General Data Protection Regulation
Information for data processing according to General Data Protection Regulation
Information for data processing according to General Data Protection Regulation
According to the General Data Protection Regulation, we are obliged to inform you about why we collect your data and how we will process it. Please take time for this information document and get an overview of the purpose, the legal basis and the framework of the processing.
The present document consists of
WHO IS RESPONSIBLE FOR DATA PROCESSING AND TO WHOM CAN YOU TURN?
Responsible for the data processing is:
CONTRACT Controlling & Business Solutions – Angerer KG
VAT registration number: ATU49161008
WHAT DATA WILL BE PROCESSED?
We process the following personal data: Your personal details such as title, first name, surname, address, telephone number, e-mail address, date of birth and customer authentication data. In addition, order data (standing orders or direct debit orders), bank details, data from the fulfillment of our contractual obligation (consumption, turnover, billing data), creditworthiness data, payment modalities, data on your contracts (license types commissioning / decommissioning date, service and support data), advertising and sales data, customer loyalty program data, consulting records, information, customer survey and sweepstakes information, socio-demographic data, information from your electronic traffic to our company (service portals, apps, cookies), and regulatory compliance data. For business customers, we also collect public company data from the business register and annual report, VAT number, business purposes, sector affiliation and publicly available economic data.
FROM WHICH SOURCES WERE THESE DATA COMING?
We process the personal data that we have received from you as part of the business relationship. In addition, we process data from publicly available sources such as commercial register and land register, as well as from address publishers, direct marketing companies and credit reference agencies, which we have received in a permissible manner.
FOR WHAT PURPOSES AND TO WHICH LEGAL BASIS ARE THE DATA PROCESSED?
We process your personal data in accordance with data protection regulations.
• For the fulfillment of contractual obligations (Article 6 (1) (b) GDPR):
The CONTRACT Controlling & Business Solutions – Angerer KG or commissioned by us processor process your personal data to fulfill the contract with you. This covers the billing of your services, the dispatch of invoices and possibly reminders as well as the communication for the execution of the contract, the determination of your scope of services as well as the processing of payments. The legal basis for the processing and provision of your personal data is thus the processing for the fulfillment of the contract and the performance of the contract. Without these, we cannot conclude and settle the contract.
• For fulfilling legal obligations (Article 6 (1) (c) GDPR):
The processing of personal data may be required for fulfilling various legal obligations – the preparation of the annual financial statements, current tax obligations and audits. Without the provision of your data, we cannot meet our legal obligations.
• As part of your consent (Article 6 (1) (a) GDPR):
If you have given us consent to the processing of your personal data, processing will only take place in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. A given consent can be withdrawn at any time with effect for the future (see data processing for advertising purposes).
• For the protection of legitimate interests (Article 6 (1) (f) GDPR):
Insofar as necessary, in the interests of CONTRACT Controlling & Business Solutions – Angerer KG or a processor, data processing beyond the actual performance of the contract may take place in order to safeguard legitimate interests of us or contract processors. In the following cases, data processing takes place to safeguard legitimate interests:
• Consultation and exchange of data with credit bureaus to identify credit and default risks;
• reviewing and optimizing needs assessment and direct customer approach procedures, as well as business management and service development measures;
• Advertising for own products, customer evaluation, market and opinion research as far as you did not object to the use of your data according to Art. 21 GDPR;
• telephone records;
• In the context of prosecution for the defense and assertion of legal claims;
• contact us (for example via e-mail, telephone, post) to assess the quality of service and customer satisfaction;
• handling of promotion and damage cases;
• Tax and legal advice, such as auditors and experts, consulting and IT services;
• maintaining system security;
• required administrative purposes.
HOW DO WE PROCESS YOUR DATA FOR ADVERTISING?
We will process the data that we obtained in the course of our contractual relationship with you in order to send you e-mails or postal letters for the purpose of presenting and presenting our products, services and conducting competitions and marketing measures (Art. 6 para 1 lit f DSGVO), but this maximum 3 years after contract termination. You have a right of objection against this processing of your data for the purpose of direct mailing without giving reasons by postal letter to CONTRACT Controlling & Business Solutions – Angerer KG, A-8020 Graz, Reininghausstrasse 13a or by e-mail to . If you assert your right to object to data processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
For other forms of direct mail we will process your data only if you have given an express consent to the processing of your data (Article 6 (1) (a) GDPR). If you have consented to the data processing, you can revoke this consent without giving reasons by sending a letter to CONTRACT Controlling & Business Solutions – Angerer KG, A-8020 Graz, Reininghausstrasse 13a or by e-mail to . The processing of your personal data for the purpose of direct marketing is not required for the execution of our contractual relationship.
