The processing of private information follows exclu-sively the legal framework provided by the European Union’s data protection law, especially the General Data Protection Regulation (hereinafter referred to as “GDPR”), and the federal data protection act.
1. Data Protection Officer
Responsible for data processing within the meaning of data protection laws is: CAD+T Consulting GmbH, Gewerbepark 16, 4052 Ansfelden, Austria, firstname.lastname@example.org You find our legal notice here (https://www.cadt-consulting.com/legal-notice//).
If you have questions or comments regarding data protection and privacy, please do not hesitate to contact us.
Please send requests to our Data Protection Officer at: CAD+T Consulting GmbH, Gewerbepark 16, 4052 Ansfelden, Austria, email@example.com.
2. Subject And Bases Of Data Protection
The subject of data and privacy protection are per-sonal data. Personal data are any information that relate to a natural person (the data subject) that can be identified. This regards information such as name, postal address, e-mail address or phone number, but also information that is necessarily required for using our website, such as information about when the user has started and quit using the website, and the IP address.
We process personal data in accordance with the respective data protection regulations. This means that we only process your data with your consent or legal permission, e.g. when processing the data is required to fulfil our contractual agreements (e.g. processing of orders) or when it is required by law or if it is of our legitimate interest as described in Art. 6 Sec. 1, lit. f) GDPR (e.g. our interest in analysis, opti-misation and safe operation of our online services).
We have put in place organisational, contractual and technical state-of-the-art safeguards to fulfil data protection regulations and thus protect the data we process against accidental or deliberate manipulation, loss, destruction or access by non-authorised persons.
3. Data Processing On Our Website
It is generally possible to use our website without registration and without providing personal data. Even though you can use our website this way for information purposes, we might automatically collect and process personal data. In the following sections, you find an overview about the type, amount, use and legal basis for data processing on our website.
a. Website Provisioning
When accessing our website with your device, we collect and process the following data in server log files:
- Access date and time
- Duration of the visit
- Device type
- Used operating system
- The function that you used
- Amount of sent data
- Type of event
- Reference URL
- Domain name
- IP address
We process these data on the basis our legitimate interests according to Art. 6 Sec. 1 lit. f) GDPR in providing and displaying the website, ensuring technical operation, logging and fixing errors and for security reasons (e.g. to solve cases of misuse or fraud). When opening our website, these data are processed automatically. Without collecting these data, you will not be able to use our website. We do not use this data for identification purposes.
We normally delete the collected data after 7 days, unless we need to keep them for the reasons stated above for a longer time. In this case, we will delete the data immediately after the reason for which we kept them becomes obsolete.
It is not obligatory to accept Cookies for using our website. If you like to opt out from using Cookies, you can prevent your browser from saving Cookies on your device by adapting the settings or by using an alternative opt-out option. Please note that this can lead to a reduced functionality of our website. You can delete stored Cookies anytime in your browser’s system settings.
c. Google Analytics
Google processes the transferred information on our behalf in order to analyse the use of our online ser-vices by the users, to create reports about activities in online services and to provide services associated with the web site. Based on the processed data, pseudonymous user profiles might be created.
We use Google Analytics only with activated IP anonymisation. This means that the user’s IP address will be shortened by Google for users within the member states of the European Union or within other states that have signed the agreement concerning the Euro-pean Economic Area. Only in exceptional cases, the full IP address will be transferred to a Google Server in the USA and will be shortened there. The IP address transferred by your browser will not be merged with other Google data. By adapting your browser settings, you can prevent your browser from saving Cookies. You can also prevent that data that are cre-ated by the Cookie and that are associated with your use of the website will be sent to Google, and you can prevent that Google processes these data by down-loading and installing the browser plugin that is available with this link: https://tools.google.com/dlpage/gaoptout?hl=en
For further information on how Google uses data, setting options and opt-out options, please visit Google’s websites, for example provided at this link: https://policies.google.com/privacy?hl=en&gl=en
d. Social Media Plugins
We have embedded these social media plugins on our website: Google+. You can recognise the plugin provider by the initials or the logo in the respective icons or buttons. We use a so-called two-click solution here, i.e. when you visit our website, no personal data will be transferred to the plugin provider at first. Only when you click on the highlighted icon and thus activate it, the plugin provider receives the infor-mation that you have opened the respective website of our online services.
The plugin’s content will then be transferred from the respective provider directly to your device. In turn, personal data such as your IP address will be transferred from your device directly to the plugin provider. By activating the plugin, your personal data will be transferred to the respective plugin provider and stored there (for US-American providers in the USA). The IP address might be shortened by the providers before transferring it. We do not have any influence on the collected data and data processing, and we do not know about the volume of data logging, the purpose of data processing and saving times. We also do not have any information on how the plugin provider will delete the collected data.
