Data protection

We use the consent tool “Real Cookie Banner” to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and the related consents. Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/¬datenverarbeitung/. The legal basis for the processing of personal data in this context is Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents. The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we cannot manage your consents.

Legal Basis
We refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. This EU General Data Protection Regulation can be read online on EUR-Lex at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679. We only process your data if at least one of the following conditions applies:

Consent (Article 6 (1) (a) GDPR): You have given us your consent to process data for a specific purpose (e.g., storing the data you entered in the contact form).
Contract (Article 6 (1) (b) GDPR): We process your data to fulfill a contract or pre-contractual obligations with you.
Legal Obligation (Article 6 (1) (c) GDPR): We process your data if we are subject to a legal obligation.
Legitimate interests (Article 6 (1) (f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data.
In addition to the EU regulation, Austrian law also applies: the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.

Contact details of the controller
Data protection officer:
Bernhard Jost
Email: jost (at) remasol.at

Storage period
We delete personal data as soon as the reason for data processing no longer applies. In some cases, we are legally obligated to retain certain data even after the original purpose no longer applies (e.g., accounting). If you request that your data be deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and unless there is an obligation to retain it.
We will inform you below about the specific duration of the respective data processing, provided we have further information.

Rights under the General Data Protection Regulation
In accordance with Articles 13 and 14 of the GDPR, we inform you of the following rights to which you are entitled to ensure fair and transparent data processing: According to Article 15 of the GDPR, you have the right to information about whether we process your data. If this applies, you have the right to receive a copy of the data and to be informed about the following:
the purpose for which we process it;
the categories, i.e., the types of data being processed;
who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
how long the data is stored;
the existence of the right to rectification, erasure, or restriction of processing and the right to object to processing;
that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
the origin of the data if we did not collect it from you;
whether profiling is carried out, i.e., whether data is automatically evaluated to create a personal profile of you.
According to Article 16 of the GDPR, you have the right to rectification of your data, which means we must correct any errors you find.
According to Article 17 of the GDPR, you have the right to erasure of your data.
According to Article 18 of the GDPR, you have the right to restriction of processing, which means we may only store the data but not use it any further.
According to Article 20 of the GDPR, you have the right to data portability.
According to Article 21 of the GDPR, you have the right to object, which, if exercised, will result in a change in the processing.
If the processing of your data is based on Article 6 (1) (e) (public interest, exercise of official authority) or Article 6 (1) (f) (legitimate interest), you can object to the processing. We will then examine as quickly as possible whether we can legally comply with this objection.
If data is used for direct marketing purposes, you can object to this type of data processing at any time. We may no longer use your data for direct marketing purposes after this time.
If data is used for profiling purposes, you can object to this type of data processing at any time. We may no longer use your data for profiling purposes after this time.
You have the right to lodge a complaint under Article 77 of the GDPR. If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, each federal state has a data protection officer. For further information, please contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

The following local data protection authority is responsible for our company:
Austrian Data Protection Authority
Head: Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Telephone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data processing security
To protect personal data, we encrypt or pseudonymize personal data. This makes it as difficult as possible for third parties to derive personal information from our data.

Communication
Data processed: e.g., telephone number, name, email address, entered form data. You can find more details in the respective contact method used.
Storage period: Duration of the business transaction and the legal requirements.
Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (b) GDPR (contract), Art. 6 (1) (f) GDPR (legitimate interests).
If you contact us and communicate by phone, email, or online form, personal data may be processed. The data will be processed to process and handle your inquiry and the related business transaction. The data will be stored for as long as required by law. The above-mentioned processes affect everyone who contacts us via the provided communication channels.

Phone
When you call us, the call data is stored anonymously on the respective device and by the telecommunications provider used. Furthermore, data such as name and telephone number may subsequently be sent by email and stored to respond to inquiries. The data will be deleted as soon as the transaction has been completed and legal requirements permit.

E-Mail
If you communicate with us by email, data may be stored on the respective device and the email server. The data will be deleted as soon as the transaction has been completed and legal requirements permit.

Online form
If you communicate with us via an online form, data will be stored on our web server and, if necessary, forwarded to an email address of ours. The data will be deleted as soon as the transaction has been completed and legal requirements permit.

Legal basis
The processing of data is based on the following legal basis:
Article 6 (1) (a) GDPR (Consent): You give us your consent to store your data and to continue using it for the purposes related to the transaction;
6 (1) (b) GDPR (Contract): This is necessary to fulfill a contract with you or a processor, such as your telephone provider, or we need to process the data for pre-contractual activities, such as preparing an offer;
6 (1) (f) GDPR (Legitimate Interests): We want to handle customer inquiries and business communications in a professional setting. For this purpose, certain technical facilities, such as email programs, Exchange servers, and mobile operators, are necessary to enable efficient communication.