DO WE PROCESS DATA BASED ON AUTOMATION-ASSISTED DECISION-MAKING?
For the purpose of optimal customer service, we store customer activities so that relevant and targeted measures can be taken to improve satisfaction or customize the service.
For the purpose of avoiding litter losses and minimizing data processing for promotional ticks, we store the demand behavior, such as ordering offers, responding to offers and inferring therefrom certain personal interests. We use these valued interests to purposefully provide customers with specific offers and advertising, thereby avoiding wasteful advertising (evaluation of personal interests).
WHO GETS YOUR DATA?
Your data will be provided to those bodies or employees who need them to fulfill contractual and legal obligations as well as legitimate interests. In addition, we receive assigned contractors and other recipients: in particular EU-based companies such as IT, cloud and telecommunications service providers, printing, scanning and data destruction service providers, software suppliers, external auditors and experts, arbitration boards and authorities, auditors and tax consultants, insurance companies, lawyers, collection service providers and credit reporting agencies (KSV, Creditreform) and consulting firms, if these require the data to fulfill their respective performance. All processors are contractually obliged to treat your data confidentially and to process it only as part of the provision of services.
After various recipients and processors change regularly, a specific naming is not possible.
HOW LONG WILL YOUR DATA BE SAVED?
If necessary, we process your personal data for the duration of the entire business relationship as well as for the duration of statutory retention and documentation periods, in particular the Federal Tax Code (BAO).
According to § 207 (2) in conjunction with § 208 (1) (a) of the BAO, levies become statute-barred after ten years from the end of the year in which the claim for tax relief arose. According to § 132 BAO, tax-relevant books, records and documents must be kept for seven years. Therefore, your data will always be deleted after ten years from the termination of our contractual relationship.
You have the right to information, correction, deletion or restriction of the processing of your stored data, a right of objection to the processing as well as a right to data transferability in accordance with the requirements of data protection law. If you wish to make use of this right, you can do so informally, without giving reasons by sending a letter to CONTRACT Controlling & Business Solutions – Angerer KG, A-8020 Graz, Reininghausstrasse 13a or by e-mail to do.
If you believe that we violate Austrian or European data protection laws when processing your data, we ask you to contact us to clarify your concerns.
If you have any questions about the content of this information document or general questions about data protection, you can contact our data protection officer by e-mail to or by letter to CONTRACT Controlling & Business Solutions – Angerer KG, A-8020 Graz, Reininghausstraße 13a turn.
You can address complaints to the Austrian Data Protection Authority.
Using cookies, CONTRACT Controlling & Business Solutions – Angerer KG can provide users of this website with more user-friendly services that would not be possible without the setting of cookies.
The user can prevent the setting of cookies through our website at any time by means of an appropriate setting of the Internet browser used and thus permanently contradict the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the user deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
COLLECTION OF GENERAL DATA AND INFORMATION
The website of CONTRACT Controlling & Business Solutions – Angerer KG collects a series of general data and information every time the website is called up by a user or an automated system. This general data and information is stored in the log files of the server. The (a) browser types and versions used, (b) the operating system used by the accessing system, (c) the website from which an accessing system accesses our website (so-called referrers), (d) the sub-web sites that use (e) the date and time of access to the website, (f) an Internet Protocol address (IP address), (g) the Internet service provider of the accessing system and (h) other similar data and information used in the event of attacks on our information technology systems.
When using this general data and information, CONTRACT Controlling & Business Solutions – Angerer KG does not draw any conclusions about the person concerned. Rather, this information is required to (a) properly deliver the contents of our website, (b) to optimize the content of our website and to promote it, (c) to ensure the continued functioning of our information technology systems and the technology of our website, and (d) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack. This anonymously collected data and information is therefore statistically and further evaluated by CONTRACT Controlling & Business Solutions – Angerer KG with the aim of increasing data protection and data security in our company, ultimately providing an optimal level of protection for the personal data processed by us sure. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.
REGISTER ON OUR WEBSITE
The user has the possibility of registering on the website of the controller by providing personal data. The personal data to be sent to the controller is derived from the respective input mask used for the registration. The personal data entered by the user is collected and stored solely for internal use by the controller and for his own purposes. The controller may arrange for the transfer to one or more processors, such as a parcel service, who also uses the personal data only for internal use attributable to the controller.
