Data protection

We have this Privacy Policy (version

19.12.2022-122365776) to you in accordance with the specifications of

General Data Protection Regulation (EU) 2016/679 and applicable national laws

to explain which personal data (in short data) we as

- and the processors commissioned by us (e.g. providers) -

process, will process in the future and what lawful options

They have. The terms used are to be understood as gender-neutral.

In short: We inform you comprehensively about data that

we process about you.

Privacy statements usually sound very technical

and use legal terminology. This privacy policy is intended to give you

the most important things as simply and transparently as possible

describe. As far as it is conducive to transparency, technical

Terms explained in a reader-friendly way, links to further information

offered and graphics used. We are providing information in a clear and

simple language that we use in our business operations only

process personal data if a corresponding statutory

basis is given. This is certainly not possible if you use the most concise,

makes unclear and legal-technical statements, such as those on the Internet

are often standard when it comes to data protection. I hope you find them

following explanations interesting and informative and perhaps the one

or other information that you did not know.

If you still have questions, we would like to ask you

to contact the responsible office named below or in the imprint

to follow existing links and get more information on third-party sites

to watch. Our contact details can of course also be found in the imprint.

scope of application

This privacy policy applies to all of us in the

companies processed personal data and for everyone

Personal data that companies commissioned by us (contract processors)

process. By personal data we mean information within the meaning of

Art. 4 No. 1 GDPR such as name, e-mail address and postal address

address of a person. The processing of personal data ensures

that we can offer and bill our services and products,

be it online or offline. The scope of this privacy policy


All online presences (websites, online shops) that we


Social media appearances and email communication

mobile apps for smartphones and other devices

In short: the privacy policy applies to everyone

Areas in which personal data in the company beyond the mentioned

Channels are processed in a structured way. Should we use outside of these channels

enter into legal relationships with you, we will contact you separately if necessary


legal bases

In the following data protection declaration we give you

transparent information on the legal principles and regulations,

i.e. the legal basis of the General Data Protection Regulation, which enables us

to process personal data.

As far as EU law is concerned, we refer to the


April 2016. This EU General Data Protection Regulation allows you to

of course online on EUR-Lex, the gateway to EU law


We only process your data if at least one of the

the following conditions apply:

Consent (Article 6 Paragraph 1 lit. a GDPR): You have

you have given us your consent to process data for a specific purpose.

An example would be storing your entered data

contact form.

Contract (Article 6 Paragraph 1 lit. b GDPR): To a contract

or to fulfill pre-contractual obligations with you, we process

Your data. For example, if we enter into a purchase agreement with you,

we need personal information in advance.

Legal obligation (Article 6 Paragraph 1 lit. c GDPR):

If we are subject to a legal obligation, we process yours

Data. For example, we are required by law to provide invoices for the

cancel accounting. These usually contain personal data.

Legitimate interests (Article 6 paragraph 1 lit. f GDPR): Im

Case of legitimate interests that do not limit your fundamental rights,

we reserve the right to process personal data. We have to go

For example, we process certain data to make our website safe and efficient

to operate efficiently. This processing is therefore legitimate


Other conditions such as the perception of recordings in the

public interest and exercise of official authority as well as protection
more vital

As a rule, interests do not arise with us. As far as such

Should the legal basis be relevant, it will be attached to the corresponding

Position designated.

In addition to the EU regulation, national regulations also apply


In Austria, this is the federal law for protection

natural persons in the processing of personal data

(Data Protection Act), DSG for short.

In Germany, the Federal Data Protection Act, BDSG for short, applies.

If other regional or national laws on

apply, we will inform you about this in the following sections.

Contact details of the person responsible

If you have any questions about data protection or processing

personal data, you will find the contact details of the below

Responsible person or body:

Celesteau eU

Alexander Nemeth

storage duration

That we only store personal data for as long as

it is essential for the provision of our services and products

necessary is a general criterion for us. That means we

delete personal data as soon as the reason for data processing

is no longer available. In some cases we are legally required to do so

obliged to provide certain data even after the original purpose has ceased to exist

store, for example for accounting purposes.

If you wish your data to be deleted or

Revoked consent to data processing, the data will be deleted as soon as possible

possible and as far as there is no obligation to save, deleted.

About the specific duration of the respective data processing

we will inform you below if we have further information on this.

Rights under the General Data Protection Regulation

According to Article 13, 14 GDPR we inform you about the

the following rights to which you are entitled in order to ensure fair and

transparent processing of data comes:

According to Article 15 GDPR, you have a right to information about

whether we process data from you. If that's the case, you're right

to receive a copy of the data and the following information


for what purpose we carry out the processing;

the categories, i.e. the types of data that are processed


who receives this data and if the data is sent to third countries

communicated how security can be guaranteed;

how long the data is stored;

the existence of the right to rectification, erasure or

Restriction of processing and the right to object to the


that you can complain to a supervisory authority

(See below for links to these authorities);

the origin of the data if we did not collect it from you


whether profiling is carried out, i.e. whether data is automatic

be evaluated in order to get a personal profile of you.