Data Processing Agreement (DPA)
Like most companies, we do not operate alone, but also utilize the services of other companies or individuals. By engaging various companies or service providers, we may share personal data for processing. These partners then act as data processors, with whom we enter into a contract, the so-called Data Processing Agreement (DPA). The most important thing for you to know is that the processing of your personal data is carried out exclusively in accordance with our instructions and must be regulated by the DPA.

As a company and website owner, we are responsible for all data we process from you. In addition to the controllers, there may also be so-called data processors. This includes any company or individual that processes personal data on our behalf. More precisely, and according to the GDPR definition: any natural or legal person, public authority, agency, or other body that processes personal data on our behalf is considered a data processor.

Webhosting
Data processed: IP address, time of website visit, browser used, and other data. Further details can be found below or from the respective web hosting provider.
Retention period: Depends on the respective provider, but generally 2 weeks
Legal basis: Art. 6 (1) (f) GDPR (Legitimate interests)
When the browser connects to your computer (desktop, laptop, tablet, or smartphone) and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data, and on the other hand, the web server must also store data for a period of time to ensure proper operation.
The purposes of data processing are:
Professional hosting of the website and securing operations
To maintain operational and IT security
Anonymous evaluation of access behavior to improve our services and, if necessary, for criminal prosecution or the pursuit of claims
The web server usually automatically stores data such as the complete internet address (URL) of the accessed website, browser and browser version, the operating system used, the address (URL) of the previously visited page (referrer URL), the host name and IP address of the device from which access was made, and the date and time in web server log files. The above-mentioned data is usually stored for 1-2 weeks and then automatically deleted. We do not share this data, but cannot rule out the possibility that this data may be viewed by authorities in the event of illegal behavior.

Legal Basis
The legality of the processing of personal data within the scope of web hosting arises from Art. 6 (1) (f) GDPR (protection of legitimate interests), as the use of professional hosting with a provider is necessary to present the company securely and user-friendly on the internet and to be able to pursue attacks and claims arising from this if necessary.
There is usually a contract for data processing between us and the hosting provider in accordance with Art. 28 f) GDPR, which ensures compliance with data protection and guarantees data security.

Website modular systems
Data processed: Data such as technical usage information such as browser activity, clickstream activity, session heatmaps, as well as contact details, IP address, or your geographical location. You can find more details further down in this privacy policy and in the privacy policy of the providers.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interests), Art. 6 (1) (a) GDPR (consent)
We use the Elementor website builder system from Elementor Ltd., a US provider, to create and edit this website. You can find more information about their terms and conditions here:
Elementor Terms Conditions
Elementor Cookie Policy
Elementor Privacy Policy

Right of objection
You always have the right to access, correct, and delete your personal data. If you have any questions, you can also contact the person responsible for the website modular system you use at any time. Contact details can be found either in our privacy policy or on the website of the respective provider. You can delete, deactivate, or manage cookies that providers use for their functions in your browser. Depending on the browser you use, this works differently. Please note, however, that not all functions may then work as usual.

Legal Basis
We have a legitimate interest in using a website builder system to optimize our online service and present it in an efficient and user-friendly manner. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use the builder if you have given your consent.
If the processing of data is not absolutely necessary for the operation of the website, the data will only be processed based on your consent. This particularly applies to tracking activities. The legal basis in this regard is Art. 6 (1) (a) GDPR.
With this privacy policy, we have provided you with the most important general information about data processing. If you would like more detailed information on this, you can find further information – if available – in the following section or in the provider’s privacy policy (see above).

WordPress.com
We use WordPress.com, a website builder, for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.
WordPress and Elementor process your data, among other places, in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the legality and security of data processing.
WordPress uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR) as the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular, in the USA) or for data transfers there. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through these clauses, WordPress undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. You can find the resolution and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The data processing agreements corresponding to the standard contractual clauses can be found at https://wordpress.com/support/data-processing-agreements/.
You can learn more about the data processed when using WordPress.com in the privacy policy.

Data Processing Agreement (DPA) WordPress.com
We have entered into a data processing agreement (DPA) with WordPress.com pursuant to Article 28 of the General Data Protection Regulation (GDPR). You can find out exactly what a DPA is and, above all, what must be included in a DPA in our general section “Data Processing Agreement (DPA).”
This agreement is required by law because WordPress.com processes personal data on our behalf. It clarifies that WordPress.com may only process data it receives from us according to our instructions and must comply with the GDPR. The link to the data processing agreement (DPA) can be found at https://wordpress.com/support/data-processing-agreements/.

