Privacy Policy

Last updated: 23 March 2026

Thank you for your interest in the information on our website!

The purpose of this privacy policy is to inform all users of this website about the nature, scope and purposes of the processing of personal data. In this context, personal data refers to any information that can be used to personally identify you as a user of our website (theoretically, possibly via indirect means or by linking various data), including your IP address. Information stored in cookies is generally not personal data, or is only personal data in exceptional cases; however, this is covered by a special provision which makes the permissibility of using cookies – depending on their purpose – largely dependent on the active consent of users.

In a general section of this privacy policy, we provide you with information on data protection that generally applies to our processing of data, including data collection on our website. In particular, you, as a data subject, are informed of the rights to which you are entitled.
We endeavour to provide this information in gender-neutral language. Where individual formulations do not yet reflect this, we would like to point out that this information applies to all people of every gender.

The terms used in our privacy policy and our data protection practices are governed by the provisions of the EU General Data Protection Regulation (“GDPR”) and other relevant national legislation.

Data controller within the meaning of the GDPR

Hinterberger GmbH
Registration number: FN 367491d
Schwarzenbach 16
5360 St. Wolfgang
Austria

E: office@berau.at
T: +43(0)6138 2543
F: +43(0)6138 25435

Data Protection Officer
: Mr Matthias Hinterberger

Data collection on our website

Personal data relating to you is collected, on the one hand, when you expressly provide it to us; on the other hand, data – in particular technical data – is automatically collected when you visit our website. Some of this data is collected to ensure that our website functions correctly. Other data may be used for analytical purposes. However, you can generally use our website without having to provide any personal details.

Technologies on our website

CleverReach

Our website uses the services of CleverReach for sending newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany (“CleverReach”). CleverReach is a service that can be used, amongst other things, to organise and analyse the sending of newsletters.

If you enter data for the purpose of subscribing to the newsletter (e.g. email address), this data is stored on Mailjet’s servers. Mailjet may use recipients’ data in pseudonymous form, i.e. without linking it to a specific user, to optimise or improve its own services, e.g. for the technical optimisation of the dispatch and presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to contact them directly or to pass the data on to third parties.

If you do not wish your data to be analysed by CleverReach, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

The sending of the newsletter and the associated performance measurement are carried out on the basis of the recipients’ consent in accordance with Article 6(1)(a) of the GDPR or, if consent is not required, on the basis of our legitimate interests in direct marketing for similar products and services in accordance with Article 6(1)(f) of the GDPR. You may withdraw your consent at any time with future effect in accordance with Article 7(3) of the GDPR by unsubscribing from the newsletter. The lawfulness of data processing operations that have already taken place remains unaffected by the withdrawal.

For further information on CleverReach’s data protection practices, please refer to the privacy policy at:

Cookies and Local Storage

We use cookies on our website to make our site more user-friendly and functional. Some cookies remain stored on your device.

Cookies are small data packets exchanged between your browser and our web server when you visit our website. These cause no harm whatsoever and serve solely to recognise website visitors. Cookies can only store information provided by your browser, i.e. information that you have entered into the browser yourself or that is available on the website. Cookies cannot execute code and cannot be used to access your device.

The next time you visit our website using the same device, the information stored in cookies may subsequently be sent back either to us (‘first-party cookie’) or to a third-party web application to which the cookie belongs (‘third-party cookie’). The stored and returned information enables the respective web application to recognise that you have already accessed and visited the website using your device’s browser.

Cookies contain the following information:

Cookie name
Name of the server from which the cookie originally originates
Cookie ID number
A date on which the cookie is automatically deleted

Depending on their purpose and function, we divide cookies into the following categories:

Technically necessary cookies to ensure the technical operation and basic functions of our website. This type of cookie is used, for example, to retain your settings whilst you navigate the website; or they can ensure that important information is retained throughout the session (e.g. login, shopping basket).
Statistical cookies to understand how visitors interact with our website by collecting and analysing information on an anonymous basis only. This provides us with valuable insights to optimise both the website and our products and services.
Marketing cookies to deliver targeted advertising to users on our website.
Unclassified cookies are cookies that we are currently working with individual cookie providers to classify.

Depending on their storage duration, we also divide cookies into session and persistent cookies. Session cookies store information that is used during your current browser session. These cookies are automatically deleted when you close your browser. No information is retained on your device. Persistent cookies store information between visits to the website. Based on this information, you will be recognised as a returning visitor on your next visit and the website will respond accordingly. The lifespan of a persistent cookie is determined by the cookie provider.

The legal basis for the use of technically necessary cookies is our legitimate interest in the technically sound operation and smooth functionality of our website. Our website cannot function properly without these cookies. The use of statistical and marketing cookies requires your consent. You may withdraw your consent to the use of cookies at any time with effect for the future. Consent is voluntary. If it is not given, there are no disadvantages. Further information about the cookies we actually use (in particular regarding their purpose and storage duration) can be found in this privacy policy and in the information about the cookies we use in our cookie banner.

