Data privacy
Personal data (often simply referred to as “data”) is only processed by us if it is necessary to provide a functional and user-friendly website with its content and services.
According to Article 4(1) of the General Data Protection Regulation (“GDPR”, (EU) 2016/679), “processing” refers to any operation involving personal data, including collection, storage, use and erasure.
In this Privacy Policy, we would like to inform you in particular about how, why and on what legal basis we process personal data. We decide alone or together with others on the purposes and means of data processing.
The statement is structured as follows:
- About us as the controller
- rights for users and data subjects
- description of the processing
I. About us as the controller
Responsible for this website in terms of data protection is:
alice interactive GmbH
Löwengasse 18/13c
1030 Vienna
Austria
E-Mail: bssvpr@cntrfgevc.pbz
II. Rights for users and data subjects
In connection with the following data processing, users and data subjects have certain rights that can be claimed at any time within the usual time limits:
- They have the right to know whether their data is being processed, to obtain access to the processed data, to obtain further information about the data processing and to obtain copies of the data (see also Article 15 of the GDPR).
- You have the right to correct or complete incorrect or incomplete data (see also Article 16 of the GDPR).
- You have the right to request the immediate erasure of your data (see also Article 17 of the GDPR) or, alternatively, the restriction of processing in accordance with the conditions of Article 18 of the GDPR.
- You have the right to receive the data concerning you and provided by you and to transmit this data to other providers/controllers (see also Article 20 of the GDPR).
- They have the right to lodge a complaint with the supervisory authority if they believe that their data is being processed by the provider in breach of data protection regulations (see also Article 77 of the GDPR).
In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any corrections or deletions of data or restrictions on processing in accordance with Articles 16, 17 (1) and 18 of the GDPR. However, this obligation does not apply if the notification is impossible or involves a disproportionate effort. Nevertheless, the user has the right to receive information about these recipients.
Also, users and data subjects have the right under Article 21 of the GDPR to object to the future processing of their data if their data is processed by the provider in accordance with Article 6(1)(f) of the GDPR. In particular, it is possible to object to data processing for the purpose of direct marketing.
III. Information on data processing
The data processed when using our website will be completely and irrevocably deleted as soon as the reason for its storage no longer applies. This applies unless there are statutory retention obligations that prevent deletion or there is specific information on individual processing procedures that require a different approach.
Server logs
When you visit the marketing website or our product services, the following data is temporarily stored in so-called “server logs” - any additional data that your browser may send to the server in the form of so-called request headers is not processed:
- IP address of the end device
- Request details and destination address
- Browser and operating system used
- Date and time of the request
- The URL you accessed, including all parameters
- If applicable, the page from which you clicked on the page link
- The protocol version used by your browser
- The access method used in each case
- Name and size of the data you have retrieved
- Message as to whether the retrieval was successful
However, this data is not stored together with any other data from you.
The server logs are deleted after a rolling 10 days at the latest, unless continued storage (e.g. for evidence purposes) is required. Otherwise, these logs will be fully or partially excluded from deletion until an incident has been resolved.
The storage takes place on the legal basis of Art. 6 para. 1 lit. f) GDPR: The legitimate interest here lies on the one hand in the technical monitoring of our infrastructure, the diagnosis of technical problems and the optimization of our technical infrastructure.
Marketing website (www.pagestrip.com)
When you visit our marketing website, no cookies or localStorage entries will be written by default, which fall under our control. However, there are certain circumstances in which such data may need to be written for technical reasons, so that you can access our marketing website in the way you intend to:
- localStorage key "psw_prefLang" (Retention: Until your localStorage is cleared either manually by you or automatically by your browser): When you visit our website, we will automatically dispatch you to the language version most fitting to your browser settings. However, you can also manually switch to another language version at any time. To do so, this localStorage item will be used to store your language selection as a two-letter language code, such as "en" or "de". There is no additional, personal data associated with this key, and this setting is not correlated with any other data of yours. This storage is necessary, so that you can be dispatched to your preferred language version as you navigate through our website. You can remove this item from your localStorage at any time, should you desire to do so, and you will be reverted to viewing our website in the language most fitting to your browser settings.