The plugin provider stores the data collected from you as usage profiles and uses these for advertising, market research and/or customising his website. This evaluation is mainly used to feature customised advertising and to inform other users of the social network about your activities on our website. You can opt-out from generating these usage profiles. To do so, please contact the respective plugin provider. With these plugins, we allow you to interact with social networks and their users so that we can improve our services and make them more interesting for you as a user. The data processing is based on our legitimate interest according to Art 6 Sec. 1 lit. f) GDPR, more precisely our interest in analysing, optimising and improving our website, especially to allow or facilitate sharing parts of our websites on social networks.
Data will be transferred independently from whether you own an account with the plugin provider and are logged in there or not. If you are logged in at the plugin provider, your data will be directly linked to your existing account with the plugin provider. If you use the activated button and link the site, for example, the plugin provider stores this information in your user account and can share it publicly with your contacts.
e. Embedded YouTube Videos
f. Google Maps
We also use Google Maps (API) on our website, another service from Google LLC. Google Maps is a web service with interactive maps, with which geographical information can be visualised.
Data about your usage of our website, especially your IP address, will be transferred to a Google Server in the USA and stored there as soon as you open a subpage on which a Google Maps map is embedded. This is independent from whether you have a Google user account, are logged in to it or don’t have an account at all. If you are logged in to Google, your data might be directly linked to your existing account.
Data processing is based on our legitimate interest according to Art 6 Sec. 1 lit. f) GDPR, more precisely our interest in analysing, optimising and economically operating our online services. Google is certified with the Privacy Shield framework and thus guaran-tees to comply with European data protection law. Detailed information about privacy regarding the use of Google Maps can be found on Google’s web page:https://policies.google.com/privacy?hl=en&gl=en
4. Services That Require Registration, Newsletter
Our website does not solely serve information purposes, but we also provide various services and function that you can use if you are interested. To do so, you generally have to provide further personal data that we need to offer the respective services and functions. This is described in the following paragraphs.
For using the following functions on our website, a registration with an individual profile/setup of a user-account is required: Licence overview, Support management, Downloads
For the registration, these fields are mandatory and marked with “mandatory”:
- User ID
- Confirm password
- Company name
- First name
- Last name
- Phone number
A registration is not possible without providing these mandatory data. As part of your registration, you can provide further details on a voluntary basis, such as first name, last name, address 1, address 2, ZIP code, city, telephone, mobile phone, website. Please note that this information is not obligatory for a registration. It is upon you to decide whether you want to provide these data or not. Registration follows a so-called double opt-in procedure, i.e. after your registration, you will receive an e-mail in which you have to confirm your registration. This prevents your e-mail address from misuse.
Data provided for the registration will be processed based on Art. 6 Sec. 1 lit. b) GDPR to create your profile, to recognise you for every login and to provide the services that are only accessible in the part of our website that requires registration. We delete these data as soon as their purpose becomes obsolete, especially when you delete your user account for our website.
To subscribe for our newsletter, you only have to provide your name and e-mail address. We send newsletter only after you have registered for it, i.e. with your consent according to Art. 6, Sec. 1, lit. a) GDPR. If the newsletter contents (i.e. the advertised goods and/or services) are specifically defined, they are representative for the scope of your consent. Our newsletters contain information on our products, offers, deals and/or our company.
Subscription follows a so-called double opt-in procedure, i.e. after your registration, you will receive an e-mail in which you have to confirm your registration. This prevents your e-mail address from misuse. We log newsletter subscriptions to disclose the registration process in accordance with legal requirements and to prevent and solve misuse of your personal data. Logging of the registration process is based on our legitimate interests as stated in Art. 6, Sec.1, lit. f) GDPR for operating a user-friendly and safe newsletter system and to disclose the registration process and consent.
You can revoke your consent to receiving our newsletter at any time, especially be unsubscribing our newsletter. You find an Unsubscribe link to exercise your right at the end of every newsletter. If you have only registered for our newsletter, your personal data will be deleted in case you unsubscribe from our newsletter.
c. Other Types Of Contacting
If you contact us via e-mail or a contact form and provide personal data, this happens entirely on a voluntary basis. Your data will be processed to take charge of your contact inquiry and will be processed in accordance with Art. 6, Sec. 1, lit. b) GDPR, and within its limits might be transferred to co-branded sites and third parties. The data can also be stored in our Customer Relationship Management (CRM) system. We will delete the data you have provided as soon as their scope becomes obsolete, and no legal requirement comes to force (e.g. if the further processing of data is required to fulfil an already signed contract). If and as long as legal requirements to store the data are in force, we will delete the data after the respective timeframe.
5. Recipients Of Personal Data
Within our company, access to personal data is restricted to personnel that need this information for the respective stated purposes. We only pass on your personal data to third parties when this is absolutely necessary for handling your inquiry, when there is a legal permission to do so or when we have your consent to do so.
