DATA PROTECTION DECLARATION

1. Introduction

With the information that follows, we would like to provide you as the 'data subject' with an overview of the way your personal data are processed by us and your rights under the data protection laws. It is as a matter of basic principle possible to use our web pages without entering any personal data. If, however, you wish to avail yourself of special services of our company via our website, the processing of personal data could become necessary. If it is necessary to process personal data but there is no legal basis for such processing, we shall as a matter of general principle obtain your consent.

Personal data, for example your name, address or e-mail address, will always be processed in harmony with the General Data Protection Regulation (GDPR) and in conformity with the country-specific data protection provisions that apply to 'eurodata GmbH'. By means of this data protection declaration, we would like to inform you about the scope and purpose of the personal data we gather, use and process.

As controllers for the processing, we have implemented numerous technical and organisational measures in order to ensure that the personal data processed via this website are protected as completely as possible. In spite of that, it is as a matter of basic principle possible for Internet-based data transmissions to have security loopholes, so that absolute protection cannot be guaranteed. For this reason, you are also free to send us your personal data by other means, for example by telephone or post.


2. Controller

eurodata GmbH
Technologiezentrum aspern IQ
Seestadtstrasse 27
A-1220 Vienna
Tel.: +43 (1) 7747073-0
E-mail: datenschutz@eurodata.co.at

3. Definitions

This data protection declaration is based on the terms used by the issuers of European directives and regulations in the enactment of the General Data Protection Regulation (GDPR). Our data protection declaration is intended to be easy to read and understand, both for the general public and for our customers and business partners. To ensure that it is, we would like to explain the terms we use before we start.

The terms we use in this data protection declaration include the following:

  1. Personal data
    Personal data are all information relating to an identified or identifiable natural person. An identifiable person is deemed to be a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or one or more special features specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. Data subject
    A data subject is any identified or identifiable natural person whose personal data are processed by the controller of the processing (i.e. our company).
  3. Processing
    Processing is any operation performed with or without the aid of automated procedures or any such series of operations in connection with personal data such as gathering, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  4. Restriction of processing
    Restriction of processing is the marking of stored personal data with the aim of restricting their processing in the future.
  5. Profiling
    Profiling is any kind of automated processing of personal data consisting of the use of those personal data to assess certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  6. Pseudonymisation
    Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
  7. Processor
    A processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the controller.
  8. Recipient
    A recipient is a natural or legal person, public authority, institution or other body to whom or which personal data are disclosed, independent of whether it is a third party or not. However, public authorities which may receive personal data in the context of a particular enquiry under Union law or the law of the member states do not qualify as recipients.
  9. Third party
    A third party is a natural or legal person, public authority, institution or other body who or which is not the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process the personal data.
  10. Consent
    Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which the latter, in the form of a statement or other clear affirmative action, signifies agreement to the processing of the personal data that relate to him or her.

 

4. Legal basis of processing

Art. 6 1. (a) of the GDPR serves our company as a legal basis for processing operations, in which we obtain consent for a specific purpose.
If the processing of personal data is necessary to the performance of a contract to which you are a party, as is for example the case with processing operations which are necessary to the supply of goods or the rendering of some other service or counter-performance, the processing is based on Art. 6 1. (b) of the GDPR. The same applies to processing operations which are necessary to taking steps prior to the conclusion of a contract, for example in cases of enquiries about our products or services.

If our company is subject to a legal obligation which renders the processing of personal data necessary, for example a duty to fulfil fiscal obligations, the processing is based on Art. 6 1. (c) of the GDPR.

In rare cases the processing of personal data may become necessary in order to protect vital interests of the data subject or some other natural person. This would for example be the case if a visitor to our premises were to suffer injury, whereupon his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party or parties. Then the processing would be based on Art. 6 1. (d) of the GDPR.