You can also configure your web browser to prevent cookies from being stored on your device in general, or to be asked each time whether you consent to the setting of cookies. Once set, you can delete cookies at any time. You can find out exactly how this works in your browser’s help function.

Please note that disabling cookies generally may result in functional limitations on our website.

On our website, we also use so-called local storage functions (also known as ‘local storage’). This involves data being stored locally in your browser’s cache, which remains there and can be read even after you close your browser – unless you clear the cache or it is session storage.

Third parties cannot access the data stored in local storage. Where specific plugins or tools use local storage functions, this is described in the relevant plugin or tool.

If you do not wish plugins or tools to use local storage functions, you can control this in the settings of your respective browser. Please note that this may result in functional limitations.

External hosting

Category: General processing activity
Purpose: technical provision, operation and delivery of the website
Data types: technical data and usage data
Data subjects: visitors to the online service
Recipients: hosting service providers and technical infrastructure partners
Technologies: server and network infrastructure
Legal basis: legitimate interest (provision & operation)

Our website is hosted by an external hosting provider. When you visit the website, various technical data necessary for the operation, security and delivery of the content are processed. This generally includes information that the browser transmits automatically. The data processed may include:

IP address
Date and time of access
Pages or files accessed
Amount of data transferred
Notifications of successful or failed requests
Browser type and version
Operating system used
Referrer URL
Hostname of the accessing device

The hosting provider processes this data to ensure the technical operation of the website, detect attacks or misuse, resolve faults and provide a stable connection. Processing is carried out exclusively on our behalf. The legal basis for processing is our legitimate interest in the secure, reliable and efficient operation of our website.

Facebook Connect

If you have a Facebook profile, we offer you the option to log in or register on our website via single sign-on using the ‘Facebook Connect’ social plugin. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’).
Legal basis: Consent, Data Privacy Framework,

For this data processing, we are joint controllers with Facebook pursuant to Article 26 of the GDPR.

The information required for joint responsibility pursuant to Article 13(1)(a) and (b) of the GDPR can be found in Facebook’s Data Policy at The addendum for controllers that we have concluded with Facebook applies in order to define the fulfilment of the obligation under the GDPR regarding joint responsibility. It has been agreed with Facebook in this regard that Facebook is responsible for fulfilling the rights of data subjects in accordance with Articles 15–20 of the GDPR with regard to the personal data stored by Facebook following joint processing.

To log in or register, you will be redirected to the Facebook website, where you can log in using your user details.

We have taken precautions to ensure that such a plugin does not cause your browser to establish a direct connection with Facebook’s servers as soon as you visit the page.

Only when you interact with the plugin by clicking the “Facebook Connect” button will your IP address and the relevant information be transmitted directly to a Facebook server and stored there. However, this requires an active action on your part; therefore, data processing in this case is based on your consent in accordance with Article 6(1)(a) of the GDPR. Only if you give your express consent to the exchange of data with Facebook prior to the login process will we, when using the “Facebook Connect” button, receive from Facebook the general and publicly accessible information stored in your profile, depending on the privacy settings you have personally configured on Facebook. This information includes, for example, the user ID, name, profile picture, age and gender.

Please note that, following changes to Facebook’s privacy policy and terms of service, granting your consent may also result in the transfer of your profile pictures, your friends’ user IDs and your friends list, provided these have been marked as “public” in your privacy settings on Facebook. The data transmitted by Facebook is stored and processed by us to create a user account containing the necessary details, provided you have shared these with Facebook (title, first name, surname, address details, country, email address, date of birth). Conversely, based on your consent, data (e.g. information about your browsing behaviour) may be transferred by us to your Facebook profile.

You may withdraw your consent at any time by sending us a message. Further information regarding your rights as a data subject can also be found in this privacy policy.

Further information on how Facebook processes personal data, including the legal bases on which Facebook relies and the options for data subjects to exercise their rights vis-à-vis Facebook, can be found in Facebook’s Data Policy at

Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Email: support-de@google.com
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Purpose: Web analytics, performance measurement, conversion tracking, collection of statistical data
Category: Statistics
Recipients: EU, USA
Data processed: IP address, details of website visits, user data
Data subjects: Website visitors
Technology: JavaScript call, cookies (details in the cookie list), fingerprinting, local storage
Legal basis: Consent (purpose)
Certifications: EU-US Data Privacy Framework, Swiss-US Data Privacy Framework, UK Extension to the EU-US Data Privacy Framework
Further information: You can find out exactly where Google’s data centres are located here:

On our website, we use the functions of the web analytics service Google Analytics to analyse user behaviour and optimise our website. The reports provided by Google are used to analyse the performance of our website and to measure the success of any campaigns run via our website.

Google Analytics uses cookies that enable an analysis of the use of our website. Full details (name, purpose, storage duration) regarding the cookies can be found in our specific list of cookies used.

Google Analytics may use local storage. This is an alternative to using cookies for storing the client ID. This makes it possible to track user behaviour without setting cookies.

