Last updated: [2023-06-30]
OwnerChip GmbH with its seat in Vienna and the business address SPACES Icon Tower 9, Gertrude-Fröhlich-Sandner Straße 2-4, 1100 Vienna, registered with the Commercial Court Vienna under FN 591426w (“we“) operate the websites under the domain ownerchip.com (“Website“), our Apps ‘OwnerChip App’ and ‘OwnerChip Discovery App’ (“Apps“) as well as various social media profiles and are the controller under data protection law for any and all data processing operations outlined subsequently. This data protection declaration covers (i) our Website, (ii) our Apps as well as (iii) our social media presences.
Thank you for your interest in our Website, our Apps and social media presences. The protection of your privacy is very important to us and we would like to inform you accordingly about your rights and opportunities in order to effectively support a trusting business relationship.
Our data protection practice is in accordance with the General Data Protection Regulation of the European Union (“GDPR“) in conjunction with the Austrian Data Protection Act (“DSG“), the Austrian Telecommunications Act 2003 (“TKG“) and other relevant legal provisions. The following declaration is intended to provide you with comprehensive information in the sense of Art 13 GDPR on how we deal with your data and what rights you have. Information may be either collected directly from you by means of inputs and dispositions or due to accessing one of our offers.
Data protection laws are generally relevant in case any processing of personal data is concerned. The terms used within the scope of this data protection declaration are defined in and by the GDPR. As such, the broad definition of “processing” of personal data means any operation or set of operations performed on personal data, such as, but not limited to, recording, organization, storage, alteration, and transmission of personal data. Any information allowing us or third parties, in a review or by additional knowledge, to potentially identify you in person can be considered personal data. Should the subsequent information only reference ‘data’, this is always to be understood as ‘personal data’.
1. Data processing operations
1.1 Processing of access data when visiting our Website
- Type and extent of data processing: You can visit our Website without providing any personal information. When you access our Website, only certain access data are processed automatically in so-called server logfiles. In particular, the following data are processed in this context: (i) name of visited website; (ii) browser type/version used; (iii) operating system of the user; (iv) previously visited website (referrer URL); (v) time of the server request; (vi) data volume transferred; (vii) host name of the accessing computer (IP address used). This information does not allow us to identify you personally; however, IP addresses are considered personal data within the meaning of the GDPR. As a mere website visitor, you can inform yourself about our offers and activities without any obligation and without the possibility for us to link such data to your person.
- Legal basis and purpose: The purpose of this data processing operation is to establish and maintain technical security in regards of our Website, to improve the Website’s quality and to generate non-personal statistical information. The processing is based on our legitimate interest (Art 6 para 1 lit f GDPR) in achieving the mentioned purposes.
- Type and extent of data processing: When contacting us via the contact information provided in the course of this Data Protection Declaration respectively on our Website or Apps, we will use your data as indicated in order to process your contact request and deal with it. The data processing involved is necessary to issue a response in respect of your request, as we would otherwise not be able to contact you.
- Legal basis and purpose: Purpose of the data processing is to enable us an exchange with users of the Website and Apps. We answer your request on the basis of our legitimate interest (Art 6 para 1 lit f GDPR) in maintaining a properly functioning contact system, which is a prerequisite for the provision of any services. In case of repeated contact requests, we may also store your data for the purpose of cultivating existing/returning contacts, which you will be informed of in accordance with the requirements of data protection law.
- Storage period: We delete your requests as well as your contact data if the request has been answered conclusively. Your data are, in general, stored for a period of twelve months (12) months and subsequently erased if we do not receive follow-up requests and if the data must not be further processed for different purposes.
1.3 Customer account; customer orders
- Type and extent of data processing: Should you have decided to make use of our products or services, you will be required to provide certain information for the execution of the contract. If you purchase our products via our Website, you must at least provide the following personal data: (i) full name, (ii) email address, (iii) shipping, (iv)billing information and (iv) your public wallet-address. Additional information, such as your telephone number, may be provided voluntarily.