Finally, processing operations may be based on Art. 6 1. (f) of the GDPR. These operations are not covered by any of the legal bases mentioned above, when the processing is necessary to safeguarding a legitimate interest of our company or a third party and that interest is not outweighed by the interests, basic rights and fundamental freedoms of the data subject. In particular, we are permitted to carry out processing operations of this kind because special mention is made of them by the European legislators. They expressed the opinion that a legitimate interest may reasonably be assumed if you are a customer of our company (Recital 47 Sentence 2 of the GDPR).


5. Technology

5.1 SSL / TLS encrpytion

This site uses SSL or TLS encryption to guarantee the security of the data processing and protect the transmission of confidential contents, for example orders, log-in data or contact enquiries which you send to us as the operator of the site. You can tell when a connection is encrypted by the fact that there is an "https://" in the address bar of the browser instead of an "http://", and by the lock symbol in your browser bar.



When SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.

5.2 Data gathering on visits to the website

If your use of our website is merely informatory, in other words when you do not register or transmit information to us in any other way, we only gather the data that your browser transmits to our server (in so-called 'server logfiles'). Each time a page is retrieved by you or by an automated system, our website gathers a series of general data and information. These are stored in the logfiles of the server. They may include

Browser types and versions used

  1. browser types and versions used
  2. the operating system used by the accessing system
  3. the website from which an accessing system comes to our website (so-called referrer)
  4. the sub-pages on our website which are targeted via an accessing system
  5. the date and time of access to the website
  6. a truncated Internet Protocol address (anonymised IP address)
  7. the Internet service provider of the accessing system
  8. the quantity of data transmitted in bytes.

We do not draw any conclusions about your person when using these general data and information. On the contrary, the information is required to enable us to provide the content of our website correctly optimise the content of our website and the advertising for it

  1. guarantee the permanent functionality of our IT systems and the technology of our website and
  2. provide the prosecution authorities with the information required for prosecution in the case of a cyber-attack.

The data and information gathered are analysed by us on the one hand statistically and on the other with the aim of improving data protection and data security in our company, with the final objective of ensuring an optimum level of protection for the personal data processed by us. The anonymous data in the server logfiles are stored separately from all the personal data provided by a data subject.

The legal basis for the data processing is Art. 6 1. (f) of the GDPR. Our legitimate interest follows from the data gathering purposes listed above.

6. Cookies

6.1 General information on cookies

We deploy cookies on our Internetseite. These are small files which your browser automatically creates and which are stored in your IT system (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage on your device, and they do not contain any viruses, Trojans or other malware.

In the cookie, information is deposited which is generated in connection with the device specifically deployed. However, this does not mean that we receive direct knowledge of your identity as a result.

The deployment of cookies serves on the one hand to make the use of our site a more pleasant experience for you. For example, we deploy so-called session cookies which enable us to recognise that you have previously visited individual pages on our website. These are deleted automatically when you leave our site.

Furthermore, we deploy temporary cookies to optimise user-friendliness. These are stored on your device for a certain fixed period of time. If you revisit our site to avail yourself of our services, the fact that you have visited us before is automatically recognised, as are the entries you made and the settings you used, so that you do not have to enter them again.

We also deploy cookies in order to make a statistical survey of the use of our website and analyse it for the purpose of optimising our site for you. When you revisit the site, these cookies enable us to recognise automatically that you have visited us before. These cookies are deleted automatically after a predetermined period of time.

The data processed by cookies are required for the above-mentioned purposes to safeguard our legitimate interests and those of third parties in accordance with Art. 6 1. (f) of the GDPR.

Most browsers accept cookies automatically. Having said that, you can configure your browser in such a way that no cookies are stored on your computer, or in such a way that a notice always appears before a new cookie is created. The complete deactivation of cookies, however, can lead to a situation in which you cannot use all the functions of our website.

7. Content of our website

7.1 Making contact / contact form

When you make contact with us (e.g. per contact form or e-mail), personal data will be gathered. You can see which data are gathered when a contact form is used from the form itself. These data are stored and used exclusively for the purpose of responding to your enquiry and / or that of making contact, and to assist in the associated technical administration. The legal basis for the processing of these data is our legitimate interest in responding to your enquiry in accordance with Art. 6 1. (f) of the GDPR. If you contact us with the aim of concluding a contract, the processing is also based on Art. 6 1. (b) of the GDPR. Your data will be deleted when your enquiry has been dealt with conclusively. This is deemed to be the case when it can be seen from the circumstances that the matter in question has been finally resolved and there are no statutory obligations to preserve which contradict deletion.

