Name and Address of the Controller
For the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union and other data protection provisions, the controller in this case is:
Erdberger Lände 22/13
1030 Wien, Austria
Rights of the Data Subject
The data subject shall have the right under the provisions of the GDPR to obtain from the controller confirmation as to whether or not the data subject’s personal data are being processed. A data subject who wishes to exercise this right to confirmation should contact the controller or an employee of the controller.
Right to Access/Information
The data subject shall have the right under the provisions of the GDPR to obtain from the controller without charge information about the data subject’s stored personal data and a copy thereof. The European legislator has also granted the data subject right of access to following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been/will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where personal data have not been obtained from the data subject, all available information as to their source;
- the existence of automated decision-making, including profiling, as referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved as well as the significance and envisaged consequences of such processing for the data subject.
Where personal data are transferred to a third country or an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
A data subject who wishes to exercise this right to access and information should contact the controller or an employee of the controller.
Right to Rectification
The data subject shall have the right under the provisions of the GDPR to obtain from the controller without undue delay the rectification of inaccurate personal data concerning the data subject. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
A data subject who wishes to exercise these rights should contact the controller, the controller’s data protection officer or an employee of the controller.
Right to Erasure (‘Right to Be Forgotten’)
The data subject shall have the right under the provisions of the GDPR to obtain from the controller without undue delay the erasure of personal data concerning the data subject when one of the following applies and the processing is not necessary:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws the consent on which the processing is based pursuant to Article 6 (1) (a) or Article 9 (2) (a) GDPR, and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing or the data subject objects to the processing pursuant to Article 21 (2) GDPR;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to information society services as referred to in Article 8 (1) GDPR.
Where one of the above-mentioned grounds applies and a data subject wishes to exercise the right to erasure of personal data concerning the data subject that is stored by the controller, he/she should contact the controller, the controller’s data protection officer or an employee of the controller, who will arrange for the data to be erased without delay.
Where the controller has made the personal data public and is obliged pursuant to Article 17 (1) GDPR to erase the personal data, the controller, taking account of the available technology and cost of implementation, shall take reasonable measures, including technical measures, to inform other controllers responsible for processing the data that the data subject has requested them to erase any links to, or copies or replications of, these personal data, to the extent that the processing is not necessary. The controller, an employee of the controller or the controller’s data protection officer will make the necessary arrangements in the given case.
Right to Restriction of Processing
The data subject shall have the right under the provisions of the GDPR to obtain from the controller restriction of processing when one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period that will enable the controller to verify the accuracy of the personal data;
- the processing is unlawful, and the data subject opposes the erasure of the personal data and instead requests the restriction of their use;
- the controller no longer needs the personal data for the processing purposes, but the data are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to Article 21 (1) GDPR, and verification of whether the legitimate grounds of the controller override those of the data subject is still pending.
Should one of the above-mentioned grounds apply and a data subject wish to exercise his/her right to restrict the processing of personal data stored by the controller, he/she should contact the controller, the controller’s data protection officer or an employee of the controller, who will make the necessary arrangements in the given case.
Right to Data Portability
The data subject shall have the right under the provisions of the GDPR to receive the personal data concerning the data subject, which he/she has provided to a controller, in a structured, commonly used and machine-readable format. The data subject shall also have the right to transmit these data to another controller without hindrance from the controller to whom the data has already been provided when the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR and is carried out by automated means. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercising of official authority vested in the controller.
In exercising his/her right to data portability in accordance with Article 20 (1) GDPR, the data subject shall also have the right to have his/her personal data transmitted directly from one controller to another, where this is technically feasible and does not prejudice the rights and freedoms of others.
To exercise this right to data portability, the data subject should contact the controller, the controller’s data protection officer or an employee of the controller.
Right to Object
The data subject shall have the right under the provisions of the GDPR to object at any time on grounds relating to his/her particular situation to any processing of his/her personal data which is based on the provisions set down in Article 6 (1) (e) or (f) GDPR. This right to object shall also apply to profiling based on the aforementioned provisions.
Upon receipt of such an objection, the controller shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for this processing which override the interests, rights and freedoms of the data subject or serve to establish, exercise or defend legal claims.
Where the controller processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to the processing of his/her personal data for such marketing purposes. This right shall also apply to profiling to the extent that it is related to such direct marketing. In the event that the data subject should object to processing for direct marketing purposes, the controller will no longer process his/her personal data for these purposes.
The data subject shall also have the right to object on grounds relating to his/her particular situation to the processing of personal data concerning the data subject by the controller for scientific or historical research or statistical purposes pursuant to Article 89 (1) GDPR unless such processing is necessary to fulfil a task carried out in the public interest.
To exercise this right to object, the data subject should contact the controller, the controller’s data protection officer or an employee of the controller.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may also exercise his/her right to object by automated means using technical specifications.