Google Analytics
Data processed: Access statistics, which include data such as access locations, device data, access duration and time, navigation behavior, click behavior, and IP addresses. You can find more details further down in this privacy policy.
Storage period: depends on the properties used
Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)

We use the analysis tracking tool Google Analytics (GA) from the American company Google Inc. on our website. In Europe, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Google Analytics collects data about your actions on our website. For example, if you click on a link, this action is saved in a cookie and sent to Google Analytics. With the help of the reports we receive from Google Analytics, we can better tailor our website and service to your needs. Below, we will go into more detail about the tracking tool and inform you, above all, what data is saved and how you can prevent it. Google Analytics is used to analyze our website traffic. For Google Analytics to work, a tracking code is built into our website code. This code records various actions you perform on our website. As soon as you leave our website, this data is sent to the Google Analytics servers and stored there. Google processes the data, and we receive reports on your user behavior.

What data does Google Analytics store?
Google Analytics uses a tracking code to create a random, unique ID linked to your browser cookie. This allows Google Analytics to recognize you as a new user. The next time you visit our site, you will be recognized as a “returning” user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles. In order to analyze our website with Google Analytics, a property ID must be inserted into the tracking code. The data is then stored in the corresponding property. The Google Analytics 4 property is the default for every newly created property. Alternatively, you can also create the Universal Analytics property. Depending on the property used, data is stored for different lengths of time.
Identifiers such as cookies and app instance IDs are used to measure your interactions on our website. Interactions are all types of actions you perform on our website. If you also use other Google systems (such as a Google Account), data generated by Google Analytics may be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, approve this. Exceptions may apply where required by law.
The following cookies are used by Google Analytics:
Name: _ga
Value: 2.1326744211.152112240225-5
Purpose: By default, analytics.js uses the cookie _ga to store the user ID. It is primarily used to distinguish website visitors.
Expiry date: after 2 years
Name: _gid
Value: 2.1687193234.152112240225-1
Purpose: This cookie is also used to distinguish between website visitors.
Expiry date: after 24 hours
Name: _gat_gtag_UA_<property-id>
Value: 1
Purpose: Used to reduce the request rate. If Google Analytics is provided via Google Tag Manager, this cookie is named _dc_gtm_<property-id>.
Expiry date: after 1 minute
Name: AMP_TOKEN
Value: not specified
Purpose: This cookie contains a token that can be used to retrieve a user ID from the AMP Client ID service. Other possible values ​​indicate a logout, a request, or an error.
Expiry date: after 30 seconds up to one year
Name: __utma
Value: 1564498958.1564498958.1564498958.1
Purpose: This cookie can be used to track your behavior on the website and measure performance. The cookie is updated each time information is sent to Google Analytics.
Expiry date: after 2 years
Name: __utmt
Value: 1
Purpose: This cookie, like _gat_gtag_UA_<property-id>, is used to throttle the request rate.
Expiry date: after 10 minutes
Name: __utmb
Value: 3.10.1564498958
Purpose: This cookie is used to determine new sessions. It is updated each time new data or information is sent to Google Analytics.
Expiry date: after 30 minutes
Name: __utmc
Value: 167421564
Purpose: This cookie is used to establish new sessions for returning visitors. This is a session cookie and is only stored until you close the browser.
Expiry date: after closing the browser
Name: __utmz
Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/
Purpose: This cookie is used to identify the source of traffic to our website. This means that the cookie stores where you came to our website from. This could be another page or an advertisement.
Expiry date: after 6 months
Name: __utmv
Value: not specified
Purpose: This cookie is used to store custom user data. It is always updated when information is sent to Google Analytics.
Expiration date: after 2 years
Note: This list cannot claim to be complete, as Google continually changes its cookie choices.
Here we provide you with an overview of the most important data collected by Google Analytics:
Heatmaps: Google creates so-called heatmaps. Heatmaps show exactly the areas you click on. This gives us information about where you are on our site.
Session duration: Google defines the session duration as the time you spend on our site without leaving the page. If you have been inactive for 20 minutes, the session ends automatically.
Bounce rate: A bounce occurs when you view only one page on our website and then leave again.
Account creation: When you create an account or place an order on our website, Google Analytics collects this data.
IP address: The IP address is only displayed in abbreviated form so that a clear assignment is not possible. This process is also known as IP location determination.
Technical information: Technical information includes, among other things, your browser type, your internet provider, and your screen resolution.
Source: Google Analytics, or we, are naturally also interested in which website or advertisement you came to our site from.
Other data includes contact information, any ratings, the playback of media (e.g., when you play a video via our site), sharing content via social media, or adding content to your favorites. This list is not exhaustive and serves only as a general guide to data storage by Google Analytics.

