Data Privacy

Contact Details of the Data Protection Officer

Contact details of the data protection officer

E-mail: office@pinegger-legal.at
Telephone: +43 662 26 13 12

Introduction and Overview

We have written this privacy statement (version 12.07.2021-221146982) in order to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (data for short) we as data controller - and the processors (e.g. providers) engaged by us - process, will process in the future and what lawful options you have. The terms used are to be understood as gender-neutral.
In short: We inform you comprehensively about the data we process about you.

Data protection statements usually sound very technical and use legal terminology. This privacy statement, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To the extent that it is conducive to transparency, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. In this way, we inform you in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible by providing the most concise, unclear and legalistic explanations possible, as is often standard practice on the Internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or two pieces of information you did not know.
If you still have questions, we would like to ask you to contact the responsible office mentioned below or in the imprint, to follow the links provided and to look at further information on third-party sites. Our contact details can of course also be found in the imprint.

Data transfer to third countries

We only transfer or process data to countries outside the EU (third countries) if you consent to this processing, if this is required by law or contractually necessary and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason for us to have data processed in third countries. Processing personal data in third countries such as the US, where many software vendors provide services and have their server locations, may mean that personal data is processed and stored in unexpected ways. Where possible, we try to use server locations within the EU where this is offered.

We provide more detailed information about data transfers to third countries, where applicable, at the appropriate points in this privacy policy.

Security of data processing

To protect personal data, we have implemented both technical and organisational measures. Where possible, we encrypt or pseudonymise personal data. In this way, we make it as difficult as possible, within the scope of our possibilities, for third parties to infer personal information from our data.

Article 25 of the GDPR refers to "data protection through technical design and through data protection-friendly default settings" and thus means that both software (e.g. forms) and hardware (e.g. access to the server room) are always designed with security in mind and that appropriate measures are taken. In the following, we will go into more detail on specific measures, if necessary.

TLS encryption with https

TLS, encryption and https sound very technical and they are. We use HTTPS (the Hypertext Transfer Protocol Secure stands for "secure hypertext transfer protocol") to transmit data tap-proof on the Internet.
This means that the complete transmission of all data from your browser to our web server is secured - no one can "listen in".

We have thus introduced an additional layer of security and fulfil data protection by design of technology Article 25(1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognise the use of this data transmission protection by the small lock symbol at the top left of the browser, to the left of the Internet address (e.g. beispielseite.de) and the use of the https scheme (instead of http) as part of our Internet address.
If you want to know more about encryption, we recommend a Google search for "Hypertext Transfer Protocol Secure wiki" to get good links to further information.

Rights under the General Data Protection Regulation

According to Article 13 of the GDPR, you have the following rights to ensure fair and transparent processing of data:

  • You have a right of access under Article 15 GDPR to know whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:

    • the purpose for which we are processing it;

    • the categories, i.e. types, of data being processed;

    • who receives this data and, if the data is transferred to third countries, how security can be guaranteed;

    • how long the data will be stored;

    • the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;

    • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);

    • The origin of the data if we have not collected it from you;

    • whether profiling is carried out, i.e. whether data is automatically analysed to arrive at a personal profile of you.

  • You have a right to rectification of data under Article 16 of the GDPR, which means that we must rectify data if you find errors.

  • You have the right to erasure ("right to be forgotten") under Article 17 of the GDPR, which specifically means that you may request the deletion of your data.

  • According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it any further.

  • According to Article 19 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a common format upon request.

  • You have a right to object under Article 21 of the GDPR, which entails a change in processing after enforcement.

    • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.

    • If data is used to carry out direct advertising, you can object to this type of data processing at any time. We may then no longer use your data for direct marketing.

    • If data is used for profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling thereafter.

  • According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example profiling).

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/ and for Germany you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). ­

In short: You have rights - do not hesitate to contact the responsible body listed above with us!

Communication

Communication summary
Data subjects: All those who communicate with us by phone, email or online form.
Data processed: e.g. telephone number, name, email address, form data entered. You can find more details on this in the respective contact type used.
Purpose: processing of communication with customers, business partners, etc.
Storage period: Duration of the business case and legal requirements.
Legal basis: Art. 6 para. 1 lit. a DSGVO (consent), Art. 6 para. 1 lit. b DSGVO (contract), Art. 6 para. 1 lit. f DSGVO (legitimate interests).

If you contact us and communicate by telephone, e-mail or online form, personal data may be processed.

The data is processed for the handling and processing of your question and the related business transaction. The data is stored for the same period of time or as long as required by law.

Persons affected

Von den genannten Vorgängen sind alle betroffen, die über die von uns bereit gestellten Kommunikationswege den Kontakt zu uns suchen.

Phone

When you call us, the call data is stored pseudonymously on the respective end device and with the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by e-mail and stored for the purpose of responding to enquiries. The data is deleted as soon as the business case has been completed and legal requirements permit.