- Legal basis and purpose: We are processing your data for the purpose of conducting our business activity and to be able to provide our services as offered. The processing is necessary to fulfil the purchase contract concluded with you and is, thus, based on Art 6 para 1 lit b GDPR. Additional data processing due to the creation of a customer account is based on our legitimate interest (Art 6 para 1 lit f GDPR), which consists in enabling us to provide users with a service which is usually expected from an online shop and in the facilitation of the ordering process for our customers as the purpose of data processing.
- Storage period: Data collected in the course of orders are stored for the period of one (1) year and will be erased thereafter, as long as follow-up contact has not been established in the meantime. Longer storage periods may be the result of legal storage obligations or in case legal claims are assumed. This, in particular, concerns your settlement data which we have to store for seven (7) years due to tax based and entrepreneurial retention and documentation periods following the Austrian Federal Fiscal Code as well as the Austrian Commercial Code.
1.4 Legal retention and documentation periods
- Type and extent of data processing: Even after an active customer relationship with us ceases to exist, we may not be allowed to delete all of your data due to legal requirements. Within this context, different types of data are affected to a varying extent. This concerns, in particular, your settlement data which are to be stored on the basis of safekeeping and documentation obligations pursuant to the Austrian Federal Fiscal Code (BAO) as well as the Austrian Corporate Code (UGB).
- Legal basis and purpose: We process your data in this context on the basis of Art 6 para 1 lit c GDPR (legal obligation). Said processing of your data is conducted for the purpose of complying with our own statutory duties.
Storage period: Due to legal safekeeping and documentation obligations, your settlement data are generally stored for a period of seven (7) years. In case the data in question are relevant for a pending (tax) proceeding, they might be stored for longer periods.
1.5 Storage technologies
Cookies are small data sets that are stored on your end device. They help us to make our offer more user-friendly. They are placed by a web server and sent back to it as soon as a new connection is established in order to recognize the user and his or her settings. In this sense, a cookie is a small local text file that assigns a specific identity consisting of numbers and letters to your end device.
Cookies always contain the following information:
- name of the cookie;
- name of the server the cookie originates from;
- ID number of the cookie;
- an end date at the end of which the cookie is automatically deleted.
As an example, Cookies can be differentiated according to type and purpose as follows:
- Necessary/essential cookies: Such cookies are required for the operation of the Website and are essential to navigate the Website and to use its full range of functions (eg to access protected areas of the digital appearance). Without these cookies, Websites cannot function properly on many occasions. Furthermore, – from a legal point of view – all cookies which are absolutely necessary for us for other reasons in order to be able to provide our services, may be categorized essential if the respective services were expressly requested by you. Necessary cookies are always first-party cookies. They can only be deactivated in the settings of your browser by rejecting all cookies without exception (see below) and are also used on our website legally permissible without obtaining prior consent.
- Functionality cookies: These cookies allow websites to remember information that affects the way a website behaves or looks, like preferences in the language settings or the geographical region from which the website is accessed. These cookies can be helpful for the use of websites and their functions. They allow, for example, the storage of your user settings/data during registration so that you do not have to enter them repeatedly. The information collected by functionality cookies relates solely to the website you have visited and no information about your surfing behavior is collected. Information contained in such cookies is usually anonymized. The use of these cookies requires your prior express consent. These cookies can also be deactivated via the settings of your browser (see below). If you consent to the placement of these cookies, functionality cookies may be placed on your device as specified in the cookie consent tool and our cookie description.
- Performance cookies: These types of cookies allow website operators to understand how visitors interact with their website by collecting and analyzing information about user behavior anonymously. In particular, the following information may be stored: (i) accessed sub-pages (duration and frequency); (ii) order of pages visited; (iii) search terms used having led to the visit of the respective website; (iv) mouse movements (scrolling and clicking); (v) country and region of access. These cookies allow to determine what a user is interested in and thereby adapt the content and functionality of the website to individual user needs. They do not store personal data, eg your IP address and cannot be used to trace back the individual user. The use of these cookies requires your prior express consent. The cookies can be deactivated via your browser settings (see below). If you consent to the placement of these cookies, performance cookies may be placed on your device as specified in the cookie consent tool and our cookie description. Your consent in this matter can have a direct influence on the functional capabilities of third-party services mentioned under point 6.