Information regarding the use of the website, such as browser type and version, operating system used, the previously visited page, hostname of the accessing computer (IP address) and the time of the server request, is generally transmitted to a Google server and stored there. We have entered into a contract with Google for this purpose.

On our behalf, Google will use this information to evaluate the use of our website, to compile reports on the activities within our website, and to provide us with further services relating to the use of our website and internet usage.

We use Google Analytics only with IP anonymisation enabled by default. This means that a user’s IP address is truncated by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by a user’s browser as part of Google Analytics is not linked to other Google data.

During a visit to the website, user behaviour is recorded in the form of so-called events. These may represent the following:

page views, a user’s click path
First-time visit to our website
Websites visited
Start of a session
Interaction with our website
User behaviour (e.g. clicks, scrolling, time spent on site, bounce rates)
File downloads
Ads viewed / clicked
Interaction with videos
Internal search queries

The following is also recorded:

Approximate location (region)
Date and time of visit
IP address (in truncated form)
Technical information about the browser or the devices used (e.g. language settings, screen resolution)
Internet service provider
Referrer URL (via which website/advertising material a user arrived at our website)

This data is primarily processed by Google for its own purposes, such as profiling (over which we have no control).

Data relating to the use of our website is deleted immediately upon expiry of the retention period we have set. Google Analytics specifies a standard retention period of 2 months for user and event data, with a maximum retention period of 14 months. This retention period also applies to conversion data. For all other event data, the following options are available: 2 months, 14 months, 26 months (Google Analytics 360 only), 38 months (Google Analytics 360 only), 50 months (Google Analytics 360 only). We select the shortest retention period that corresponds to our intended use. You may enquire with us at any time regarding the retention period currently set by us.

Data whose retention period has expired is automatically deleted once a month.

Further details can be found in the linked additional information. We recommend checking these links regularly for changes, as Google Analytics may update its functions and privacy policies. Further information on your rights and contact details can be found in the general section of this privacy policy.

Google Fonts

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA),
Purpose: Integration of fonts
Category: Statistics
Recipients: EU, USA (possible)
Data processed: IP address, language settings, screen resolution, browser version and name Data
subjects: Website visitors
Technology: JavaScript call
Legal basis: Consent, Data Privacy Framework
Website: www.google.com
Further information:

Our website uses so-called web fonts, provided by Google, to ensure consistent font display.

To display Google web fonts, the browser you are using must connect to Google’s servers. This enables Google to recognise that our website has been accessed via your IP address. Google also stores the IP address of the browser on the visitor’s device. If your browser does not support web fonts, a standard font will be used by your device.

With every Google Font request, information such as language settings, screen resolution, browser version and name is automatically transmitted to Google’s servers alongside the IP address. In any case, Google can determine the popularity of fonts from the usage data collected. Google publishes the results on internal analytics pages (e.g. Google Analytics).

Google Fonts allows us to use fonts on our own website without having to upload them to our server. Google Fonts is a key component in maintaining the high quality of our website. All Google fonts are automatically optimised for the web, which saves data volume and is a major advantage, particularly when using mobile devices. When you visit our site, the small file size ensures fast loading times. Furthermore, Google Fonts are secure web fonts and are supported by all major browsers.

Google stores requests for CSS assets on its servers for one day. This enables us to use the fonts via a Google stylesheet. The font files are stored by Google for one year. To delete data early, you must contact Google Support ( ).

Google Maps

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA)
Purpose: Integration of map services
Category: Statistics
Recipients: EU, USA
Data processed: IP address, website visit details, user data
Data subjects: Users
Technology: JavaScript call, cookies
Legal basis: Consent, Data Privacy Framework,
Website:
Further information: You can find out exactly where Google’s data centres are located here:

The Google Maps service is integrated into our website to better display geographical information about locations for users.

Google Maps is an online mapping service that makes geographical information more accessible via a device. Among other things, it displays directions or embeds map sections of a location into a website.

When Google Maps is accessed, the browser establishes a connection to Google’s servers. This enables Google to determine that our website has been accessed via the user’s IP address. The use of Google Maps allows Google to collect and process data regarding the use of the service.

To provide this service, Google Maps processes, based on the IP address, search terms entered and latitude and longitude coordinates, amongst other things. If the Google Maps route planner function is used, the start address entered is also stored. This data processing is carried out exclusively by Google and is beyond our control.

Please note that when this service is provided by Google, a cookie named "NID" is set. Google Maps does not currently offer us the option to operate this service in a mode without this cookie. The NID cookie contains information about your user behaviour, which Google uses to optimise its own services and to provide you with individual, personalised advertising.

Google anonymises data in server logs by deleting part of the IP address and cookie information after 9 or 18 months.

Location and activity data are stored for either 3 or 18 months and then deleted. Users can also manually delete their history at any time via a Google account. To completely prevent location tracking, a user must disable the “Web & App Activity” section in their Google account.

