PLEASE READ THESE TERMS CAREFULLY AND COMPLETELY.
In a nutshell, the information we may collect, store and use is to enable ongoing business relations – to facilitate trading and general correspondence with your employees. Our information systems backup and store all information in a secure, off-site and encrypted environment which only nista.io can access.
The responsible body for data processing on this website is:
Campfire Solutions GmbH
(in short “nista.io”)
For any questions and/or request, please use the following Email Address to get in touch with our team: firstname.lastname@example.org
nista.io is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).
Unfortunately, these subjects sound rather technical due to their nature, but we have put much effort into describing the most important things as simply and clearly as possible.
Information we collect
In order for us to process business we collect customer and supplier registered company details which will include name and contact details (such as email, physical address and telephone numbers, VAT number, banking details). In certain instances, we may also collect additional names and contact details (as per above) dependent on customer or supplier services required.
Server log files
In server log files, the provider of the website automatically collects and stores information that your browser automatically transmits to us. These are:
• Paged visited on our domain
• Date and time of the server request
• Browser type and browser version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• IP address
These data are not merged with other data sources. The data processing is based on Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
Who we share your information with?
We do not sell your information to anyone and only pass it to our trusted partners and service providers who work with us to run our business.
We may pass your information to:
• Service providers who work for us, such as cloud providers
• Subsidiary companies who work with us in providing services
• Regulatory bodies, courts and law enforcement agencies
• Our partner companies to supply services and/or where there is a complaint or query
How long do we keep your personal Information?
How long we keep your personal information depends on why we have it and what we are doing with it:
• We keep records of any dealings you have with us or our partner companies so that we can respond to any complaints or disputes that may arise
• We will keep other personal information about you if it is necessary for us to do so to comply with the law
Rights in accordance with the General Data Protection Regulation
You are granted the following rights in accordance with the provisions of the GDPR (General Data Protection Regulation) and the Austrian Data Protection Act (DSG):
- to rectification (article 16 GDPR)
- to erasure (“right to be forgotten“) (article 17 GDPR)
- right to restrict processing (article 18 GDPR)
- notification – notification obligation regarding rectification or erasure of personal data or restriction of processing (article 19 GDPR)
- right to data portability (article 20 GDPR)
- right to object (article 21 GDPR)
- right not to be subject to a decision based solely on automated processing – including profiling – (article 22 GDPR)
If you think that the processing of your data violates the data protection law, or that your data protection rights have been infringed in any other way, you can lodge a complaint with your respective regulatory authority. For Austria, this is the data protection authority, whose website you can access at https://www.data-protection-authority.gv.at/.
What exactly are cookies?
Every time you surf the internet, you use a browser. Common browsers are for example Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies.
Cookies save certain parts of your user data, such as, e.g. language or personal page settings. When you re-open our website, your browser submits these “user specific” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers every cookie has its own file, in others, such as Firefox, all cookies are stored in one single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites (e.g. Piwik Pro). Every cookie is individual, since every cookie stores different data. The expiration time of a cookie also varies – it can be a few minutes, or up to a few years. Cookies are no software-programs and contain no computer viruses, Trojans or any other malware. Cookies also cannot access your PC’s information.
Data transmitted via the contact form will be stored, including your contact data in order to be able to process your request or to be available for follow-up questions.
The data entered in the contact form will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you request deletion, revoke your consent to storage, or until data storage is no longer necessary. Mandatory legal provisions – in particular retention periods – remain unaffected.
TLS encryption with https
We use https to transfer information on the internet in a tap-proof manner (data protection through technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information. You can recognize the use of this safeguarding tool by the little lock-symbol, which is situated in your browser’s top left corner, as well as by the use of the letters https (instead of http) as a part of our web address.
On our website we use Google Fonts, from the company Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).
What are Google Fonts?
Google Fonts (previously Google Web Fonts) is a list of over 800 fonts which Google provides its users for free.
We use Piwik PRO Analytics Suite as our website/app analytics software and consent management tool. We collect data about website visitors based on cookies. The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. See the scope of data collected by Piwik PRO.
We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyze visitor behavior, show personalized content and run online campaigns.
We host our solution on Microsoft Azure in Germany/Netherlands/United States/Singapore/ElastX in Sweden, and the data is stored for 14/25 months.
The purpose of data processing: analytics and conversion tracking based on consent. Legal basis: Art. 6 (1)(a) GDPR.
We have integrated YouTube videos to our website. Therefore, we can show you interesting videos directly on our site. YouTube is a video portal, which has been a subsidiary company of Google LLC since 2006. The video portal is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page on our website that contains an embedded YouTube video, your browser automatically connects to the servers of YouTube or Google. Thereby, certain data are transferred (depending on the settings). Google is responsible for YouTube’s data processing and therefore Google’s data protection applies.
In the following we will explain in more detail which data is processed, why we have integrated YouTube videos and how you can manage or clear your data.
What data is stored by YouTube?
As soon as you visit one of our pages with an integrated YouTube video, YouTube places at least one cookie that stores your IP address and our URL. If you are logged into your YouTube account, by using cookies, YouTube can usually associate your interactions on our website with your profile. This includes data such as session duration, bounce rate, approximate location, technical information such as browser type, screen resolution or your Internet provider. Additional data can include contact details, potential ratings, shared content via social media or YouTube videos you added to your favorites.