- Tracking cookies: These cookies allow tracking of visitors when accessing websites. The intention behind this is to display advertisements that are relevant and appealing to the respective user and therefore have more value for the publisher and the third-party advertiser. This can be achieved by analyzing user behavior and display of personalized advertising based on the interests determined. Among other things, they collect information about previously visited websites. If you consent to the placement of these cookies, tracking cookies may be placed on your device as specified in the cookie consent tool and our cookie description. The use of these cookies requires your prior express consent. The cookies can be deactivated via the settings of your browser (see below). Your consent in this matter can have a direct influence on the functional capabilities of third-party services mentioned under point 1.6.
With regard to the storage period cookies can be further differentiated as follows:
- Session cookies: Such cookies will be deleted without any action on your part as soon as you close your current browser session. Such cookies, for example, allow you to remain logged in to your password-protected customer account during navigation on websites by assigning you a specific session ID.
- Persistent cookies: Such cookies (eg to save your language settings) remain stored on your end device until a previously defined expiration date or until you have them manually removed. Among other things, they enable cross-session user tracking.
Furthermore, cookies may be differentiated by their subject of attribution:
- First-party cookies: Such cookies are used by ourselves and placed directly from our Website. Browsers generally do not make them accessible across domains which is why the user can only be recognized by the page from which the cookie originates.
- Third-party cookies: Such cookies are not placed by the website operator itself, but by third parties when visiting a specific website, in particular, for advertising purposes (eg to track surfing behavior). They allow, for example, to evaluate different page views as well as their frequency.
Most browsers automatically accept cookies. However, you have the option to customize your browser settings so that cookies are either generally declined or only allowed in certain ways (eg, limiting refusal to third party cookies). However, if you change your browser’s cookie settings, some websites may no longer be fully usable. The setting options for the most common browsers can be found under the following links:
Internet Explorer™: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
1.5.2 Local Storage
If you have given us your explicit prior consent according to § 96 para 3 TKG in conjunction with Art 6 para 1 lit a GDPR after accessing our Website, we use storage capacity of your browser software in order to enhance the usability of our Website, its user-friendliness and our service in general (for example to save your language settings). Therefore, we use the so-called Local Storage to store certain data on your end device, whereby your browser software maintains a separate Local Storage for each domain. Besides yourself, only we are able to access the data we are processing in this context. Under no circumstances, third parties/websites will be able to access/read any of such data; moreover, we do not combine any data in your Local Storage with other data in your Local Storage or with data from different sources. The data stored in the Local Storage will not be used for advertising purposes. In contrast to “cookies”, this method is safer and faster because data are not transferred automatically to the respective server with every HTTP request, but stored by your browser software. Additionally, a greater volume of data (at least 5 megabytes) can be stored.
Please be aware that Local Storage data have no expiry date and will remain on your end device even after you have closed your browser session. If you want to clear your Local Storage, you may clear the cache of your browser software acting as a temporary storage to reduce server lag and speed up the browsing experience by saving web content for reuse. The setting options for the most common browsers can be found under the following links:
Microsoft Internet Explorer 11™: https://clear-my-cache.com/en/windows/internet-explorer-11.html
Microsoft Edge™: https://clear-my-cache.com/en/windows/microsoft-edge.html
Apple Safari™: https://clear-my-cache.com/apple-mac-os/safari.html
Google Chrome™: https://support.google.com/accounts/answer/32050?co=GENIE.Platform%3DDesktop&hl=en
Mozilla Firefox™: https://support.mozilla.org/en-US/kb/how-clear-firefox-cache
1.6 Third-party services
1.6.1 Google Analytics
In the context of the application of Google Analytics, your IP address as well as other client data, namely information about your use of our Website, for example, browser type/version, operating system, the previously visited website or the time of the server request, are transferred to and stored on Google servers. Based on our instructions, Google Ireland will use the information collected to analyse the use of our Website, draft reports on website activities and provide us with further services connected to the use of our Website and the Internet.
The IP address transferred by your browser in the context of Google Analytics is not merged with other Google data. In order to protect you as comprehensively as possible, we utilise IP anonymisation by extending the code of our Website by “anonymizeIP”. This ensures masking of your IP address, wherefore all data concerned are collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server and shortened there.
