Data privacy

The following data protection declaration informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as ‘data’) within our online offer. Likewise, via the websites, functions and content linked to it as well as external online presences, such as our social media profiles, data upload portals, etc. (hereinafter collectively referred to as ‘Online Offer’).
With regard to the terms used, such as ‘processing’ or ‘controller’, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Responsible

Types of data to be processed

| Inventory data, e.g. name, address, etc.
| Contact details, e.g. e-mail, telephone number etc.
| Content data, e.g. text entries, photographs, videos, etc.
| Usage data, e.g. websites visited, interest in content, access time, etc.
| Meta/communication data, e.g. device information, IP address etc.

Purpose of the processing

Categories of persons concerned

Visitors and users of the online offer, hereinafter collectively referred to as ‘users’

Terms used

Personal data means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and encompasses virtually all handling of data.

The processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person. (Pseudonymisation)

Any type of automated processing of personal data consisting in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location. (profiling)

‘Controller’ means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant legal bases

In accordance with Art. 13 DSGVO, we inform you about the legal basis of our data processing. If the legal basis is not stated in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for the processing for the fulfilment of our services and implementation of contractual measures as well as answering enquiries is Art. 6 Para. 1 lit. b DSGVO, the legal basis for processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c DSGVO, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (2) of the Data Protection Act shall apply. 1 lit. d DSGVO as the legal basis.

Security measures

We shall take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DSGVO).

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies, e.g. order processors or third parties, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission.

If we commission third parties with the processing of data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 DSGVO.

Transfers to third countries

If we process data in a third country outside the European Union or the European Economic Area, or if we do so in the context of using third-party services or disclosing or transferring data to third parties, this will only be done if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests.

Rights of data subjects

You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 DSGVO.

You have accordingly. Art. 16 DSGVO the right to request that the data concerning you be completed or that the inaccurate data concerning you be corrected.

In accordance with Article 17 of the GDPR, you have the right to demand that the data concerned be deleted without delay or, alternatively, to demand restriction of the processing of the data in accordance with Article 18 of the GDPR.

You have the right to request to receive the data concerning you that you have provided to us in accordance with Article 20 of the GDPR and to request that it be transferred to other data controllers.

They also have the right to Article 77 of the GDPR the right to lodge a complaint with the competent supervisory authority.

Right of withdrawal

You have the right to give consent in accordance with Art. 7 para. 3 DSGVO with effect for the future.

Right of objection

You may object to the future processing of data relating to you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against processing for the purpose of direct advertising.

Cookies and right to object to direct advertising

‘Cookies’ are small files that are stored on the user’s computer. Different information can be stored within the cookies. The primary purpose of a cookie is to store information about a user or the device on which the cookie is stored during or after his/her visit to an online service. Temporary cookies, session cookies or transient cookies are cookies that are deleted after a user leaves an online service and closes his/her browser. In such a cookie, for example, the contents of a shopping basket in an online shop or a login status can be stored. Permanent or “persistent cookies are cookies that remain stored even after the browser is closed. For example, the login status can be saved if users visit the site after several days. Likewise, the interests of users can be stored in such a cookie and used for reach measurement or marketing purposes.

We may use temporary and permanent cookies and will inform you about this in our privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional restrictions of this online offer.

Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that you may then not be able to use all the functions of this online service.

Data deletion

The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.
According to legal requirements in Austria, the storage is carried out in particular for 7 years pursuant to § 132 para. 1 BAO.

Contact us

When contacting us, e.g. via contact form, email, telephone or social media, your data will be used for processing the contact request and its handling pursuant to Art. 6 para. 1 lit. b. (in the context of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. (other enquiries) DSGVO. This information may be stored in a customer relationship management system (“CRM system”) or comparable enquiry organisation.

We delete the enquiries if they are no longer required; furthermore, the statutory archiving obligations apply.

Collection of access data and log files

We, or our hosting provider, collect data on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. DSGVO data about each access to the server on which this service is located. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider. Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called ‘cookies’. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

You can prevent the collection of your data by Google Analytics by deactivating Google Analytics.

Integration of third-party services and content

We use content or service offers from third-party providers within our online offer on the basis of our legitimate interests (in the analysis, optimisation and economic operation of our online offer). This always assumes that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is thus required for the display of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online services, as well as being linked to such information from other sources.