Loading...

Privacy Notice

Privacy policy

Controller

REMIND Collective
Martina Karan, MSc.
Fabrikstr. 19
AT - 4470 Enns
Email address: [contact]

Overview of Processing

The following overview summarizes the types of data processed and the purposes for which they are processed and refers to the affected persons.

Types of Data Processed

  • Inventory data.
  • Contact data.
  • Content data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Log data.

Categories of Affected Persons

  • Communication partners.
  • Users.

Purposes of Processing

  • Communication.
  • Security measures.
  • Reach measurement.
  • Organizational and administrative procedures.
  • Feedback.
  • Profiles with user-related information.
  • Provision of our online offer and user-friendliness.
  • IT infrastructure.
  • Public relations.

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the GDPR regulations, national data protection regulations may apply in your or our country of residence or business. If specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given their consent to the processing of personal data concerning them for a specific purpose or several specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Austria: In addition to the GDPR data protection regulations, national regulations on data protection in Austria apply. These include, in particular, the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains specific regulations regarding the right to information, the right to rectification or deletion, the processing of special categories of personal data, processing for other purposes, and transfer as well as automated decision-making in individual cases.

Note on the applicability of GDPR and Swiss DPA: These privacy notices serve both to provide information under the Swiss DPA and the General Data Protection Regulation (GDPR). For the sake of broader applicability and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms used in the Swiss DPA such as “processing” of “personal data,” “overriding interest,” and “particularly sensitive personal data,” the terms used in the GDPR such as “processing” of “personal data,” “legitimate interest,” and “special categories of data” are used. However, the legal significance of the terms remains determined by the Swiss DPA where applicable.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of the risks to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

Measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as the access, input, transfer, availability, and separation of the data. We also have procedures in place to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. Furthermore, we take the protection of personal data into account already in the development or selection of hardware, software, and procedures, according to the principle of data protection through technology design and privacy-friendly default settings.

Transfer of Personal Data

In the course of our processing of personal data, it may happen that such data is transmitted to other entities, companies, legally independent organizational units, or individuals or is disclosed to them. The recipients of this data may include, for example, service providers tasked with IT services or providers of services and content that are embedded in a website. In such cases, we comply with the legal requirements and conclude appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.

International Data Transfers

Processing of data in third countries: If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place within the scope of the use of third-party services or disclosure or transfer of data to other persons, entities, or companies, this is done only in accordance with legal requirements. If the level of data protection in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for data transfers. Otherwise, data transfers are only made if the level of data protection is otherwise ensured, in particular through standard contractual clauses (Art. 46 para. 2 lit. c) GDPR), explicit consent, or in the case of contractual or legally required transfers (Art. 49 para. 1 GDPR). In addition, we inform you of the basis for third-country transfers for individual providers from third countries, where adequacy decisions take priority. Information on third-country transfers and existing adequacy decisions can be found on the EU Commission’s information page: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=en. Under the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection as adequate for certain companies in the USA under the adequacy decision of 10.07.2023. You can find the list of certified companies and further information on the DPF on the U.S. Department of Commerce website at https://www.dataprivacyframework.gov/ (in English). We will inform you within the privacy notices which service providers we use are certified under the Data Privacy Framework.

General Information on Data Retention and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consent is revoked or there are no longer any legal grounds for processing. This applies to cases where the original purpose of processing no longer exists or the data is no longer needed. Exceptions to this rule exist when legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax reasons, or that is necessary for legal prosecution or the protection of the rights of other natural or legal persons, must be archived accordingly.

Our privacy notices provide additional information on data retention and deletion that apply to specific processing activities.

If multiple retention periods or deletion deadlines are specified for a piece of data, the longest period is always applicable.

If a period does not explicitly start on a specific date and is at least one year long, it automatically starts at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships in which data is stored, the triggering event is the date the contract is terminated or the legal relationship otherwise ends.

