DATA PROTECTION STATEMENT AND INFORMATION REQUIREMENTS ACCORDING TO ART. 13 GDPR
The protection of your personal data is very important to us. We therefore process your data exclusively on the basis of the statutory provisions (DSGVO, TKG 2003). In this data protection information, we inform you about the most important aspects of data processing and describe how and for what purpose your data is recorded and used and what options you have in connection with personal data.
By using this website, you consent to the collection, use and transfer of your data in accordance with this data protection declaration.
1 Responsible according to the definitions in Art. 4 No. 7 of the General Data Protection Regulation (GDPR)
5671 Bruck a.d. Großglocknerstraße
If you want to object to the collection, processing or use of your data by us in accordance with these data protection provisions in whole or for individual measures, you can address your objection to the person responsible.
You can save this data protection declaration at any time print out.
2 General information on data processing in the company and on the website
- Inventory data (e.g. names, addresses)
- Contact details (e.g. e-mail, telephone numbers)
- Content data (e.g. text entries, photographs , Videos)
- Usage data (e.g. websites visited, interest in content, access times)
- Meta / communication data (e.g. device information, IP addresses)
- Contract data (e.g. subject of the contract, duration, customer category)
- Payment data (e.g. bank details, payment history)
from customers, interested parties and business partners
- Offering the online offer including functions and content
- Answering contact inquiries, user communication
- Security measures
- Range measurement / marketing
- Provision of contractual services
- Service and customer care
2.3 Legal bases
According to Art. 13 GDPR we inform you of the legal bases of our data processing. If the legal bases are not mentioned in the respective paragraphs in the data protection declaration, the following apply:
Obtaining consent: Art. 6 Paragraph 1 lit. a and Art. 7 GDPR
Processing for the performance of services, contract execution and answering inquiries: Art. 6 Para. 1 lit. b GDPR
Processing to fulfill legal obligations: Art. 6 Para. 1 lit. c GDPR
Processing to safeguard legitimate interests: Art. 6 Para. 1 lit. f GDPR
2.4 Cooperation with contract processors and third parties
In principle, we only use your personal data within our company.
If and to the extent that we are third parties in By engaging in the fulfillment of contracts (e.g. logistics service providers), this personal data is only received to the extent that the transmission is necessary for the corresponding service.
In the event that we process certain parts of the data outsource (“order processing”), we contract processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.
The disclosure and transfer of data to Processors and third parties only under the following conditions:
- On the basis of legal permission (e.g. to fulfill a contract according to Art. 6 Para. 1 lit. b GDPR It is necessary to transfer the data to third parties – e.g. payment providers)
- Based on your consent
- Based on a legal obligation
- Based on legitimate interests (e.g. when using from agents, web hosts, etc.)
The commissioning of third parties for data processing by means of an order processing contract is based on Art. 28 GDPR.
2.5 Transfers to third countries
Should data be processed outside the European Union (EU) or the European Economic Area (EEA) by using third-party services or by disclosing or transferring data to third parties this only takes place under the following conditions:
- To fulfill (pre) contractual obligations
- On the basis of your consent
- On the basis of a legal obligation
- On the basis of legitimate interests
Subject to legal or contractual permissions, we process or have the data in a third country only if the special requirements of Art. 44 ff. GDPR are met process – processing takes place on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual agreements he obligations.
2.6 Storage or deletion of data
Data processed by us will be deleted or restricted in processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, data will be deleted when they are no longer required for the intended purpose and the deletion does not conflict with any statutory retention requirements. If the data are required for other and legally permissible purposes, they will not be deleted, but their processing will be restricted so that they are not processed for other purposes. This applies e.g. for data that must be stored for commercial or tax reasons.
According to legal requirements, storage takes place in particular for 7 years in accordance with Section 132 (1) BAO (accounting documents, receipts / invoices, accounts, receipts, business papers , List of income and expenses, etc.), for 22 years in connection with real estate and for 10 years for documents in connection with electronically provided services, telecommunications, radio and television services that are provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.
2.7 Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as the organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of providing our contractual services. The processing bases are Article 6, Paragraph 1, Letter c. DSGVO, Art. 6 Para. 1 lit.f. DSGVO. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in processing lies in administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information given in these processing activities.
We disclose or transmit data to the financial administration, consultants, such as tax consultants or auditors and other fee offices and payment service providers.
Furthermore, on the basis of our business interests, we save information about suppliers, organizers and other business partners, e.g. for the purpose of later contact. We generally store this mostly company-related data permanently.