Automated Individual Decisions, incl. Profiling
The data subject shall have the right under the provisions of the GDPR not to be subject to a decision based solely on automated processing, including profiling, which has a legal or comparable negative effect on the data subject. This provision shall not apply if the decision:
- is necessary for entering into or performing a contract between the data subject and the data controller,
- is valid under Union or Member State law applicable to the controller, which lays down suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests, or
- is based on the data subject’s explicit consent.
In the event that the decision is necessary for entering into or performing a contract between the data subject and the data controller or is based on the former’s explicit consent, the data controller shall implement suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests, at least his/her rights to obtain human intervention on the part of the controller, express his/her point of view and contest the decision.
To exercise his/her rights with regard to automated decisions, the data subject should contact the controller, the controller’s data protection officer or an employee of the controller.
Right to Withdrawal of Consent
The data subject shall have the right under the provisions of the GDPR to withdraw his/her consent to the processing of his/her personal data at any time.
To exercise the right to withdraw consent, the data subject should contact the controller, the controller’s data protection officer or an employee of the controller.
Legal or Contractual Provisions Regarding the Provision of Personal Data
Necessity for conclusion of the contract; Obligation on the part of the data subject to provide personal data; Possible consequences of not providing personal data.
In some instances, the provision of personal data is required by law (e.g. tax regulations) or can result from contractual arrangements (e.g. details on the contractual partner). To conclude a contract, it may be necessary that a data subject provides us with personal data that we must subsequently process. The data subject is, for instance, obliged to provide us with his/her personal data when we conclude a contract with him or her. If the data subject does not provide this data, we would not be able to conclude this contract. Prior to providing us with personal data, the data subject can, if necessary, contact the controller or the controller’s data protection officer. The controller or the controller’s data protection officer will explain whether the provision of personal data constitutes a legal or contractual requirement or is required to conclude the contract in a specific case, whether the data subject is obliged to provide personal data and what consequences would result from non-provision of such data.
Routine Erasure and Blocking of Personal Data
The controller shall only process and store personal data for the period of time required to achieve the purpose of the storage or unless so foreseen in laws or provisions issued by the European legislator or another legislator in the controller’s jurisdiction.
Should the purpose of the storage cease to apply, or the period of duration stipulated by the European legislator or another applicable legislator run out, the personal data will be routinely blocked or erased in accordance with the legal provisions.
Storage Period for Personal Data
Personal data will be stored for the period defined in the applicable legislation. When this period runs out, the corresponding data will be routinely erased as long as they are no longer required to fulfil or initiate a contract.
Legitimate Interests for Data Processing by the Controller or a Third Party
If the processing of personal data is based on Article 6 (1) (f) GDPR, The owner of this website legitimate interest for doing so is the pursuit of our business activities to the benefit of our staff and shareholders.
Legal Basis for the Processing of Personal Data
Article 6 (1) (a) constitutes the legal basis for any data processing by the controller for which consent must be obtained for a specific processing purpose. If personal data are processed to perform a contract to which the data subject is party, as is the case, for instance, with data processing that is required to ensure a delivery of goods or provide some other service or return service, this processing is based on Article 6 (1) (b) GDPR. The same applies to processing that is required to carry out precontractual measures such as responses to inquiries about our products or services. In the event that the controller is subject to any legal obligations that necessitate a processing of personal data, such as the fulfilment of tax obligations, this processing is carried out on the basis of Article 6 (1) (c). In rare cases, the owner of this webiste may be required to process personal data to protect the vital interests of the data subject or another natural person. This would be the case, for instance, if a visitor were to be injured in our offices, and we were required to pass on details of his/her name, age, health insurance or other vital information to a doctor, a hospital or other relevant third party. In such a case, the processing would be based on Article 6 (1) (d) GDPR. Finally, we could also process data on the basis of Article 6 (1) (f) GDPR. Data would be processed on this legal basis when none of the aforementioned legal foundations are applicable, and the processing is deemed necessary to pursue the legitimate interests of the controller or a third party, except in the event that such interests are overridden by the interests, fundamental rights and freedoms of the data subject. Such data processing is permitted in particular because it is expressly referred to by the European legislator, who deemed that such legitimate interest could exist when the data subject is a client of the controller (Recital 47, Sentence 2, GDPR).
Collection of General Data and Information; Server Log Files
Every time this website is accessed by a data subject, it automatically collects general data and information. This data and information are stored in the server log files. The following data and information may be collected:
- browser type and browser version,
- operating system used on the accessing device,
- referrer URL,
- pages accessed on our website by an accessing device,
- date and time of server request,
- Internet Protocol address (IP address),
- accessing system’s internet service provider,
- other similar data and information that serve to avert the threat in the event of attacks on our IT systems.
The Owner does not utilise such general data and information to identify the data subject. Instead, this information is required to:
- correctly deliver our website content,
- optimise the contents of this website and the advertising of this content,
- ensure availability of our IT systems and the technology behind this website, and
- provide law enforcement agencies with the necessary information to prosecute offenders in the event of a cyber-attack.