Google Marketing Platform / Google Ad Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC (USA)
Purpose: Personalised advertising, conversion tracking, remarketing, campaign
performance measurement Category: Marketing
Recipients: EU, USA
Data processed: IP address, website visit details, user data
Data subjects: Users
Technology: JavaScript call, cookies
Legal basis: Consent, Data Privacy Framework,
Website:
Further information: You can find out exactly where Google’s data centres are located here:

This website uses the Google Ads service for the purpose of promoting our products and services. Google Ads is Google’s in-house online advertising system.

It is important for us to know whether an interested visitor ultimately becomes a customer. To measure this, we use what is known as conversion tracking. Furthermore, we would like to be able to target visitors to our website again in a targeted manner. We achieve this through what is known as remarketing (retargeting).

Google Ads serves both conversion tracking and remarketing purposes, i.e. we can see what happened after you clicked on one of our adverts. To ensure this service works, cookies are used and visitors are sometimes added to remarketing lists so that they are shown only specific advertising campaigns.

This is done using a pseudonymous identification number (pID), which is assigned to a user’s browser. This pID enables the service to recognise which adverts have already been displayed to a user and which have been clicked on. The data is used for cross-website ad serving, whereby the user allows Google to identify the pages visited.

Our aim is to ensure that, through the use of Google Ads, our website’s content is targeted specifically at those visitors who are genuinely interested in what we offer. The data from conversion tracking enables us to measure the effectiveness of individual advertising measures and to optimise our website for our visitors. Conversion can be measured through the use of cookies.

The information generated is transmitted by Google to a server in the USA for analysis and stored there. Google will only transfer the data to third parties where required by law or within the scope of data processing on behalf of Google. Under no circumstances will Google link a user’s data with other data collected by Google.

Google Tag Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Parent company: Google LLC (USA)
Purpose: Management of tools and plugins
Category: Technically necessary
Recipients: EU, USA
Data processed: IP address
Data subjects: Users
Technology: JavaScript Call
Legal basis: Legitimate interest, Data Privacy Framework,
Website:
Further information: You can find out exactly where Google’s data centres are located here:

We use the Google Tag Manager service on our website.

Tag Manager is a service that allows us to manage website tags via an interface. This enables us to embed code snippets such as tracking codes or conversion pixels on websites without modifying the source code. In doing so, Tag Manager merely forwards the data; it neither collects nor stores it. Tag Manager itself is a cookie-free domain and does not process any personal data, as it is used solely for the management of other services within our online offering.

When Google Tag Manager is launched, the browser establishes a connection to Google’s servers. These are mainly located in the USA. This enables Google to determine that our website has been accessed via a user’s IP address.

Tag Manager ensures the resolution of other tags, which may themselves collect data. However, Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in effect for all tracking tags implemented via Tag Manager.

Contact

Our website offers various ways to get in touch, such as via contact forms or the email addresses provided. When you contact us, the personal data provided is processed solely for the purpose of handling and responding to the relevant enquiry. Processing takes place insofar as this is necessary for the implementation of pre-contractual measures or for the fulfilment of a contract, or on the basis of legitimate interests, such as maintaining customer relationships or documenting processes.

The provision of certain data may be necessary to process an enquiry in full. Without this information, the enquiry may not be processed at all or only to a limited extent.

Personal data from contact enquiries may also be stored in a customer or prospect database on the basis of legitimate interests in order to optimise communication and customer support. Use for marketing purposes shall only take place if separate consent has been given or a legitimate interest exists and there are no overriding interests of the data subject that warrant protection.

Personal data from contact enquiries is only stored for as long as is necessary to process and handle the enquiry or as required by statutory retention obligations. Once the enquiry has been fully processed and any statutory time limits have expired, the data will be deleted or anonymised. As a rule, deletion takes place no later than three years after the last contact, provided there are no longer statutory or contractual retention obligations.

Further information on the handling of personal data can be found in the website’s privacy policy.

Meta Pixel

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Email: privacy@facebook.com
Parent company: Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA
Purpose: Web analytics, tracking (conversion)
Category: Marketing
Recipients: EU, USA
Data processed: Visitor data (e.g. IP address, location data), behavioural data (e.g. clicks, time spent on site, conversion data), device data (e.g. browser type, operating system), e-commerce data (e.g. order ID, product information)
Data subjects: Website visitors
Technology: JavaScript, cookies (details in the cookie list), tracking pixels
Legal basis: Consent (purpose)
Certifications: EU-US Data Privacy Framework, Swiss-US Data Privacy Framework, UK Extension to the EU-US Data Privacy Framework
Website: https:www.facebook.com/business/tools/meta-pixel
Further information:

Our website uses the Meta Pixel service provided by the social network Facebook for the analysis, optimisation and commercial operation of our online offering.

With the help of Meta Pixel, Meta is able, on the one hand, to identify visitors to our website as a target group for the display of personalised adverts. Accordingly, we use Meta Pixel to display the advertisements we place only to those users who have shown an interest in our online offering or who exhibit certain characteristics (e.g. interests in specific topics or products, determined on the basis of the websites visited), which we transmit to Meta (so-called “Custom Audiences”). We also use Meta pixels to ensure that our Meta ads match users’ potential interests and do not come across as intrusive. Furthermore, with the help of Meta pixels, we can track the effectiveness of Meta adverts for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta advert (so-called “conversion”).