How long and where is the data stored?
Most servers are located in the US, and consequently, your data is usually stored on US servers. You can find out exactly where Google’s data centers are located here: https://www.google.com/about/datacenters/locations/?hl=de
Your data is distributed across various physical storage devices. Every Google data center has appropriate emergency backup programs for your data. If, for example, Google’s hardware fails or natural disasters cripple servers, the risk of service interruption at Google remains low.
The data retention period depends on the properties used. When using the newer Google Analytics 4 properties, the retention period for your user data is set to 14 months. For other so-called event data, we have the option of choosing a retention period of 2 months or 14 months.
For Universal Analytics properties, Google Analytics defaults to a retention period of 26 months for your user data. After that, your user data is deleted. However, we have the option of choosing the retention period for user data ourselves. We have five options available for this:
Deletion after 14 months
Deletion after 26 months
Deletion after 38 months
Deletion after 50 months
No automatic deletion
In addition, there is also the option of data being deleted only if you no longer visit our website within the period we select. In this case, the retention period is reset each time you visit our website again within the specified period.
Once the specified period has expired, the data is deleted once a month. This retention period applies to your data linked to cookies, user recognition, and advertising IDs (e.g., cookies from the DoubleClick domain). Report results are based on aggregated data and are stored independently of user data. Aggregated data is the merging of individual data into a larger unit.
Under European Union data protection law, you have the right to access, update, delete, or restrict your data. You can prevent Google Analytics from using your data by using the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only disables data collection by Google Analytics.
If you want to deactivate, delete, or manage cookies, you will find the relevant links to the instructions for the most popular browsers under the “Cookies” section.

Legal Basis
The use of Google Analytics requires your consent, which we obtained through our cookie popup. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when data is collected using web analytics tools.
In addition to consent, we have a legitimate interest in analyzing the behavior of website visitors and thus improving our offering technically and economically. With the help of Google Analytics, we can detect website errors, identify attacks, and improve efficiency. The legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use Google Analytics if you have given your consent.
Google processes your data, among other places, in the USA. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can entail various risks to the legality and security of data processing.
Google uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR) as the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and therefore in particular in the USA) or for data transfers there. Standard contractual clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which refer to the standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/.
We hope we have been able to provide you with the most important information about data processing by Google Analytics. If you would like to learn more about the tracking service, we recommend these two links: https://marketingplatform.google.com/about/analytics/terms/de/ and https://support.google.com/analytics/answer/6004245?hl=de.

Web design
Data processed: Which data is processed depends largely on the services used. This usually includes IP address, technical data, language settings, browser version, screen resolution, and browser name. Further details can be found in the respective web design tools used.
Retention period: Depends on the tools used
Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests)
When you visit our website, web design elements may be integrated into our pages that can also process data. The exact type of data depends heavily on the tools used. Fonts such as Google Fonts, for example, also automatically transmit information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google’s servers.

Duration of data processing
How long data is processed varies greatly from person to person and depends on the web design elements used. For example, if cookies are used, the retention period can be as little as one minute or as long as several years. Please familiarize yourself with this. We recommend reading our general section on cookies as well as the privacy policies of the tools used. There you will usually find out which cookies are used and what information is stored in them. Google Font files, for example, are stored for one year. This is intended to improve a website’s loading time. In principle, data is only stored for as long as necessary to provide the service. If legally required, data can be stored for longer.
Right of objection
You also have the right and the option to revoke your consent to the use of cookies or third-party providers at any time. You can also prevent data collection through cookies by managing, deactivating, or deleting cookies in your browser. However, some web design elements (usually fonts) also contain data that cannot be deleted quite so easily. This is the case when data is automatically collected when a page is accessed and transmitted to a third-party provider (such as Google). In this case, please contact the support of the respective provider. In the case of Google, you can reach support at https://support.google.com/?hl=de.

Legal Basis
If you have consented to the use of web design tools, the legal basis for the corresponding data processing is this consent. According to Art. 6 (1) lit. a GDPR (Consent), this consent constitutes the legal basis for the processing of personal data that may occur when such web design tools are used.
In addition, we also have a legitimate interest in improving the web design of our website. After all, this is the only way we can provide you with a visually appealing and professional online offering. The corresponding legal basis in this case is Art. 6 (1) lit. f GDPR (Legitimate Interests).
Nevertheless, we only use web design tools if you have given your consent. We want to emphasize this once again.
Information about specific web design tools can be found – if available – in the following sections.

