Privacy Policy

Introduction and Overview

We have drafted this privacy policy (version 22.08.2023-112569212) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (short: data) we process as the responsible party – and those of our processors (e.g., providers) – will process in the future, and what lawful options you have. The terms used are intended to be gender-neutral. In short: We provide you with comprehensive information about the data we process about you.

Privacy policies typically sound very technical and use legal terminology. This privacy policy, however, aims to describe the most important aspects as simply and transparently as possible. Where it aids transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We inform you in clear and simple language that we only process personal data within the scope of our business activities when there is a legal basis for doing so. This is certainly not achievable with the concise, unclear, and legally-technical explanations that are often standard on the internet when it comes to data protection. We hope you find the following explanations interesting and informative and perhaps learn something new.

If you still have questions, we ask that you contact the responsible party listed below or in the legal notice, follow the provided links, and review additional information on third-party sites. You can also find our contact details in the legal notice.

Scope

 

his privacy policy applies to all personal data processed by us within the company and to all personal data processed by companies we commission (processors). By personal data, we mean information as defined in Art. 4 No. 1 DSGVO, such as the name, email address, and postal address of a person. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

  • all online presences (websites, online shops) that we operate,
  • social media presence and email communication,
  • mobile apps for smartphones and other devices.

In short: This privacy policy applies to all areas where personal data is processed within the company through the aforementioned channels. If we enter into legal relationships with you outside these channels, we will inform you separately if necessary. 

Legal Basis

 In the following privacy policy, we provide you with transparent information on the legal principles and regulations, specifically the legal basis of the General Data Protection Regulation (DSGVO), which allow us to process personal data.
Regarding EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We process your data only if at least one of the following conditions applies:
1. Consent (Article 6(1)(a) DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of data you entered in a contact form.
2. Contract (Article 6(1)(b) DSGVO): To fulfill a contract or pre-contractual obligations with you, we process your data. For example, if we enter into a purchase agreement with you, we need personal information in advance.
3. Legal Obligation (Article 6(1)(c) DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes. These usually contain personal data.
4. Legitimate Interests (Article 6(1)(f) DSGVO): In the case of legitimate interests that do not override your fundamental rights, we reserve the right to process personal data. For instance, we must process certain data to operate our website securely and economically. This processing is therefore a legitimate interest. 
 

Other conditions, such as performing tasks in the public interest and exercising official authority, as well as protecting vital interests, generally do not apply to us. If such a legal basis should be relevant, it will be indicated at the appropriate point.

In addition to the EU regulation, national laws also apply:
In Austria, this is the Federal Act concerning the Protection of Personal Data (Data Protection Act), abbreviated as DSG.
In Germany, this is the Federal Data Protection Act, abbreviated as BDSG.
If additional regional or national laws apply, we will inform you about them in the following sections. 

Contact Details of the Responsible Person

If you have any questions about data protection or the processing of personal data, you can find the contact details of the responsible person or entity below:
   Dieter Haselsteiner
   Diesendorf 24
   3243 St. Leonhard am Forst 
   Austria

E-Mail: [email protected]
Telephone: +43 66475150462
Impressum: https://www.dieterhaselsteiner.at/imprint/

Retention Period

 As a general rule, we store personal data only as long as it is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing the data no longer exists. In some cases, we are legally obligated to retain certain data even after the original purpose has ceased, for example, for accounting purposes.

If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as quickly as possible, provided there is no obligation to retain it.

We will inform you about the specific duration of each data processing operation further below if we have additional information on this. 

 
 

Rights Under the General Data Protection Regulation 

In accordance with Articles 13 and 14 of the DSGVO, we inform you of the following rights you have to ensure fair and transparent data processing:

  1. Right to Access (Article 15 DSGVO): You have the right to know whether we are processing data about you. If we are, you have the right to obtain a copy of the data and be informed about:
    • The purposes of the processing;
    • The categories of data being processed;
    • The recipients of the data and how security is ensured if the data is transferred to third countries;
    • The duration of data storage;
    • Your rights to rectification, erasure, restriction of processing, and objection to processing;
    • Your right to lodge a complaint with a supervisory authority (links to these authorities can be found below);
    • The source of the data if it was not collected from you;
    • Whether profiling is conducted, i.e., if data is automatically evaluated to create a personal profile.
  2. Right to Rectification (Article 16 DSGVO): You have the right to correct inaccurate data, meaning we must correct data if you find errors.
  3. Right to Erasure (Article 17 DSGVO): You have the right to request the deletion of your data (“Right to be Forgotten”).
  4. Right to Restriction of Processing (Article 18 DSGVO): You have the right to restrict the processing of your data, meaning we may only store it but not use it further.
  5. Right to Data Portability (Article 20 DSGVO): You have the right to request your data in a commonly used format.
  6. Right to Object (Article 21 DSGVO): You have the right to object to the processing of your data, which will result in a change in the processing of your data. If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then assess as quickly as possible whether we can legally comply with your objection.
  7. Right to Object to Direct Marketing: If your data is used for direct marketing purposes, you can object at any time. We will then no longer use your data for direct marketing.
  8. Right to Object to Profiling: If your data is used for profiling, you can object at any time. We will then no longer use your data for profiling.
  9. Right not to be Subject to Automated Decision-Making (Article 22 DSGVO): Under certain circumstances, you have the right not to be subject to a decision based solely on automated processing, including profiling.
  10. Right to Lodge a Complaint (Article 77 DSGVO): You have the right to lodge a complaint with a supervisory authority at any time if you believe that the processing of your personal data violates the DSGVO.


In short: You have rights—do not hesitate to contact the responsible party listed above!
If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, each federal state has its own data protection commissioner. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). For our company, the following local data protection authority is responsible: 

Explanation of Terms Used

We strive to make our privacy policy as clear and understandable as possible. However, this can be challenging, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or specific technical expressions (such as cookies, IP addresses). We do not want to use these terms without explanation. Below you will find an alphabetical list of important terms used that we may not have sufficiently explained in the previous sections of the privacy policy. If these terms are taken from the DSGVO and are definitions, we will also include the DSGVO texts here and provide additional explanations if necessary. 

Processor

Definition according to Article 4 of the DSGVO:

For the purposes of this Regulation, the term:
"Processor" means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to controllers, there can also be so-called processors. This includes any company or person that processes personal data on our behalf. Processors can therefore include service providers such as accountants, as well as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft. 

Consent

 Definition according to Article 4 of the DSGVO:

For the purposes of this Regulation, the term:
"Consent" of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Explanation: On websites, such consent is typically obtained through a cookie consent tool. You are likely familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to data processing or consent to it. Often, you can also set individual preferences and decide for yourself which data processing you allow and which you do not. If you do not consent, no personal data can be processed. Of course, consent can also be given in writing, not just through a tool. 

Personal Data

Definition according to Article 4 of the DSGVO:

For the purposes of this Regulation, the term:
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Explanation: Personal data is any data that can identify you as an individual. Typically, these are data such as:

  • Name
  • Address
  • Email address
  • Postal address
  • Phone number
  • Date of birth
  • Identification numbers such as social security number, tax identification number, ID number, or student ID number
  • Bank details such as account number, credit information, account balances, and more.
    According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and subsequently identify you as the owner of the connection. Therefore, storing an IP address also requires a legal basis under the DSGVO. There are also so-called "special categories" of personal data that are particularly sensitive and warrant special protection. These include:
  • Racial and ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data, such as data extracted from blood or saliva samples
  • Biometric data (information about psychological, physiological, or behavioral characteristics that can identify a person).
  • Health data
  • Data concerning sexual orientation or sex life 

Profiling

 Definition according to Article 4 of the DSGVO:
For the purposes of this Regulation, the term:
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Explanation: Profiling involves gathering various pieces of information about a person to learn more about them. In the web context, profiling is often used for advertising purposes or for credit checks. Web or advertising analysis programs, for example, collect data about your behavior and interests on a website. This results in a specific user profile, which can be used to target advertising to a particular audience. 

 

Person Responsible

 Definition according to Article 4 of the DSGVO:
For the purposes of this Regulation, the term:
"Person responsible" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Explanation: In our case, we are responsible for processing your personal data and therefore the "Person Responsible." If we transfer collected data to other service providers for processing, they are "Processors." For this, a "Data Processing Agreement (DPA)" must be signed. 

 

Processing

 Definition according to Article 4 of the DSGVO:
For the purposes of this Regulation, the term:
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Note: When we refer to processing in our privacy policy, we mean any kind of data processing. This includes, as mentioned in the original DSGVO definition above, not only the collection but also the storing and processing of data.
All texts are protected by copyright.