As of: 18/05/2018
1. Basic information on data processing and legal basis
1.2. We refer to the definitions in Art. 4 of the General Data Processing Regulation (GDPR) for the terms used, such as “personal data” or “processing”.
1.3. The personal data of the users processed within this online offering includes inventory data (not logged in: e.g. the IP address, logged in: e.g. name and address of customers), contract data if logged in (e.g. services used, payment information), usage data (e.g. the websites visited on our online offering) and content data (e.g. data entered for registration).
1.4. The term “user” refers to all categories of data subjects. This includes our business partners, customers, interested parties and other visitors to our online offering. The terms used, such as “user”, refer to both male and female.
1.5. We process the users’ personal data exclusively in compliance with the relevant data protection provisions. This means that the users’ data is only processed if there are legal grounds, i.e. particularly if data processing is necessary or legally required for providing our contractual services (e.g. processing orders) as well as online services, the users have given consent, and it is based on our legitimate interests, (i.e. interest in analysing, improving and efficiently operating and securing our online offering within the meaning of Art. 6 (1) lit. f. GDPR), in particular range measurement, creating profiles for advertising and marketing purposes as well as collecting access data and using services of third-party providers.
1.6. We would like to point out that the legal basis for consent is Art. 6 (1) lit. a. and Art. 7 GDPR, the legal basis for processing data to perform our services and contractual measures is Art. 6 (1) lit. b. GDPR, the legal basis for processing data to meet our legal obligations is Art. 6 (1) lit. c. GDPR, and the legal basis for processing data to safeguard our legitimate interests is Art. 6 (1) lit. f. GDPR.
2. Security measures
2.1. We take organisational, contractual and technical security measures according to the state of the art in order to ensure compliance with data protection legislation and to protect the data we process from accidental or intentional manipulation, loss, destruction or access by unauthorised persons.
2.2. The security measures particularly include the encrypted transfer of data between your browser and our server.
3. Passing on data to third parties and third-party providers
3.1. Data is only passed on to third parties in line with legal requirements. We will only pass on user data to third parties if this is necessary, for example, for contractual purposes based on Art. 6 (1) lit. b. GDPR or based on legitimate interests in the economic and effective operation of our business according to Art. 6 (1) lit. f. GDPR.
3.2. If we use subcontractors to provide our services, we take suitable legal precautions as well as relevant technical and organisational measures in order to ensure that personal data is protected according to the relevant legal regulations.
4. Provision of contractual services
4.1. We process inventory data (e.g. IP addresses), contract data upon registration (e.g. services used, names of contact persons, payment information) for the purposes of performing our contractual obligations and services according to Art. 6 (1) lit b. GDPR.
4.2. Users can register for re.comm. Users will be informed of the mandatory information required during the registration. The registration is not public and user data cannot be indexed by search engines. Users can submit a written request at any time to have their data erased. The users’ data will be erased upon request unless it is necessary to store it for commercial or tax reasons according to Art. 6 (1) lit. c GDPR. We are entitled to permanently erase all data of the user stored during the contractual term.
4.3. During the registration process and when reregistering as well as using online services, we store the IP address and the time of the user action. The data is stored based on our legitimate interests as well as those of the users to protect the data from improper or any other unauthorised use. This data is not passed on to third parties unless this is necessary to pursue our claims or there is a legal obligation according to Art. 6 (1) lit. c GDPR.
4.4. We process usage data (e.g. the visited websites of our online offering, interest in our events) and content data (e.g. information entered upon registration) for marketing purposes in a user profile in order to inform the user about e.g. event information based on the services they have used in the past.
5.1. When contacting us (either by contact form or by e-mail), the user’s information will be used to process and handle the contact request according to Art. 6 (1) lit. b. GDPR.
5.2. The user’s data will only be stored internally and is not passed on to third parties, except if there is a legal obligation according to Art. 6 (1) lit. c. GDPR.
6. Collection of access data and log files
6.1. We collect data about every access to the server on which this service is located (so-called server log files) based on our legitimate interests within the meaning of Art. 6 (1) lit. f. GDPR. The access data includes the name of the accessed website, file, date and time of access, transferred data quantity, notification about the successful access, the browser type as well as version, the operating system of the user, referrer URL (the previously accessed site), IP address and the enquiring provider.
6.2. Log file information is stored for no longer than seven days and is then erased for security reasons (e.g. to clarify cases of misuse or fraud). Data that must be stored for longer for evidence purposes will not be erased until the incident has been completely clarified.