2.8 Online presence in social media
In order to communicate with customers, interested parties and users active there and to inform them about our services to be able to, we maintain company presences on social networks and platforms. When calling up the respective networks and platforms, the terms and conditions and the data processing guidelines of the respective operator apply. Unless otherwise stated in our data protection declaration, we process the data of the users as long as they communicate with us within the social networks and platforms (e.g. writing articles on our online presence or sending messages).
3 General use of the website
The hosting services we use serve to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offer.
We or the hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to this online offer based on our legitimate interests in an efficient and secure provision of this online offer in accordance with. Art. 6 para. 1 lit. f) GDPR in conjunction with Art. 28 GDPR (conclusion of order processing contract).
3.2 Access data / server log files
We or our hosting provider collect data about every access to the server on which this service is located (so-called server log files). We automatically collect information about your usage behavior and your interaction with us and register data about your computer or mobile device. We collect, save and use data about every access to our online offer. The access data includes:
- Name and URL of the retrieved file
- Date and time of retrieval
- Amount of data transferred
- Message about successful retrieval (HTTP response code)
- Browser type and browser version
- Operating system
- Referer URL (i.e. the previously visited page)
- Websites that are called up by the user’s system via our website
- Internet service provider of the user
- IP address and the requesting provider
We use this log data without assignment to your person or any other profile creation for statistical evaluations for the purpose of operation, security and optimization of our online offer, but also for anonymous recording of the number of visitors to our website (traffic) as well as the scope and type of Use of our website and services, also for billing purposes, to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based content and analyze the data traffic, search for and correct errors and improve our services.
This is also our legitimate interest in accordance with Art 6 Paragraph 1 lit. f) GDPR.
We reserve the right to check the log data retrospectively if there is a legitimate suspicion of illegal use based on concrete evidence. We store IP addresses in the log files for a maximum of 3 months if this is necessary for security purposes or for the provision of services or the billing of a service, e.g. B. if you use one of our offers. After canceling the order process or after receipt of payment, we delete the IP address if it is no longer required for security purposes. We also save IP addresses if we have a specific suspicion of a criminal offense in connection with the use of our website. We also save the date of your last visit as part of your account (e.g. when registering, logging in, clicking links, etc.). Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.
3.3 SSL encryption
This site is used for reasons the security and to protect the transmission of confidential content, such as the inquiries and orders that you send to us as the site operator, an SSL encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line. You can find out more about data security in point 5.
Our website uses so-called cookies. These are small text files that are stored on your device with the help of the browser. They do no harm.
We use so-called session cookies or temporary cookies to optimize our online offer. A session cookie is a small text file that is sent by the respective server when you visit a website and is temporarily stored on your hard drive. This file as such contains a so-called session ID, with which various requests from your browser can be assigned to the common session. This enables your computer to be recognized when you return to our website. These cookies are deleted after you close your browser. They serve z. B. to ensure that you can use the shopping cart function across several pages.
We also use persistent cookies to a small extent (also small text files that are stored on your device) that remain on your device and it enable us to recognize your browser the next time you visit. These cookies are stored on your hard drive and delete themselves after the specified time. Their lifespan is 1 month to 10 years. In this way, we can present our offer to you in a more user-friendly, effective and secure manner and, for example, show you information on the page that is specifically tailored to your interests. The content of a permanent cookie is limited to an identification number. Name, IP address etc. are not saved. An individual profile of your usage behavior does not take place.
The following data and information are stored in the cookies:
- Log-in information
- Language settings
- Entered search terms
- Information about the number of visits to our website and the use of individual functions of our website.
When the cookie is activated, it is assigned an identification number and your personal data is not assigned to this identification number . Your name, your IP address or similar data that would enable the cookie to be assigned to you are not stored in the cookie. Based on cookie technology, we only receive pseudonymised information, for example about which pages of our shop were visited, which products were viewed, etc.
You can deactivate the storage of cookies in your browser on certain websites or set your web browser (Chrome, IE, Firefox, …) so that it notifies you as soon as a cookie is sent. You can also delete cookies from your PC’s hard drive at any time. Please note, however, that in this case you will have to reckon with a restricted display of the page and limited user guidance.
Links to cookies in common browsers:
Manage cookies in Mozilla Firefox : More information
Manage cookies in Google Chrome : More information
Manage cookies in Microsoft IE / Edge: More information
Manage cookies in Apple Safari: More information
Manage cookies in Apple iOS: More information
3.5 Personal data about website
Personal data that you click on this website electronically Information such as name, email address, address or other personal information will only be used by us for the specified purpose, will be kept safe and will not be passed on to third parties. The provider automatically collects and stores information on the web server such as the browser used, operating system, referring page, IP address, time of access, etc. This data cannot be assigned to specific persons without checking other data sources and we do not further evaluate this data as long as it is not illegal Use of our website.
