Data privacy

Personal data (often simply referred to as “data”) is only processed by us if it is necessary to provide a functional and user-friendly website with its content and services.

According to Article 4(1) of the General Data Protection Regulation (“GDPR”, (EU) 2016/679), “processing” refers to any operation involving personal data, including collection, storage, use and erasure.

In this Privacy Policy, we would like to inform you in particular about how, why and on what legal basis we process personal data. We decide alone or together with others on the purposes and means of data processing.

The statement is structured as follows:

  1. About us as the controller
  2. rights for users and data subjects
  3. description of the processing

I. About us as the controller

Responsible for this website in terms of data protection is:

alice interactive GmbH
Löwengasse 18/13c
1030 Vienna
Austria

E-Mail: bssvpr@cntrfgevc.pbz


II. Rights for users and data subjects

In connection with the following data processing, users and data subjects have certain rights that can be claimed at any time within the usual time limits:

  • They have the right to know whether their data is being processed, to obtain access to the processed data, to obtain further information about the data processing and to obtain copies of the data (see also Article 15 of the GDPR).
  • You have the right to correct or complete incorrect or incomplete data (see also Article 16 of the GDPR).
  • You have the right to request the immediate erasure of your data (see also Article 17 of the GDPR) or, alternatively, the restriction of processing in accordance with the conditions of Article 18 of the GDPR.
  • You have the right to receive the data concerning you and provided by you and to transmit this data to other providers/controllers (see also Article 20 of the GDPR).
  • They have the right to lodge a complaint with the supervisory authority if they believe that their data is being processed by the provider in breach of data protection regulations (see also Article 77 of the GDPR).

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any corrections or deletions of data or restrictions on processing in accordance with Articles 16, 17 (1) and 18 of the GDPR. However, this obligation does not apply if the notification is impossible or involves a disproportionate effort. Nevertheless, the user has the right to receive information about these recipients.

Also, users and data subjects have the right under Article 21 of the GDPR to object to the future processing of their data if their data is processed by the provider in accordance with Article 6(1)(f) of the GDPR. In particular, it is possible to object to data processing for the purpose of direct marketing.


III. Information on data processing

The data processed when using our website will be completely and irrevocably deleted as soon as the reason for its storage no longer applies. This applies unless there are statutory retention obligations that prevent deletion or there is specific information on individual processing procedures that require a different approach.

Server logs

When you visit the website, the following data is temporarily stored in so-called “server logs” - any additional data that your browser may send to the server in the form of so-called request headers is not processed:

  • IP address of the end device
  • Request details and destination address
  • Browser and operating system used
  • Date and time of the request
  • The URL you accessed, including all parameters
  • If applicable, the page from which you clicked on the page link
  • The protocol version used by your browser
  • The access method used in each case
  • Name and size of the data you have retrieved
  • Message as to whether the retrieval was successful

However, this data is not stored together with any other data from you.

The server logs are deleted after a rolling 10 days at the latest, unless continued storage (e.g. for evidence purposes) is required. Otherwise, these logs will be fully or partially excluded from deletion until an incident has been resolved.

The storage takes place on the legal basis of Art. 6 para. 1 lit. f) GDPR: The legitimate interest here lies on the one hand in the technical monitoring of our infrastructure, the diagnosis of technical problems and the optimization of our technical infrastructure.

Cookies/LocalStorage – Public Website

Our website does not use technologies such as cookies or localStorage for any purposes related to the collection or processing of personal data. In particular, no cookies from third-party providers, as well as cookies set by the visited website itself are being deployed.

If you select a language preference on our website, your preference will be stored on your device in the so-called localStorage facility. This means that the two-digit language code (such as "de" or "en") will be stored within your browser's localStorage under the key "psw_prefLang". No website other than ours can read this language preference, and no personal data is included. You can remove the data at any time by clearing your browser's localStorage.

Cookies/LocalStorage – Public/Private Content

The pagestrip.com application, which you use to serve content to your readers via embed, custom domain, or on pagestrip.com, has been diligently engineered to minimize the collection of personal data according to this privacy declaration. However, cookies and localStorage objects may be strictly technically required under certain circumstances, which are detailed here:

  • Cookie "sessionid" (Retention: 1 year): If any only if you and/or your readers are logged into a pagestrip.com account when they visit content on pagestrip.com or a custom domain used in place of pagestrip.com, or any authenticated action such as "liking" content is taken, this cookie will be set. If your content is displayed as an embed on another website, this cookie will never be set by us. It is used to correlate requests from the same user in order to provide authenticated services (login) or other services which strictly require the permanence of inter-request data due to a lack of idempotency. This cookie is not correlated with any other data than your authentication state and is not used to track you or your readers.
  • Cookie "csrftoken" (Retention: 1 year): If any only if you and/or your readers are logged into a pagestrip.com account when they visit content on pagestrip.com, but not on a custom domain, this cookie will be set. It is used to prevent so-called CSRF attacks against a logged-in account, which executes an authenticated action on behalf of a user by either tricking them into clicking on specially prepared links or by exploiting a vulnerability in other content to automatically send requests. Thus, this cookie is technically required, since without it, a logged-in user would be vulnerable to this class of attacks. The cookie is not correlated with any data other than the currently executed action and authentication state and is not used to track you our your readers.
  • localStorage key "ps:language" (Retention: Until your localStorage is cleared either manually by you or automatically by your browser): This data item will be set if you use a language-switcher control provided by pagestrip in order to select a specific content language on either pagestrip.com, a custom domain, or within an embed. The data item consists of the 2-5 letter code identifying the chosen language, such as "de", "en", or "de_at". As such, it does not contain any personal data.
  • sessionStorage key "ps_meta:*:_i" (Retention: Until you close the current browser tab or window): The * within the key name will be replaced with the base url of the domain or embed that you are currently visiting. The data item identifies whether exisiting metadata, such as structured data, opengraph, or similar, have already been extracted from the host page. This is technically necessary, since pagestrip needs to be able to merge its own content's metadata with existing data, which is required both for reasons of accessibility and search engine indexing, as well as other purposes. They data item will either be "true", if data extraction has been finished, or "false", if no data could be extracted. This data item does not contain any personal information.
  • sessionStorage key "ps_meta:*:_ld" (Retention: Until you close the current browser tab or window): The * within the key name will be replaced with the base url of the domain or embed that you are currently visiting. The data item contains extracted structured data in JSON-LD format that has been extracted from the host page of an embed. This is technically necessary, both so that the pagestrip system can merge metadata about your content with pre-existing metadata, so that no markup gets lost, but also so that your original metadata can be restored when a user leaves the embedded page even by SPA-like navigation. This data item does not contain any personal information.
  • sessionStorage key "ps_meta:*:opengraph" (Retention: Until you close the current browser tab or window): The * within the key name will be replaced with the base url of the domain or embed that you are currently visiting. The data item contains extracted OpenGraph data that has been extracted from the host page of an embed. This is technically necessary, both so that the pagestrip system can merge OpenGraph data about your content with pre-existing OpenGraph data, so that no markup gets lost, but also so that your original OpenGraph data can be restored when a user leaves the embedded page even by SPA-like navigation. This data item does not contain any personal information.

Contract processing

The data that you transmit to us for the use of our products and services are processed by us for the execution of the contract and are necessary for this purpose. We cannot conclude or execute the contract without your data.

The legal basis for this processing is Article 6(1)(b) of the General Data Protection Regulation (GDPR).

Once the contract has been concluded, we will delete your data, but we must comply with the statutory retention periods for tax and commercial law purposes.

During the execution of the contract, we will pass on your data to the financial service provider(s) commissioned with the payment, insofar as this is necessary for the service or payment (e.g. payment by credit card). If you pay invoices yourself by direct bank transfer, no data will be transmitted by us to the financial service provider.

The legal basis for this data transfer is also Article 6(1)(b) of the GDPR.

Customer account / pagestrip account

If you create a customer account via our website to use our product “pahestrip”, we use and store the data you provide during registration, such as your name, address and e-mail address, exclusively for pre-contractual measures, for contract fulfillment or for customer support. At the same time, we record your IP address and the date and time of your registration. It goes without saying that this data is not passed on to third parties.

During the registration process, we obtain your consent for this processing and refer you to this privacy policy. The data collected by us during this process is used exclusively for the provision of your customer account.

The information stored in the context of your customer account includes

  • First name and surname
  • Your email address
  • Your self-chosen username
  • User ID (randomly generated)
  • IP address and date of registration
  • Language preference
  • Password (as hash according to current state-of-the-art)

If you consent to the creation of a user account, your consent is the legal basis for processing in accordance with Article 6 (1) (a) of the GDPR.

You can revoke your consent to the opening and maintenance of the customer account at any time for the future in accordance with Article 7 (3) of the GDPR. All you need to do is inform us of your withdrawal.

If the opening of the customer account also serves pre-contractual measures or the fulfillment of the contract, the legal basis for this processing is also Article 6 (1) (b) of the GDPR.

The data collected during these processes is deleted as soon as it is no longer required. However, we must comply with retention periods under tax and commercial law.