Google Ireland intends to process data of users of the European Economic Area, where possible, in data centres situated in Europe; however, an outsourcing of processing activities to group companies may take place, wherefore a processing of your data in the USA by Google Ireland’s parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google LLC”) is possible. Any potential transfer or your data by Google Ireland to such sub-processors in third countries is based on the standard data protection clauses of the European Commission in the meaning of Art 46 sub-para 2 lit c GDPR. An overview of Google Ireland’s respectively Google LLC’s data centres can be viewed at: https://www.google.com/about/datacenters/inside/locations/?hl=en.
With the procedure described under point 1.8 you can prevent the storage of cookies by a corresponding setting of your browser software (possibly limited to third party cookies). You can also prevent Google Ireland from collecting data generated by cookies and relating to your use of the Website (including your IP address) and from processing this data by downloading an appropriate browser plug-in (available for Microsoft Internet Explorer 11, Google Chrome, Mozilla Firefox, Apple Safari and Opera) and installing it (https://tools.google.com/dlpage/gaoptout?hl=en).
For further information on data usage by Google Ireland and affiliated companies as well as your options in terms of settings and objection, please review the data protection declaration of Google at https://policies.google.com/privacy?hl=en.
1.6.2 Google AdWords
On our Website we use web analysis and online marketing tools from Google, namely “Google AdWords”. When you click on an ad placed by Google, a cookie is placed on your device. These cookies expire after 30 days, do not contain any personally identifiable information, and are not personally identifiable. Neither we nor any third party will receive any information from Google that could identify you as a data subject.
Further information on data protection in connection with Google AdWords and your options in this regard can be found at https://policies.google.com/technologies/ads?hl=en.
1.6.3 Google Tag Manager
On our Website we use the service “Google Tag Manager”, provided by Google Ireland. The Google Tag Manager is used to manager website tags via an interface. This enables us to embed code snippets such as tracking codes or conversion pixels into our Website without interfering with the source code. In this process, Google Tag Manager data is only transferred; it is not collected or stored. The Google Tag Manager itself is a cookie-less domain and does not process any personal data, because it is used solely to manage other services used on our Website. The Google Tag Manager triggers other tags which in turn collect data under specific circumstances. However, the Google Tag Manager has no access to this data. If you have chosen to deactivate cookies on our Website in general or to deactivate specific cookies, this will remain in effect for all tracking tags that are implemented using the Google Tag Manager.
For more information about data protection, refer to the following Google websites:
FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
Google Tag Manager terms and conditions for use: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/
Within our Apps and our website, we use the tool “Sentry” of Functional Software Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA (“Functional Software”). Sentry is an open-source error tracking tool for detecting, recording and evaluating software errors as well as program crashes. With Sentry, we can detect errors faster so that we can offer our users the best possible user experience. The software helps us to respond to display errors in our Apps without the visitor having to report them. This helps us to continuously improve our Apps and its usability.
Sentry is in particular collecting the following data: the client type (Android, iOS, web), the operating system, non-personal information about your mobile device, URLs, the error context (request headers, environment, software package list and SDK version), the current BE software version and the time of the error. In this context, we process your data on the basis of our legitimate interest to improve the technical stability of our Apps by monitoring system stability and detecting code errors (Art 6 para 1 lit f GDPR). However, no personal data are processed for these purposes.
The so called “sentry application”, the database which is used by Sentry, is hosted under controlled conditions on managed servers, which means that we do not have any data leakage outside our servers. Functional Software does not receive any data.
Further information on data protection in connection with Sentry and your options in this regard can be found at https://sentry.io/privacy/ or for Sentry products in general at https://sentry.io/welcome/.
Die Webseite der benutzt Matomo, eine Open-Source-Software zur Analyse und statistischen Auswertung der Besucherzugriffe.
Only within our Website, we use the tool “Matomo”, an open-source web analytics tool for tracking and analysing online Website visits, provided by a collective of contributors which can be found under https://matomo.org/team/, legally represented by Matthieu Aubry (“Matomo Colletctive”). With Matomo, we can improve our Website to provide users with the best possible user experience. This helps us to continuously improve our Website and its usability.