Data that is no longer needed for the original purpose but is retained due to legal requirements or other reasons is processed solely for the reasons that justify its retention.

Further notes on processing activities, procedures, and services:

  • Retention and Deletion of Data: The following general retention periods apply under Austrian law for the retention and archiving of data:
    • 10 years - Retention period for books and records, annual financial statements, inventories, management reports, opening balances, accounting documents, and invoices, as well as all required work instructions and other organizational documents (Federal Tax Code (BAO §132), Commercial Code (UGB §§190-212)).
    • 6 years - Other business documents: received trade or business letters, copies of sent trade or business letters, and other documents relevant to taxes. These include, for example, hourly wage slips, business accounting sheets, calculation documents, price listings, and payroll documents, unless they are already accounting documents and cash receipts (Federal Tax Code (BAO §132), Commercial Code (UGB §§190-212)).
    • 3 years - Data required to consider potential warranty and damage claims or similar contractual claims and rights, and associated inquiries based on past business experience and common industry practices, are stored for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB).

Data Subject Rights

Under the GDPR, data subjects have various rights, especially as outlined in Articles 15 to 21 GDPR:

  • Right to Object: You have the right, at any time, to object to the processing of your personal data based on Art. 6 para. 1 lit. e or f GDPR for reasons arising from your particular situation, including profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object to such processing at any time, including profiling related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw any consent you have given at any time.
  • Right of Access: You have the right to request confirmation as to whether data concerning you is being processed, as well as to receive information about the data, and to obtain a copy of the data, in accordance with legal provisions.
  • Right to Rectification: You have the right to request that any incomplete or inaccurate data concerning you be corrected, in accordance with legal provisions.
  • Right to Erasure and Restriction of Processing: You have the right to request that data concerning you be deleted immediately or, alternatively, to request the restriction of the processing of your data, in accordance with legal provisions.
  • Right to Data Portability: You have the right to receive the data you have provided to us in a structured, commonly used, and machine-readable format, or to request its transfer to another controller, as legally required.
  • Right to Lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, workplace, or the place of the alleged violation, if you believe that the processing of your personal data violates the GDPR.

Provision of Online Services and Web Hosting

We process users’ data in order to provide our online services. For this purpose, we process the user’s IP address, which is necessary to deliver the contents and functions of our online services to the user’s browser or device.

  • Types of Data Processed: Usage data (e.g., page views and duration of stay, click paths, intensity and frequency of use, device types, and operating systems used, interactions with content and features); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, participants involved). Log data (e.g., log files concerning logins or data retrieval or access times).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purpose of Processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures.
  • Retention and Deletion: Deletion in accordance with the details provided in the “General Information on Data Retention and Deletion” section.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further Notes on Processing Activities, Procedures, and Services:

  • Collection of Access Data and Log Files: Access to our online services is logged in the form of so-called “server log files.” Server log files may include the address and name of the retrieved web pages and files, the date and time of access, the transferred data volumes, notifications of successful access, the browser type along with version, the user’s operating system, the referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to avoid server overload (especially in the case of abusive attacks, such as DDoS attacks), as well as to ensure the stability of the servers; Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Deletion of Data: Log file information is stored for a maximum of 30 days and is then deleted or anonymized. Data that needs to be retained for evidence purposes is excluded from deletion until the respective incident is fully resolved.

Use of Cookies

The term “cookies” refers to functions that store and retrieve information on users’ devices. Cookies can also be used for different purposes, such as ensuring the functionality, security, and convenience of online services, as well as creating analyses of visitor flows. We use cookies in accordance with legal regulations, and where necessary, we obtain users’ consent in advance. If consent is not required, we base our use of cookies on our legitimate interests. This applies when storing and retrieving information is essential for providing explicitly requested content and features. This includes storing preferences and ensuring the functionality and security of our online services. Consent can be revoked at any time. We provide clear information about the scope and types of cookies used.

