DATA PROTECTION DECLARATION

1. Introduction

With the information that follows, we would like to provide you as the 'data subject' with an overview of the way your personal data are processed by us and your rights under the data protection laws. It is as a matter of basic principle possible to use our web pages without entering any personal data. If, however, you wish to avail yourself of special services of our company via our website, the processing of personal data could become necessary. If it is necessary to process personal data but there is no legal basis for such processing, we shall as a matter of general principle obtain your consent.

Personal data, for example your name, address or e-mail address, will always be processed in harmony with the General Data Protection Regulation (GDPR) and in conformity with the country-specific data protection provisions that apply to 'eurodata GmbH'. By means of this data protection declaration, we would like to inform you about the scope and purpose of the personal data we gather, use and process.

As controllers for the processing, we have implemented numerous technical and organisational measures in order to ensure that the personal data processed via this website are protected as completely as possible. In spite of that, it is as a matter of basic principle possible for Internet-based data transmissions to have security loopholes, so that absolute protection cannot be guaranteed. For this reason, you are also free to send us your personal data by other means, for example by telephone or post.


2. Controller

eurodata GmbH
Technologiezentrum aspern IQ
Seestadtstrasse 27
A-1220 Vienna
Tel.: +43 (1) 7747073-0
E-mail: datenschutz@eurodata.co.at

3. Definitions

This data protection declaration is based on the terms used by the issuers of European directives and regulations in the enactment of the General Data Protection Regulation (GDPR). Our data protection declaration is intended to be easy to read and understand, both for the general public and for our customers and business partners. To ensure that it is, we would like to explain the terms we use before we start.

The terms we use in this data protection declaration include the following:

  1. Personal data
    Personal data are all information relating to an identified or identifiable natural person. An identifiable person is deemed to be a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or one or more special features specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. Data subject
    A data subject is any identified or identifiable natural person whose personal data are processed by the controller of the processing (i.e. our company).
  3. Processing
    Processing is any operation performed with or without the aid of automated procedures or any such series of operations in connection with personal data such as gathering, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  4. Restriction of processing
    Restriction of processing is the marking of stored personal data with the aim of restricting their processing in the future.
  5. Profiling
    Profiling is any kind of automated processing of personal data consisting of the use of those personal data to assess certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  6. Pseudonymisation
    Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
  7. Processor
    A processor is a natural or legal person, public authority, institution or other body that processes personal data on behalf of the controller.
  8. Recipient
    A recipient is a natural or legal person, public authority, institution or other body to whom or which personal data are disclosed, independent of whether it is a third party or not. However, public authorities which may receive personal data in the context of a particular enquiry under Union law or the law of the member states do not qualify as recipients.
  9. Third party
    A third party is a natural or legal person, public authority, institution or other body who or which is not the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process the personal data.
  10. Consent
    Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which the latter, in the form of a statement or other clear affirmative action, signifies agreement to the processing of the personal data that relate to him or her.

 

4. Legal basis of processing

Art. 6 1. (a) of the GDPR serves our company as a legal basis for processing operations, in which we obtain consent for a specific purpose.
If the processing of personal data is necessary to the performance of a contract to which you are a party, as is for example the case with processing operations which are necessary to the supply of goods or the rendering of some other service or counter-performance, the processing is based on Art. 6 1. (b) of the GDPR. The same applies to processing operations which are necessary to taking steps prior to the conclusion of a contract, for example in cases of enquiries about our products or services.

If our company is subject to a legal obligation which renders the processing of personal data necessary, for example a duty to fulfil fiscal obligations, the processing is based on Art. 6 1. (c) of the GDPR.

In rare cases the processing of personal data may become necessary in order to protect vital interests of the data subject or some other natural person. This would for example be the case if a visitor to our premises were to suffer injury, whereupon his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party or parties. Then the processing would be based on Art. 6 1. (d) of the GDPR.


Finally, processing operations may be based on Art. 6 1. (f) of the GDPR. These operations are not covered by any of the legal bases mentioned above, when the processing is necessary to safeguarding a legitimate interest of our company or a third party and that interest is not outweighed by the interests, basic rights and fundamental freedoms of the data subject. In particular, we are permitted to carry out processing operations of this kind because special mention is made of them by the European legislators. They expressed the opinion that a legitimate interest may reasonably be assumed if you are a customer of our company (Recital 47 Sentence 2 of the GDPR).


5. Technology

5.1 SSL / TLS encrpytion

This site uses SSL or TLS encryption to guarantee the security of the data processing and protect the transmission of confidential contents, for example orders, log-in data or contact enquiries which you send to us as the operator of the site. You can tell when a connection is encrypted by the fact that there is an "https://" in the address bar of the browser instead of an "http://", and by the lock symbol in your browser bar.



When SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.

5.2 Data gathering on visits to the website

If your use of our website is merely informatory, in other words when you do not register or transmit information to us in any other way, we only gather the data that your browser transmits to our server (in so-called 'server logfiles'). Each time a page is retrieved by you or by an automated system, our website gathers a series of general data and information. These are stored in the logfiles of the server. They may include

Browser types and versions used

  1. browser types and versions used
  2. the operating system used by the accessing system
  3. the website from which an accessing system comes to our website (so-called referrer)
  4. the sub-pages on our website which are targeted via an accessing system
  5. the date and time of access to the website
  6. a truncated Internet Protocol address (anonymised IP address)
  7. the Internet service provider of the accessing system
  8. the quantity of data transmitted in bytes.

We do not draw any conclusions about your person when using these general data and information. On the contrary, the information is required to enable us to provide the content of our website correctly optimise the content of our website and the advertising for it

  1. guarantee the permanent functionality of our IT systems and the technology of our website and
  2. provide the prosecution authorities with the information required for prosecution in the case of a cyber-attack.

The data and information gathered are analysed by us on the one hand statistically and on the other with the aim of improving data protection and data security in our company, with the final objective of ensuring an optimum level of protection for the personal data processed by us. The anonymous data in the server logfiles are stored separately from all the personal data provided by a data subject.

The legal basis for the data processing is Art. 6 1. (f) of the GDPR. Our legitimate interest follows from the data gathering purposes listed above.

6. Cookies

6.1 General information on cookies

We deploy cookies on our Internetseite. These are small files which your browser automatically creates and which are stored in your IT system (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage on your device, and they do not contain any viruses, Trojans or other malware.

In the cookie, information is deposited which is generated in connection with the device specifically deployed. However, this does not mean that we receive direct knowledge of your identity as a result.

The deployment of cookies serves on the one hand to make the use of our site a more pleasant experience for you. For example, we deploy so-called session cookies which enable us to recognise that you have previously visited individual pages on our website. These are deleted automatically when you leave our site.

Furthermore, we deploy temporary cookies to optimise user-friendliness. These are stored on your device for a certain fixed period of time. If you revisit our site to avail yourself of our services, the fact that you have visited us before is automatically recognised, as are the entries you made and the settings you used, so that you do not have to enter them again.

We also deploy cookies in order to make a statistical survey of the use of our website and analyse it for the purpose of optimising our site for you. When you revisit the site, these cookies enable us to recognise automatically that you have visited us before. These cookies are deleted automatically after a predetermined period of time.

The data processed by cookies are required for the above-mentioned purposes to safeguard our legitimate interests and those of third parties in accordance with Art. 6 1. (f) of the GDPR.

Most browsers accept cookies automatically. Having said that, you can configure your browser in such a way that no cookies are stored on your computer, or in such a way that a notice always appears before a new cookie is created. The complete deactivation of cookies, however, can lead to a situation in which you cannot use all the functions of our website.

7. Content of our website

7.1 Making contact / contact form

When you make contact with us (e.g. per contact form or e-mail), personal data will be gathered. You can see which data are gathered when a contact form is used from the form itself. These data are stored and used exclusively for the purpose of responding to your enquiry and / or that of making contact, and to assist in the associated technical administration. The legal basis for the processing of these data is our legitimate interest in responding to your enquiry in accordance with Art. 6 1. (f) of the GDPR. If you contact us with the aim of concluding a contract, the processing is also based on Art. 6 1. (b) of the GDPR. Your data will be deleted when your enquiry has been dealt with conclusively. This is deemed to be the case when it can be seen from the circumstances that the matter in question has been finally resolved and there are no statutory obligations to preserve which contradict deletion.

8. Newsletter service

8.1 Newsletter service for existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you regular offers relating to goods or services similar to those you have already purchased from our range by e-mail. In accordance with Section 7 (3) of the German Act against Unfair Competition (UWG), we do not have to obtain separate consent from you to do this. To that extent, the data are processed solely on the basis of our legitimate interest in personalised direct advertising as in Art. 6 1. (f) of the GDPR. If you have objected to the use of your e-mail address for this purpose at the beginning, we will not send you any mails. You have the right to object to the use of your e-mail address for the above-mentioned advertising purposes at any time with future effect by notifying the controller specified in Para. 2.
The only costs you incur in doing so are costs of transmission at the basic rates. On receipt of your objection, we shall discontinue the use of your e-mail address for advertising purposes without delay.