External recipients can be co-branded companies or external service providers which we use as data processors for our service delivery, for example regarding technical infrastructure and maintenance of our website. These data processors are selected carefully and are evaluated on a regular basis. They are only allowed to use the data for the defined purpose and at our command.
It can further happen that we have to transfer personal data for legally binding reasons to authorities and governmental institutions such as public prosecution departments, courts or financial authorities. This transfer is in accordance with Art. 6, Sec. 1, lit. c) GDPR.
We can further transmit your personal data to third parties when we offer deals, prize games, mutual contracts or other services together with partners or service providers (e.g. transportation service providers). In this case, disclosure of data is based on consent, for the performance of a contract with you or for the purposes of our legitimate interests as stated in Art. 6, Sec. 1 lit. a), b) and/or f) GDPR. You receive further information when stating your personal data associated with the respective processing.
6. Data Processing in Third Countries
If data is transferred to organisations whose location or location of data processing is not in a member state of the European Union or a member state of the European Economic Area, we ensure prior to transfer-ring your information that – with the exception of legally allowed exceptional cases – the recipient fea-tures an adequate data protection level (e.g. through a certificate of adequacy issued by the European Commission, by adequate guarantees or by the recipient’s self-certification for EU-US Privacy Shield or an agreement of standard contractual clauses of the European Union with the recipient) or that you have given your consent to transfer the data.
7. Storage Duration
For the storage duration of personal data, please refer to the description of the respective offer or service. Additionally and if not stated otherwise in the ser-vice/offer description, the following generally applies: We only store your personal data for the time required to fulfil the scope of processing or – in case of your consent – as long as you have not withdrawn your consent. In case of a withdrawal of consent we delete your personal data, except when a further processing is not allowed by law. We also delete your personal data when we are required to do so for legal reasons. If and as long as legal requirements to store the data are in force, we will delete the data after the respective timeframe.
8. Rights Of The Data Subject
As a data subject, i.e. a person concerned by data protection, you have several rights. These are:
- Right of information: You have the right to receive information about the data that we have stored about you.
- Right of correction and deletion: You have the right to receive information about the data that we have stored about you.
- Restriction of processing: You can demand that we restrict the processing of your data.
- Data portability: SIf you have provided your data based on a con-tract or consent, you can demand that you receive the provided data in a structured, common and machine-readable format or that we transmit these data to a different person in charge.
- Objection to data processing on legal basis “le-gitimate interests“: You have the right to object at any time to our pro-cessing of your data, if this is based on the legal basis of “legitimate interests” for reasons that are associated with your special situation. If you use your right to objection, we will discontinue the processing of your data, unless we can provide for reasons compulsory worthy for protection that preponderate your rights.
- Opt-Out: If you have given us your consent to process your data, you can opt-out of this for the future at any time. The lawful processing of your data until the time of your opt-out remains unaffected by this.
- Right of complaint at the supervisory authority: You can also issue a complaint at the responsible supervisory authority if you think that the pro-cessing of your data is in violation of current laws. Please contact the data protection authority re-sponsible for your location/your country or the da-ta protection authority that is responsible for our company.
The rights described above are granted to you under the provision that the applicable legal requirements are fulfilled, even if this is not explicitly expressed in the description above.
If you have any questions to the processing of your personal data, to your rights as a data subject and a possible consent, you can contact us free of charge. For the execution of your rights stated above, please contact https://www.cadt-consulting.com/legal-notice/ or in written form the address stated in art. 1. Please make sure that a clear identification of you as a person is possible.
9. Links and Third-Party Services
Websites and services of other providers that are linked on our website are provided by the respective service provider. We do not have any influence on the design, content and functions of third-party ser-vices. We explicitly distance ourselves from any content of linked offers by third parties. Please note that third-party services that are linked on our website might install their own Cookies on your device and/or collect personal data. We do not have any influence on that. Please contact the providers of linked third-party services directly to receive information on their Privacy/Cookie policies.
b. Third-Party Services And Content
In our online services we use third-party content and service offers in order to embed their content and services, e.g. videos (in total hereinafter referred to as “content”) based on our legitimate interest according to Art 6 Sec. 1 lit. f) GDPR, more precisely our interest in analysing, optimising and economically operating our online services. This presumes that third-party providers of these contents log the user’s IP address as they cannot send content to the user’s browser without an IP address. The IP address therefore is required for displaying these contents. We make great efforts that we only use content where the provider uses the IP address only for transferring the contents.
Third-party providers may also use so-called pixel tags (invisible images that are also known as Web Beacons) for statistical reasons or marketing purposes. These pixel tags can be used to evaluate information such as traffic on subpages of the website. This pseudonymous information may also be stored in Cookies on the user’s device, may contain technical information about browser and operating system, linked websites, time of visit and further details on the use of our online services and may be linked to similar information from other sources.
10. Effective Version
Effective Version [22/05/2018].