We therefore use these anonymous data and information for statistical purposes and to improve data protection, data privacy and data security in our organisation with the ultimate aim of ensuring an optimal level of protection, privacy and security for the personal data we process.
The anonymous data in the server log files is stored separately from all personal data provided by a data subject. These data are not merged with any other data sources.
This website contains links to external webpages, which are clearly identified and whose contents are not located on our own servers. The external contents of these links were verified at the time of their inclusion on our website. However, we cannot guarantee that the content on such external websites has not been subsequently changed. Should you notice that the content provided on such external websites breaches applicable law, please inform us of this situation.
This data privacy declaration only applies to the content on our own servers.
There are three different categories of cookies:
- essential cookies that are necessary to provide the basic functions of the website,
- functional cookies to ensure the performance of the website, and
- tracking cookies to improve the user experience.
Cookies are widely used by websites and servers. Many cookies contain a unique identifier known as a cookie ID. This identifier consists of a string of characters that websites and servers associate with the browser on which the cookie is stored. This allows websites and browsers to distinguish the data subject’s browser from other internet browsers that store different cookies. A specific internet browser can be recognised and identified by its unique cookie ID.
The links below contain detailed information on how to deactivate cookies in commonly used browsers:
Contact Options via this Website
In accordance with legal provisions, This website contains information that facilitates rapid contact to and direct communication with us by electronic means and thus includes a general address for electronic mail (e-mail address). Should a data subject contact the data controller by e-mail or via a contact form on this website, the personal data thereby transmitted by the data subject will be stored automatically. Any such personal data voluntarily transmitted to us by a data subject will be stored for the purposes of processing or responding to the data subject.
These personal data will not be forwarded to any third parties.
This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to obtain anonymised usage statistics.
This web analytics software collects anonymised user data like geographical origin (IP address of the internet provider), webpages accessed, browser type and time of access. The information collected will used to optimise our website. The anonymisation of the data means that it cannot be associated with the user’s IP address.
Google Analytics uses “cookies”, i.e. text files placed on your computer, to help analyse how users use our website. The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on a server in the United States. The use of the “anonymizeIP” feature guarantees that the last octet is stripped from the IP address in European Union or European Economic Area Member States, thus eliminating the collection of personal data and ensuring the data transmitted can no longer be associated with your IP address. Google uses the information collected for the purpose of evaluating your use of the website, compiling reports on website activity for the website operator and providing other services relating to website activity and internet usage.
Access to the data collected is provided to the website operator and external service providers who have contractually undertaken to only use the data as instructed by the website operator and to delete them upon conclusion of this work. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
Third party suppliers and Google may place adverts on internet websites. Google and such third parties may use the data to place adverts on third party websites.
You can refuse the collection and storage of your data for all future use by downloading and installing the corresponding browser plugin via the following link: https://tools.google.com/dlpage/gaoptout.
This website uses the Google Maps map service via an API (Application Programming Interface). Google Maps is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, your IP address must be stored. This information is generally transmitted to and stored on a Google server in the USA. The provider of this site has no influence on this data transfer.
We use Google Maps to make our website appealing and facilitate location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
For uniform representation of fonts, this website uses so-called web fonts provided by Google. When you open a page on our website, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
Supplier: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
For this purpose, your browser has to establish a direct connection to Google servers. Google thus becomes aware that our website was accessed via your IP address. We use Google Web fonts to provide a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
If your browser does not support web fonts, a standard font is used by your computer.
This Website has embedded YouTube components (videos) on our website. YouTube is an internet-based video portal that allows video publishers to upload videos free of charge and users to view, rate and comment on these videos also free of charge. YouTube allows the publication of all types of videos, hence the availability of complete films and television programmes as well as music videos, trailers or videos recorded by users themselves via this internet portal.
YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
When you access a page on our website that contains embedded YouTube components (videos), you internet browser will automatically download the corresponding YouTube components (videos). Further information on YouTube can be found at https://www.youtube.com/intl/en/yt/about/.
In the course of this IT process, YouTube and Google are informed about which actual page on our website the user (data subject) is accessing. If the data subject is also already logged in on YouTube, YouTube recognises through the accessing of a page containing a YouTube video which actual page on our website the data subject is accessing. These data are collected by YouTube and Google and assigned to the data subject’s YouTube account.
The YouTube components always inform YouTube and Google that the data subject has visited our website if he/she is simultaneously logged in on YouTube at the time he/she accesses our website. This occurs regardless of whether the data subject clicks on a YouTube video or not. In the event that the data subject should not wish this information to be communicated to YouTube and Google, its transmission can be prevented if the data subject logs out of his/her YouTube account prior to accessing our website.
Changes to this Data Privacy Declaration
The owner of this website reserve the right to update our data privacy regulations. The data privacy regulations can be amended or extended in the above cases without prior notification.