E-mail

If you communicate with us by e-mail, data may be stored on the respective end device (computer, laptop, smartphone,...) and data is stored on the e-mail server. The data is deleted as soon as the business transaction has been completed and legal requirements permit.

Online forms

If you communicate with us using online forms, data is stored on our web server and may be forwarded to an e-mail address of ours. The data is deleted as soon as the business transaction has been completed and legal requirements permit.

Legal basis

The processing of data is based on the following legal grounds:

  • Art. 6 para. 1 lit. a DSGVO (consent): You give us your consent to store your data and to further use it for purposes related to the business case;

  • Art. 6 para. 1 lit. b DSGVO (contract): There is a need for the performance of a contract with you or a processor such as the telephone provider, or we need to process the data for pre-contractual activities such as preparing a quotation;

  • Art. 6 para. 1 lit. f DSGVO (Legitimate Interests): We want to conduct customer enquiries and business communications in a professional manner. For this purpose, certain technical facilities such as e-mail programmes, exchange servers and mobile phone operators are necessary in order to be able to operate the communication efficiently.

 

Legal basis

In the following data protection statement, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.
As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, which you can of course read online on EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679 ­

We only process your data if at least one of the following conditions applies:

  1. Consent (Article 6(1)(a) DSGVO): You have given us your consent to process data for a specific purpose. An example would be the storage of your entered data of a contact form.

  2. Contract (Article 6(1)(b) DSGVO): In order to fulfil a contract or pre-contractual obligations with you, we process your data. For example, if we conclude a sales contract with you, we need personal information in advance.

  3. Legal obligation (Article 6(1)(c) DSGVO): If we are subject to a legal obligation, we process your data. For example, we are legally obliged to keep invoices for accounting purposes. These usually contain personal data.

  4. Legitimate interests (Article 6(1)(f) DSGVO): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data in order to operate our website in a secure and economically efficient manner. This processing is therefore a legitimate interest.

Other conditions such as the performance of recording in the public interest and the exercise of official authority as well as the protection of vital interests do not usually arise for us. If such a legal basis should be relevant, it will be indicated at the appropriate place.

In addition to the EU Regulation, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.

  • In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact details of the responsible person

If you have any questions regarding data protection, please find below the contact details of the responsible person or office:
Law Office Dr. Pinegger
Auerspergstrasse 37
5020 Salzburg

office@pinegger-legal.at
Telephone: +43 662 26 13 12

 

Google Maps Privacy Policy

Google Maps Privacy Policy Summary
Data subjects: visitors to the website
Purpose: Optimization of our service
Processed data: Data such as search terms entered, your IP address and also the latitude and longitude coordinates.
You can find more details about this further down in this data protection declaration.
Storage duration: depends on the data stored
Legal basis: Art. 6 Para. 1 lit. a GDPR (consent), Art. 6 Para. 1 lit. f GDPR (legitimate interests)

What is Google Maps?

We use Google Maps from Google Inc. on our website. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in Europe. Google Maps enables us to better show you locations and thus adapt our service to your needs. By using Google Maps, data is transmitted to Google and stored on Google servers. Here we would like to go into more detail about what Google Maps is, why we use this Google service, what data is stored and how you can prevent this.

Google Maps is an internet map service provided by Google. With Google Maps, you can search for exact locations of cities, sights, accommodation or businesses online via a PC, tablet or app. If companies are represented on Google My Business, further information about the company is displayed in addition to the location. To show how to get there, map sections of a location can be integrated into a website using HTML code. Google Maps shows the earth's surface as a street map or as an aerial or satellite image. Thanks to the Street View images and the high-quality satellite images, very accurate representations are possible.

Why do we use Google Maps on our website?

All our efforts on this site are aimed at providing you with a useful and meaningful time on our website. By integrating Google Maps we can provide you with the most important information about various locations. You can see at a glance where we are located. The directions will always show you the best or fastest way to reach us. You can call up the directions for routes by car, public transport, on foot or by bicycle. For us, providing Google Maps is part of our customer service.

What data is stored by Google Maps?

In order for Google Maps to fully provide their service, the company needs to collect and store data from you. This includes, among other things, the search terms entered, your IP address and also the latitude and longitude coordinates. If you use the route planner function, the start address entered is also stored. However, this data storage happens on the Google Maps websites. We can only inform you about this, but cannot influence it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behaviour. Google uses this data primarily to optimise its own services and to provide you with individual, personalised advertising.

