1. Definitions

1.1. “Personal Data” refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is considered identifiable if they can be identified directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, an online identifier (e.g., cookies), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

1.2. “Processing” refers to any operation or set of operations performed on personal data, whether by automated means or not. This term encompasses virtually any interaction with data.

1.3. The “Controller” refers to the natural or legal person, public authority, agency, or other body which determines the purposes and means of processing personal data, alone or jointly with others.

2.Applicable Legal Basis

In accordance with Article 13 of the GDPR, we inform you about the legal bases for our data processing. If the legal basis is not explicitly mentioned in this privacy policy, the following applies: The processing of data based on consent relies on Article 6(1)(a) and Article 7 of the GDPR. Processing required for the fulfillment of our services, the execution of contractual measures, or responses to inquiries is conducted under Article 6(1)(b) of the GDPR. Processing to meet our legal obligations is governed by Article 6(1)(c) of the GDPR, while processing to protect our legitimate interests is carried out in accordance with Article 6(1)(f) of the GDPR. If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.

3. Changes and Updates to the Privacy Policy

We ask you to regularly review the content of our privacy policy. We will adapt the privacy policy if changes to our data processing make this necessary. We will notify you if changes require your participation (e.g., consent) or another form of individual notification.

4. Security Measures

4.1. In accordance with Article 32 GDPR, we implement technical and organizational measures appropriate to the risk level to ensure the confidentiality, integrity, and availability of data. These measures consider the state of the art, implementation costs, and the nature, scope, and purposes of processing, as well as the varying risks to the rights and freedoms of individuals. Measures include, for example, restricting physical and digital access to data, securing input, transfer, and separation of data, and ensuring data availability. Additionally, we integrate data protection principles during the development and selection of hardware, software, and procedures in line with Article 25 GDPR.

4.2. Security measures include encrypted data transmission between your browser and our server.

5. Disclosure and Transfer of Data

5.1. If, in the course of our processing, we disclose data to other individuals or companies (processors or third parties), transfer it to them, or otherwise grant them access to the data, this will only occur based on a legal authorization. This includes cases where the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract in accordance with Article 6(1)(b) of the GDPR, where you have given your consent, where a legal obligation requires it, or where it is based on our legitimate interests. Legitimate interests may include the use of service providers, hosting providers, tax, economic, and legal advisors, or customer support, accounting, billing, and similar services that enable us to efficiently and effectively fulfill our contractual obligations, administrative tasks, and duties.

5.2. If we engage third parties to process data based on a Data Processing Agreement, this is done under the provisions of Article 28 GDPR.

6. Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services, or the disclosure or transfer of data to third parties, it will only be done if it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only under the special conditions outlined in Articles 44 et seq. of the GDPR. This means the processing will take place, for example, on the basis of specific guarantees, such as an officially recognized level of data protection equivalent to that of the EU (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized contractual obligations (so-called “Standard Contractual Clauses”).

7. Data Subject Rights

7.1. You have the right to request confirmation of whether we are processing your personal data and to obtain information, a copy of your data, and further details, in accordance with Article 15 GDPR.

7.2. You have the right to request the correction or completion of inaccurate personal data concerning you, in accordance with Article 16 GDPR.

7.3. You have the right to request the immediate deletion of your data under Article 17 GDPR, or alternatively, to request a restriction of processing under Article 18 GDPR.

7.4. You have the right to request the receipt of your data provided to us in a structured, commonly used, and machine-readable format, and to request its transfer to another controller, in accordance with Article 20 GDPR.

7.5. You also have the right to file a complaint with a supervisory authority under Article 77 GDPR.

8. Right to Withdraw Consent

You have the right to withdraw consent granted under Article 7(3) GDPR with future effect.

9. Right to Object

You can object to the future processing of your data at any time under Article 21 GDPR. The objection can particularly relate to processing for direct marketing purposes.

10. Cookies and Objection to Direct Marketing

10.1. “Cookies” are small files stored on users’ devices. These cookies can store various types of information. Primarily, a cookie serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, also known as “session cookies” or “transient cookies,” are cookies that are deleted once the user leaves the online offering and closes their browser. Such cookies can store, for example, the contents of a shopping cart in an online store or the login status. “Permanent” or “persistent” cookies, on the other hand, remain stored even after the browser is closed. For instance, the login status can be saved, allowing users to access it after several days. Additionally, these cookies can store user preferences that are used for reach measurement or marketing purposes. “Third-party cookies” are cookies provided by parties other than the controller operating the online offering (in contrast, cookies provided solely by the controller are referred to as “first-party cookies”).

10.2. Users can deactivate cookies in browser settings; however, this may affect the functionality of the website.

10.3. You can manage or object to the use of cookies for online marketing via platforms like the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/.

11. Data Deletion

11.1. The data we process will be deleted or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless explicitly stated otherwise within this privacy policy, stored data will be deleted as soon as it is no longer required for its intended purpose, provided there are no legal retention obligations preventing its deletion. If the data cannot be deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax-related reasons.

