• Premium Martial Arts Gear
  • Fast delivery
  • Brand store near Koblenz
Flyout Menu
Search Heart House user
Heart House user
B2B-Profile

Privacy policy

As of June 25, 2024

Contents

Controller

OKAMI fightgear entrepreneur limited liability company
Zwergstraße 5-7
56235 Ransbach-Baumbach
Germany

Email address: sales@okami-fightgear.com

Overview of the processing operations

The following summary summarizes the types of data processed and the purposes of their processing and refers to the individuals concerned.

Types of processed data

  • inventory data.
  • Employee data.
  • payment details.
  • Contact details.
  • content data.
  • contract data.
  • usage data.
  • Meta, communication and procedural data.
  • Log data.

Categories of affected persons

  • Service recipient and client.
  • Employees.
  • Interested persons.
  • Communication partner.
  • user.
  • Business and contractor.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Safety measures.
  • direct marketing.
  • range measurement.
  • Office and organizational procedures.
  • Affiliate tracking.
  • Organisational and administrative procedures.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Providing our online offer and user-friendliness.
  • Establishment and implementation of employment relationships.
  • information technology infrastructure.
  • Public relation.
  • Business processes and business procedures.

Relevant legal bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of this in the data protection declaration.

  • Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.
  • Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that are carried out at the request of the data subject.
  • Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR) - The processing is necessary to fulfill a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) – processing is necessary to protect the legitimate interests of the controller or of a third party, provided that the interests or fundamental rights and freedoms of the data subject which require protection of personal data do not prevail.
  • Processing of special categories of personal data relating to healthcare, employment and social security (Article 9 (2) (h) GDPR) – Processing is necessary for the purposes of preventive healthcare or occupational medicine, assessment of the employee's capacity to work, medical diagnosis, health or social care or treatment or the management of health or social systems and services on the basis of Union or Member State law or on the basis of a contract with a health professional.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

National data protection regulations in Austria: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Austria. This includes, in particular, the Federal Law on the Protection of Natural Persons when Processing Personal Data (Data Protection Act – DSG). The Data Protection Act contains, in particular, special regulations on the right to information, the right to rectification or deletion, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases.

Security Measures:

We will take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, the different probabilities of occurrence and the extent to which the rights and freedoms of individuals are threatened to ensure a level of protection appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as their access, input, transfer, availability and segregation. We have also set up procedures to ensure the enjoyment of data subject rights, the erasure of data and responses to the threat to data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures according to the principle of data protection, through technology design and privacy-friendly default settings.

Shortening of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not necessary, the IP address will be shortened (also referred to as "IP masking"). The last two digits or the last part of the IP address after a point are removed or replaced by placeholders. The purpose of shortening the IP address is to prevent or make it much more difficult to identify a person based on their IP address.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect user data transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and encrypted.

Transmission of personal data

As part of our processing of personal data, it may happen that these are transmitted to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data transfer within the organization: Data transfer within the corporate group: We may transfer personal data to other companies within our corporate group or grant them access to it. If the data transfer is for administrative purposes, it is based on our legitimate business and commercial interests or occurs if it is necessary to fulfill our contractual obligations or if the data subject has given his or her consent or is permitted by law.

International data transfers

Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of using third-party services or disclosing or transferring data to other persons , positions or companies, this only takes place in accordance with the legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Furthermore, data transfers only take place if the level of data protection is otherwise secured, in particular through standard contractual clauses (Art. 46 Para. 2 lit. c) GDPR), express consent or in the case of contractually or legally required transfer (Art. 49 Para. 1 GDPR). . We will also inform you about the basics of third-country transfers for the individual providers from the third country, with the adequacy decisions taking precedence as the basic principles. Information on third country transfers and existing adequacy decisions can be found in the EU Commission's information offering: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

EU-US Trans-Atlantic Data Privacy Framework: Within the framework of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as secure within the framework of the adequacy decision of July 10.07.2023, XNUMX. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). As part of the data protection information, we will inform you which service providers we use are certified under the Data Privacy Framework.

General information on data storage and deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consent is revoked or there are no further legal bases for the processing. This applies to cases in which the original processing purpose no longer applies or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require the data to be stored or archived for a longer period.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal proceedings or to protect the rights of other natural or legal persons must be archived accordingly.

Our privacy policy contains additional information on the retention and deletion of data that applies specifically to certain processing operations.

If there are several specifications regarding the retention period or deletion period for a date, the longest period always applies.

If a period does not expressly begin on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in the context of which data is stored, the event triggering the period is the time at which the termination or other termination of the legal relationship takes effect.

We process data that is no longer stored for the originally intended purpose but due to legal requirements or other reasons, only for the reasons that justify its storage.