8. Newsletter service

8.1 Newsletter service for existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you regular offers relating to goods or services similar to those you have already purchased from our range by e-mail. In accordance with Section 7 (3) of the German Act against Unfair Competition (UWG), we do not have to obtain separate consent from you to do this. To that extent, the data are processed solely on the basis of our legitimate interest in personalised direct advertising as in Art. 6 1. (f) of the GDPR. If you have objected to the use of your e-mail address for this purpose at the beginning, we will not send you any mails. You have the right to object to the use of your e-mail address for the above-mentioned advertising purposes at any time with future effect by notifying the controller specified in Para. 2.
The only costs you incur in doing so are costs of transmission at the basic rates. On receipt of your objection, we shall discontinue the use of your e-mail address for advertising purposes without delay.

8.2 Advertising newsletter

On our website you are given the opportunity to subscribe to our company newsletter. You can see which personal data are transmitted to us when you order the newsletter from the template you use when doing so.

By means of a newsletter, we keep our customers and business partners informed at regular intervals about the range we offer. As a matter of basic principle, you can only receive our company newsletter if

 

  1. you have a valid e-mail address and
  2. you have registered for the newsletter service.

 

For legal reasons, a confirmatory mail will be sent to the e-mail address you entered when initially registering for the newsletter service in the double opt-in procedure. This mail serves to verify whether or not you as the owner of the e-mail address have actually authorised receipt of the newsletter.

When you register for the newsletter we also store the IP address, issued by your Internet Service Provider (ISP), of the IT system you were using at the time of registration, and the date and time of registration. The gathering of these data is necessary for the tracing of possible abuse of your e-mail address at a later point in time, and thus serves to protect us from a legal point of view.

The personal data gathered in the context of registration for the newsletter are used exclusively for the mailing of our newsletter. Subscribers to the newsletter can also be informed by e-mail if this is necessary to the operation of the newsletter service or registration in respect of it, such as might be the case if changes were made to the newsletter facility or if there were technical modifications. The personal data gathered in the context of the newsletter service are not passed on to third parties. You may cancel your subscription to our newsletter at any time. Your consent to the storage of personal data you have issued to us for the newsletter service can be withdrawn at any time. There is a link for withdrawing consent in each newsletter. You also have the possibility to unsubscribe from the newsletter at any time by sending an appropriate message to the controller specified in Para. 2.

The legal basis of data processing for the purposes of the newsletter service is Art. 6 1. (a) of the GDPR.

8.3 Newsletter tracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails sent in HTML format to enable logfile recording and logfile analysis. A statistical analysis can thus be made of the success or failure of on-line marketing campaigns. By means of the embedded tracking pixel, the company can see whether and when you have opened a given e-mail and which of the links in the mail you have followed.

Such personal data gathered via the tracking pixels contained in the newsletters are stored and analysed by us so that we can optimise the newsletter service and adapt the content of future newsletters to make them even better suited to your interests. These personal data are not passed on to third parties. Data subjects have the right to withdraw the specific declaration of consent they made via the double opt-in procedure in respect of this at any time. After such withdrawal these personal data will be deleted by us. We shall interpret unsubscription from the newsletter service automatically as withdrawal.

An analysis of this kind is carried out in particular in accordance with Art. 6 1. (f) of the GDPR on the basis of our legitimate interests in the display of personalised advertising, market research and / or the presentation of our website so as to meet the needs of our customers.

9. Plug-ins and other services

Among the features integrated in our website are tools provided by enterprises which have their registered office in the USA. When these tools are active, your personal data may be forwarded to the servers of those companies in the USA. We hereby point out that the USA is not a third country with an adequate level of protection as defined by EU data protection law. US enterprises are under obligation to hand over personal data to security authorities, and if they do so you will not have any possibility to take judicial action against them. It is therefore not possible to preclude the processing, evaluation and long-term storage of your data on US servers by US authorities (e.g. secret services) for monitoring purposes. We do not have any influence on these processing activities.