By registering on the website of the controller, the IP address assigned by the Internet service provider (ISP) of the data subject, the date and time of registration are also stored. The storage of this data takes place against the background that only so the misuse of our services can be prevented, and this data in case of need to clarify committed offenses. In this respect, the storage of this data is required to secure the controller. A disclosure of these data to third parties is not, unless there is a legal obligation to pass on or the disclosure of law enforcement serves.
The registration of users voluntarily providing personal data is used by the controller to provide the data subject with content or services that, due to the nature of the case, can only be offered to registered users. Registered persons are free to change the personal data given at registration at any time or to delete them completely from the database of the data controller.
The controller shall, at any time upon request, provide information to each data subject as to which personal data about the data subject is stored. Furthermore, the data controller corrects or deletes personal data at the request or reference of the data subject, insofar as this does not conflict with any statutory storage requirements. A data protection officer named by name in this data protection statement and the entire body of the data controller’s employees are available as contact persons for the data subject in this context.
SUBSCRIPTION OF OUR NEWSLETTER
On the website of CONTRACT Controlling & Business Solutions – Angerer KG the users are given the opportunity to subscribe to the newsletter of our company. Which personal data are transmitted to the data controller when the newsletter is ordered results from the input mask used for this purpose?
The CONTRACT Controlling & Business Solutions – Angerer KG informs its customers and business partners at regular intervals by means of a newsletter about offers of the company. The newsletter of our company can only be received by the data subject if (a) the data subject has a valid email address and (b) the data subject registers for the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by an affected person for the first time for newsletter mailing using the double-opt-in procedure. This confirmation email is used to check whether the owner of the e-mail address as the person concerned authorized the receipt of the newsletter.
When subscribing to the newsletter, we also store the IP address of the computer system used by the person concerned at the time of registration, as well as the date and time of registration, as assigned by the Internet Service Provider (ISP). The collection of this data is necessary in order to understand the (possible) misuse of an affected person’s e-mail address later and therefore serves as legal safeguards for the controller.
The personal data collected in the context of registering for the newsletter will be used exclusively to send our newsletter. Subscribers to the newsletter may also be notified by e-mail if this is necessary for the operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter or technical changes. There will be no transfer of the personal data collected as part of the newsletter service to third parties. Subscription to our newsletter may be terminated by the person concerned at any time. The consent to the storage of personal data that the data subject has given us for the newsletter dispatch can be revoked at any time. For revoking the consent, there is a corresponding link in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller or to inform the controller in a different way.
The CONTRACT Controlling & Business Solutions – Angerer KG newsletters contain so-called counting pixels. A counting pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded pixel, CONTRACT Controlling & Business Solutions – Angerer KG can detect when a data subject opened an e-mail and which links in the e-mail the person concerned called.
Such personal data collected via the counting pixels contained in the newsletters will be stored and evaluated by the controller in order to optimize the delivery of the newsletter and to better adapt the content of future newsletters to the interests of the data subject. This personal data will not be disclosed to third parties. Affected persons are at any time entitled to revoke the separate declaration of consent issued via the double-opt-in procedure. After revocation, the controller will delete this personal data. The CONTRACT Controlling & Business Solutions – Angerer KG automatically declares a cancellation of the newsletter as revocation.
CONTACT OPTIONS VIA THE WEBSITE
The controller has integrated components of the company Facebook on this website. Facebook is a social network.
A social network is an internet community that has an online community that generally allows users to communicate and interact in virtual space. A social network can also provide the Internet community with personal or company-specific information. Facebook provides access to social network users, including creating private profiles, uploading photos and networking via friend requests.
Operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.
Responsible for the processing of personal data, if an affected person lives outside the US or Canada, are Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
Each visit to one of the individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the person concerned automatically by the respective Facebook Component causes a representation of the corresponding Facebook component of Facebook to download. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_US. As part of this technical process, Facebook receives information about which specific underside of our website is visited by the person concerned.
If the data subject is simultaneously logged into Facebook, Facebook recognizes with each visit to our website by the data subject and during the entire duration of the respective stay on our website, which specific underside of our website the data subject visits. This information is collected through the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the person concerned activates one of the Facebook buttons integrated on our website, for example the “Like” button, or if the person concerned makes a comment, Facebook assigns this information to the personal Facebook user account of the person concerned and saves this personal data.
Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the same time as accessing our website; this happens regardless of whether the person clicks on the Facebook component or not. If such a transfer of this information to Facebook is not wanted by the data subject, it can prevent the transfer by logging out of their Facebook account before calling our website.