8.2 Advertising newsletter

On our website you are given the opportunity to subscribe to our company newsletter. You can see which personal data are transmitted to us when you order the newsletter from the template you use when doing so.

By means of a newsletter, we keep our customers and business partners informed at regular intervals about the range we offer. As a matter of basic principle, you can only receive our company newsletter if

 

  1. you have a valid e-mail address and
  2. you have registered for the newsletter service.

 

For legal reasons, a confirmatory mail will be sent to the e-mail address you entered when initially registering for the newsletter service in the double opt-in procedure. This mail serves to verify whether or not you as the owner of the e-mail address have actually authorised receipt of the newsletter.

When you register for the newsletter we also store the IP address, issued by your Internet Service Provider (ISP), of the IT system you were using at the time of registration, and the date and time of registration. The gathering of these data is necessary for the tracing of possible abuse of your e-mail address at a later point in time, and thus serves to protect us from a legal point of view.

The personal data gathered in the context of registration for the newsletter are used exclusively for the mailing of our newsletter. Subscribers to the newsletter can also be informed by e-mail if this is necessary to the operation of the newsletter service or registration in respect of it, such as might be the case if changes were made to the newsletter facility or if there were technical modifications. The personal data gathered in the context of the newsletter service are not passed on to third parties. You may cancel your subscription to our newsletter at any time. Your consent to the storage of personal data you have issued to us for the newsletter service can be withdrawn at any time. There is a link for withdrawing consent in each newsletter. You also have the possibility to unsubscribe from the newsletter at any time by sending an appropriate message to the controller specified in Para. 2.

The legal basis of data processing for the purposes of the newsletter service is Art. 6 1. (a) of the GDPR.

8.3 Newsletter tracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails sent in HTML format to enable logfile recording and logfile analysis. A statistical analysis can thus be made of the success or failure of on-line marketing campaigns. By means of the embedded tracking pixel, the company can see whether and when you have opened a given e-mail and which of the links in the mail you have followed.

Such personal data gathered via the tracking pixels contained in the newsletters are stored and analysed by us so that we can optimise the newsletter service and adapt the content of future newsletters to make them even better suited to your interests. These personal data are not passed on to third parties. Data subjects have the right to withdraw the specific declaration of consent they made via the double opt-in procedure in respect of this at any time. After such withdrawal these personal data will be deleted by us. We shall interpret unsubscription from the newsletter service automatically as withdrawal.

An analysis of this kind is carried out in particular in accordance with Art. 6 1. (f) of the GDPR on the basis of our legitimate interests in the display of personalised advertising, market research and / or the presentation of our website so as to meet the needs of our customers.

9. Plug-ins and other services

9.1 Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. ('Google'). Google Analytics employs so-called 'cookies', text files that are saved on your computer and enable an analysis to be made of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a server of Google in the USA and stored there. On activation of the IP anonymisation facility on this website, however, your IP address will, within the member states of the European Union or other states which are party to the Agreement on the European Economic Area, first be truncated. Only in exceptional cases will the whole IP address be transmitted to a server of Google in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on site activity for the operator and provide the operator with other services relating to website activity and Internet usage. The IP address that your browser conveys within the scope of Google Analytics will not be combined with any other data stored by Google. Transmission of these data by Google to third parties only takes place on the basis of statutory requirements or in the context of contracted data processing. The personal data is transferred under the EU-US Privacy Shield on the basis of the adequacy decision of the European Commission to the United States. You can retrieve the certificate at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. By using these web pages you declare yourself to be in agreement with the processing of the data relating to you gathered by Google, with the previously described means of data processing and with its stated purpose. You may refuse to allow the saving of cookies by selecting the appropriate setting on your browser, but we would like to point out that if you do so you may not be able to exploit the full functionality of this website.

You can, moreover, prevent the data that are generated by the cookie and relate to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plug-in available at (https://tools.google.com/dlpage/gaoptout?hl=en). You can prevent data from being gathered by Google Analytics by clicking on the following link: deactivate Google Analytics.

That will save an opt-out cookie which will prevent your data from being gathered when you visit this website in the future.