Matomo is in particular collecting the following data: user IP address, URLs, the use context (eg title of viewed page, screen resolution, local time zone, clicked and downloaded files, page generation time, geolocation) and the time of the request. In this context, we process your data on the basis of our legitimate interest to improve the usability of our Website by monitoring system stability and useability (Art 6 para 1 lit f GDPR)..
Further information on data protection in connection with Matomo and your options in this regard can be found at https://matomo.org/privacy-policy/ or for Matomo products in general at https://matomo.org/.
Matomo, is hosted under controlled conditions on our servers, which means that we do not have any data leakage outside our servers. InnoCraft does not receive any data.
1.7 Links to third-party sites
On our Website we use links to the websites of third parties. These are, in particular, reference links leading to our permanent partners as well as links to our presences in social networks (eg Facebook). If you click on one of these links, you will be forwarded directly to the respective page. For the website operators it is only evident that you have accessed our Website. Accordingly, we refer you, in general, to the separate privacy policies of these websites. For further information on our processing of your data in connection with our social media presences, please review point 2.
2. Social media presences
For the purpose of promoting our business activity and our service offer, we maintain presences in various social networks. The processing of your data in this context is based on our legitimate interest (Art 6 para 1 lit f GDPR) in expanding our reach as well as providing additional information and means of communication to users of social networks. In order to reach said purposes at the best possible rate, we may utilise functions provided by the respective service provider to measure our reach in detail (access statistics, identification of returning users, etc).
In the course of accessing any of the online presences outlined subsequently, we process the general information being evident due to your profile in the respective network as well as additional continuance, contact or content data, as far as you provide us with such data by interacting with our online presence and its contents. We do not store those data separately outside of the respective social network.
Since we jointly decide with the relevant service provider (respectively entity expressly outlined as controller) upon purposes and means of data processing in the course of a respective online presence, we are to be considered joint controllers in the sense of Art 26 GDPR. The provider of each social network mentioned shall act as the primary point of contact with regard to all general and technical questions in respect of our online presences; this also applies to fulfilling rights of the data subjects in the sense of point 5. However, in case of requests concerning the specific operation of our online presences, your interactions with them or information published/collected via such channels, we shall be the primary point of contact; point 5 as well as other stipulations in this Data Protection Declaration apply correspondingly.
The social network “LinkedIn” is operated by LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, California 94085, United States (“LinkedIn International”). For the EEA region, LinkedIn is operated and data processing is controlled by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn Ireland”). In respect of the operation of our LinkedIn account “[OwnerChip]” (https://www.linkedin.com/company/ownerchip/), we are joint controllers in the sense of Art 26 GDPR with LinkedIn Ireland.
Please note that we have no influence on the programming and design of the social network; thus, we can only use the options provided by LinkedIn in order to personalise and maintain our LinkedIn account. Hence, please carefully review the terms which the service provider prescribes for the use of the social network (https://www.linkedin.com/legal/user-agreement?_l=en_EN) as well as the separate data protection declaration (https://www.linkedin.com/legal/privacy-policy) and consider the settings options in your LinkedIn account. In regards to any information provided by us via mechanisms made available by LinkedIn (postings, chats, etc), we are naturally fully responsible.
Any processing of your data by LinkedIn International in the United States is based on the standard data protection clauses by the European Commission in the meaning of Art 46 sub-para 2 lit c GDPR.
The social network “Twitter” is operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland (“Twitter International”). Controller from a data protection point of view with regard to the European Union is Twitter International Company. In respect of the operation of our Twitter account “[@ownerchip]” (https://twitter.com/ownerchip), we are joint controllers in the sense of Art 26 GDPR with Twitter International.
Please note that we have no influence on the programming and design of the social network; thus, we can only use the options provided by Twitter in order to personalise and maintain our Twitter account. Hence, please carefully review the terms which the service provider prescribes for the use of the social network (https://twitter.com/de/tos) as well as the separate data protection declaration (https://twitter.com/de/privacy) and consider the settings options in your Twitter account. In regards to any information provided by us via mechanisms made available by Twitter (Tweets, etc), we are naturally fully responsible.