According to Article 16 GDPR, you have the right to rectification

of the data, which means we need to get data straight if you

Find mistakes.

According to Article 17 GDPR, you have the right to erasure

(“Right to be forgotten”), which specifically means that you request deletion

may request your data.

According to Article 18 GDPR, you have the right to restriction

of processing, which means that we are only allowed to store the data

but do not continue to use it.

According to Article 20 GDPR, you have the right to

Data portability, which means that we can send your data to you upon request

make it available in a common format.

According to Article 21 GDPR, you have a right of objection,

which, once enforced, will result in a change in processing.

If the processing of your data is based on Article 6 Para. 1 lit.

e (public interest, exercise of official authority) or Article 6 paragraph 1

lit. f (legitimate interest), you can object to the processing

file an objection. We will then check as soon as possible whether we can

be able to legally comply with the objection.

If data is used to operate direct mail,

you can object to this type of data processing at any time. We

may no longer use your data for direct marketing thereafter.

If data is used to conduct profiling,

You can object to this type of data processing at any time. We may

No longer use your data for profiling after that.

According to Article 22 GDPR, you may have the right

not one based solely on automated processing (e.g

profiling) based decision to be subjected.

According to Article 77 GDPR, you have the right to lodge a complaint.

This means that you can complain to the data protection authority at any time,

if you think that the data processing of personal

data violates the GDPR.

In short: you have rights - don't hesitate, the above

listed responsible body to contact us!

If you believe that the processing of your data is against

violates data protection law or your data protection claims in

otherwise have been injured in any way, you can contact the

complain to the supervisory authority. This is the data protection authority for Austria,

whose website can be found at In Germany there are

a data protection officer for each federal state. For more information

you can contact the Federal Commissioner for Data Protection and the

Freedom of Information (BfDI). For our company is the following

local data protection authority responsible:

Explanation of terms used

We always strive to make our privacy policy as clear

and make it as understandable as possible. Especially with technical and

However, this is not always easy when it comes to legal issues. It often does

Sense legal terms (such as personal data) or specific

to use technical expressions (e.g. cookies, IP address). we want

but do not use them without explanation. Below you will find one

alphabetical list of important terms used in the

previous data protection declaration may not have been sufficiently addressed

are. If these terms were taken from the GDPR and it is

When it comes to definitions of terms, we will also cite the GDPR texts here and

add your own explanations if necessary.


Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Consent" of the data subject each voluntarily for

the specific case, given in an informed manner and unequivocally

Expression of will in the form of a declaration or another clear one

affirmative action by which the data subject indicates that

them with the processing of their personal data


Explanation: This is usually done for websites

Consent via a cookie consent tool. I'm sure you know that. Always when

When you visit a website for the first time, a banner will usually ask you

whether you agree or consent to the data processing. Most of the time you can too

Make individual settings and decide for yourself which ones

Data processing you allow and which not. If you do not consent

no personal data from you may be processed.

In principle, consent can of course also be in writing, i.e. not

via a tool.

Personal Data

Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

“Personal Data” any information relating to

an identified or identifiable natural person (hereinafter

“data subject”; a natural person becomes identifiable

viewed directly or indirectly, in particular by means of assignment to a

identifier such as a name, to an identification number, to location data, to a

Online identifier or one or more special characteristics that expression

the physical, physiological, genetic, psychological, economic,

cultural or social identity of this natural person,

can be identified;

Explanation: Personal data is therefore all those

Data that can identify you as an individual. This is usually data

such as:



E-mail address

postal address

phone number

birth date

Identification numbers such as social security number,

Tax identification number, identity card number or matriculation number

Bank details such as account number, credit information, account balances

and much more

According to the European Court of Justice (ECJ), yours counts too

IP address to the personal data. IT professionals can use your

IP address at least the approximate location of your device and subsequently

identify you as the subscriber. Therefore, saving also requires a

IP address has a legal basis within the meaning of the GDPR. There are also

"special categories" of personal data, which are also special

are worth protecting. These include:

racial and ethnic origin

political opinions

religious or ideological beliefs

union membership

genetic data such as data derived from blood

or saliva samples are taken

Biometric data (this is information about psychological,

physical or behavioral characteristics that identify an individual


health data

Data related to sexual orientation or sex life


Definition according to Article 4 of the GDPR

For the purposes of this Regulation, the term means:

"Profiling" any type of automated processing

personal data, which consists in that this personal data

used to describe certain personal aspects that relate to a

natural person relate, to evaluate, in particular to aspects regarding

work performance, economic situation, health, personal preferences,

Interests, reliability, behavior, whereabouts or relocation of these

analyze or predict a natural person;

Explanation: When profiling, different

Gathers information about a person to learn more about them

person to experience. On the web, profiling is often used for advertising purposes or

also used for credit checks. Collect web and/or advertising analysis programs

for example data about your behavior and your interests on a website.

This results in a special user profile with the help of which advertising is targeted

can be played out to a target group.