9.1 Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. ('Google'). Google Analytics employs so-called 'cookies', text files that are saved on your computer and enable an analysis to be made of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a server of Google in the USA and stored there. On activation of the IP anonymisation facility on this website, however, your IP address will, within the member states of the European Union or other states which are party to the Agreement on the European Economic Area, first be truncated. Only in exceptional cases will the whole IP address be transmitted to a server of Google in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on site activity for the operator and provide the operator with other services relating to website activity and Internet usage. The IP address that your browser conveys within the scope of Google Analytics will not be combined with any other data stored by Google. Transmission of these data by Google to third parties only takes place on the basis of statutory requirements or in the context of contracted data processing. By using these web pages you declare yourself to be in agreement with the processing of the data relating to you gathered by Google, with the previously described means of data processing and with its stated purpose. You may refuse to allow the saving of cookies by selecting the appropriate setting on your browser, but we would like to point out that if you do so you may not be able to exploit the full functionality of this website.

You can, moreover, prevent the data that are generated by the cookie and relate to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plug-in available at (https://tools.google.com/dlpage/gaoptout?hl=en). You can prevent data from being gathered by Google Analytics by clicking on the following link: deactivate Google Analytics.

That will save an opt-out cookie which will prevent your data from being gathered when you visit this website in the future.

For more detailed information on this, go to https://tools.google.com/dlpage/gaoptout?hl=en or https://support.google.com/analytics/answer/6004245?hl=en (general information on Google Analytics and data protection). For further information on terms of use and data protection go to https://www.google.com/analytics/terms/gb.html and / or https://policies.google.com/?hl=en-GB&gl=en. We would like to draw your attention to the fact that on this website Google Analytics has been extended to include the code "gat._anonymizeIp();" to ensure that IP addresses can only be recorded in anonymised form (so-called IP masking). Source: www.datenschutzbeauftragter-info.de

9.2 Google Maps

On our website we use Google Maps (API) von Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for the depiction of interactive maps, so that geographical information can be displayed visually. Via the use of this service, for example, we can display our location to you and make it easier for you to find us if you wish to visit our premises.

As soon as you call up the sub-pages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This happens regardless of whether Google provides a user account via which you have logged in or no user account exists. If you are logged in to Google, your data are allocated to your account directly. If you do not wish your activity to be allocated to your profile at Google, you have to log out of your Google user account. Google will store your data (even for users who have not logged in) as usage profiles and analyse them. Such analysis is carried out in particular in accordance with Art. 6 1. (f) of the GDPR on the basis of Google's legitimate interests in the display of personalised advertising, market research and / or the presentation of its website in a way that meets the needs of its users. You have a right to object to the creation of these user profiles, but you must apply to Google if you wish to exercise it.


If you are not in agreement with the future transmission of your data to Google when using Google Maps, you also have the possibility to deactivate the web service of Google Maps completely by disabling the JavaScript application in your browser. If you do that, however, it will not be possible to use Google Maps, and therefore not possible to use the map display on this website either.

We use Google Maps in the interest of presenting our on-line amenities appealingly and making it easy to find the places we refer to on the website. This constitutes a legitimate interest within the meaning of Art. 6 1. (f) of the GDPR.

You can view Google's terms of use at
https://www.google.de/intl/de/policies/terms/regional.html

For the supplementary terms of use for Google Maps go to https://www.google.com/intl/de_US/help/terms_maps.html

For detailed information on data protection in connection with the use of Google Maps go to the Google web page ('Google Privacy Policy'): https://www.google.de/intl/de/policies/privacy/

9.3 Google web fonts

Our website uses so-called web fonts for the uniform depiction of fonts, which are provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you call up a site, your browser loads the required web fonts into your browser cache so as to be able to display texts and fonts correctly.