Eventually, your data may be processed in the United States. Any potential transfer of your data by Twitter International to related companies, in particular to Twitter Inc, 1355 Market Street Suite, 900 San Francisco, California, 94103 United States, is based on the standard data protection clauses by the European Commission in the meaning of Art 46 sub-para 2 lit c GDPR.
The communication network “Discord” is operated by Discord Inc, 444 De Haro Street, Suite 200, San Francisco, California, 94107 United States (“Discord International”). VeraSafe Ireland Ltd, Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P Ireland is its representative in relation to data protection in the EEA in accordance with Art 27 GDPR. In respect of the operation of our Discord server “OwnerChip” (https://discord.com/invite/mcyhBD5ZrK), we are joint controllers in the sense of Art 26 GDPR with Discord International.
Please note that we have no influence on the programming and design of the social network; thus, we can only use the options provided by Twitter in order to personalise and maintain our Discord channel. Hence, please carefully review the terms which the service provider prescribes for the use of the social network (https://discord.com/terms) as well as the separate data protection declaration (https://discord.com/privacy) and consider the settings options in your Discord account. In regards to any information provided by us via mechanisms made available by Discord (postings, etc), we are naturally fully responsible.
Any processing of your data by Discord International in the United States is based on the standard data protection clauses by the European Commission in the meaning of Art 46 sub-para 2 lit c GDPR.
The video platform “YouTube” is operated by Google LLC. Controller from a data protection point of view with regard to the EEA region is Google Ireland. In respect of the operation of our YouTube channel “@OwnerChip ” (https://www.youtube.com/@OwnerChip ), we are joint controllers in the sense of Art 26 GDPR with Google Ireland.
Please note that we have no influence on the programming and design of YouTube; thus, we can only use the options provided by YouTube in order to personalise and maintain our YouTube channel. Hence, please carefully review the terms which the service provider prescribes for the use of the video platform (https://www.youtube.com/t/terms) as well as the separate data protection declaration (https://policies.google.com/privacy?hl=en-GB&gl=uk) and consider the settings options in your YouTube account. In regards to videos and content provided by us, we are naturally fully responsible.
3. Data transfer
For the purposes explained in this Data Protection Declaration, we will transfer your (personal) data to the following recipients or make them available to them:
Within our organisation, your data will be provided to those entities or employees who need them to fulfil their contractual or legal obligations and for data processing that is based on our legitimate interests.
Furthermore, (external) processors deployed by us receive your data if they need such data to provide their respective services (whereby the mere possibility to access personal data is sufficient). All processors are contractually obliged to keep your data confidential and to process it only within the scope of service provision. This includes the following categories of recipients:
- website evaluation/analysis (see point 6)
- Amazon Internet Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxemburg.
- Pinata Technologies, Inc., 3555 Farnam St. #905, Omaha, NE 68131, USA.
- InterPlanetary File System (IPFS), decentralized Peer-to-Peer Network operated open source with the core team of Protocol Labs.
Please note that some of the recipients mentioned above are located outside of the EEA region or process your (personal) data outside of the EEA region. As far as no adequacy decision of the European Commission is in existence with regard to such cases, we shall legitimise the third-country transfer on the basis of standard contractual clauses or other appropriate safeguards in the sense of Art 46 GDPR, which we have agreed upon accordingly with the respective provider.
Lastly, we may transfer your data to independent controllers, as far as this is necessary in the course of our business activity in order to provide our services. Also, a transfer of certain of your data to authorities/courts in the course of their statutory competence might take place.
4. Data security; erasure concept
We take all appropriate technical and organisational measures to ensure that only those personal data that are absolutely necessary for the business purpose are processed by default. The measures taken by us concern the amount of data collected, the scope of processing as well as its storage period and accessibility. We use these measures to ensure that personal data are only made available to a limited and necessary number of persons through default settings. Other persons will under no circumstances be granted access to personal data without the explicit consent of the data subject. In addition, we use various protection mechanisms (backups, encryption) to safeguard the Website and other systems. This is intended to provide the best possible protection for your (personal) data against loss or theft, destruction, unauthorized access, alteration and distribution.