Additionally, our marketing website may use sub-contractors on our behalf for some purposes, which are
-
Google Analytics: If you give us your permission (consent) via the consent popup that is shown when you visit our marketing website for the first time, we will use Google Analytics to learn how you use our website, so that we can improve it for future visitors. You will not be tracked personally, but only anonymously in aggregated form. Personal data, such as your IP address, will not be stored persistently on our behalf.
You can change your consent at any time by clicking the "Cookies" item in each page's footer to re-open the consent dialog. If you revoke consent, no more navigation data will be sent to analytics anymore, and the analytics tool will no longer be loaded at all during your subsequent visits, unless you give consent again.
If you have consented to our use of Google Analytics, Google LLC acts as a data-processor on our behalf.
Google LLC
1600 Amphitheatre Parkway
Mountain View, California, USA
You can find detailed technical information, information about cookie- and localStorage-use, as well as their privacy policy and more in Google LLC's Help Center. This page will always be up-to-date, as their product is evolving and may change its use of browser-based storage technologies.While Google LLC is a US-based company, they have chosen to register with the Data Privacy Framework. Thus, Google LLC's data protection standards shall be regarded as equivalent to EU standards (GDPR), as well as other participating privacy frameworks. For detailed information about this certification, please refer to the registration list and search for the term "Google".
-
YouCanBookMe (YCBM): We use this service on some select pages of our marketing website, where you can directly book a meeting with us. While YCBM will not track you through analytics software – neither on our behalf, nor for their own purposes –, they will need to process your booking data (name, email address, and timeslot) on our behalf, so that your meeting can be scheduled. This data will be stored persistently until your scheduled meeting data, but will be deleted within 14 days thereafter. You can elect not to share data with YCBM by using our contact form or our email address to schedule a meeting instead.
If you elect to book a meeting with us via the YCBM calendar widget, YCBM acts as a data-processor on our behalf.
YouCanBookme Ltd
Bedford Heights, Brickhill Drive
Bedford, Bedfordshire, United Kingdom, MK41 7PH
You can find detailed technical information, as well as information about the use of browser storage technologies, in YCBM's privacy policy.As a UK-based company, YCBM's data privacy provisions can be regarded as equivalent to EU standards (GDPR).
Product (pagestrip.com)
The pagestrip.com application, which you use to serve content to your readers via embed, custom domain, or on pagestrip.com, has been diligently engineered to minimize the collection of personal data according to this privacy declaration. However, cookies and localStorage objects may be strictly technically required under certain circumstances, which are detailed here:
- Cookie "sessionid" (Retention: 1 year): If any only if you and/or your readers are logged into a pagestrip.com account when they visit content on pagestrip.com or a custom domain used in place of pagestrip.com, or any authenticated action such as "liking" content is taken, this cookie will be set. If your content is displayed as an embed on another website, this cookie will never be set by us. It is used to correlate requests from the same user in order to provide authenticated services (login) or other services which strictly require the permanence of inter-request data due to a lack of idempotency. This cookie is not correlated with any other data than your authentication state and is not used to track you or your readers.
- Cookie "csrftoken" (Retention: 1 year): If any only if you and/or your readers are logged into a pagestrip.com account when they visit content on pagestrip.com, but not on a custom domain, this cookie will be set. It is used to prevent so-called CSRF attacks against a logged-in account, which executes an authenticated action on behalf of a user by either tricking them into clicking on specially prepared links or by exploiting a vulnerability in other content to automatically send requests. Thus, this cookie is technically required, since without it, a logged-in user would be vulnerable to this class of attacks. The cookie is not correlated with any data other than the currently executed action and authentication state and is not used to track you our your readers.
- Cookie "cf_clearance" (Retention: 1 year): If you or your readers access content on pagestrip.com or via a custom domain (but no via an embed), this cookie MAY be set in some circumstances: Depending on the specific access patterns emanating from a network, our WAF (Web Application Firewall) will run sophisticated checks to determine if such traffic is caused by a bot (automated access) or if nefarious purposes (such as attempts at "hacking") are to be suspected. In such cases requests will be tagged with this cookie when they pass these tests, so that they are not blocked by the WAF. Thus, this cookie is then technically necessary to access our services, since the security and stability of our platform, as well as the safety of our users' data, falls within the bounds of our legitimate interests. This cookie is not and cannot be used to track you, and it will not be correlated with any other data.
