement of online advertising. These agencies are also obliged to comply with data protection regulations. If you have no interest in these agencies processing your personal data or setting cookies, then the opt-out options described below are available:
Opt-out: Refer to browser settings
Wavemaker GmbH:Privacy: https://www.wavemakerglobal.com/privacy/
Opt-out: Refer to browser settings
Opt-out: Refer to browser settings
IPG Mediabrands:Privacy: https://www.ipgmediabrands.com/privacy-policy/
Cookies notice: https://dach.ipgmediabrands.com/hinweis-zu-cookies/
Opt-out: Refer to browser settings
Opt-out: Refer to browser settings
SDO/Styria Digital One:Privacy: https://sdo.at/datenschutzregelungen/
Opt-out: Refer to browser settings
Opt-out: Refer to browser settings
"Programmatic advertising" likewise places tags on our website to display advertising. These advertising spaces are mostly personalised, i.e. usage-based online advertising is used, which is usually assigned and managed through an auction process.
We currently use the following technology providers to manage programmatic advertising:
8.3.1 Yieldlab GmbH
Why are cookies from Yieldlab GmbH used?
Which data will be collected when Yieldlab cookies are set?
By setting cookies, Yieldlab does not store any personal data such as name, email addresses or other personal information. All information is strictly anonymous and contains technical information, such as ad frequency and display date for advertising materials, the browser used or the operating system installed.
How does Yieldlab handle data protection?
Yieldlab operates all of its data collection processes in strict compliance with German data protection law. All data is stored on servers within the Federal Republic of Germany. Yieldlab also complies with all P3P requirements (Privacy Preferences Project).
Further information can be found at http://www.yieldlab.com/meta-navigation/data-privacy-statement/
8.3.2 Google Ad Exchange
Insofar as Google Ad Exchange, a web advertising service provided by Google Inc., USA ("Google") places advertising (text ads, banners etc.) on this website, your browser may store cookies sent by Google Inc. or third parties. The information stored in the cookie may be recorded, collected and analysed by Google Inc. or third parties. In addition, Google Ad Exchange uses "web beacons" (small invisible graphics) to collect information that can be used to record, collect and analyse simple actions such as user traffic on the website.
The information generated by the cookie and/or web beacon about your use of this website is generally sent to and stored on a Google server in the US. Google uses the information received in this way to analyse your usage behaviour with respect to Google Ad Exchange ads. Google may also transfer this information to third parties if this is prescribed by law or if third parties process this data on Google's behalf. Insofar as IP addresses are transmitted and stored in this context, this is done only to combat and filter spam/fraud (ad impressions spam and click spam). Access to this data is strictly limited to abuse prevention teams. Google will not associate the IP addresses with other data stored by Google.
You can prevent the storage of cookies on your hard drive and the display of web beacons. To do this, you need to select "do not accept cookies" in your browser settings.
You can find further information at: https://www.google.com/policies/technologies/ads/c
9. Legal bases of data processing
The processing of your data for the purposes described above is based on the following legal bases:
Consent according to Article 6 (1) (a) GDPR:
This is when you have given your consent to the processing of your personal data for one or more specific purposes.
Contract fulfillment according to Article 6 (1) (b) GDPR:
Processing of your personal data is legal if it is necessary to fulfill a contract of which you are a party. This also applies to the implementation of pre-contractual measures.
Legal obligation according to Article 6 (1) (c) GDPR:
If personal data processing is required to fulfill a legal obligation to which our company is subject, we are required to process your data.
Performaning a task of public interest according to Article 6 (1) (e) GDPR:
This is the processing of data that has been transferred to us, but only for the performance of a task of public interest.
Legitimate interest according to Article 6 (1) (f) GDPR:
This is the case if the processing is necessary to safeguard the legitimate interests of our company or a third party and the interests, fundamental rights and fundamental freedoms of the person concerned do not outweigh the former interest.
10. Rights of the data subject
The applicable data protection law grants you comprehensive rights concerning the processing of your personal data:
Right to information according to Article 15 GDPR
1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
Right to rectification according to Article 16 GDPR
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure ('right to be forgotten') according to Article 17 GDPR
1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
(d) the personal data have been unlawfully processed;
(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
(a) for exercising the right of freedom of expression and information;
(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(e) for the establishment, exercise or defence of legal claims.
Right to restriction of processing according to Article 18 GDPR
1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
Right to notification according to Article 19 GDPR
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
Right to data portability according to Article 20 GDPR
1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
(b) the processing is carried out by automated means.
2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
Right to object according to Article 21 GDPR
1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Right to lodge a complaint according to Article 77 GDPR
1. Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
2. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.