Further information on processing processes, procedures and services:

  • Storage and deletion of data: The following general time limits apply to storage and archiving under German law:
    • 10 years – retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets as well as the work instructions and other organizational documents, accounting documents and invoices required for their understanding (Section 147 Paragraph 3 in conjunction with Paragraph 1 Nos. 1, 4 and 4a AO, Section 14b Paragraph 1 UStG, Section 257 Paragraph 1 Nos. 1 and 4, Paragraph 4 HGB).
    • 6 years - Other business documents: received commercial or business letters, reproductions of sent commercial or business letters, other documents, insofar as they are relevant for taxation, e.g. hourly wage slips, operating accounting sheets, calculation documents, price labels, but also payroll documents, insofar as they are not already accounting documents and cash register slips (Section 147 Paragraph 3 in conjunction with Paragraph 1 Nos. 2, 3, 5 AO, Section 257 Paragraph 1 Nos. 2 and 3, Paragraph 4 HGB).
    • 3 years - Data required to consider potential warranty and compensation claims or similar contractual claims and rights as well as to process related inquiries based on previous business experience and standard industry practices will be stored for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).
  • Storage and deletion of data: The following general deadlines apply to storage and archiving under Austrian law:
    • 10 years – retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting documents and invoices as well as all necessary work instructions and other organizational documents (Federal Tax Code (BAO §132), Commercial Code (UGB §§190-212)).
    • 6 years – Other business documents: Received commercial or business letters, copies of sent commercial or business letters, and other documents, provided they are relevant for tax purposes. These include, for example, hourly wage slips, operating statements, calculation documents, price labels, and payroll documents, provided they are not already accounting documents and cash register slips (Federal Tax Code (BAO §132), Commercial Code (UGB §§190-212)).
    • 3 years – Data required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and common industry practices, will be stored for the duration of the regular statutory limitation period of three years (§§ 1478, 1480 ABGB).

Rights of data subjects

Rights of the person concerned from the GDPR: As a person concerned, you have various rights under the GDPR, which result in particular from Articles 15 to 21 GDPR:

  • Right to object: You have the right at any time, for reasons that arise from your particular situation, against the processing of personal data relating to you, which pursuant to Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
  • Withdrawal with consent: You have the right to revoke your consent at any time.
  • Right: You have the right to obtain confirmation as to whether or not data in question is being processed and to obtain information on such data, as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right, in accordance with the legal requirements, to demand the completion of the data concerning you or the correction of the incorrect data concerning you.
  • Right to cancellation and limitation of processing: In accordance with the statutory provisions, you have the right to demand that data relating to you be deleted immediately, or alternatively to demand a restriction of the processing of data in accordance with the statutory provisions.
  • Right to data portability: You have the right to receive data relating to you provided to us in accordance with the legal requirements in a structured, common and machine-readable format or to request their transmission to another person in charge.
  • Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is contrary to the Violates the requirements of the GDPR.

Business Services

We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as "contractual partners"), within the framework of contractual and comparable legal relationships and related measures and with regard to communication with the contractual partners (or pre-contractually), for example to answer inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, the obligation to provide the agreed services, any update obligations, and remedy in the event of warranty and other service disruptions. Furthermore, we use the data to protect our rights and for the purposes of the administrative tasks associated with these obligations, as well as for corporate organization. Furthermore, we process the data based on our legitimate interests in proper and efficient business management and in security measures to protect our contractual partners and our business operations from misuse and the endangerment of their data, secrets, information, and rights (e.g., the involvement of telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the framework of applicable law, we only pass on contractual partners' data to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed of other forms of processing, such as for marketing purposes, in this privacy policy.

We will inform our contractual partners which data is required for the aforementioned purposes before or during data collection, e.g. in online forms, by special marking (e.g. colors) or symbols (e.g. asterisks or similar), or in person.

We delete data after the expiration of statutory warranty and similar obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., for as long as it must be retained for legal archiving reasons (e.g., for tax purposes, usually ten years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications and generally after the end of the order.

  • Processed data types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or telephone numbers); contract data (e.g., contract subject matter, term, customer category); usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, persons involved).
  • Affected people: Service recipients and clients; interested parties. Business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures. Business processes and operational procedures.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.
  • Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

  • Online shop, order forms, e-commerce and delivery: We process the data of our customers in order to enable them to select, purchase or order the selected products, goods and associated services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution for our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such in the context of the ordering or comparable acquisition process and includes the information required for delivery or provision and billing as well as contact information in order to be able to hold any consultation; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) DSGVO).

Provision of the online offer and web hosting

We process user data in order to be able to provide our online services to them. For this purpose we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the browser or the end device of the user.