3.6 Contact with us
If you contact us (e.g. contact form, e-mail, telephone or social media), the data you provide will be used to process the contact request and its processing as well for follow-up questions according to Art. 6 para. 1 lit. b) GDPR processed; this is also our legitimate interest in accordance with Art. 6 Para. 1 lit. f) GDPR. We do not pass on this data without your consent. We only save and use other personal data if you consent to this or if this is legally permissible without special consent. The user information can be stored in a customer relationship management system (“CRM system”) or a comparable request organization. We delete the inquiries if they are no longer required. We review the requirement every two years; Furthermore, the statutory archiving obligations apply.
You have the right to revoke your consent at any time with effect for the future. In this case, your personal data will be deleted immediately. Your personal data will also be deleted without your revocation once we have processed your request or you revoke the consent given here for storage. This also happens if the storage is not permitted for other legal reasons.
“Mandatory fields are marked with a *”.
3.7 Integration of services and content from third parties
Within our online offer, we use content or service offers from third parties to provide their content and services, such as Include videos or fonts. This is done on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. GDPR)
This always requires that the third party provider of this content, perceive the IP address of the user, since without the IP address they would not be able to send the content to their browser. The IP address is therefore required to display this content. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and contain, among other things, technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, as well as being linked to such information from other sources.
3.8 Web analysis – Google Universal Analytics
We use Google Analytics, a web analysis service provided by Google LLC (“Google” 1600 Amphitheater Parkway Mountain View, CA 94043, USA). < / p>
Google Analytics uses so-called “cookies”, text files that are saved on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
Google participates in the EU-US Privacy Shield (see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI& status = Active ) and thus offers a guarantee of compliance with European data protection law.
Due to the activation of IP anonymization on this website, your IP address will be used by Google within member states of the European Union or previously shortened in other signatory states to the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to produce reports about the website activities and to provide other services related to website activity and internet usage to the website operator. In doing so, pseudonymous user profiles can be created from the processed data. We use Google Analytics in the form of “Universal Analytics”. “Universal Analytics” refers to a process from Google Analytics in which the user analysis is carried out on the basis of a pseudonymous user ID and a pseudonymous profile of the user is created with information from the use of different devices (so-called “cross-device tracking”) .
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by clicking on the following link ( http://tools.google.com/dlpage/gaoptout?hl=de ) Download and install the available browser plug-in.
As an alternative to the browser plug-in or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will save the Collection by Google Analytics within this website will be prevented in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click this link again): Deactivate Google Analytics
3.9 Google Maps
Google participates in the EU-US Privacy Shield (see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ) and thus offers a guarantee to comply with European data protection law.
3.10 Google Fonts
We integrate the fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The use of Google Fonts takes place without authentication and no cookies are sent to the Google Fonts API. If you have a Google account, none of your Google account data will be transmitted to Google while you are using Google Fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address. Google also records the use of CSS and the fonts used and stores this data securely. You can find more about these and other questions at https://developers.google.com/ fonts / faq . Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer.
Google participates in the EU-US Privacy Shield (see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ) and thus offers a guarantee to comply with European data protection law.
You can find out which data is recorded by Google and what this data is used for at https://www.google.com/intl/de/policies/privacy/ , an opt-out is under https://adssettings.google.com/authenticated possible.
3.11 Google ReCaptcha
We bind the function for recognizing bots, e.g. for entries in online forms (“ReCaptcha”) provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/intl/de/policies/privacy/ , opt-out: https://adssettings.google.com/authenticated . We use the to determine whether a person or a computer makes a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a person or a computer: IP address of the device used, the website that you visit with us and on which the captcha is integrated, the date and duration of the visit, the identification data of the device used Browser and operating system type, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks in which you have to identify images. The legal basis for the data processing described is Art. 6 Para. 1 lit. f General Data Protection Regulation. There is a legitimate interest on our part in this data processing, to ensure the security of our website and to protect us from automated input (attacks).
Google participates in the EU-US Privacy Shield (see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI& ; status = Active ) and thus offers a guarantee of compliance with European data protection law.
Our online offer uses the “Wordfence” service, which is offered by Deviant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA. The use takes place on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f) GDPR. With the help of this service, unauthorized login attempts on the website are recognized and blocked. For this purpose, all login attempts are sent to a server in the USA, where they are analyzed. The stored data includes the login name entered, the IP address, information on the browser used, the computer system and the time of access.