The following cookie is set in your browser due to the integration of Google Maps:

Name: NID
Wert: 188=h26c1Ktha7fCQTx8rXgLyATyITJ221146982-5
Purpose: NID is used by Google to customise advertisements to your Google search. With the help of the cookie, Google "remembers" your most frequently entered search queries or your previous interaction with ads. This way you will always get tailored ads. The cookie contains a unique ID that Google uses to collect your personal preferences for advertising purposes.
Expiry date: after 6 months

Note: We cannot guarantee completeness in the information we store. Especially when using cookies, changes can never be excluded. In order to identify the cookie NID, a separate test page was created where only Google Maps was integrated.

How long and where is the data stored?

Google servers are located in data centres around the world. However, most servers are located in America. For this reason, your data is also increasingly stored in the USA. You can find out exactly where Google's data centres are located here: https://www.google.com/about/datacenters/inside/locations/?hl=de

Google distributes the data on different data carriers. This means that the data can be accessed more quickly and is better protected against any attempts at manipulation. Each data centre also has special emergency programmes. If, for example, there are problems with Google's hardware or a natural disaster paralyses the servers, the data will pretty much remain protected anyway.

Google stores some data for a set period of time. For other data, Google only offers the option of deleting it manually. Furthermore, the company also anonymises information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 and 18 months respectively.

 

How can I delete my data or prevent data storage?

With the automatic deletion of location and activity data introduced in 2019, location and web/app activity information will be stored for either 3 or 18 months - depending on your decision - and then deleted. In addition, you can also manually delete this data from your history at any time via your Google Account. If you want to completely prevent your location tracking, you must pause the "Web and App Activity" section in the Google Account. Click "Data and personalisation" and then on the "Activity setting" option. Here you can switch the activities on or off.

In your browser, you can also deactivate, delete or manage individual cookies. Depending on which browser you use, this always works slightly differently. The following instructions show how to manage cookies in your browser:

Chrome: Delete, activate and manage cookies in Chrome.

Safari: Managing cookies and website data with Safari

Firefox: Cookies löschen, um Daten zu entfernen, die Websites auf Ihrem Computer abgelegt haben

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

Falls Sie grundsätzlich keine Cookies haben wollen, können Sie Ihren Browser so einrichten, dass er Sie immer informiert, wenn ein Cookie gesetzt werden soll. So können Sie bei jedem einzelnen Cookie entscheiden, ob Sie es erlauben oder nicht.

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow it or not. Please note that when you use this tool, data about you may be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. Data to insecure third countries may therefore not simply be transferred, stored and processed there unless there are appropriate safeguards (such as EU standard contractual clauses) between us and the non-European service provider.

 

Legal basis

If you have consented to Google Maps being used, the legal basis for the corresponding data processing is this consent. According to Art. 6 Para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the processing of personal data, as may occur during the collection by Google Maps.

On our part, there is also a legitimate interest in using Google Maps to optimise our online service. The corresponding legal basis for this is Art. 6 para. 1 lit. f DSGVO (Legitimate Interests).

If you would like to learn more about Google's data processing, we recommend that you read the company's own privacy policy at https://policies.google.com/privacy?hl=de.

 

Google Tag Manager

Beschreibung und Zweck der Verarbeitung

Unsere Website verwendet den Google Tag Manager, einen Dienst der Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“).

Der Google Tag Manager ermöglicht es uns, verschiedene Skripte und Tags auf unserer Website zu verwalten, ohne dass wir den Quellcode der Website manuell ändern müssen. Dieses Tool sorgt dafür, dass bestimmte Tracking- und Marketing-Tags (z. B. Google Analytics, Google Ads oder Facebook Pixel) effizient und zentral gesteuert werden.

Der Google Tag Manager selbst setzt keine Cookies und speichert keine personenbezogenen Daten. Er sorgt lediglich dafür, dass andere Tags ausgelöst werden, die wiederum Daten erfassen können.

Erhobene Daten
  • The IP-Adresse des Nutzers kann bei der Nutzung des Tag Managers technisch verarbeitet werden.
  • Der Google Tag Manager speichert keine weiteren personenbezogenen Daten.

Allerdings können durch die im Tag Manager verwalteten Drittanbieter-Tags (z. B. Google Ads oder Google Analytics) personenbezogene Daten erhoben werden. In diesem Fall greifen die jeweiligen Datenschutzbestimmungen der eingesetzten Dienste.

Rechtsgrundlage für die Verarbeitung

Da der Google Tag Manager selbst keine personenbezogenen Daten verarbeitet, sondern lediglich andere Tags auslöst, basiert die Nutzung auf unserem berechtigten Interesse gemäß Art. 6 Abs. 1 lit. f DSGVO (technische Verwaltung und Optimierung der Website).

Falls über den Tag Manager Drittanbieter-Tags aktiviert werden, die personenbezogene Daten verarbeiten (z. B. Google Ads oder Facebook Pixel), erfolgt dies nur nach Ihrer ausdrücklichen Einwilligung gemäß Art. 6 Abs. 1 lit. a DSGVO.