For more detailed information on this, go to https://tools.google.com/dlpage/gaoptout?hl=en or https://support.google.com/analytics/answer/6004245?hl=en (general information on Google Analytics and data protection). For further information on terms of use and data protection go to https://www.google.com/analytics/terms/gb.html and / or https://policies.google.com/?hl=en-GB&gl=en. We would like to draw your attention to the fact that on this website Google Analytics has been extended to include the code "gat._anonymizeIp();" to ensure that IP addresses can only be recorded in anonymised form (so-called IP masking). Source: www.datenschutzbeauftragter-info.de

9.2 Google Maps

On our website we use Google Maps (API) von Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for the depiction of interactive maps, so that geographical information can be displayed visually. Via the use of this service, for example, we can display our location to you and make it easier for you to find us if you wish to visit our premises.

As soon as you call up the sub-pages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This happens regardless of whether Google provides a user account via which you have logged in or no user account exists. If you are logged in to Google, your data are allocated to your account directly. If you do not wish your activity to be allocated to your profile at Google, you have to log out of your Google user account. Google will store your data (even for users who have not logged in) as usage profiles and analyse them. Such analysis is carried out in particular in accordance with Art. 6 1. (f) of the GDPR on the basis of Google's legitimate interests in the display of personalised advertising, market research and / or the presentation of its website in a way that meets the needs of its users. You have a right to object to the creation of these user profiles, but you must apply to Google if you wish to exercise it.

Google LLC, headquartered in the USA, is certified for the US-European data protection convention 'Privacy Shield', which ensures compliance with the level of data protection applicable in the EU.

If you are not in agreement with the future transmission of your data to Google when using Google Maps, you also have the possibility to deactivate the web service of Google Maps completely by disabling the JavaScript application in your browser. If you do that, however, it will not be possible to use Google Maps, and therefore not possible to use the map display on this website either.

We use Google Maps in the interest of presenting our on-line amenities appealingly and making it easy to find the places we refer to on the website. This constitutes a legitimate interest within the meaning of Art. 6 1. (f) of the GDPR.

You can view Google's terms of use at
https://www.google.de/intl/de/policies/terms/regional.html

For the supplementary terms of use for Google Maps go to https://www.google.com/intl/de_US/help/terms_maps.html

For detailed information on data protection in connection with the use of Google Maps go to the Google web page ('Google Privacy Policy'): https://www.google.de/intl/de/policies/privacy/

9.3 Google web fonts

Our website uses so-called web fonts for the uniform depiction of fonts, which are provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you call up a site, your browser loads the required web fonts into your browser cache so as to be able to display texts and fonts correctly.

To this end, the browser you are using must make connection with the servers of Google. Google thus gains knowledge of the fact that our website has been called up via your IP address. We use Google web fonts in the interests of a uniform, appealing presentation of our website.

This constitutes a legitimate interest within the meaning of Art. 6 1. (f) of the GDPR.

Google LLC, headquartered in the USA, is certified for the US-European data protection convention 'Privacy Shield', which ensures compliance with the level of data protection applicable in the EU.

You will find more information on Google web fonts at
https://developers.google.com/fonts/faq and in the Google privacy policy: https://www.google.com/policies/privacy/

9.4. Google reCAPTCHA

On this website we also use the reCAPTCHA function provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ('Google'). Above all, this function serves to discern whether an entry is made by a natural person or abusively by automated processing. The service includes the transmission of the IP address and may also include the transmission to Google of other data required by Google for the reCAPTCHA service, and is rendered pursuant to Art. 6 (1) (f) of the GDPR on the basis of our legitimate interest in ascertaining the individual intention behind actions performed on the Internet and preventing abuse and spam. During the use of Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. in the USA.

To cater for the transmission of personal data to Google LLC. with its registered office in the USA, Google LLC. has had itself certified for the US-European data protection framework 'Privacy Shield', which ensures compliance with the level of data protection applicable in the EU. To view a current certificate, go to: https://www.privacyshield.gov/list

For further information on Google reCAPTCHA and the Google privacy policy go to: https://policies.google.com/privacy?hl=en-GB


9.5 YouTube (videos)

This website uses the YouTube embedding function for the display and replay of videos from the provider 'YouTube', which belongs to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ('Google').

For this, the extended privacy mode is used. According to the provider, this does not trigger any storage of user information until the replay of the video(s) begins. If the replay of embedded YouTube videos is commenced, the provider 'YouTube' deploys cookies in order to gather information about the behaviour of the user. According to information provided by 'YouTube', the purposes these cookies serve include the gathering of video statistics, the improvement of user-friendliness and the prevention of acts of abuse. If you are logged in to Google, your data will be directly allocated to your account when you click on a video. If you do not wish the data to be allocated to your YouTube profile, you must log out before activating the button. Google will store your data (even for users who have not logged in) as usage profiles and analyse them. Such analysis is carried out in particular pursuant to Art. 6 1. (f) of the GDPR on the basis of the legitimate interests of Google in the display of personalised advertising, market research and / or the presentation of its website in a way that meets the needs of its users. You have a right to object to the creation of these user profiles, but you have to apply to YouTube if you wish to exercise it.