Users’ actions are stored in one or more cookies. These cookies enable Meta to match user data (such as IP address, user ID) with the data of a Facebook account. The data collected is anonymous to us and cannot be viewed by us; it is only used in the context of advertising. Users can prevent this link to their Facebook account by logging out before performing any action.

To control which types of adverts are displayed within Facebook, users can visit the page set up by Meta and follow the instructions there regarding usage-based advertising settings:

These settings apply across all platforms, i.e. they are applied to all devices, such as desktop computers or mobile devices.

Further details can be found in the linked additional information. It is recommended that you check these links regularly for changes, as Meta may update its features and privacy policies. Further information on rights and contact details can be found in the general section of this privacy policy.

Meta Fan Page

Category: Social media presence
Purpose: Public relations, reach measurement, communication
Data types: Usage and interaction data, technical data, profile information
Data subjects: Visitors to the fan page
Recipients: Meta Platforms Ireland / Meta Platforms Inc. (worldwide, depending on usage)
Technologies: Page views, interaction signals, Insights statistics
Legal basis: legitimate interest (fan page operation and communication), platform-specific principles for analysis/tracking
Legal basis for data transfer: EU-US Data Privacy Framework

We are delighted that you are visiting our Meta fan page and would like to inform you about the processing of data that takes place when you use our online offering on Meta. We are jointly responsible for the operation of our Meta fan page, together with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The supervisory authority responsible for Meta is the Irish Data Protection Commission.

The information required for joint responsibility can be found in Meta’s Data Policy at and the Joint Controller Agreement at

The addendum for controllers that we have concluded with Meta applies in order to define the fulfilment of the obligations regarding joint responsibility. It has been agreed with Meta in this regard that Meta is responsible for fulfilling the rights of data subjects with regard to the personal data stored by Meta following joint processing.

In addition to this website, we maintain our online presence via our Meta fan page. According to information provided by Meta, the following data and activities are collected and processed:

Viewing a page, a post or a video on a page
Whether a page is subscribed to or unsubscribed from
whether a page or post is marked with ‘Like’ or ‘Unlike’
whether a page is recommended in a post or comment
whether a page post is commented on, shared or reacted to, including the type of reaction
whether a page post is hidden or reported as spam
whether a link leading to the page is clicked from another page on Meta or from a website outside Meta
whether the mouse is hovered over a page’s name or profile picture to view a preview of the page’s content
whether the website, phone number, ‘Get Directions’ button or any other button on a page is clicked
information on whether you are logged in via a computer or a mobile device whilst visiting a page or interacting with it or its content

To enable this information to be processed, Meta collects, amongst other things, your IP address and other information stored on your device in the form of cookies. According to Meta, the IP address is anonymised.

Due to Meta’s ongoing development, the availability and processing of data are subject to change; therefore, we refer you to Meta’s privacy policy for further details.

The data mentioned above is statistically analysed via the so-called “Insights” of our Meta fan page and made available to us by Meta without any personal references. You can find more information on this at

These statistics are generated and provided by Meta. As the site operator, we have no influence over their generation or presentation. We cannot deactivate this function or prevent the generation and processing of the data. Only Meta decides on the processing of Insights data.

We use this aggregated data to make our posts and activities on our Meta fan page more appealing to users. In accordance with the Meta Terms of Service, to which every user has agreed when creating a Meta profile, we can identify subscribers and fans of the page and view their profiles as well as other shared information.

If you are a registered Meta user and use the comment functions, share posts or leave reviews, you do so at your own responsibility. If you like our page and click ‘Like’ or ‘Follow’, you will appear on the list accessible to us and we may view your public profile. You can undo this at any time. It is your decision what data you make public. However, we do not use this data for any purposes other than the operation of the Meta fan page.

Please note that Meta processes the data for its own purposes (in particular for displaying content and advertisements, and for the provision, protection and improvement of Meta products) in accordance with its own data policyand terms of use, and also transfers it to countries outside the European Union or third countries for which Meta, according to its own information, has put in place appropriate safeguards. You can find opt-out options in your Meta account settings.

Under the Page Insights Addendum, Meta agrees to assume primary responsibility for the processing of Insights data and to fulfil all obligations relating to the processing of Insights data. Furthermore, Meta will make the key provisions of the Page Insights Supplement available to data subjects. You may therefore exercise your data subject rights (rights of access, rectification, erasure, restriction of processing and data portability) directly with Meta.

If you are currently logged in to Meta as a user, there is a cookie on your device containing your Meta ID. This enables Meta to track that you have visited our website and how you have used it. This also applies to all other Meta pages. Meta buttons embedded in websites enable Meta to track your visits to these websites and link them to your Meta profile. This data can be used to offer you content or advertising tailored to your interests.

If you wish to avoid this, you should log out of Meta or deactivate the ‘stay logged in’ function. This will ensure that Meta information that can be used to directly identify you is deleted.

