Data protection is a matter of trust and your trust is important to us. We respect your privacy and personal sphere. The protection and the legally compliant collection, processing and use of your personal data is therefore an important concern for us. To make you feel safe when visiting our website, we strictly observe the legal regulations when processing your personal data and would like to inform you here about our data collection and data use.
Responsible body in terms of the GDPR
The body responsible for the collection, processing and use of your personal data within the meaning of the EU General Data Protection Regulation is Innopharm GmbH, Hauptplatz 1 7350 Oberpullendorf/Austria.
If you wish to object to the collection, processing or use of your data by Innopharm GmbH in accordance with these data protection regulations, either as a whole or for individual measures, you can send your objection by e-mail or letter to the following contact details:
Hauptplatz 1 7350 Oberpullendorf/Austria
Phone: +43 2612 427 12 11
Legal basis of the data processing
In order to be able to offer you our website and the services associated with it; we process personal data on the basis of the following legal principles:
– to fulfill a contract or to carry out pre-contractual measures in accordance with Art. 6 Para. 1 letter b GDPR, if you visit our website to obtain information about us; and
– to safeguard our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR, in order to make the website technically available to you. Our legitimate interest is to be able to provide you with an attractive, technically functioning and user-friendly website and to take measures to protect our website against cyber risks and to prevent cyber risks for third parties from our website.
We will refer to the relevant terms in connection with the respective processing so that you can classify the basis on which we process personal data.
If personal data are processed on the basis of your consent, you have the right to revoke this consent at any time with effect for the future.
If we process data on the basis of a weighing of interests, you as the person concerned have the right to object to the processing of personal data, taking into account the provisions of Art. 21 GDPR.
When you visit our website, personal data is processed in order to display the contents of the website on your terminal device.
In order for the pages to be displayed in your browser, the IP address of the terminal device you use must be processed. Additional information about the browser of your terminal device is also processed.
We are obliged by data protection law to also guarantee the confidentiality and integrity of the personal data processed with our IT systems.
We, the website operator or page provider, collect data on access to the website on the basis of our legitimate interest (see Art. 6 Para. 1 lit. f. GDPR) and store this data as “server log files” on the website server. The following data is logged in this way:
– IP address of the calling computer (for a maximum of 7 days)
– Operating system of the calling computer
– Browser version of the calling computer
– Name of the retrieved file
– Date and time of retrieval
– transferred data volume
– Referring URL
The server log files are stored for a maximum of 7 days and then deleted from all systems used in connection with the operation of these Internet pages. The data is stored for security reasons, e.g. to be able to clarify cases of abuse. We can then no longer establish a personal reference from the remaining data.
The data is also used to identify and correct errors on the Internet pages. If data has to be kept for reasons of evidence, it is excluded from deletion until the incident is finally clarified.
This data would possibly allow identification, but no personal exploitation takes place in this respect. They can be evaluated for statistical purposes, but the individual user remains anonymous. As far as data is passed on to external service providers, we have taken technical and organizational measures to ensure that the regulations of data protection are observed.
Collection and processing of personal data
Personal data is only collected if you provide us with this information on your own initiative, e.g. when sending e-mails, ordering products or services, or making inquiries.
The database and its contents remain with our company and our provider. Your personal data will not be made available to third parties in any form by us or persons commissioned by us, unless we have your consent or an official order to do so.
Rights in accordance with the basic data protection ordinance
In accordance with the provisions of the GDPR and the Austrian Data Protection Act (DSG), you are basically entitled to the following rights:
You have the right to be informed about the personal data concerning you. You can contact us for information at any time.
In the case of a request for information that is not made in writing, we ask for your understanding that we may require you to provide evidence that proves that you are the person you claim to be.
Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so.
– Right of rectification (Article 16 GDPR)
– Right of deletion (“right to be forgotten”) (Article 17 GDPR)
– Right to restrict processing (Article 18 GDPR)
Unless your request conflicts with a legal obligation to retain data (e.g. data retention), you have the right to have your data deleted. Data stored by us will be deleted if it is no longer required for its intended purpose and if there are no statutory retention periods. If deletion cannot be carried out because the data is required for permissible legal purposes, data processing will be restricted. In this case the data will be blocked and not processed for other purposes.
Finally, you have the right to object to the processing within the legal requirements. The same applies to a right to data transferability. You are entitled to revoke your consent to the use of personal data at any time with effect for the future. For this purpose, an e-mail to is sufficient.
– Right to notification – obligation to notify in connection with the correction or deletion of personal data or the restriction of processing (Article 19 GDPR)
– Right to data transferability (Article 20 GDPR)
– Right of objection (Article 21 GDPR)
– Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR)
If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority, which in Austria is the data protection authority, whose website you can find at https://www.dsb.gv.at.
In some areas of the website, so-called cookies are used in order to provide you with our services individually. Cookies are identifiers that a web server can send to your computer to identify it for the duration of your visit. If cookies are not only stored for the duration of the respective session and then automatically deleted, but are to be stored on your computer for a longer period of time, you will be informed when such a cookie is set. Our website uses only essential HTTP-cookies to store user-specific data.
What exactly are cookies?
Every time you surf the internet, you use a browser. Common browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.