7.1. Cookies are information transmitted by our web server or the web servers of third parties to the user’s web browser and stored there for subsequent access. Cookies can be small files or other kinds of information storage.
7.2. We use “session cookies” that are only stored for the duration of the visit on our online presence (e.g. in order to store your login status or the shopping basket function and therefore to make use of the online offering possible). A unique identification number generated at random, a so-called session ID, is stored in the cookie. Furthermore, a cookie contains information about its origin and storage period. These cookies cannot save any other data. Session cookies are erased once you have finished using our online offering and e.g. log out or close the browser.
7.4. If users do not wish for cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings in the browser. Stored cookies can be erased in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offering.
8. Google Analytics
8.2. Google is certified under the Privacy Shield and therefore provides a guarantee of complying with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
8.3. Google will use this information on our behalf to analyse the use of our online offering by the users, to compile reports about the activities within this online offering and to provide us with additional services associated with the use of this online offering and internet use. Here, pseudonymous user profiles can also be generated using the processed data.
8.4. We only use Google Analytics with activated IP anonymisation. This means that the user’s IP address is truncated by Google within member states of the European Union or in other contracting parties to the Agreement on the European Economic Area. Only in exceptional cases will the entire IP address be transmitted to a server by Google in the USA and truncated there.
8.5. The IP address transmitted by the user’s browser is not merged with other Google data. The user can prevent cookies from being stored by adjusting the settings of their browser software; the user can also prevent the collection of data generated by the cookie and relating to the use of the online offering to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
8.6. Other information on data use by Google as well as setting and objection options can be found on the Google websites: https://www.google.com/intl/en/policies/privacy/partners (“data use by Google when you use websites or apps of our partners”), https://policies.google.com/technologies/ads?hl=en (“data use for marketing purposes”), www.google.com/settings/ads/onweb/?hl=en_GB (“managing information that Google uses to show you adverts”).
9.1. We may use social plugins (“plugins") of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook”) based on our legitimate interests (i.e. interest in analysing, optimising and efficiently operating our online offering within the meaning of Art. 6 (1) lit. f. GDPR). The plugins may be interaction elements or content (e.g. videos, graphics or articles) and can be recognised by one of the Facebook logos (white “f” on a blue tile, the term "Like", or a “thumbs up” symbol) or are identified by the description "Facebook social plugin". The list and the appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
9.2. Facebook is certified under the Privacy Shield and therefore provides a guarantee of complying with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
9.3. If a user accesses a function of this online offering that contains one of these plugins, the device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device, which integrates it in the online offering. Here, user profiles can also be generated using the processed data. We have no influence over the scope of the data that Facebook collects with this plugin and will inform users according to our state of knowledge.
9.4. By integrating the plugins, Facebook receives information that a user has accessed the respective site of the online offering. If the user is logged in to Facebook, Facebook can assign the visit to the user’s Facebook account. If the user interacts with the plugins, for example by clicking the Like button or posting a comment, this information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, this does not exclude the possibility that Facebook will find out and store the IP address. According to Facebook, only an anonymised IP addressed is stored in Austria.
9.6. If a user is a Facebook member and does not want Facebook to collect data via this online offering and link it with the member data stored on Facebook, the user must log out of Facebook before using our online offering and erase the cookies. Other settings and objections to the use of data for advertising purposes can be made within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are adjusted regardless of the platform, i.e. they are saved for all devices, such as desktop computers or mobile devices.
10.1. The following information describes the contents of our newsletter as well as the registration, distribution and statistical analysis process as well as your objection rights. By signing up for our newsletter, you agree to receiving it and the described process.
10.2. Content of the newsletter: We only send newsletters, e-mails and other electronic messages with marketing information (hereinafter “newsletter”) with the consent of the recipient or if there are legal grounds. If the contents of the newsletter are specifically described during the registration, they are binding for the consent of the user. Furthermore, our newsletters contain information about our events (for example Cäsar, Immobilienball, re.comm) or companies.
10.3. Double-opt-in and logging: Users register for our newsletter using the so-called double-opt-in procedure. This means that you receive an e-mail after registering in which you are asked to confirm the registration. This confirmation is essential so that no one can register with third-party e-mail addresses. The registration for the newsletter is logged in order to prove the registration process according to legal requirements. This includes storing the time of registration and confirmation as well as the IP address. The changes to your data stored at the distribution provider will also be logged.