Further information on how Meta processes personal data, including the legal bases on which Meta relies and the options for data subjects to exercise their rights vis-à-vis Meta, can be found in Meta’s Data Policy at

Server log files

Category: General processing activity
Purpose: technical security, stability and error analysis
Data types: technical connection data and access data
Data subjects: Visitors to the website
Recipients: Hosting providers or technical service providers
Technologies: Server logs
Legal basis: legitimate interest (technical operation & security)

When you visit our website, so-called server log files are automatically created. These log files contain the following data, which the browser transmits automatically:

IP address
Date and time of access
File or page accessed
Amount of data transferred
Notification of successful retrieval
Browser type and version used
Operating system used
Referrer URL (previously visited page)
Host name of the accessing device

This data is processed to ensure the functionality, security and stability of our website, in particular to defend against or track attacks (e.g. DDoS attacks), for error analysis and for the technical provision of the website. The legal basis for this is a legitimate interest in the secure and error-free provision of the website.

The log file data is automatically deleted after a standard technical retention period – at the latest after 12 weeks – as soon as it is no longer required for the aforementioned purposes. Data may be stored for a longer period in individual cases if it is required for evidential purposes (e.g. to investigate security-related incidents). This data is not combined with other data sources.

SSL encryption

We use the widely adopted SSL (Secure Socket Layer) protocol for your visit to our website, in conjunction with the highest encryption level supported by your browser. You can tell whether a particular page of our website is being transmitted securely by the closed key or padlock symbol displayed in your browser’s status bar. The use of this protocol is based on our legitimate interest in employing appropriate encryption techniques.

We also employ appropriate technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments and kept up to date with the latest standards.

Webcare

Provider: DataReporter GmbH, Zeileisstraße 6, 4600 Wels, Austria
Purpose: Consent management
Category: Technically necessary
Recipients: EU, AT
Data processed: IP address, consent data
Data subjects: Users
Technology: JavaScript call, cookies, Swarmcrawler
Legal basis: Legitimate interest, consent (Swarmcrawler for the analysis of search results)
Website:
Further information:

We use the Webcare tool on our website for consent management. Webcare records and stores the decision made by each user of our website. Our consent banner ensures that statistical and marketing technologies, such as cookies or external tools, are only set or activated once the user has given their explicit consent to their use.

To this end, we store information regarding the extent to which the user has confirmed the use of cookies. The user’s decision can be revoked at any time by accessing the cookie settings and managing the declaration of consent. Existing cookies are deleted once consent is revoked. A cookie is also set to store information about the status of the user’s consent; this is indicated in the cookie details. Furthermore, when this service is accessed, the IP address of the respective user is transmitted to DataReporter’s servers. The IP address is neither stored nor linked to any other user data; it is used solely for the correct execution of the service.

With the help of Webcare, our website is regularly checked for technologies relevant to data protection law. This check is only carried out on those users who have expressly given their consent (for statistical or marketing purposes). Users’ search results are analysed by Webcare in anonymised form and solely in relation to technologies, and are used to fulfil our information obligations. To launch the Swarmcrawler technology, a request is sent to our servers and the user’s IP address is transmitted for the purpose of data transfer. Servers are selected that are geographically close to the user’s location. It can be assumed that for users within the EU, a server located within the EU will also be selected. The user’s IP address is not stored and is deleted immediately after the end of the communication.

YouTube

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC (USA)
Purpose: Integration of video content, collection of statistical data
Category: Statistics
Recipients: EU, USA
Data processed: IP address, website visit details, user data
Data subjects: Users
Technology: JavaScript call, cookies, device fingerprinting, local storage
Legal basis: Consent, Data Privacy Framework,
Website:
Further information:

We use the YouTube service on our website to embed external videos.

We have enabled YouTube’s enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch a video. However, the enhanced privacy mode does not prevent data from being shared with YouTube partners.

As soon as a YouTube video is played on our website, a connection is established with YouTube’s servers. This allows YouTube to know which of our pages you have visited. If you are logged into your YouTube account, you thereby enable YouTube to link your browsing behaviour directly to your personal profile. This can be prevented by logging out of your account.

Furthermore, after a video has been started, YouTube may store various cookies on your device or use comparable technologies (e.g. device fingerprinting). YouTube also uses local storage on your device. In this way, YouTube can obtain information about visitors to this website. This information is used, amongst other things, to collect video statistics, improve user-friendliness and prevent fraud attempts.

General information on data protection

The following provisions apply in principle not only to data collection on our website, but also generally to the processing of personal data in other contexts.

Personal data

Personal data is information that can be individually attributed to you. Examples include your address, your name, your postal address, email address or telephone number. Information such as the number of users visiting a website does not constitute personal data, as it cannot be attributed to an individual person.