If you are not logged in to a Google or YouTube account, Google stores data with a unique identifier linked to your device, browser or app. Thereby, e.g. your preferred language setting is maintained. However, many interaction data cannot be saved since fewer cookies are set.
What is Django CMS?
Django CMS is an open-source tool management tool and is used for our website nista.io. In another word we can say that it is a web-based framework, and it provides different types of features to the user such as editing of the frontend, reusability of different plugins, it also provides the flexible architecture to the user, search engine optimization, etc.
A CMS is a Content Management System. This framework allows its client to add, alter and erase the substance according to the client’s will. The substance we are discussing is an advanced substance. It incorporates text and pictures. The CMS gives a connection point that can be effortlessly utilized by clients to keep up with their sites. The client need not be comfortable with backend advancements.
By default, Django stores files locally, using the MEDIA_ROOT and MEDIA_URL settings.
What is reCAPTCHA?
Why do we use reCAPTCHA on our website?
We only want to welcome flesh and blood people on our site. Bots or spam software of any kind can safely stay at home. That's why we pull out all the stops to protect ourselves and offer the best possible user experience for you. For this reason we use Google reCAPTCHA from Google. This way we can be pretty sure that we remain a "bot-free" website. By using reCAPTCHA, data is sent to Google to determine whether you are actually human. reCAPTCHA therefore serves the security of our website and, by extension, your security. For example, without reCAPTCHA, it could happen that a bot registers as many e-mail addresses as possible during registration in order to "spam" forums or blogs with unwanted advertising content. With reCAPTCHA we can avoid such bot attacks.
What data is stored by reCAPTCHA?
reCAPTCHA collects personal data from users to determine whether the actions on our website really come from people. Thus, the IP address and other data required by Google for the reCAPTCHA service may be sent to Google. IP addresses are almost always shortened beforehand within the member states of the EU or other contracting states to the Agreement on the European Economic Area before the data ends up on a server in the USA. The IP address is not combined with other data from Google unless you are logged in with your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube. Gmail, etc.) are already placed on your browser. Then, reCAPTCHA places an additional cookie on your browser and collects a snapshot of your browser window.
The following list of collected browser and user data, does not claim to be exhaustive. Rather, it is examples of data that, to our knowledge, are processed by Google.
- Referrer URL (the address of the page from which the visitor comes)
- IP address (e.g. 2188.8.131.52)
- Info about the operating system (the software that allows your computer to operate. Known operating systems are Windows, Mac OS X or Linux).
- Cookies (small text files that store data in your browser).
- Mouse and keyboard behavior (every action you perform with the mouse or keyboard is stored).
- Date and language settings (which language or date you have preset on your PC is saved)
- Screen resolution (shows how many pixels the image display consists of)
It is undisputed that Google uses and analyzes this data even before you click on the "I am not a robot" checkbox. With the Invisible reCAPTCHA version even the ticking is omitted and the whole recognition process runs in the background. How much and which data Google stores exactly, Google does not tell you in detail. The following cookies are used by reCAPTCHA: Here we refer to the reCAPTCHA demo version from Google at www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes. Here is a list of cookies that Google reCAPTCHA has set on the demo version:
Purpose: This cookie is set by the DoubleClick company (also owned by Google) to register and report a user's actions on the website in dealing with advertisements. In this way, advertising effectiveness can be measured and appropriate optimization measures can be taken. IDE is stored in browsers under the domain doubleclick.net.
Expiration date: after one year
Purpose: This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. Furthermore, the cookie can be used to prevent a user from seeing the same ad more than once.
Expiration date: after one month
Expiration date: after 9 months
Purpose: The cookie stores the status of a user's consent to use different services provided by Google. CONSENT is also used for security purposes to verify users, prevent credential fraud, and protect user data from unauthorized attacks.
Expiration date: after 19 years
Purpose: NID is used by Google to customize ads to your Google search. With the help of the cookie, Google "remembers" your most typed search queries or your previous interaction with ads. This way, you always get tailored ads. The cookie contains a unique ID to collect personal settings of the user for advertising purposes.
Expiration date: after 6 months
Purpose: Once you tick the "I am not a robot" box, this cookie will be set. The cookie is used by Google Analytics for personalized advertising. DV collects information in anonymous form and is further used to make user distinctions.
Expiration date: after 10 minutes
Note: This list cannot claim to be complete, as Google's experience shows that it changes the choice of its cookies time and again.
How long and where is the data stored?
By inserting reCAPTCHA, data is transferred from you to the Google server. Where exactly this data is stored, Google does not make clear, even after repeated requests. Without having received confirmation from Google, it can be assumed that data such as mouse interaction, time spent on the website or language settings are stored on Google's European or American servers. The IP address that your browser transmits to Google is generally not merged with other Google data from other Google services. However, if you are logged into your Google account while using the reCAPTCHA plug-in, the data will be merged. The deviating data protection provisions of the Google company apply to this.
How can I delete my data or prevent data storage?