10.5. Furthermore, the distribution provider has stated that it can also use this data in pseudonymised form, i.e. without the data being attributed to a user, to optimise or improve its own services, e.g. to optimise the distribution and display of the newsletter or for statistical purposes to determine the countries where the recipients are located. The distribution provider does not use the data of our newsletter recipients to contact them or pass the data on to third parties.
10.6. Registration data: In order to register for the newsletter, you only need to enter your e-mail address. We also give you the option of entering your name so that we can personally address you in the newsletter.
10.7. Statistical surveys and analyses - The newsletters contain a so-called web beacon, i.e. a pixel-sized file that is accessed by the server of the distribution provider when the newsletter is opened. When the newsletter is accessed, technical information is collected, such as information about the browser and your system as well as your IP address and time of the access. This information is used to make technical improvements to the services based on the technical data or the target groups and their reading behaviour based on their access locations (that can be determined using the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. Even though this information can be assigned to individual newsletter recipients for technical reasons, it is neither our intention nor the intention of the distribution provider to observe individual users. The analyses are also used to detect the reading habits of our users and to adapt our contents to them or to send various contents according to the interests of our users.
10.8. The use of the distribution provider, performance of statistical surveys and analyses as well as logging the registration process are carried out based on our legitimate interests according to Art. 6 (1) lit. f. GDPR. Our interest is based on the use of a user-friendly and secure newsletter system that also serves our business interests and meets the expectations of the users.
10.9. Unsubscribing from the newsletter/revoking consent - You can unsubscribe from the newsletter at any time, i.e. revoke your consent. This also revokes your consent to the newsletter being sent by the distribution provider and statistical analyses. Unfortunately, it is not possible to object to the distribution provider sending the newsletter and statistical analysis separately. You can find a link to unsubscribe from the newsletter at the end of each newsletter. Every event has its own newsletter and must be unsubscribed from separately. If you have only signed up for a specific newsletter and unsubscribe from this, your personal data relating to this newsletter will be erased.
11. Integration of services and contents of third parties
11.1. We use content or service offerings of third parties in order to integrate their contents and services, such as videos or fonts (hereinafter jointly referred to as “content”) based on our legitimate interests (e.g. interest in analysing, improving and efficiently operating our online offering within the meaning of Art. 6 (1) lit. f. GDPR). This always requires the third parties providing this content to record the IP address of the user, as they cannot send the content to the browser without the IP address. The IP address is necessary to display the content. We endeavour to only use the content of providers that only use the IP address to provide content. Third-party providers can also use so-called pixel tags (invisible graphics, also called web beacons) for statistical or marketing purposes. The pixel tags allow information, such as visitor traffic on the pages of this website to be analysed. The pseudonymised information can also be stored in cookies on the user’s device and contain information including technical information about the browser and operating system, referring websites, the time of the visit as well as other information about the use of the online offering, and may be associated with such information from other sources.
11.2. The following is an overview of third-party providers as well as their content and links to their privacy policies, which contain further information about data processing and, in some cases, options for revoking consent (so-called opt-out):
12. Rights of the users
12.1. Users have the right to receive information about the personal data we have saved about them upon request and free of charge.
12.2. Furthermore, the user has the right to have incorrect data rectified, the right to the limitation of processing and the erasure of their personal data and, if applicable, the right to data portability. If the user believes their data is being processed unlawfully, the user has the right to lodge a complaint with the responsible supervisory authority.
12.3. The user may also revoke their consent with effect for the future.
13. Erasure of data
13.1. The data we store will be erased once it is no longer required for its purpose unless erasure of the data is prevented by legal retention periods. If the user’s data cannot be erased because it is required for other and legally permitted purposes, processing of the data will be restricted. This means that the data will be blocked and will not be used for other purposes. This applies, e.g. to data of the user that must be stored due to commercial or tax reasons.
13.2. According to legal provisions, data is stored for 7 years according to Sec. 212 (1) of the Austrian Commercial Code (UGB) (trading books, inventory, opening balance sheets, financial statements, commercial letters, accounting documents, etc.) as well as according to Sec. 190 of the Austrian Commercial Code.
14. Right to object
Users can object at any time to their personal data being processed in the future according to legal provisions. Users can particularly exercise their right to object to processing for the purposes of direct marketing.
16. Further questions?
If you have any questions about the collection, processing and use of your personal data, you can contact our external data protection officer. An independent data protection officer monitors compliance with the law:
epmedia Werbeagentur GmbH
1100 Vienna, Austria
Tel.: 0043 1 512 16 16 – 0