Datenübermittlung in Drittländer

Da Google weltweit operiert, kann eine Übermittlung von Daten in Drittländer wie die USA stattfinden. Google ist nach dem EU-U.S. Data Privacy Framework zertifiziert. Sollte eine Übertragung in Drittländer ohne Angemessenheitsbeschluss erfolgen, sichern wir diese über die EU-Standardvertragsklauseln gemäß Art. 46 DSGVO ab.

Weitere Informationen zum Google Tag Manager finden Sie unter:
➡️ https://support.google.com/tagmanager/answer/6102821?hl=de

Widerspruchs- und Widerrufsmöglichkeiten

Da der Google Tag Manager selbst keine personenbezogenen Daten speichert, besteht keine direkte Opt-Out-Möglichkeit für dieses Tool. Falls Sie jedoch verhindern möchten, dass Tracking-Tags wie Google Ads oder Google Analytics über den Tag Manager ausgeführt werden, können Sie dies über unsere Cookie-Einstellungen steuern.

Zusätzlich können Sie über folgende Tools personalisierte Werbung von Google deaktivieren:
➡️ https://adssettings.google.com/

Weitere Informationen zur Datenverarbeitung durch Google finden Sie in der Google-Datenschutzerklärung:
➡️ https://policies.google.com/privacy?hl=de

 

Google Ads

Beschreibung und Zweck der Verarbeitung

Unsere Website nutzt Google Ads, einen Dienst der Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („Google“). Mit Google Ads schalten wir Anzeigen in der Google-Suchmaschine sowie auf anderen Websites im Google-Werbenetzwerk. Unser Ziel ist es, Nutzern gezielte Werbung für unsere Angebote und Dienstleistungen bereitzustellen.

Google Ads verwendet sogenannte Conversion-Tracking-Cookies, um den Erfolg unserer Werbekampagnen zu messen. Wenn Sie auf eine von Google geschaltete Anzeige klicken, speichert Google ein Cookie auf Ihrem Endgerät. Diese Cookies haben eine begrenzte Gültigkeit (in der Regel 30 Tage) und dienen nicht der persönlichen Identifizierung des Nutzers. Sie ermöglichen es Google und uns, zu erkennen, dass ein Nutzer über eine Anzeige auf unsere Website gelangt ist.

Erhobene Daten

Im Rahmen von Google Ads werden unter anderem folgende Daten erfasst und verarbeitet:

  • IP-Adresse des Nutzers (gekürzt, wenn IP-Anonymisierung aktiviert ist)
  • Browser-Typ und -Version
  • Betriebssystem
  • Besuchte Seiten auf unserer Website
  • Klicks auf unsere Anzeigen
  • Zeitstempel des Zugriffs
  • Referrer-URL (die zuvor besuchte Seite)

Die Informationen können durch Google mit weiteren Daten aus anderen Google-Diensten (z. B. Google Analytics oder Google Tag Manager) zusammengeführt werden, sofern Sie dies in Ihren Google-Kontoeinstellungen zugelassen haben.

Rechtsgrundlage für die Verarbeitung

Die Datenverarbeitung erfolgt auf Grundlage von Art. 6 Abs. 1 lit. a DSGVO (Einwilligung). Bevor Google Ads aktiviert wird, holen wir Ihre ausdrückliche Zustimmung über unser Cookie-Consent-Management-Tool ein.

Falls Sie keine Einwilligung erteilen oder Ihre Einwilligung widerrufen, wird Google Ads nicht ausgeführt und es werden keine Cookies gesetzt.

Datenübermittlung in Drittländer

Google verarbeitet Ihre Daten in der Regel auf Servern innerhalb der Europäischen Union (insbesondere in Irland). Es kann jedoch vorkommen, dass Daten an Google-Server in den USA übertragen werden.

Google ist nach dem EU-U.S. Data Privacy Framework zertifiziert, sodass eine Übertragung auf Grundlage von Art. 45 DSGVO (Angemessenheitsbeschluss) erfolgen kann. Falls eine solche Zertifizierung nicht besteht, verwenden wir die EU-Standardvertragsklauseln gemäß Art. 46 DSGVO als Grundlage für die Datenübermittlung.

Widerspruchs- und Widerrufsmöglichkeiten

Sie können die Speicherung von Cookies durch eine entsprechende Einstellung Ihres Browsers verhindern. Darüber hinaus können Sie personalisierte Werbung in Ihrem Google-Konto deaktivieren:
➡️ https://adssettings.google.com/

Zusätzlich bieten wir eine Opt-Out-Möglichkeit über unser Cookie-Management-Tool an.

Weitere Informationen zur Datenverarbeitung durch Google finden Sie in der Datenschutzerklärung von Google:
➡️ https://policies.google.com/privacy?hl=de

 

Source: Created with Privacy Generator firmenwebseiten.at