- localStorage key "ps:language" (Retention: Until your localStorage is cleared either manually by you or automatically by your browser): This data item will be set if you use a language-switcher control provided by pagestrip in order to select a specific content language on either pagestrip.com, a custom domain, or within an embed. The data item consists of the 2-5 letter code identifying the chosen language, such as "de", "en", or "de_at". As such, it does not contain any personal data.
- sessionStorage key "ps_meta:*:_i" (Retention: Until you close the current browser tab or window): The * within the key name will be replaced with the base url of the domain or embed that you are currently visiting. The data item identifies whether exisiting metadata, such as structured data, opengraph, or similar, have already been extracted from the host page. This is technically necessary, since pagestrip needs to be able to merge its own content's metadata with existing data, which is required both for reasons of accessibility and search engine indexing, as well as other purposes. They data item will either be "true", if data extraction has been finished, or "false", if no data could be extracted. This data item does not contain any personal information.
- sessionStorage key "ps_meta:*:_ld" (Retention: Until you close the current browser tab or window): The * within the key name will be replaced with the base url of the domain or embed that you are currently visiting. The data item contains extracted structured data in JSON-LD format that has been extracted from the host page of an embed. This is technically necessary, both so that the pagestrip system can merge metadata about your content with pre-existing metadata, so that no markup gets lost, but also so that your original metadata can be restored when a user leaves the embedded page even by SPA-like navigation. This data item does not contain any personal information.
- sessionStorage key "ps_meta:*:opengraph" (Retention: Until you close the current browser tab or window): The * within the key name will be replaced with the base url of the domain or embed that you are currently visiting. The data item contains extracted OpenGraph data that has been extracted from the host page of an embed. This is technically necessary, both so that the pagestrip system can merge OpenGraph data about your content with pre-existing OpenGraph data, so that no markup gets lost, but also so that your original OpenGraph data can be restored when a user leaves the embedded page even by SPA-like navigation. This data item does not contain any personal information.
In addition, the product may partly rely on services provided by third-parties, which act on our behalf as sub-contractors to process data. This data may include personal data if and only if you include personal data about yourself or about third-parties within your pagestrip publications, which you control and author yourself. Depending on your particular use-case, the way you or your readers access pagestrip.com services, and the amount of traffic you are receiving on your publication, data MAY be processed by none, some, or all of the following sub-contractors:
-
Amazon Web Services EMEA SARL, Austrian Branch: We use some infrastructure services provided by AWS, including (but not necessarily limited to) services like Cloudfront, EC2, RDS, S3, Elasticache, and Lambda. These services are used to provide some functionalities within the pagestrip.com authoring and cockpit products, as well as the upload process in our native editors. Data is only transmitted between our tooling and AWS in encrypted form, and it is also encrypted at rest, using state-of-the-art algorithms and keys which are available to us, but not to AWS.
Our direct contractual partner is the Austrian branch of AWS, located at
Amazon Web Services EMEA SARL, Austrian Branch
Wiedner Gürtel 13, Top 1174
1100 Vienna, Austria
AWS provides a detailed privacy notice, covering both technical and contractual aspects of all data processing happening at AWS. In addition, the GDPR compliance center specifically addresses provisions guaranteed by AWS to ensure that its services are in compliance with the EU GDPR.While AWS EMEA SARL, Austrian branch, is a company registered within Austria (EU), it is – by extension – a wholly owned subsidiary of Amazon, Inc., which is registered in the US. However, Amazon Inc. has elected to voluntarily participate in the Data Privacy Framework, which requires companies to ensure stronger data protection standards, which shall be regarded as equivalent to EU standards (GDPR), as well as other participating privacy frameworks. For detailed information about this certification, please refer to the registration list and search for the term "Amazon".
-
Cloudflare, Inc.: pagestrip.com uses Cloudflare, a provider of CDN services, for the following purposes: To provide WAF (Web Application Firewall) services in order to ensure secure access to product websites, to prevent SPAM, malicious access and automated access (bots), to generate and maintain short-lived TLS certificates for customers who elect to run their pagestrip content on a custom domain name, to globally route internal traffic between our infrastructure endpoints over a fast and efficient global backbone network, and to cache frequently accessed public content in global cache servers, as to reduce the load on our infrastructure and to serve your content to your readers as fast as possible. These services are all technically required in order to run the pagestrip.com platform.