Legal bases for the processing of personal data

Unless more specific information is provided in this privacy policy (e.g. regarding the technologies used), we may process your personal data on the following legal bases:

Consent pursuant to Article 6(1)(a) of the GDPR – the data subject has given their consent to the processing of their personal data for one or more specific purposes.
Performance of a contract and pre-contractual measures pursuant to Article 6(1)(b) of the GDPR – processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures.
Legal obligation pursuant to Article 6(1)(c) of the GDPR – processing is necessary for compliance with a legal obligation.
Protection of vital interests pursuant to Article 6(1)(d) of the GDPR – Processing is necessary to protect the vital interests of the data subject or of another natural person.
Legitimate interests pursuant to Article 6(1)(f) of the GDPR – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Please note that, in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence may apply.

Transfer of personal data

Your personal data will not be transferred to third parties for purposes other than those set out in this privacy policy.

We will only disclose your personal data to third parties if:

you have given your explicit consent in accordance with Article 6(1)(a) of the GDPR,
the disclosure is necessary pursuant to Article 6(1)(f) of the GDPR to safeguard legitimate interests and to establish, exercise or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
there is a legal obligation to disclose the data in accordance with Article 6(1)(c) of the GDPR, and this is permitted by law, and/or
it is necessary for the performance of a contract with you in accordance with Article 6(1)(b) of the GDPR.

Cooperation with data processors

We carefully select our service providers who process personal data on our behalf. Where we engage third parties to process personal data on the basis of a data processing agreement, this is done in accordance with Article 28 of the GDPR.

Transfer to third countries

Where we process data in a third country, or where this occurs in the context of using third-party services or the disclosure or transfer of data to other persons or companies, this is done solely on the legal bases set out above for the transfer of data.

Subject to express consent or contractual necessity, we process or allow the data to be processed in accordance with Articles 44–49 of the GDPR only in third countries with a level of data protection recognised as adequate or on the basis of specific safeguards, such as a contractual obligation through the EU Commission’s standard contractual clauses, the existence of certifications or binding internal data protection regulations.

Data transfers to the USA

We would like to expressly point out that on 10 July 2023, the EU Commission adopted an adequacy decision pursuant to Article 45(1) of the GDPR regarding the EU-US Data Privacy Framework. Consequently, organisations or companies (as data importers) in the USA that are registered on a public list as part of the Data Privacy Framework’s self-certification process offer an adequate level of protection for data transfers. You can find out whether a specific service provider is already certified here:

The Data Privacy Framework constitutes a valid legal basis for the transfer of personal data to the US. This creates binding safeguards to ensure compliance with all requirements of the ECJ; for example, it provides that access by US intelligence services to EU data is limited to what is necessary and proportionate, and that a court is established to review data protection, to which individuals in the EU also have access.

Where we do transfer data to the US, or where we engage a service provider based in the US, we explicitly state this in this privacy policy (see in particular the description of the technologies on our website).

It should be noted that, apart from significant improvements, the Data Privacy Framework applies only partially and only to data transfers to those data importers in the US that appear on the public list of certified organisations/companies.

What might the transfer of personal data to the US mean for you as a user, and what risks are involved in this context?

Risks for you as a user, insofar as data importers in the US are concerned that do not fall under the Data Privacy Framework, include, in any event, the powers of the US intelligence services and the legal situation in the US, which, in the view of the ECJ, no longer ensure an adequate level of data protection. These include, among other things, the following points:

Section 702 of the Foreign Intelligence Surveillance Act (FISA) provides for no restrictions on the surveillance activities of the intelligence services and no safeguards for non-US citizens.
Presidential Policy Directive 28 (PPD-28) does not provide data subjects with effective legal remedies against measures taken by US authorities and does not provide for safeguards to ensure proportionate measures.
The ombudsman’s office provided for in the Privacy Shield does not have sufficient independence from the executive; it cannot issue binding orders to the intelligence services.

Is the transfer of data to the US in accordance with the law on the basis of the Standard Contractual Clauses for data importers not covered by the Data Privacy Framework?

In June 2021, the European Commission adopted new Standard Contractual Clauses (SCCs) by Decision 2021/914/EU. These create a new legal basis for data transfers where the level of data protection is not the same as in the EU.

Is the transfer of data to the US lawful on the basis of consent?

Where data is transferred to a service provider based in the US that is not covered by the Data Privacy Framework and this data transfer is based on explicit consent, we provide explicit information about this in this privacy policy, in particular in the description of the technologies used on our website.

What measures do we take to ensure that data transfers to the US comply with the law?

Where US providers offer the option, we opt for data processing on EU servers. This should technically ensure that the data remains within the European Union and cannot be accessed by US authorities.

Retention period in general

Unless an explicit retention period is specified when data is collected (e.g. in a declaration of consent), we are obliged under Article 5(1)(e) of the GDPR to erase personal data as soon as the purpose for which it was processed no longer applies. In this context, we would like to point out that statutory retention obligations to which we are subject constitute a legitimate purpose for the further processing of the personal data covered by them.

We generally store and retain data in a personal form until the termination of a business relationship or until the expiry of applicable warranty, guarantee or limitation periods, and furthermore until the conclusion of any legal disputes in which the data is required as evidence, or in any event until the end of the third year following the last contact with a business partner.

