Data privacy statement

Introduction and overview

We have written this privacy statement (version 16.01.2022-121919346) in order to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679

and applicable national laws, which personal data (‘data’ for short) we as the controller – and the processors (e.g. providers) commissioned by us – process, will process in future and what lawful options you have.

In short: We inform you comprehensively about data that we process about you.

Data protection statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or two pieces of information you did not know.

If you still have questions, we would like to ask you to contact the responsible office mentioned above, below or in the imprint, to follow the links provided and to look at further information on third party sites.

Scope of application

This data protection declaration applies to all personal data processed by us in the company and to all personal data processed by companies commissioned by us (order processors). By personal data, we mean information within the meaning of Art. 4 No. 1 DSGVO, such as a person’s name, email address and postal address. The processing of personal data ensures that we can offer and invoice our services and products, whether online or offline. The scope of this privacy policy includes:

  • all online presences (websites, online shops) that we operate
  • social media sites and email communications
  • mobile apps for smartphones and other devices

In short, the privacy policy applies to all areas in which personal data is processed in the company in a structured manner via the aforementioned channels. If we start privity of contract with you outside of these channels, we will inform you separately if necessary.

Legal foundations

In the following privacy statement, we provide transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.

As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

  1. Consent (Article 6(1) lit. a DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.
  2. Contract (Article 6(1) lit. b DSGVO): In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a sales contract with you, we need personal information in advance.
  3. Legal obligation (Article 6(1) lit. c DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.
  4. Legitimate interests (Article 6(1) lit. f DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Further conditions such as assignments of public interest or the exercise of public authority as well as the protection of vital interests do not generally occur for us.  If such a legal basis should be relevant, it will be indicated at the appropriate place.

In addition to the EU Regulation, national laws also apply. In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible person

If you have any questions regarding data protection, you will find the contact details of the responsible person or office below:

gabriele.frankl@bywyd.at

Tel.: +43 680 44 05 941 
Imprint: www.bywyd.at/imprint 

Retention obligations

We only store personal data for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

Should you request the deletion of your data or revoke your consent to data processing, the data will be deleted as soon as possible and insofar as there is no obligation to store it.

We will inform you about the specific duration of the respective data processing below, provided we have further information on this.

Rights under the General Data Protection Regulation

According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent processing of data:

  • According to Article 15 of the GDPR, you have the right to be informed whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and the following information:
    • the purpose for which we operate the processing;
    • the categories, i.e. the types of data that are processed;
    • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;
    • how long the data will be stored;
    • the right to rectification, erasure or restriction of processing and the right of objection of data-processing;
    • that you can lodge a complaint with a surveillance authority (links to these authorities can be found below);
    • the origin of the data if we have not collected it from you;
    • whether profiling is carried out, i.e. whether data is automatically analysed to derive a personal profile.
  • You have a right to rectification of data under Article 16 of the GDPR, which means that we must rectify data if you find errors.
  • You have the right to erasure (“right to be forgotten”) under Article 17 of the GDPR, which specifically means that you can ask for your data to be deleted.
  • You have the right to restriction of processing under Article 18 of the GDPR, which means that we may only store the data but not use it any further.
  • You have the right to data portability under Article 19 of the GDPR, which means that we will provide your data in a commonly used format upon request.
  • You have a right to object under Article 21 of the GDPR, which will result in a change of processing if enforced.
    • If the processing of your data is based on Article 6(1)(e) (public interest, execution of public authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
    • If data is used for direct advertising, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.
  • Under certain conditions you may have the right under Article 22 of the GDPR not to be subject to a decision based solely on automated processing (for example profiling).

 In short: You have rights – do not hesitate to contact the accountable person listed above!

 

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/.

For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

 

Austrian Data Protection Authority

Head: Mag. Dr. Andrea Jelinek 
Address: 
Barichgasse 40-42, 1030 Wien 
Tel.: 
+43 1 52 152-0 
E-Mail: 
dsb@dsb.gv.at 
Website: 
https://www.dsb.gv.at/

 

Security of data processing

To protect personal data, we have implemented both technical and organisational measures. Where possible, we encrypt or pseudonymise personal data. In this way, we make it as difficult as possible, within the scope of our possibilities, for third parties to infer personal information from our data.

Article 25 of the GDPR refers to “data protection by technical design and by data protection-related default settings” and thus means that both software (e.g. forms) and hardware (e.g. access to the server room) are always designed with security in mind and that appropriate measures are taken. In the following, we will go into more detail on specific measures, if necessary.

Communication

Summary Communication 
👥 Person concerned: Anyone who communicates with us by phone, email or online form
🤝 Purpose: Handling communication with customers, business partners, etc.
📓 Processed data: e.g. telephone number, name, e-mail address, form data entered. You can find more details on this in the respective contact type used.
📅 Retention obligations: Duration of the business case and legal requirements.
⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. b DSGVO (contract), Art. 6 para. 1 lit. f DSGVO (legitimate interests)

The data will be processed for the handling and processing of your question and the related business transaction. The data will be stored for the same period or for as long as required by law.

Person concerned

All persons are affected by the above-mentioned processes who seek contact with us via the communication channels provided by us.