To this end, the browser you are using must make connection with the servers of Google. Google thus gains knowledge of the fact that our website has been called up via your IP address. We use Google web fonts in the interests of a uniform, appealing presentation of our website.

This constitutes a legitimate interest within the meaning of Art. 6 1. (f) of the GDPR.


You will find more information on Google web fonts at
https://developers.google.com/fonts/faq and in the Google privacy policy: https://www.google.com/policies/privacy/


9.4. Google reCAPTCHA

On this website we also use the reCAPTCHA function provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ('Google'). Above all, this function serves to discern whether an entry is made by a natural person or abusively by automated processing. The service includes the transmission of the IP address and may also include the transmission to Google of other data required by Google for the reCAPTCHA service, and is rendered pursuant to Art. 6 (1) (f) of the GDPR on the basis of our legitimate interest in ascertaining the individual intention behind actions performed on the Internet and preventing abuse and spam. During the use of Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. in the USA.

For further information on Google reCAPTCHA and the Google privacy policy go to: https://policies.google.com/privacy?hl=en-GB


9.5 YouTube (videos)

This website uses the YouTube embedding function for the display and replay of videos from the provider 'YouTube', which belongs to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ('Google').

For this, the extended privacy mode is used. According to the provider, this does not trigger any storage of user information until the replay of the video(s) begins. If the replay of embedded YouTube videos is commenced, the provider 'YouTube' deploys cookies in order to gather information about the behaviour of the user. According to information provided by 'YouTube', the purposes these cookies serve include the gathering of video statistics, the improvement of user-friendliness and the prevention of acts of abuse. If you are logged in to Google, your data will be directly allocated to your account when you click on a video. If you do not wish the data to be allocated to your YouTube profile, you must log out before activating the button. Google will store your data (even for users who have not logged in) as usage profiles and analyse them. Such analysis is carried out in particular pursuant to Art. 6 1. (f) of the GDPR on the basis of the legitimate interests of Google in the display of personalised advertising, market research and / or the presentation of its website in a way that meets the needs of its users. You have a right to object to the creation of these user profiles, but you have to apply to YouTube if you wish to exercise it.

Regardless of any replay of embedded videos, a connection is made to the Google network 'DoubleClick' each time this website is called up. This may trigger off other data processing operations on which we have no influence.


For more information on data protection at 'YouTube' see the provider's privacy policy at:
https://www.google.de/intl/de/policies/privacy



9.5 Audio and video conferences

 

Data processing

For communication with our customers we also deploy on-line conference tools. The individual tools used by us are listed below. When you communicate with us via a video or audio conference on the Internet, your personal data are gathered and processed by us and by the provider of the conference tool that is used.

 

The conference tools gather all the data which you provide when you register to use the tools (your e-mail address and/or telephone number). They also process the duration of the conference, the times at which your participation in the conference begins and ends, the number of participants and other 'context information' associated with the communication procedure (metadata).

 

The provider of the tool also processes all the technical data required for the administration of the on-line communication. These include in particular IP addresses, MAC addresses, equipment IDs, device type, type and version of operating system, client version, camera type, microphone or loudspeaker, and type of connection.

 

If any content is exchanged within the tool, uploaded or made available in any other way, it too will be stored on the servers of the tool provider. Such content includes in particular cloud recordings, chat / instant messages, voice mails, uploaded photos and videos, files, whiteboards and other information shared during use of the service.

 

Please note that we do not have a full range of influence on the data processing sequences of the tools used. The possibilities we do have are determined by the corporate policy of the respective provider. For more information on data processing via the conference tools, see the privacy policies relating to the respective tools deployed, which we have listed below this text.

 

Purpose and legal basis

The conference tools are used for communication with prospective or existing contractual partners or to offer our customers certain services (Art. 6 1. 1 [b] of the GDPR). The tools are also deployed for the general simplification and expedition of communication with ourselves and our enterprise (legitimate interest as defined in Art. 6 1. 1 [f] of the GDPR). If consent has been requested, the tools concerned are deployed on the basis of that consent; the consent can be withdrawn at any time with future effect.

