Data protection barbara 6. February 2020
Privacy notices

Last updated: April 28, 2023

The protection of your personal data is very important to us, so we would like to list all information about the processing and storage of your data when you visit our website and in our company.

In order to be able to use all the functions and services on our site, your personal data must be collected. However, the processing and storage only takes place in accordance with the legal guidelines and specifications of the General Data Protection Regulation (GDPR) and the Telecommunications Act (TKG 2021).

RESPONSIBLE ENTITY

Onlinemarketing Schmiede e.U.

Barbara Ginzinger, Pillersdorfgasse 8/1/3, 1020 Wien, Österreich

Further information in our Imprint.

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE

Note: In order to protect your data as comprehensively as possible from unwanted access, we take so-called technical and organizational measures and use an encryption process on our website. Your data is transmitted from your computer to our computer and vice versa via the Internet using so-called TLS encryption. TLS means “Transport Layer Security” and is an encryption protocol for data transmission on the Internet. You can usually recognize “TLS” by the lock symbol in the status bar of your browser being closed and the address beginning with https://.

1. COLLECTION OF ACCESS AND LOG DATA
  1. COLLECTION OF ACCESS AND LOG DATA

This website automatically collects and stores server log file information that your browser transmits to us.

This is about

  • the browser type and browser version used (if provided by the user),
  • the operating system,
  • date and time of the server request,
  • the number of visits,
  • the length of stay on the website,
  • the previously visited website (if submitted by the user!),
  • the IP address of the users is anonymized before it is saved.

The legal basis for this data processing is the legitimate interest according to Art. 6 para. 1 lit. f) DSGVO. The legitimate interest lies in being able to determine indications of illegal use of our website (e.g. defense against hacker attacks) and to ensure a smooth connection establishment.

We have concluded an order processing contract in accordance with Art. 28 GDPR with the provider of this website, Hoststar Multimedia Networks AG, based in Switzerland. This is a contract required by data protection law, which ensures that Hoststar Multimedia Networks AG only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR. Data is transferred to Switzerland as a third country within the meaning of the GDPR on the basis of the adequacy decision.

The data collected is stored in server log files, which your browser automatically sends to us in encrypted form. We only save the server log files in the event of attacks on our server infrastructure or other violations of the law. This longer storage period is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR and only serves to preserve evidence.

2. INQUIRIES VIA CONTACT FORM, EMAIL AND PHONE

We will, of course, treat any personal information that you voluntarily provide us with confidentially. We only use the personal data you provide to process and answer your request. The legal basis for data processing is our legitimate interest according to Art. 6 para. 1 lit. f) DSGVO. This results from our interest in answering inquiries from our customers, business partners and interested parties and in promoting or maintaining customer satisfaction. Another legal basis for natural persons is the initiation or fulfillment of a contract according to Art. 6 para. 1 lit. b) DSGVO

3. INCORPORATION OF MAP SERVICES

We embed map services on our websites that are not stored on our servers. To ensure that calling up our websites with embedded map services does not automatically result in third-party content being reloaded, we initially only display locally saved preview images of the maps. The third-party provider does not receive any information as a result.

The contents of the third-party provider are only reloaded after you click on the “Load map” preview image. This gives the third-party provider the information that you have accessed our site and the usage data that is technically required in this context. We have no influence on further data processing by the third party.

The embedding takes place on the basis of your consent acc. Art. 6 Abs. 1 lit. a) GDPR, provided you have previously given your consent by clicking on the preview image. Please note that embedding some map services means that your data will be processed outside the EU or EEA. In some countries, there is a risk that authorities will access the data for security and surveillance purposes without informing you or being able to appeal. If we use providers in unsafe third countries and you consent, the transmission to an unsafe third country takes place on the basis of Art. 49 para. 1 lit. a) DSGVO.

Map service provider:

Google Ireland Limited/Google LLC (USA)

withdrawal of consent

If you have clicked on a preview image, the third-party content will be loaded immediately. If you do not want such reloading on other pages, please do not click on the preview images.

Data processing of business partners and customers

  1. Fulfillment of contractual obligations (Art. 6 Para. 1 lit. b) GDPR)

The purposes of the data processing result from the implementation of pre-contractual measures and the fulfillment of the obligations arising from the concluded contract.

In order to process the contract with you, we process master data such as first and last name, your billing address and your billing and payment data.

  1. To fulfill legal obligations (Art. 6 Para. 1 lit. c) GDPR)

The purposes of data processing result in individual cases from legal requirements. These legal obligations include, for example, the fulfillment of storage and identification obligations, e.g. within the framework of specifications for tax control and reporting obligations and data processing in the context of inquiries from the authorities.

  1. To fulfill our legitimate interests (Art. 6 Para. 1 lit. f GDPR)

We process the contact details of contact persons at customers, interested parties, suppliers and other business partners for communication by e-mail, telephone and post. The legal basis for data processing is the legitimate interest according to Art. 6 para. 1 f) DSGVO. The legitimate interest results from the interest in carrying out or initiating the business relationship with customers, interested parties, suppliers and other business partners as well as personal contact with contact persons.

To carry out communication by e-mail, we use the processor Hoststar based in Austria. There is a contract with them for order processing in accordance with Art. 28 GDPR.

