Privacy and Data Protection Policy
Types of processed data
- Inventory data (e.g., names, addresses).
- contact information (e.g., e-mail, phone numbers).
- content data (e.g., text input, photographs, videos).
- usage data (e.g., websites visited, interest in content, access times).
- Meta / communication data (e.g., device information, IP addresses).
Categories of affected persons
Visitors and users of the online service (hereinafter we refer to the affected persons as "users").
Purpose of processing
- Provision of the online service, its functions and contents.
- Answering contact requests and communicating with users.
- Audience measurement / Marketing
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter the "data subject"); a natural person is considered as directly or indirectly identifiable, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more special features, that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
"Processing" means any process performed with or without the aid of automated procedures or any such process steps associated with personal data. The term is far reaching and includes virtually every handling of data.
"Responsible person" means the natural or legal person, public authority, body or organization that decides, alone or in concert with others, on the purposes and means of processing personal data.
Relevant legal bases
In accordance with Art. 13 GDPR we inform you about the legal basis of our data processing.
Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) lit. b GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f GDPR. In such a case as vital interests of the data subject or another natural person require the processing of personal data, Art. 6 paragraph 1 lit. d GDPR is the legal basis.
Collaboration with contractor data processors and third parties
If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to such or otherwise grant access to the data, such disclosure or transmission is done exclusively on the basis of a legal permission (e.g. if a transmission of the data to third parties is required by payment service providers to fulfill the contract, pursuant to Art. 6 (1) (b) GDPR), because you have consented to the disclosure, because of a legal obligation or based on our legitimate interests (e.g. the use of agents, web hosters, etc.).
If we commission third parties to process data on the basis of a so-called "contract processing contract", this is done on the basis of Art. 28 GDPR.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this is done in the context of the use of third party services or disclosure or transmission of data to third parties, such processing or disclosure will only be done to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.
We process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR or subject to legal or contractual permissions. This means the processing is done, e.g., on the basis of specific guarantees, such as the officially recognized level of data protection (e.g. in case of the US via the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of data subjects
In accordance with Art. 15 GDPR you have the right to ask for a confirmation as to whether the relevant data is being processed as well as the right to information on this data and to further information and a copy of the data.
In accordance with Art. 16 GDPR you have the right to demand the completion of data concerning you or the correction of incorrect data concerning you.
In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted without delay, or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.
You have the right to demand that the data which you have provided to us and which is relating to you, be made available to you in accordance with Art. 20 GDPR and also request their transmission to other persons responsible.
In accordance with Art. 77 GDPR you have the right to file a complaint with the competent supervising authority.
In accordance with. Art. 7 para. 3 GDPR you have the right to revoke granted consent with effect for the future.
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may be made in particular to data processing for direct marketing purposes.
Cookies and right to object to direct mailing
"Cookies" are small files that are stored on users computers. Various information can be stored within the cookies. A cookie serves primarily to store the information about a user (or the device on which the cookie is stored) during or after his visit to an online service.
Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online service and closes his browser. In such a cookie, e.g. the contents of a shopping cart are stored in an online store or a login status.
The term "permanent" or "persistent" refers to cookies that remain stored after the browser has been closed. In such cookies, e.g. the login status stays saved if users visit the site after several days. The interests of the users can also be stored in such cookies, and they can be used for range measurement or marketing purposes.
A "third-party cookie" refers to cookies that are used by providers other than the person responsible for managing the online service (Cookies used by the online service itself are called "first-party cookies").
If users do not want cookies to be stored on their computer, they are asked to disable the relevant option in their browser's system settings. Cookies already saved can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional restrictions of this online service.
Deletion of data
According to legal regulations in Austria relevant data is stored specifically for 7 years according to § 132 paragraph 1 BAO (accounting documents, receipts / invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate and for 10 years in the case of documents related to electronically supplied services, telecommunications, broadcasting and television services provided to non-EU companies in EU Member States to which the Mini-One-Stop-Shop (MOSS) is applied.
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage and database services, collateral and technical maintenance services, all of which we use to operate this online service.
In the course of this we, respectively our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in an efficient and secure provision of this online service according to Art. 6 para. 1 lit. f GDPR i.V.m. Art. 28 GDPR (conclusion of contract processing contract).
Collection of access data and logfiles
We, respectively our hosting provider, collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the page previously visited), IP address and the requesting provider.
Logfile information is stored for security reasons (e.g. to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data the which of further retention is required for evidence purposes is excluded from the deletion until final clarification of the respective incident.
Users can optionally create a user account. Within the registration process, the mandatory necessary information is communicated to the users. The data entered during registration will be used for the purpose of using the website services.
Users may be informed by e-mail about service or registration-related information, such as changes in the scope of the service or technical circumstances. If users have terminated their user account, their data will be deleted with regard to the user account, unless their retention is necessary for commercial or tax law reasons according to Art. 6 para. 1 lit. c GDPR.
It is the responsibility of the users to save their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period.
In the context of the use of our registration and login functions as well as the use of user accounts, we store the IP address and the time of the respective user action.
This storage is on the basis of our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation for this in accordance with. Art. 6 para. 1 lit. c GDPR. The IP addresses are anonymized or deleted after 7 days at the latest.
When contacting us (for example, by contact form, e-mail, telephone or via social media) the information of the user to process the contact request and its management is processed acc. to Art. 6 para. 1 lit. b) GDPR. The user information can be stored in a Customer Relationship Management System ("CRM System") or a comparable request management system.
We delete the requests once they are no longer required. We check this requirement every two years. Furthermore, the legal obligations for archiving apply.
In the following section, we inform you about the content of our newsletter as well as the registration, shipping and statistical evaluation procedures for it as well as your right of objection.
By subscribing to our newsletter, you consent to the receipt and the procedures described.
Content of the newsletter:
We will send newsletters, e-mails and other electronic notifications with promotional information (thereafter "newsletter") only with the consent of the recipient or a legal permission to do so.
Insofar as the contents of a newsletter are concretely described, they are relevant for the consent of the users. Apart from this our newsletters contain information about our services and us.
Double opt-in and logging of the registration:
Registration for our newsletter takes place in a so-called double-opt-in procedure. I.e. you will receive an e-mail asking you to confirm your registration after registration. This confirmation is necessary so that nobody can register with external e-mail addresses.
The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address.
In case this applies any changes of your data stored with the shipping service provider are also logged.
In order to register for the newsletter, it is sufficient for you to enter your e-mail address. We optionally ask you a name for the purpose of personally addressing the newsletter as applicable.
The dispatch of the newsletter and the related performance measurement is based on a consent of the recipients acc. Art. 6 para. 1 lit. a, Art. 7 GDPR and the relevant articles of Austrian telecommunication law.
The logging of the registration process is based on our legitimate interests in accordance with. Art. 6 para. 1 lit. f GDPR. Our interest lies in the use of a user-friendly and secure newsletter system, which serves our business interests as well as the expectations of the users and also allows us to provide proof of consent.
Termination / Withdrawal:
You may terminate the receipt of our newsletter at any time by revoking your consent. A link to cancel the newsletter can be found at the end of each newsletter.
We may save the submitted email addresses for up to three years based on our legitimate interests in order to provide evidence of prior consent before deleting them for the purpose of sending out newsletters. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for cancellation is possible at any time, provided that the former existence of a consent is confirmed at the same time.
Univ.-Prof. Dr. Dr. Gerhard Undt
Tel.: +43 1 40180 – 7010
Fax: +43 1 40180 – 1440
Mobile: +43 660 25 23 000