The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. It also explains which options Facebook offers to protect the privacy of the data subject. In addition, different applications are available, which make it possible to suppress data transmission to Facebook, for example, the Facebook blocker of the provider Webgraph, which can be obtained at http://webgraph.com/resources/facebookblocker/. Such applications can be used by the data subject to suppress data transmission to Facebook.
The controller has integrated on this website the component Google Analytics (with anonymization function). Google Analytics is a web analytics service. Web analysis is the collection, collection and analysis of data about the behavior of visitors to websites. Among other things, a web analysis service collects data on which website an affected person has come to a website (so-called referrers), which subpages of the website were accessed or how often and for which length of stay a subpage was viewed. A web analysis is mainly used to optimize a website and cost-benefit analysis of Internet advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition “_gat._anonymizeIp” for web analytics via Google Analytics. By means of this addendum, the IP address of the Internet access of the data subject will be shortened and anonymized by Google if the access to our website is from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our websites, and to provide other services related to the use of our website.
Google Analytics uses a cookie on the information technology system of the person concerned. What cookies are has been already explained above. By using this cookie, Google is enabled to analyze the usage of our website. Each time one of the pages of this website is accessed by the controller and a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically initiated by the respective Google Analytics component to submit data to Google for online analysis purposes. In the course of this technical process, Google receives knowledge about personal data, such as the IP address of the person concerned, which Google uses, among other things, to trace the origin of the visitors and clicks and, as a result, to enable commission settlements.
The cookie stores personally identifiable information, such as access time, the location from which access was made and the frequency of site visits by the data subject. Each time you visit our website, your personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties.
The affected person can prevent the setting of cookies through our website, as shown above, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
Forbid Google Analytics to track me
The controller has integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to run both Google and Google Network search engine results. Google AdWords allows an advertiser to pre-set keywords that will display an ad on Google’s search engine results only when the search engine retrieves a keyword-related search result. In the Google Network, ads are distributed on topical web pages using an automated algorithm and according to pre-defined keywords.
The operating company for the services of Google AdWords is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to promote our website by displaying interest-based advertising on third-party websites and in the search engine results of Google’s search engine and by displaying advertisements on our website.
If a data subject arrives on our website via a Google ad, a so-called conversion cookie will be stored on Google’s information technology system by Google. What cookies are has been already explained above. A conversion cookie loses its validity after 30 days and is not used to identify the person concerned. About the conversion cookie is, if the cookie has not yet expired, traced whether certain sub-pages, such as the shopping cart from an online shop system, were accessed on our website. The conversion cookie allows both us and Google to understand whether an affected person who came to our website via an AdWords ad generated revenue, ie, completed or canceled a purchase.
The data and information collected with the conversion cookie are used by Google to create visitor statistics for our website. These visit statistics are then used by us to determine the total number of users who have been sent to us through AdWords ads, in order to determine the success or failure of each AdWords ad and to optimize our AdWords ads for the future, Neither our company nor any other Google AdWords advertiser receives any information from Google that could identify the data subject.
The conversion cookie stores personally identifiable information, such as the web pages visited by the affected person. Each time you visit our website, your personal information, including the IP address of the Internet connection used by the data subject, will be transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties.
The affected person can prevent the setting of cookies through our website as shown above at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the person concerned. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.
There is also the possibility for the data subject to object to interest-based advertising by Google. To do this, the person concerned must access the link www.google.com/settings/ads from each of the Internet browsers they use and make the desired settings there.
a) personal data:
Personal data is any information relating to an identified or identifiable natural person (hereinafter the “data subject”). A natural person is considered to be identifiable who, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.
b) affected person
Affected person is any identified or identifiable natural person whose personal data is processed by the controller.
Processing means any process or series of operations related to personal data, such as collecting, collecting, organizing, organizing, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.
d) restriction of the processing
Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.
Profiling is any type of automated processing of personal data, which involves using that personal information to evaluate certain personal aspects relating to a natural person, in particular aspects related to job performance, economic condition, health, personal preferences to analyze or predict interests, reliability, behavior, whereabouts or location of this natural person.
Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, if such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data not assigned to an identified or identifiable natural person.
g) controller or the person who is responsible for the processing
The controller or the person who is responsible for the processing is the natural or legal person, public authority, body or body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for under Union or national law.
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Recipient is a natural or legal person, agency, agency or other entity to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered as beneficiaries.
j) third party
Third party is a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or the processor to process the personal data.
Consent is any voluntarily given and unambiguously expressed in the form of a statement or other unambiguous confirmatory act by the data subject for the particular case, by which the data subject indicates that they consent to the processing of the personal data concerning him / her is.