As part of the contractual relationship, we may also commission processors or service providers who may have access to your personal data. Compliance with data protection regulations is contractually ensured.

We use the following cloud service providers:

  • Microsoft Ireland Limited based in Ireland for the provision of OneDrive
  • Google Ireland Limited based in Ireland for the provision of Google Drive (Google Cloud)

Personal data will be stored for the purpose of conducting business relationships for as long as there is a legitimate interest in doing so. It may be necessary to process the personal data you have provided beyond the actual fulfillment of the contract with business partners. The legitimate interests are in particular the assertion of legal claims, defense against liability claims, prevention of criminal offenses and the settlement of damages resulting from the business relationship.

  1. Who receives the personal data you provide?

As part of the contractual relationships, we may also commission processors or service providers who can gain access to your personal data. Compliance with data protection regulations is contractually ensured.

  1. retention period

The personal data will be kept for as long as is necessary to fulfill the above purposes.

  1. Data processing to document GDPR compliance

If your data is based on consent in accordance with Art. 6 para. 1 lit. a) DSGVO bzw. Art. 9 Abs. 2 lit. a) GDPR are processed, we process your data exclusively for a specific purpose and after separate information in order to provide us with information pursuant to Art. 5 para. 2 GDPR to be able to prove that you have consented to the data processing in question.

Insofar as you assert your data subject rights from the GDPR against us, we also process and store your data in order to be accountable in accordance with Art. 5 Para. 2 GDPR to be able to prove that we have complied with the GDPR when processing your request.

Operation of social media presences

We maintain the following social media presences:

LinkedIn: https://www.linkedin.com/company/onlinemarketing-schmiede/Facebook: https://www.facebook.com/onlinemarketingschmiede

Data processing by us:

  1. Maintaining the above social media pages and placing ads (“Advertisements”)

The personal data entered on social media pages, such as comments, videos, pictures, likes, public messages, etc. are published by the respective social media platform. We reserve the right to delete content if this should be necessary. If necessary, we share content on our site and contact you via the social media platform, for example via the messenger offered. In addition, we regularly place advertisements (“Ads”) via our social media pages. The legal basis for this data processing is the legitimate interest according to Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations work and communication.

  1. Page-Insights

The Social Media Platforms provide anonymized statistics and insights that help us understand the types of actions people take on our Site (referred to as “Page Insights”). These site insights are created based on certain information about people who have visited our site.

The legal basis for this data processing is our legitimate interest according to Art. 6 para. 1 lit. f) GDPR, which is based on obtaining information about the actions and visitors of our pages.

This processing of personal data is carried out by the social media platform and us as so-called joint controllers nach Art. 26 DSGVO. In the case of joint responsibility, a separate agreement must be concluded.

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

Facebook: https://www.facebook.com/legal/controller_addendum

If you wish to object to certain data processing over which we have control (e.g. deletion of comments), please use the contact details above.

Note: The provision of your data is neither required by law nor by contract or required for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of non-provision is that you cannot communicate with us via our social media pages, interact with us or take part in the competition. To contact us, please use the above e-mail address.

Data processing by the operator of the social media platform:

In addition to us, there is the operator of the social media platforms themselves. From a data protection point of view, this is also regarded as another person responsible for carrying out its own data processing. This means that the operator is also a responsible body under the GDPR. However, we only have limited influence on data processing by the operator. Where we can influence (e.g. through parameterization), we work within our means to ensure data protection-compliant handling by the operator of the social media platform. In many places, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data they process. The respective operator will inform you about the processing of personal data in its own data protection declaration:

LinkedIn: https://de.linkedin.com/legal/privacy-policy

Facebook: https://www.facebook.com/help/568137493302217

Note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already stated, we unfortunately have little influence on the web tracking methods of the social media platform. For example, we can’t turn this off. Please be aware of this: It cannot be ruled out that the provider of the social media platform uses your profile and behavioral data, for example to evaluate your habits or personal relationships and preferences, etc. We have no influence on the processing of your data by the social media platform provider.

Rights of those affected

Your rights

You have the right according to Art. 15 para. 1 GDPR to receive information about the personal data stored about you free of charge upon request. Furthermore, if the legal requirements are met, you have the right to correction (Art. 16 GDPR), deletion (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data. If you have provided the processed data yourself, you have the right to data transfer in accordance with Art. 20 GDPR.

If the data processing is based on Art. 6 para. 1 e) or f) GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will not be done in the future unless the person responsible can demonstrate compelling legitimate reasons for further processing that outweigh the interest of the person concerned in objecting.

You also have the right to lodge a complaint with a data protection supervisory authority. The complaint can in particular be lodged with a supervisory authority in the EU member state of your place of residence, your place of work or the place of the alleged violation.

Contact details for the responsible data protection authority in Austria: dsb@dsb.gv.at

No automated decision making

We do not carry out automatic decision-making or profiling.

Provision

Unless otherwise stated in the previous chapters, the provision of personal data is neither required by law nor contractually or necessary for the conclusion of a contract. Failure to provide your personal data may mean that we cannot, for example, respond to your inquiries.

This data protection notice was created in collaboration with the consulting company SCALELINE. The legal texts are subject to copyright.