11.2. According to legal requirements, data must be retained, in particular, for seven years under § 132(1) BAO (Austrian Federal Fiscal Code) (e.g., accounting records, receipts/invoices, accounts, supporting documents, business papers, lists of income and expenses, etc.), for 22 years in connection with properties, and for 10 years for records related to electronically provided services, telecommunications, broadcasting, and television services provided to non-entrepreneurs in EU member states for which the Mini-One-Stop-Shop (MOSS) is used.

12. Contacting Us

12.1. When contacting us via form or email, we process your information to handle and resolve your inquiry under Article 6(1)(b) GDPR.

12.2. Information may be stored in a CRM system or similar inquiry management tools.

12.3. Inquiries are deleted when they are no longer required.

13. Access Logs

13.1. Based on our legitimate interests in accordance with Article 6(1)(f) of the GDPR, we collect data about every access to the server on which this service is hosted (referred to as server log files). The access data includes the name of the accessed webpage, file, date and time of access, data volume transferred, notification of successful access, browser type and version, the user’s operating system, the referrer URL (the previously visited page), IP address, and the requesting provider.

13.2. Log file information is stored for security purposes (e.g., to investigate cases of misuse or fraudulent activity) for a maximum duration of seven days and then deleted. Data that must be retained for evidentiary purposes is excluded from deletion until the respective incident has been conclusively resolved.

14. Online Presence in Social Media

14.1. Based on our legitimate interests in accordance with Article 6(1)(f) of the GDPR, we maintain online presences within social networks and platforms to communicate with customers, prospects, and users active on those platforms and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
14.2. Unless otherwise stated in this privacy policy, we process user data when they communicate with us within social networks and platforms, for example, by posting comments on our profiles or sending us messages.

15. Newsletter

15.1. The following information informs you about the content of our newsletter, as well as the registration, dispatch, and statistical evaluation procedures, and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.

15.2. Content of the Newsletter: We send newsletters, emails, and other electronic notifications with promotional information (hereinafter referred to as “newsletter”) only with the consent of the recipients or legal permission. If the content of the newsletter is specifically described in the course of registration, it is decisive for the user’s consent. Otherwise, our newsletters contain information about our products, offers, promotions, and our company.

15.3. Double-Opt-In and Logging: Registration for our newsletter follows a so-called double-opt-in process. This means you will receive an email after registration asking you to confirm your subscription. This confirmation is necessary to ensure that no one can register with someone else’s email address. Registrations for the newsletter are logged to comply with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the dispatch service provider are also logged.

15.4. Use of Dispatch Service Providers: If we use a dispatch service provider, they may use the data in pseudonymous form, meaning without assigning it to a user, to optimize or improve their services, such as for technical optimization of the dispatch and presentation of the newsletters or for statistical purposes to determine from which countries the recipients come. However, the dispatch service provider does not use the data of our newsletter recipients to contact them themselves or to pass them on to third parties.

15.5. Registration Data: To register for the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for personal addressing in the newsletter.

15.6. Performance Measurement: The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from our server, or, if we use a dispatch service provider, from their server when the newsletter is opened. During this retrieval, technical information, such as information about your browser and system, as well as your IP address and the time of retrieval, is collected. This information is used for technical improvement of services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. Statistical evaluations include determining whether the newsletters are opened, when they are opened, and which links are clicked. Although this information can technically be assigned to individual newsletter recipients, it is neither our intention nor, if used, that of the dispatch service provider to monitor individual users. These analyses serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

15.7. Legal Basis: The dispatch of the newsletter and the performance measurement are based on the recipient’s consent according to Article 6(1)(a), Article 7 GDPR, in conjunction with Section 107(2) TKG (Telecommunications Act), or on legal permission according to Section 107(2) and (3) TKG.

15.8. Logging of Registration Process: The logging of the registration process is based on our legitimate interests according to Article 6(1)(f) GDPR and serves as proof of consent to receive the newsletter.

15.9. Cancellation: Newsletter recipients can cancel the receipt of our newsletter at any time, i.e., revoke their consent. A link to cancel the newsletter is included at the end of every newsletter. At the same time, their consent to performance measurement will expire. Unfortunately, separate revocation of the performance measurement is not possible; in this case, the entire newsletter subscription must be canceled. Upon cancellation of the newsletter, personal data will be deleted unless their retention is legally required or justified, in which case their processing will be limited to these exceptional purposes. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them for purposes of newsletter dispatch to provide evidence of previously given consent. The processing of this data will be limited to the purpose of a potential defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

16. Integration of Third-Party Services and Content

16.1. Within our online offering, we use content or service offers from third-party providers based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering in accordance with Article 6(1)(f) GDPR) to embed their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content perceive the IP address of the users, as they would not be able to send the content to their browsers without the IP address. The IP address is therefore necessary for the presentation of this content. We strive to use only content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate information, such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit time, and other details about the use of our online offering, as well as being linked to such information from other sources.

16.2. Third-Party Providers and Content Overview:

• YouTube Videos: Provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Datenschutzerklärung https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
• Instagram Features: Provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the content of our pages with your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our pages with your user account. Datenschutzerklärung: http://instagram.com/about/legal/privacy/.