Notes on Legal Basis for Data Processing: Whether we process personal data through cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, as explained in this section and in the context of the relevant services and procedures.

Storage Duration: Regarding storage duration, the following types of cookies are distinguished:

  • Temporary Cookies (also called session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).
  • Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, login statuses can be stored, or preferred content can be displayed directly when the user revisits a website. Additionally, data collected through cookies can be used for reach measurement. If no specific information about the type and duration of cookies is provided (e.g., in the context of obtaining consent), users should assume that they are permanent and may be stored for up to two years.

General Information on Withdrawal and Objection (Opt-out): Users can withdraw their consent at any time and also declare their objection to the processing in accordance with legal requirements, including through their browser’s privacy settings.

  • Types of Data Processed: Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, participants involved).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Further Notes on Processing Activities, Procedures, and Services:

  • Processing of Cookie Data Based on Consent: We use a consent management solution where users’ consent for the use of cookies or the specific procedures and providers mentioned in the consent management solution is obtained. This procedure is used to collect, log, manage, and withdraw consent, particularly regarding the use of cookies and similar technologies for storing, retrieving, and processing information on users’ devices. Through this process, users’ consent for the use of cookies and related data processing, including specific providers mentioned in the consent management procedure, is obtained. Users also have the option to manage and withdraw their consent. The consent declarations are stored to avoid repeated requests and to comply with legal requirements to provide evidence of consent. Storage is server-side and/or in a cookie (so-called opt-in cookie) or through comparable technologies to associate consent with a specific user or their device. Unless specific information about the providers of consent management services is available, the following general notes apply: Consent is stored for up to two years. A pseudonymous user identifier is created, stored along with the time of consent, information about the scope of consent (e.g., categories of cookies and/or service providers involved), and information about the browser, system, and device used; Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Contact and Inquiry Management

When contacting us (e.g., via mail, contact form, email, phone, or social media), as well as in the context of existing user and business relationships, the information of the inquiring individuals will be processed as necessary to respond to the contact inquiries and any requested actions.

  • Types of processed data:
    • Inventory data: (e.g., full name, residential address, contact information, customer number, etc.);
    • Contact data: (e.g., postal and email addresses or phone numbers);
    • Content data: (e.g., textual or visual messages and posts as well as related information, such as author information or creation time);
    • Usage data: (e.g., page views and duration of visits, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions);
    • Meta, communication, and procedural data: (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Affected individuals: Communication partners.
  • Purposes of processing: Communication; organizational and administrative processes; feedback (e.g., collecting feedback via online forms); provision of our online offerings and user-friendliness.
  • Storage and deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.”
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Further information on processing processes, procedures, and services:

  • Contact form: When contacting us via our contact form, email, or other communication channels, we process the personal data you provide to respond to and handle your respective concern. This typically includes information such as name, contact information, and any additional details provided that are necessary for appropriate processing. We use this data solely for the stated purpose of contacting and communicating; Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Web Analysis, Monitoring, and Optimization

Web analysis (also referred to as “reach measurement”) serves to evaluate visitor flows to our online offerings and may include pseudonymous values regarding behavior, interests, or demographic information about visitors, such as age or gender. With the help of reach analysis, we can, for example, determine when our online offerings or their features and content are most frequently used or invited for reuse. It also allows us to track which areas require optimization.

In addition to web analysis, we may also employ testing procedures to test and optimize different versions of our online offerings or their components.

Unless otherwise stated below, profiles may be created for these purposes, which are summaries of data related to a usage process, and information may be stored in a browser or on an end device and then retrieved. The collected information includes, in particular, visited websites and the elements used there, as well as technical details such as the browser used, the computer system used, and information regarding usage times. If users have consented to the collection of their location data, the processing of location data is also possible.

Furthermore, the IP addresses of users are stored. However, we use an IP masking procedure (i.e., pseudonymization by truncating the IP address) to protect users. Generally, no personal data of users (e.g., email addresses or names) is stored in connection with web analysis, A/B testing, and optimization, but pseudonymous data is used. This means that neither we nor the providers of the software used know the actual identity of users, only the information stored in their profiles for the respective processes.