 

Period of storage

The data gathered by us directly via the video and conference tools are deleted by our systems as soon as you request us to effect such deletion or withdraw your consent to their storage, or as soon as the purpose for which the data were stored ceases to apply. Stored cookies will remain on your device until you erase them. This does not have any effect on binding statutory retention periods for documentation.

 

We do not have any influence on the period for which the operators of the conference tools store your data for their own ends. For detailed information on that, please apply directly to the operators of the conference tools.

 

Conference tools deployed

We deploy the following conference tools.

 

GoToMeeting

 

We use GoToMeeting. The provider is LogMeIn, Inc., 320 Summer Street, Boston, MA 02210, USA.

For details of data processing, see the privacy policy of GoToMeeting:

https://www.logmeininc.com/de/legal/privacy.

 

Data transmission to the USA is based on the standard contractual clauses of the EU Commission.

For details go to:

https://logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1-de.pdf.

 

Conclusion of an order processing contract

We have concluded a contract with the provider of GoToMeeting for order processing and duly meet the stringent requirements of the German data protection authorities in their entirety in the use of GoToMeeting.


9.6 TeamViewer

 

We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstrasse 30, 73037 Göppingen. For details of data processing, see the privacy policy of TeamViewer:

https://www.teamviewer.com/de/datenschutzerklaerung/.

 

Conclusion of an order processing contract

We have concluded a contract with the provider of TeamViewer for order processing and duly meet the stringent requirements of the German data protection authorities in their entirety in the use of TeamViewer.


9.7 Facebook Pixel

For conversion tracking, this website uses the Facebook visitor action pixel. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, however, the data gathered are also transmitted to the USA and other third countries.

It is thus possible to trace the behaviour of visitors to the site once they have moved on by clicking on a Facebook advertisement on the website of the provider. This enables the efficacy of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising activities to be optimised.

For us as the operator of this website, the data gathered are anonymous. We cannot draw any conclusions as to the identity of the users. However, the data are stored and processed by Facebook, so that it is possible to make a connection between them and the respective user profile, and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy. That enables Facebook to place advertisements both on Facebook pages and outside Facebook. As the operator of the site, we do not have any influence on this use of the data.

The Facebook pixel is used based on Art. 6 1. f) of the GDPR. The website operator has a legitimate interest in effective advertising activities, also pursued on the social media. If appropriate consent has been requested, (e.g. consent to the storage of cookies), the data are processed exclusively on the basis of Art. 6 1. a) of the GDPR; said consent can be withdrawn at any time.

The transmission of data to the USA is based on the standard contractual clauses of the EU Commission.

For details, go to:

https://www.facebook.com/legal/EU_data_transfer_addendum and

https://de-de.facebook.com/help/566994660333381

If personal data are gathered on our website with the aid of the tool described here and passed on to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for their processing (Art. 26 of the GDPR).

Having said that, this joint responsibility is limited exclusively to gathering the data and passing them on to Facebook. Processing done by Facebook after that is not part of this joint responsibility. The obligations jointly incumbent upon us have been set down in an agreement on joint processing. For the exact wording of that agreement, go to:

https://www.facebook.com/legal/controller_addendum. According to the agreement, we are responsible for issuing data protection information if we deploy the Facebook tool, and also for the secure implementation of the tool on our website in terms of data protection law. Facebook is responsible for the data security of Facebook products. As the data subject, you can assert the rights you have relating to data processed by Facebook (e.g. request for information) directly with Facebook. If you assert these rights with us, we are under obligation to pass them on to Facebook.

You can find more information about the protection of your privacy in the Facebook privacy policy:

https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function 'Custom Audiences' in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do that, you need to be registered with Facebook.

If you do not have a Facebook account, you can deactivate use-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance:

http://www.youronlinechoices.com/de/praferenzmanagement/.

Additional opt-out amenities such as are offered to cover the following respective zones are:

a) Europe: https://www.youronlinechoices.eu.
b) Canada: https://www.youradchoices.ca/choices.
c) USA: https://www.aboutads.info/choices.
d) Transzonal: https://optout.aboutads.info.