Regardless of any replay of embedded videos, a connection is made to the Google network 'DoubleClick' each time this website is called up. This may trigger off other data processing operations on which we have no influence.

Google LLC, headquartered in the USA, is certified for the US-European data protection convention 'Privacy Shield', which ensures compliance with the level of data protection applicable in the EU.

For more information on data protection at 'YouTube' see the provider's privacy policy at:
https://www.google.de/intl/de/policies/privacy

10. Your rights as a data subject


10.1 Right to confirmation

You have the right to request confirmation from us as to whether or not personal data relating to you are being processed.

10.2 Right of access as in Art. 15 of the GDPR

You have the right to receive free information from us at any time about the personal data stored as they relate to your person, and a copy of those data.


10.3 Right to rectification as in Art. 16 of the GDPR

You have the right to call for the rectification of inaccurate personal data that relate to you. Depending on the purposes of the processing, the data subject also has the right to request that incomplete personal data be completed.

10.4 Erasure as in Art. 17 of the GDPR

You have the right to request that personal data relating to you be erased without delay, provided that one of the reasons provided for by the law applies and provided that the processing is not necessary.

10.5 Restriction of processing as in Art. 18 of the GDPR

You have the right to request us to restrict the processing if one of the statutory prerequisites for doing so applies.

10.6 Data portability as in Art. 20 of the GDPR

You have the right to receive the personal data relating to you which you have made available to us in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us, if the processing is based on consent in accordance with Art. 6 1.
(a) or Art. 9 2. (a) of the GDPR or on a contract pursuant to Art. 6 1. (b) of the GDPR, and the data are processed with the aid of automated procedures, provided that the processing is not necessary to the performance of a task with which we have been entrusted and which is in the public interest or is carried out in the exercising of public authority.

When exercising your right to data portability as in Art. 20 1. of the GDPR, you also have the right to obtain that the personal data are transmitted directly from one controller to another, if this is technically feasible and if the rights and freedoms of other persons are not impaired by said transmission.

10.7 Objection as in Art. 21 of the GDPR

For reasons relating to your specific situation, you have the right to object at any time to the processing of personal data relating to you if the data are being processed on the basis of Art. 6 1. (e) (data processing in the public interest) or (f) (data processing on the basis of a balancing of interests) of the GDPR.

This also applies to profiling based on these provisions as in Art. 4 4. of the GDPR.

If you do object, we shall cease to process your personal data, unless we can provide proof of compelling legitimate reasons for the processing such as outweigh your interests, rights and freedoms, or the processing serves the assertion, exercising or defence of legal claims.

In individual cases we process personal data to pursue direct advertising. You can object to the processing of the personal data for the purpose of such advertising at any time. This also applies to profiling if it is in connection with such direct advertising. If you lodge an objection with us to processing for direct advertising purposes, we shall cease to process the personal data for those purposes.

For reasons relating to your specific situation, you also have the right to object to the processing of personal data relating to you if the data are being processed by us for scientific or historical research purposes or statistical purposes as in Art. 89 1. of the GDPR, unless such processing is necessary to the performance of a task which is in the public interest.

Notwithstanding Directive 2002/58/EC, you are free, in connection with the use of information society services, to exercise your right to object by means of automated procedures in which technical specifications are used.

10.8 Withdrawal of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with future effect.

10.9 Complaining to a supervisory authority
You have the right to lodge a complaint with a supervisory authority competent for data protection about our processing of personal data.


11. Routine storage, deletion and disablement of personal data

We only process and store your personal data for the period which is necessary to the achievement of the purpose of that storage or as provided for in the legal requirements to which our company is subject.

If the purpose of the storage ceases to apply or if a prescribed storage period expires, the personal data will be disabled or deleted routinely and in accordance with the statutory provisions.

12. Duration of storage of personal data

The criterion for the duration of the storage of personal data is the relevant statutory retention period. On expiry of that period, the data in question will be erased as a matter of routine, provided that they are no longer necessary to the performance or negotiation of a contract.

13. Up-to-dateness and amendment of the data protection declaration

This data protection declaration is valid at the present time and was issued in May 2018.

Because of the further development of our web pages and amenities or because of altered requirements issued by the legislators or authorities, it may become necessary to amend this data protection declaration. You can retrieve and print out the version of this data protection declaration that is currently applicable at any time on the website at https://www.eurodata.co.at/en/privacy