Notes on legal bases: If we request user consent for the use of third-party providers, consent is the legal basis for data processing. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, cost-effective, and user-friendly services). In this context, we also want to draw your attention to the information regarding the use of cookies in this privacy policy.

  • Types of processed data: Usage data (e.g., page views and duration of visits, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, involved persons).
  • Affected individuals: Users (e.g., website visitors, online service users).
  • Purposes of processing: Reach measurement (e.g., access statistics, identification of returning visitors); profiles with user-related information (creating user profiles); provision of our online offerings and user-friendliness.
  • Storage and deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.” Cookies may be stored for up to 2 years (unless otherwise stated, cookies and similar storage methods can be stored on users’ devices for a period of two years).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing processes, procedures, and services:

  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offerings based on a pseudonymous user identification number. This identification number does not contain unique data such as names or email addresses. It serves to assign analysis information to an end device to recognize which content users have accessed during one or multiple usage processes, which search terms they used, and how they interacted with our online offerings. The time of use and its duration, as well as the sources of users referring to our online offerings and technical aspects of their devices and browsers, are also stored. Pseudonymous profiles of users are created with information from the use of different devices, whereby cookies may be used. Google Analytics does not log and store individual IP addresses for EU users. However, it provides rough geographical location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). In the case of EU traffic, the IP address data is used solely for deriving geolocation data before being immediately deleted. They are not logged, not accessible, and not used for further purposes. When Google Analytics collects measurement data, all IP queries are conducted on EU-based servers before traffic is forwarded for processing to Analytics servers; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third-country transfers: Data Privacy Framework (DPF); Opt-out option: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertising placements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and processed data).

Presences on Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with users active there or to provide information about us.

We point out that user data may be processed outside the territory of the European Union. This may pose risks for users, as the enforcement of user rights could be more difficult.

Furthermore, user data is typically processed within social networks for market research and advertising purposes. For instance, user behavior and resulting interests may be used to create usage profiles. These profiles may then be used to display advertisements within and outside the networks that are presumed to correspond to users’ interests. Therefore, cookies are typically stored on users’ computers, which store usage behavior and user interests. Additionally, usage profiles may include data independent of the devices used by users (especially if they are members of the respective platforms and logged in there).

For a detailed representation of the respective processing forms and opt-out options, we refer to the privacy policies and information provided by the operators of the respective networks.

In the case of inquiries and the assertion of rights of affected persons, we also point out that these can be most effectively asserted with the providers. Only they have access to the user data and can take appropriate actions and provide information directly. However, if you still need assistance, you can contact us.

  • Types of processed data: Contact data (e.g., postal and email addresses or phone numbers); content data (e.g., textual or visual messages and posts, as well as related information, such as authorship or creation time); usage data (e.g., page views and duration of visits, click paths, usage intensity and frequency, types of devices and operating systems used, interactions with content and functions).
  • Affected individuals: Users (e.g., website visitors, online service users).
  • Purposes of processing: Communication; feedback (e.g., collecting feedback via online forms); public relations.
  • Storage and deletion: Deletion in accordance with the information provided in the section “General Information on Data Storage and Deletion.”
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing processes, procedures, and services:

  • Instagram: Social network that enables sharing of photos and videos, commenting on and favoriting posts, sending messages, subscribing to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.instagram.com; Privacy policy: https://privacycenter.instagram.com/policy/; Basis for third-country transfers: Data Privacy Framework (DPF).
  • Pinterest: Social network that enables sharing photos, commenting, favoriting, and curating posts, sending messages, subscribing to profiles; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://www.pinterest.com; Privacy policy: https://policy.pinterest.com/de/privacy-policy.

Created with the free data protection generator by Dr. Thomas Schwenke