1. GENERAL PROVISIONS

1.1. In this Data Privacy Policy, we, as the Data Controller under Art. 4 (7) GDPR, describe which data we collect from Users when they visit our website and for what purpose we process that data.

1.2. This Data Privacy Policy informs the User regarding the type, scope and purpose of our processing of personal data in connection with our website and the web pages, functionalities and contents associated with it. This Data Privacy Policy applies regardless of the domains, systems, platforms and devices on which the website is offered. With respect to the terms used, such as ‘personal data’, we would refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

1.3. Please use the above-referenced contact details if you should have any concerns in connection with our processing of personal data regarding yourself or if you wish to assert your rights (see sec. 5.7.).

2.1. Description and scope of data processing

2.1.1. Whenever our website is accessed, our system will automatically collect data and information from the computer system of the computer accessing it.

2.1.2. The following data is collected:
• Truncated IP address of the User
• Name of the accessed pages
• Date and time of access
• Information regarding browser type and version used
• Language of browser software
• Operating system of the User
• Internal resolution of browser window
• Click behaviour on the website
• Settings for Java, Javascript activation, screen resolution, colour depth
• Request (file name of the requested file)
• Volume of data transferred
• Websites from which the User’s system accesses our website (Referrer URL)
• Form contents

2.1.3. The data is also stored in the log files of our system.

2.2. Purpose
2.2.1. These data are evaluated exclusively to ensure trouble-free operation of the website and to improve our website content. The temporary storage of your IP address by the system is necessary to enable our website to be delivered to the User’s computer. For this purpose, the User’s IP address must remain stored for the duration of the session. The storage in log files is done to ensure functionality of our website. In addition, the data enables us to optimise our website and to ensure the security of our IT systems. In pursuing these purposes, we also have a justified interest in data processing under Art. 6 (1) (f) GDPR.

2.3. Legal basis
2.3.1. The legal basis for our temporary storage of data and log files is Art. 6 (1) (f) GDPR.

2.4. Duration of storage
2.4.1. The data will be deleted or rendered anonymous at the end of the respective session.
2.4.2. If the data is stored in log files, it will be deleted after 3 days. No storage of the data beyond that period in a form permitting identification of the Data Subject will be done.

2.5. In addition, we sometimes use service providers, so-called processors, for data processing. We use the following processors:
SPAR Business Services GmbH, Europastrasse 3, 5015 Salzburg

3. COOKIES

Click here for information on cookies.

4. MATOMO

Click here for information on Matomo.

5. RIGHTS OF USERS/DATA SUBJECTS

5.1. The GDPR grants certain rights to Users, as Data Subjects, to which we refer below. These rights are complementary, such that a User may, for example, only demand either correction/completion of his or her data or its erasure.
Withdrawal of consent

5.2. If the Operator saves and processes your personal data based on your consent, you are entitled to withdraw your consent at any time. However, this does not affect the legality of the processing carried out up to the time of your withdrawal of consent. Withdrawal of consent has the consequence that the Operator is no longer allowed to process the data in question for the purposes stated in the declaration of consent as of the date notice of withdrawal of consent is received.
Right of information, correction and erasure

5.3. Data Subjects have the right to (i) obtain confirmation from the Operator as to whether or not personal data concerning them are being processed and, if so, to be informed thereof, (ii) request that incorrect personal data concerning them be corrected, (iii) under certain circumstances, they may demand that personal data concerning them be erased.
Right to limit processing

5.4. Data Subjects are also entitled to ask the Operator to restrict processing if (i) they dispute the accuracy of the data concerning them, for a period of time sufficient to enable the Operator to verify its accuracy, (ii) the processing is unlawful and they decline to have it erased and request instead that it be restricted, (iii) the Operator no longer needs the personal data for purposes of data processing, but they do require the data for the assertion, exercise or defence of legal claims, or (iv) they have objected to the data processing and a decision is pending as to the underlying issues.
Right of objection

5.5. Furthermore, Data Subjects have the right to object to the processing of their personal data. In the event of such objection, the Operator will not carry out any further processing of the data unless (i) it is able to demonstrate compelling reasons for processing that merit protection and which outweigh the interests, rights and freedoms of the Data Subject or (ii) the processing serves to facilitate the assertion, exercise or defence of legal claims.
Right to data portability

5.6. Users may receive the personal data we process about them in a machine-readable format determined by us or may instruct us to transmit this data directly to a third party of their choice, provided that the recipient makes this technically possible for us and the data transmission is not hindered by unreasonable effort or by legal obligations or other duties of secrecy or confidentiality on our part or on the part of third parties.
Right of complaint

5.7. To exercise these rights, please contact the Operator in writing (by letter or e-mail). Of course, the Operator is also available at any time for other enquiries regarding the use and security of your data. If you are of the opinion that the Operator is using your data in an unauthorised manner, you may also lodge a complaint with the Austrian Data Protection Authority.

6. TECHNICAL SECURITY MEASURES REGARDING DATA PRIVACY

6.1. We undertake organisational, contractual and technical security measures in line with the state of the art to ensure that the regulations and rules of the data protection laws are complied with and thus to protect data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. For security reasons, and to protect the transmission, this website uses SSL encryption. Users can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”. The personal data provided by the User will be processed by a server of SPAR Business Services GmbH, Europastrasse 3, 5015 Salzburg.

Most recently updated June 2021