All of our employees have been sufficiently informed of all applicable data protection regulations, internal data protection regulations as well as data security precautions and are required to keep confidential all information entrusted or made available to them in the course of their professional activities. The requirements of the GDPR are strictly observed and personal data are only made available to individual employees insofar as this is necessary regarding the purpose of data collection and our obligations arising therefrom. If we deploy processors, these are obliged to act in accordance with our data protection practice on the basis of specific framework agreements concluded with us.
In accordance with the provisions of the GDPR, all (personal) data collected by us via the Website will only be stored for as long as it is required with regard to the legal basis of the processing operation, unless long-term storage is provided for by law. We comply with our obligation to delete data on the basis of our specific internal deletion concept, wherefore we can provide you with further information on request.
5. Rights of the data subject
A central aspect of data protection regulations is the implementation of adequate options allowing you to dispose of your own personal data, even after processing of said personal data has already commenced. For this purpose, a series of rights of the data subject are set in place. We shall comply with your corresponding requests to exercise your rights without undue delay and in any event within one (1) month of receipt of the request. Please direct your request to the following email address: firstname.lastname@example.org.
Specifically, the following rights are stipulated:
Should you exercise your right of access, we shall confirm whether we are processing your personal data and provide you with all relevant information in this regard, to the extent permitted by law. For this purpose, we will send you (i) copies of the data (emails, database excerpts, etc), as well as information on (ii) concretely processed data, (iii) processing purposes, (iv) categories of processed data, (v) recipients, (vi) the storage period or the criteria for determining it, (vii) the origin of the data and (viii) any further information depending on the individual case. Please note, however, that we cannot hand over any documents that could impair the rights of other persons.
With the right to rectification you may request that we rectify wrongly recorded data, data that have become inaccurate or incomplete (for the purpose of the respective processing). Your request will then be examined and the data processing affected may be restricted for the duration of the examination upon request.
The right to erasure may be exercised (i) in the absence of a need with regard to the purpose of processing, (ii) in the event of revocation of a consent given by you, (iii) in the event of an objection with regard to your particular situation, insofar as the data processing concerned is based on the legitimate interests of us (balance of interests), (iv) in the event of unlawful data processing, (v) in the event of a legal obligation to erase, and (vi) in the event of processing data of minors under the age of sixteen (16) respectively under the lower age stipulated by the respective EU/EEA Member State from which our Website is accessed (Austria: fourteen  years).
A right to restriction of processing, after the exercise of which affected data may only be stored, exists (only) in special cases. In addition to the possibility of restricting the duration of data corrections, (i) unlawful data processing (unless deletion is required) and (ii) the duration of the examination of a particular objection request are also covered.
You also have the right to object to data processing at any time on grounds relating to your particular situation. This applies to all cases of data processing based on our legitimate interests pursuant to Art 6 para 1 lit f GDPR (balance of interests).
You have the right to lodge a complaint with the relevant national supervisory authority (see point 5.2).
A right to data portability, after the exercise of which the data concerned may be obtained in a structured, common and machine-readable format or upon request directly communicated to another controller. However, such right only covers those of your personal data, which we process due to your consent given on the basis of Art 6 para 1 lit a GDPR or due to a contract concluded with you on the basis of Art 6 para 1 lit b GDPR.
Please also note that we may be unable to comply with your request due to compelling reasons worthy of protection for the processing (balance of interests) or a processing due to the assertion, exercise or defense of legal claims (on our part). The same applies in the case of excessive requests, whereby here as well as in the case of descendants of manifestly unfounded requests a fee may be charged.
If you take the view that we violate applicable data protection laws when processing your data, you have the right to file a complaint with a national supervisory authority. The concrete requirements for such a complaint in Austria are based on Section 24 DSG. However, we would ask you to contact us in advance in order to clarify any questions or problems.
The contact details of the Austrian Data Protection Authority are as follows:
Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, Austria
Phone: +43 1 52 152-0
Contact Details regarding data protection issues
For data protection questions, messages or requests, please use the following contact address:
Gertrude-Fröhlich-Sandner Straße 2-4
1100 Vienna, Austria