Our direct contractual partner is Cloudflare, Inc., located at:
Cloudflare, Inc.
101 Townsend Street
San Francisco
California 94107, United States
Detailed technical and contractual information about Cloudflare's handling of data can be found in their privacy policy. Additional information about Cloudflare's GDPR compliance is available in their GDPR documentation.While Cloudflare, Inc. is a US-based company, they have chosen to register with the Data Privacy Framework. Thus, Cloudflare, Inc.'s data protection standards shall be regarded as equivalent to EU standards (GDPR), as well as other participating privacy frameworks. For detailed information about this certification, please refer to the registration list and search for the term "Cloudflare".
-
Fastly, Inc.: pagestrip.com uses Fastly's infrastructure as edge cache for public API requests, such as when loading stories and pages. By doing so, load on our infrastructure can be decreased substantially for content that is served frequently, and content can be delivered to your readers in a fast and efficient way, so that your publication is perceived as loading faster. In addition, edge caching serves as an additional line of defense to ensure that your public content remains to be available even in cases where the pagestrip.com backend/origin servers might experience downtime. Fastly's service is technical necessity for the pagestrip.com platform.
Our direct contractual partner is Fastly, Inc., located at:
Fastly, Inc.
475 Brannan St. #300
San Francisco
California 94107, United States
Detailed technical and contractual information about Fastly's handling of data can be found in their privacy policy. Additional information about Fastly's compliance with GDPR, as well as other privacy- and industry standards, can be accessed through their compliance center.While Fastly, Inc. is a US-based company, they have chosen to register with the Data Privacy Framework. Thus, Fastly, Inc.'s data protection standards shall be regarded as equivalent to EU standards (GDPR), as well as other participating privacy frameworks. For more information about this certification, please refer to the registration list and search for the term "Fastly".
As our product is actively developed, we retain the right to add or remove sub-contractors to our infrastructure services. However, we guarantee that the list of sub-contractors within this privacy policy will always be up-to-date, that no sub-contractors will be chosen that are not in compliance with the GDPR, and that we do not use sub-contractors within the infrastructure of our product to process data for any purpose other than the provision of the pagestrip.com service, especially not for purposes of marketing and advertising.
Customer data
Contract processing
The data that you transmit to us for the use of our products and services are processed by us for the execution of the contract and are necessary for this purpose. We cannot conclude or execute the contract without your data.
The legal basis for this processing is Article 6(1)(b) of the General Data Protection Regulation (GDPR).
Once the contract has been concluded, we will delete your data, but we must comply with the statutory retention periods for tax and commercial law purposes.
During the execution of the contract, we will pass on your data to the financial service provider(s) commissioned with the payment, insofar as this is necessary for the service or payment (e.g. payment by credit card). If you pay invoices yourself by direct bank transfer, no data will be transmitted by us to the financial service provider.
The legal basis for this data transfer is also Article 6(1)(b) of the GDPR.
Customer account / pagestrip account
If you create a customer account via our website to use our product “pahestrip”, we use and store the data you provide during registration, such as your name, address and e-mail address, exclusively for pre-contractual measures, for contract fulfillment or for customer support. At the same time, we record your IP address and the date and time of your registration. It goes without saying that this data is not passed on to third parties.
During the registration process, we obtain your consent for this processing and refer you to this privacy policy. The data collected by us during this process is used exclusively for the provision of your customer account.
The information stored in the context of your customer account includes
- First name and surname
- Your email address
- Your self-chosen username
- User ID (randomly generated)
- IP address and date of registration
- Language preference
- Password (as hash according to current state-of-the-art)
If you consent to the creation of a user account, your consent is the legal basis for processing in accordance with Article 6 (1) (a) of the GDPR.
You can revoke your consent to the opening and maintenance of the customer account at any time for the future in accordance with Article 7 (3) of the GDPR. All you need to do is inform us of your withdrawal.
If the opening of the customer account also serves pre-contractual measures or the fulfillment of the contract, the legal basis for this processing is also Article 6 (1) (b) of the GDPR.
The data collected during these processes is deleted as soon as it is no longer required. However, we must comply with retention periods under tax and commercial law.
Translations
Our privacy policy is available in multiple languages: In case of any discrepancies between these versions (due to translation errors, or any other cause), the English version shall prevail.