More information on the collection and use of data by Deviant can be found in the data protection information from Wordfence: https://www.wordfence.com/privacy-policy/ .
4 Your rights as a data subject
According to the applicable laws, you have various rights with regard to your personal data. If you would like to assert these rights, please send your request by email or post, clearly identifying yourself to the address given in section 1.
You will find an overview of your rights below. < /p>
4.1 Right to confirmation and information according to Art. 15 GDPR
You have the right at any time to receive confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to request free information from us about the personal data stored about you, along with a copy of this data.
Furthermore, you have the right to the following information: p >
- the processing purposes;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data have been or are still being disclosed be disclosed, in particular to recipients in third countries or to international organizations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration ;
- the existence of a right to correction or deletion of the personal data concerning you or to restriction of the processing by the person responsible or a right to object to this processing tung;
- the right to lodge a complaint with a supervisory authority;
- if the personal data are not collected from you, all available information about the origin of the data;
- the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for you.
If personal data is transmitted to a third country or to an international organization, you have the right to be informed about the appropriate guarantees in connection with the transmission in accordance with Art. 46 GDPR.
4.2 Right to correction or completion according to Art. 16 GDPR
You have the right to request us to correct incorrect personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
4.3 Right to deletion (“right to be forgotten”) according to Art. 17 GDPR
According to Art. 17 Paragraph 1 GDPR, you have the right to request that we delete personal data relating to you immediately, and we are obliged to delete personal data immediately if one the following reasons apply:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent, on which the processing was based in accordance with Art. 6 Para. 1 S. 1 a) GDPR or Art. 9 Para. 2 a) GDPR, and there is no other legal basis for the processing.
- You are placing objection to processing in accordance with Art. 21 Paragraph 1 GDPR e in and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.
- The personal data was processed unlawfully.
- The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which we are subject.
- The personal data were collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
If we have made the personal data public and we are obliged to delete it in accordance with Art. 17 Para. 1 GDPR, we take appropriate measures, taking into account the available technology and the implementation costs Measures, including technical measures, to inform those responsible for data processing who process the personal data that you have requested the deletion of all Lin ks about this personal data or for copies or replications of this personal data.
4.4 Right to restriction of processing according to Art. 18 GDPR
You have the right to request that we restrict processing if one of the following conditions is met: p >
- You dispute the accuracy of the personal data for a period of time that enables us to check the accuracy of the personal data,
- the processing is unlawful and you the Refused to delete the personal data and instead requested the restriction of the use of the personal data;
- we no longer need the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims , or
- you have objected to processing in accordance with Art. 21 Paragraph 1 GDPR, as long as it has not yet been determined whether the legitimate reasons of our company outweigh yours .
4.5 Right to data portability according to Art. 20 GDPR
You have the right to have the personal data concerning you that you have provided us with in in a structured, common and machine-readable format, and you have the right to transfer this data to another person responsible without hindrance from us, provided that the processing is based on consent in accordance with Art. 6 Para. 1 p. 1 a) GDPR or Art. 9 Para. 2 a) GDPR or on a contract pursuant to Art. 6 Para. 1 p. 1 b) GDPR and
When exercising your right to data portability in accordance with paragraph 1, you have the right to have the personal data transmitted directly from us to another person responsible, insofar as this is technically feasible. p>
4.6 Right of objection according to Art. 21 GDPR
You have the right, for reasons that arise from your particular situation, at any time to object to the processing of personal data concerning you, which is based on Art . 6 para. 1 sentence 1 e) or f) GDPR takes place, to lodge an objection; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process personal data in order to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling, insofar as it is related to such direct mail.
You have the right, for reasons that arise from your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Para. 1 GDPR, unless the processing is necessary to fulfill a task in the public interest.
4.7 Automated decisions including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effect on you or which you in similarly significantly impaired.
Automated decision-making on the basis of the personal data collected does not take place.
4.8 Right to revoke consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time.
4.9 Right to lodge a complaint with a supervisory authority according to Art. 77 GDPR
You have the right to complain to a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing violates data protection law or your data protection claims have otherwise been violated in any way. In Austria this is the data protection authority.
5 Data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
Your personal data is transmitted in encrypted form. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, but would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. A complete protection of the data against access by third parties is not possible.
To secure your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we continuously adapt to the state of the art. P >
We also do not guarantee that our offer will be available at certain times; Faults, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.
You can contact us using the following contact details:
5671 Bruck a.d. Großglocknerstraße