Cookies save certain parts of your user data, such as e.g. language or personal page settings. When you re-open our website, your browser submits these “user specific” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers every cookie has its own file, in others such as Firefox, all cookies are stored in one single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites. Every cookie is individual, since every cookie stores different data. The expiration time of a cookie also varies – it can be a few minutes, or up to a few years. Cookies are no software-programs and contain no computer viruses, trojans or any other malware. Cookies also cannot access your PC’s information.
There are 4 different types of cookies:
These cookies are necessary to ensure the basic function of a website. They are needed when a user for example puts a product into their shopping cart, then continues surfing on different websites and comes back later in order to proceed to the checkout. Even when the user closed their window priorly, these cookies ensure that the shopping cart does not get deleted.
These cookies collect info about the user behaviour and record if the user potentially receives any error messages. Furthermore, these cookies record the website’s loading time as well as its behaviour within different browsers.
These cookies care for an improved user-friendliness. Thus, information such as previously entered locations, fonts or data in forms stay saved.
These cookies are also known as targeting-Cookies. They serve the purpose of delivering individually adapted advertisements to the user. This can be very practical, but also rather annoying.
How can I delete cookies?
If you want change or delete cookie-settings and would like to determine which cookies have been saved to your browser, you can find this info in your browser-settings:
If you generally do not want to allow any cookies at all, you can set up your browser in a way, to notify you whenever a potential cookie is about to be set. This gives you the opportunity to manually decide to either permit or deny the placement of every single cookie. The settings for this differ from browser to browser. Therefore, it might be best for you to search for the instructions in Google. If you are using Chrome, you could for example put the search phrase “delete cookies Chrome” or “deactivate cookies Chrome” into Google.
TLS encryption with https
We use https to transfer information on the internet in a tap-proof manner (data protection through technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information. You can recognise the use of this safeguarding tool by the little lock-symbol, which is situated in your browser’s top left corner, as well as by the use of the letters https (instead of http) as a part of our web address.
On our website we use Google Fonts, from the company Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
To use Google Fonts, you must log in and set up a password. Furthermore, no cookies will be saved in your browser. The data (CSS, Fonts) will be requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, all requests for CSS and fonts are fully separated from any other Google services. If you have a Google account, you do not need to worry that your Google account details are transmitted to Google while you use Google Fonts. Google records the use of CSS (Cascading Style Sheets) as well as the utilised fonts and stores these data securely. We will have a detailed look at how exactly the data storage works.
What are Google Fonts?
Google Fonts (previously Google Web Fonts) is a list of over 800 fonts which Google LLC provides its users for free.
Many of these fonts have been published under the SIL Open Font License license, while others have been published under the Apache license. Both are free software licenses.
Why do we use Google Fonts on our website?
With Google Fonts we can use different fonts on our website and do not have to upload them to our own server. Google Fonts is an important element which helps to keep the quality of our website high. All Google fonts are automatically optimised for the web, which saves data volume and is an advantage especially for the use of mobile terminal devices. When you use our website, the low data size provides fast loading times. Moreover, Google Fonts are secure Web Fonts. Various image synthesis systems (rendering) can lead to errors in different browsers, operating systems and mobile terminal devices. These errors could optically distort parts of texts or entire websites. Due to the fast Content Delivery Network (CDN) there are no cross-platform issues with Google Fonts. All common browsers (Google Chrome, Mozilla Firefox, Apple Safari, Opera) are supported by Google Fonts, and it reliably operates on most modern mobile operating systems, including Android 2.2+ and iOS 4.2+ (iPhone, iPad, iPod). We also use Google Fonts for presenting our entire online service as pleasantly and as uniformly as possible.
Which data is saved by Google?
Whenever you visit our website, the fonts are reloaded by a Google server. Through this external cue, data gets transferred to Google’s servers. Therefore, this makes Google recognise that you (or your IP-address) is visiting our website. The Google Fonts API was developed to reduce the usage, storage and gathering of end user data to the minimum needed for the proper depiction of fonts. What is more, API stands for „Application Programming Interface“and works as a software data intermediary.
Google Fonts stores CSS and font requests safely with Google, and therefore it is protected. Using its collected usage figures, Google can determine how popular the individual fonts are. Google publishes the results on internal analysis pages, such as Google Analytics. Moreover, Google also utilises data of ist own web crawler, in order to determine which websites are using Google fonts. This data is published in Google Fonts’ BigQuery database. Enterpreneurs and developers use Google’s webservice BigQuery to be able to inspect and move big volumes of data.
One more thing that should be considered, is that every request for Google Fonts automatically transmits information such as language preferences, IP address, browser version, as well as the browser’s screen resolution and name to Google’s servers. It cannot be clearly identified if this data is saved, as Google has not directly declared it.
How long and where is the data stored?
Google saves requests for CSS assets for one day in a tag on their servers, which are primarily located outside of the EU. This makes it possible for us to use the fonts by means of a Google stylesheet. With the help of a stylesheet, e.g. designs or fonts of a website can get changed swiftly and easily.
Any font related data is stored with Google for one year. This is because Google’s aim is to fundamentally boost websites’ loading times. With millions of websites referring to the same fonts, they are buffered after the first visit and instantly reappear on any other websites that are visited thereafter. Sometimes Google updates font files to either reduce the data sizes, increase the language coverage or to improve the design.
We frequently revise this data protection notice when changes are made to this web page or on other
occasions which make this necessary. The latest version can always be found on this internet page.
Latest edition: 25/11/2020