Telephone

When you call us, the call data is stored pseudonymously on the respective end device and with the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by e-mail and stored for the purpose of responding to enquiries. The data is deleted as soon as the business case has been concluded and legal requirements permit.

eMail

If you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone,…) and data is stored on the e-mail server. The data is deleted as soon as the business case has been completed and legal requirements permit.

Online forms

If you communicate with us using online forms, data is stored on our web server and may be forwarded to an e-mail address of ours. The data will be deleted as soon as the business transaction has been completed and legal requirements permit.

Legal basis

The processing of data is based on the following legal grounds:

  • Art. 6 para. 1 lit. a DSGVO (consent): You give us your consent to store your data and to further use it for purposes related to the business case;
  • Art. 6 para. 1 lit. b DSGVO (contract): There is a need for the performance of a contract with you or a processor such as the telephone provider or we need to process the data for pre-contractual activities, such as the preparation of an offer;
  • Art. 6 para. 1 lit. f DSGVO (Legitimate Interests): we want to operate customer enquiries and business communication in a professional framework. For this purpose, certain technical facilities such as e-mail programmes, exchange servers and mobile operators are necessary in order to be able to operate the communication efficiently.

Data processing security

To protect personal data, we have implemented both technical and organisational measures. Where possible, we encrypt or pseudonymise personal data. In this way, we make it as difficult as possible, within the scope of our possibilities, for third parties to infer personal information from our data.

Article 25 of the GDPR refers to “data protection through technical design and through data protection-friendly default settings” and thus means that both software (e.g. forms) and hardware (e.g. access to the server room) are always designed with security in mind and that appropriate measures are taken.

Cookies

Summary Cookies 
👥 Person concerned: visitors of the website
🤝 Purpose: depending on the cookie in question. More details can be found below or from the manufacturer of the software that sets the cookie.
📓 Processed data: depending on the cookie in question. More details can be found below or from the manufacturer of the software that sets the cookie.
📅 Retention obligations: depending on the cookie in question, can vary from hours to years.
⚖️ Legal basis: Art. 6 para. 1 lit. a DSGVO (Consent), Art. 6 para. 1 lit.f DSGVO (Legitimate Interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More precisely, they use HTTP cookies, as there are other cookies for other uses as well. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, effectively the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data, such as language or personal page settings. When you return to our site, your browser transmits the “user-related” information back to our site. Thanks to the cookies, our website knows who you are and offers you the setting you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

Why do we process personal data?

The purposes of data processing are:

  1. to professionally host the website and secure its operation
  2. to maintain operational and IT security,
  3. anonymous evaluation of access behaviour to improve our offer and, if necessary, to prosecute or pursue claims.

Which data are processed?

Even while you are visiting our website right now, our web server, which is the computer on which this website is stored, usually automatically saves data such as

  • the complete internet address (URL) of the website accessed (e.g. https://www.examplewebsite.at/beispielunterseite.html?tid=121919346)
  • Browser and browser version (e.g. Chrome 87)
  • the operating system used (e.g. Windows 10)
  • the address (URL) of the previously visited page (referrer URL) (e.g. https://www.examplesource.at/whereIcamefrome.html/)
  • the host name and IP address of the device being accessed (e.g. computer name and 194.23.43.121)
  • the date and time
  • in files, the so-called web server log files.

How long will data be stored?

As a rule, the above data is stored for a fortnight and then automatically deleted. We do not share this data, but we cannot exclude the possibility that this data may be viewed by authorities in the event of unlawful behaviour.

In short: Your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not pass on your data without consent!

 Legal foundation

The lawfulness of the processing of personal data in the context of web hosting results from Art. 6 para. 1 lit. f DSGVO (protection of legitimate interests), because the use of professional hosting with a provider is necessary in order to present the company on the internet in a secure and user-friendly manner and to be able to pursue attacks and claims from this if necessary.

Between us and the hosting provider there is usually a contract on commissioned processing in accordance with Art. 28 f. DSGVO, which ensures compliance with data protection and guarantees data security.

 

Checkdomain Data privacy statement

We use checkdomain, a web hosting provider among others, for our website. The service provider is the German company checkdomain GmbH, Große Burgstraße 27/29, 23552 Lübeck, Germany. You can find out more about the data processed through the use of checkdomain in the privacy policy at https://www.checkdomain.de/agb/datenschutz.

 

All texts are protected by copyright.

 

Source: Created with the data protection generator from AdSimple

 

Datenschutz-Präferenzen
Wenn Sie unsere Website besuchen, kann es sein, dass Ihr Browser Informationen von bestimmten Diensten speichert, normalerweise in Form von Cookies. Hier können Sie Ihre Datenschutzpräferenzen ändern. Es ist zu beachten, dass die Blockierung einiger Arten von Cookies Ihre Erfahrung auf unserer Website und die von uns angebotenen Dienste beeinträchtigen kann.
Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Unsere Website verwendet Cookies, hauptsächlich von Drittanbietern. Definieren Sie Ihre Datenschutzpräferenzen und/oder stimmen Sie unserer Verwendung von Cookies zu.