Adobe Fonts
We use Adobe Fonts, a web font hosting service, on our website. The service provider is the American company Adobe Inc. The Irish company Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland, is responsible for the European region.
Adobe also processes your data in the USA, among other places. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can entail various risks to the legality and security of data processing.
Adobe uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR) as the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e., in particular, the USA) or for data transfers there. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the USA). Through these clauses, Adobe undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
More information about the data processed and the standard contractual clauses at Adobe can be found at https://www.adobe.com/de/privacy/eudatatransfers.html.

Google Fonts
Data processed: Data such as IP address and CSS and font requests
More details can be found further down in this privacy policy.
Retention period: Font files are stored by Google for one year
Legal basis: Art. 6 (1) (a) GDPR (consent), Art. 6 (1) (f) GDPR (legitimate interests).
We use Google Fonts on our website. These are the “Google Fonts” of Google Inc. For the European region, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for all Google services.
You do not need to log in or enter a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google Account, you don’t need to worry about your Google Account data being transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely. We’ll look at exactly how this data storage works later.

What data does Google store?
When you visit our website, the fonts are loaded via a Google server. This external request transmits data to the Google servers. This is how Google recognizes that you or your IP address are visiting our website. The Google Fonts API was developed to reduce the use, storage, and collection of end-user data to what is necessary for proper font provision. API stands for “Application Programming Interface” and serves, among other things, as a data transmitter in the software sector.
Google Fonts securely stores CSS and font requests with Google and is thus protected. The collected usage figures allow Google to determine how well individual fonts are received. Google publishes the results on internal analysis sites, such as Google Analytics. Google also uses data from its own web crawler to determine which websites use Google Fonts. This data is published in the Google Fonts BigQuery database. Entrepreneurs and developers use the Google web service BigQuery to examine and manipulate large amounts of data.
It’s important to note, however, that every Google Font request automatically transmits information such as language settings, IP address, browser version, browser screen resolution, and browser name to Google’s servers. Whether this data is actually stored is unclear, and Google doesn’t clearly communicate it.

How long and where is the data stored?
Google stores requests for CSS assets for one day on its servers, which are primarily located outside the EU. This allows us to use the fonts using a Google stylesheet. A stylesheet is a format template that allows you to quickly and easily change, for example, the design or font of a website.
The font files are stored by Google for one year. Google’s goal is to fundamentally improve the loading time of websites. If millions of websites link to the same fonts, they are cached after the first visit and immediately appear on all other websites visited subsequently. Google sometimes updates font files to reduce file size, increase language coverage, and improve design.

How can I delete my data or prevent data storage?
The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when a page is accessed. To delete this data prematurely, you must contact Google Support at https://support.google.com/?hl=detid=112240225. In this case, you can only prevent data storage if you do not visit our site.
Unlike other web fonts, Google allows us unrestricted access to all fonts. This gives us unlimited access to a sea of fonts and thus gets the most out of our website. You can find more information about Google Fonts and other questions at https://developers.google.com/fonts/faq?tid=112240225. While Google addresses data protection-related issues there, it does not contain truly detailed information about data storage. It is relatively difficult to obtain truly precise information about stored data from Google.

Legal basis
If you have consented to the use of Google Fonts, this consent forms the legal basis for the corresponding data processing. According to Art. 6 (1) (a) GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when data is collected by Google Fonts.
We also have a legitimate interest in using Google Fonts to optimize our online service. The corresponding legal basis for this is Art. 6 (1) (f) GDPR (legitimate interests). However, we only use Google Fonts if you have given your consent.
Google processes your data, among other places, in the USA. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. This can entail various risks to the legality and security of data processing.
Google uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR) as the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, and therefore in particular in the USA) or for data transfers there. Standard contractual clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Google undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The Google Ads Data Processing Terms, which also correspond to the standard contractual clauses for Google Fonts, can be found at https://business.safety.google/adsprocessorterms/.
You can also read about the data Google generally collects and what this data is used for at https://www.google.com/intl/de/policies/privacy/.
Google Fonts Local Privacy Policy
We use Google Fonts from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for the European region. We have integrated the Google Fonts locally, i.e., on our web server – not on Google’s servers. This means there is no connection to Google servers and therefore no data transfer or storage.
The texts are protected by copyright in their original form. Source: AdSimple privacy generator.