10. Your rights as a data subject


10.1 Right to confirmation

You have the right to request confirmation from us as to whether or not personal data relating to you are being processed.

10.2 Right of access as in Art. 15 of the GDPR

You have the right to receive free information from us at any time about the personal data stored as they relate to your person, and a copy of those data.


10.3 Right to rectification as in Art. 16 of the GDPR

You have the right to call for the rectification of inaccurate personal data that relate to you. Depending on the purposes of the processing, the data subject also has the right to request that incomplete personal data be completed.

10.4 Erasure as in Art. 17 of the GDPR

You have the right to request that personal data relating to you be erased without delay, provided that one of the reasons provided for by the law applies and provided that the processing is not necessary.

10.5 Restriction of processing as in Art. 18 of the GDPR

You have the right to request us to restrict the processing if one of the statutory prerequisites for doing so applies.

10.6 Data portability as in Art. 20 of the GDPR

You have the right to receive the personal data relating to you which you have made available to us in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, if the processing is based on consent in accordance with Art. 6 1.
(a) or Art. 9 2. (a) of the GDPR or on a contract pursuant to Art. 6 1. (b) of the GDPR, and the data are processed with the aid of automated procedures, provided that the processing is not necessary to the performance of a task with which we have been entrusted and which is in the public interest or is carried out in the exercising of public authority.

When exercising your right to data portability as in Art. 20 1. of the GDPR, you also have the right to obtain that the personal data are transmitted directly from one controller to another, if this is technically feasible and if the rights and freedoms of other persons are not impaired by said transmission.

10.7 Objection as in Art. 21 of the GDPR

For reasons relating to your specific situation, you have the right to object at any time to the processing of personal data relating to you if the data are being processed on the basis of Art. 6 1. (e) (data processing in the public interest) or (f) (data processing on the basis of a balancing of interests) of the GDPR.

This also applies to profiling based on these provisions as in Art. 4 4. of the GDPR.

If you do object, we shall cease to process your personal data, unless we can provide proof of compelling legitimate reasons for the processing such as outweigh your interests, rights and freedoms, or the processing serves the assertion, exercising or defence of legal claims.

In individual cases we process personal data to pursue direct advertising. You can object to the processing of the personal data for the purpose of such advertising at any time. This also applies to profiling if it is in connection with such direct advertising. If you lodge an objection with us to processing for direct advertising purposes, we shall cease to process the personal data for those purposes.

For reasons relating to your specific situation, you also have the right to object to the processing of personal data relating to you if the data are being processed by us for scientific or historical research purposes or statistical purposes as in Art. 89 1. of the GDPR, unless such processing is necessary to the performance of a task which is in the public interest.

Notwithstanding Directive 2002/58/EC, you are free, in connection with the use of information society services, to exercise your right to object by means of automated procedures in which technical specifications are used.

10.8 Withdrawal of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with future effect.

10.9 Complaining to a supervisory authority
You have the right to lodge a complaint with a supervisory authority competent for data protection about our processing of personal data.


11. Routine storage, deletion and disablement of personal data

We only process and store your personal data for the period which is necessary to the achievement of the purpose of that storage or as provided for in the legal requirements to which our company is subject.

If the purpose of the storage ceases to apply or if a prescribed storage period expires, the personal data will be disabled or deleted routinely and in accordance with the statutory provisions.

12. Duration of storage of personal data

The criterion for the duration of the storage of personal data is the relevant statutory retention period. On expiry of that period, the data in question will be erased as a matter of routine, provided that they are no longer necessary to the performance or negotiation of a contract.

13. Up-to-dateness and amendment of the data protection declaration

This data protection declaration is valid at the present time and was issued in May 2018.

Because of the further development of our web pages and amenities or because of altered requirements issued by the legislators or authorities, it may become necessary to amend this data protection declaration. You can retrieve and print out the version of this data protection declaration that is currently applicable at any time on the website at https://www.eurodata.co.at/en/privacy