Storage periods in specific cases

Specific information regarding the retention period of data can be found in the descriptions of individual technologies on our website. Our cookie table provides information on the retention period of individual cookies. In addition, you always have the option of enquiring directly with us about the specific retention period of data. To do so, please use the contact details provided in this privacy policy.

Rights of data subjects

Data subjects have the right:

(i) pursuant to Article 15 of the GDPR, to request information about your personal data processed by us. In particular, you may request information regarding the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data where it has not been collected by us, as well as information on the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details;
(ii) in accordance with Article 16 of the GDPR, to request the immediate rectification of inaccurate personal data or the completion of your personal data stored by us;
(iii) in accordance with Article 17 of the GDPR, to request the erasure of your personal data stored by us under certain circumstances, provided that the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
(iv) pursuant to Article 18 of the GDPR, to request the (temporary) restriction of the processing of your personal data, provided that you contest the accuracy of the data, the processing is unlawful but you oppose its erasure, we no longer need the data, but you require it for the establishment, exercise or defence of legal claims, or you have objected to the processing pursuant to Article 21 of the GDPR;
(v) in accordance with Article 20 of the GDPR, to receive from us the personal data you have provided to us in a structured, commonly used and machine-readable format, or to request its direct transmission to another controller; however, this applies only to those of your personal data which we process with your consent or on the basis of a contract using automated means;
(vi) pursuant to Article 21 of the GDPR, where your personal data is processed on the basis of our legitimate interest, to object to the processing of your personal data, provided there are grounds arising from your particular situation or the objection relates to direct marketing. In the latter case, you have a general right to object, which we will implement without you needing to specify a particular situation;
(vii) in accordance with Article 7(3) of the GDPR, to withdraw your consent at any time. This means that we may no longer continue the data processing that was based on this consent in future. Among other things, you have the option to withdraw your consent to the use of cookies on our website with effect for the future by visiting our;
(viii) in accordance with Article 77 of the GDPR, to lodge a complaint with a supervisory authority regarding the unlawful processing of your data by us. As a rule, you may contact the supervisory authority of your usual place of residence or workplace, or of our registered office.

The competent supervisory authority for Hinterberger GmbH is:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna, Austria
Tel.: +43 1 52 152-0, dsb@dsb.gv.at

Exercising data subject rights

You yourself decide on the use of your personal data. Should you therefore wish to exercise any of the above-mentioned rights against us, please feel free to contact us by email, post or telephone.

Please assist us in clarifying your enquiry by answering questions from our relevant staff member regarding the specific processing of your personal data. In the event of legitimate doubts regarding your identity, we may request a copy of your ID.

If you have any questions regarding data protection, you can contact us at or via the other contact details listed in this privacy policy.

St. Wolfgang, 23 March 2026

ADDITIVE+ LANDINGPAGE - Online Marketing and Landing Pages

In addition to our website, we also operate optimised sales landing pages. To process your enquiry, booking, order, activation, registration or other submission of a form on such a landing page, as well as to store and retain your data, we use standard cloud services and CRM systems, as well as software from ADDITIVE GmbH, 39011 Lana (BZ), Italy (“ADDITIVE”), our service provider. The appropriate level of data protection is ensured by the data processing agreements concluded with the respective companies.

Our landing pages use functions of the web analytics service Google Analytics provided by Google Inc. (“Google”). Google Analytics enables the analysis of how users use the website. The information generated about your user behaviour is transmitted to the provider’s server and stored there.

Your IP address is recorded but immediately anonymised (e.g. by deleting the last 8 bits). This means that only a rough location can be determined. You can prevent the transmission of data relating to your use of the online service to Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available via the following link:

ADDITIVE has access to the data collected via Google Analytics. This data is not used for any purpose other than analysing the use of our websites and evaluating our marketing and sales activities.

Our websites and landing pages also use ADDITIVE functions for cross-channel tracking of the use of our websites and marketing and sales activities, such as landing pages, newsletters and social media presence. In doing so, information regarding your visits and submitted forms on our websites is also transmitted to ADDITIVE in order to evaluate and optimise our marketing and sales activities.

Data processing is carried out on the basis of the legal provisions of Article 6(1)(f) (legitimate interest) of the GDPR.

Our objective within the meaning of the GDPR (legitimate interest) is to improve our offering and our website by analysing the use of our website as well as sales and marketing activities. In addition, our landing pages and our website use remarketing functions provided by Google Inc. (“Google”) and Meta Platforms Inc. (“Meta”). In doing so, information is transmitted to Meta and Google indicating that you have visited this website. These functions serve to present visitors to the landing pages with interest-based advertisements within Google’s advertising network or on the social networks Facebook and Instagram.

Data processing in connection with these remarketing functions is carried out on the basis of the legal provisions of Article 6(1)(a) (consent) of the GDPR.

When you visit our landing pages, a banner will inform you of the use of cookies for these remarketing functions. You only consent to their use by clicking the relevant button to confirm. You may withdraw your consent at any time by visiting the cookie information page on the relevant landing page and declining the use of cookies in the banner that appears.