  • Processed data types: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved); protocol data (e.g. log files relating to logins or the retrieval of data or access times). Content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as information on authorship or time of creation).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).). Safety measures.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Collection of access data and log files: Access to our online offering is logged in the form of so-called "server log files". The server log files can include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (particularly in the case of abusive attacks, so-called DDoS attacks), and to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or made anonymous. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
  • Email delivery and hosting: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the sending of emails (e.g. the providers involved) and the content of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. We ask you to note that emails on the Internet are generally not sent encrypted. As a rule, emails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Use of cookies

Cookies are small text files or other storage notes that store information on end devices and read it from them. For example, to store the log-in status in a user account, the contents of a shopping cart in an e-shop, the content accessed or the functions used in an online service. Cookies can also be used for various purposes, such as the functionality, security and convenience of online services and the creation of analyses of visitor flows.

Notes on consent: We use cookies in accordance with legal regulations. We therefore obtain prior consent from users, unless it is not required by law. Permission is not necessary in particular if the storage and reading of information, including cookies, is absolutely necessary in order to provide users with a telemedia service that they have expressly requested (i.e. our online offering). The revocable consent is clearly communicated to them and contains information on the respective cookie usage.

Notes on data protection legal bases: The data protection basis on which we process users' personal data using cookies depends on whether we ask them for consent. If users accept, the legal basis for the use of their data is their declared consent. Otherwise, the data used using cookies is processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and the improvement of its usability) or, if this is done as part of the fulfillment of our contractual obligations, if the use of cookies is necessary to meet our contractual obligations. We will explain the purposes for which we use cookies in the course of this data protection declaration or as part of our consent and processing processes.

Storage time: With regard to the storage period, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed his or her device (e.g. browser or mobile application).
  • Permanent Cookies: Permanent cookies remain stored even after the device is closed. For example, the log-in status can be saved and preferred content can be displayed directly when the user visits a website again. The user data collected using cookies can also be used to measure reach. If we do not provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), they should assume that these are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke their consent at any time and also object to processing in accordance with legal requirements, including through the privacy settings of their browser.

  • Processed data types: Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, persons involved).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR). Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

Further information on processing processes, procedures and services:

  • Processing of cookie data based on consent: We use a consent management solution in which users' consent to the use of cookies or to the procedures and providers mentioned as part of the consent management solution is obtained. This procedure is used to obtain, record, manage and revoke consent, particularly with regard to the use of cookies and similar technologies that are used to store, read and process information on users' end devices. As part of this procedure, users' consents are obtained for the use of cookies and the related processing of information, including the specific processing and providers mentioned in the consent management procedure. Users also have the option to manage and revoke their consent. The declarations of consent are stored in order to avoid repeated queries and to be able to provide proof of consent in accordance with legal requirements. The storage takes place on the server side and/or in a cookie (so-called opt-in cookie) or using comparable technologies in order to be able to assign the consent to a specific user or their device. If there is no specific information about the providers of consent management services, the following general information applies: The duration of the storage of consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) and information about the browser, the system and the device used becomes; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
  • Compliance: Consent management: procedures for obtaining, logging, managing and revoking consent, in particular for the use of cookies and similar technologies for storing, reading and processing information on users' end devices and their processing; Service provider: Execution on servers and/or computers under your own data protection responsibility; Website: https://complianz.io/; Data protection statement: https://complianz.io/legal/. More information about cycling in the Leipzig Region as well as more interesting routes: An individual user ID, language and types of consent and the time of their submission are stored on the server and in the cookie on the user's device.

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). The data of the readers are only processed for the purposes of the publication medium to the extent that it is necessary for its presentation and communication between authors and readers or for security reasons. We also refer to the information on the processing of visitors to our publication medium in the context of this data protection notice.

  • Processed data types: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Feedback (e.g., collecting feedback via online forms); provision of our online offering and user-friendliness; security measures; organizational and administrative procedures.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Comments and contributions: When users leave comments or other posts, their IP addresses may be stored based on our legitimate interests. This is for our security if someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author.

    Furthermore, we reserve the right, based on our legitimate interests, to process users' information for the purpose of spam detection.

    On the same legal basis, we reserve the right, in the case of surveys, to store the IP addresses of users for the duration of their use and to use cookies to avoid multiple votes.

    The personal information provided in the comments and posts, any contact and website information as well as the content will be stored by us permanently until the user objects; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
  • Retrieving WordPress emojis and milies: Retrieval of WordPress emojis and smilies – Within our WordPress blog, graphic emojis (or smilies), i.e., are used for the efficient integration of content elements. i.e., small graphic files that express feelings are used, obtained from external servers. The server providers collect the IP addresses of the users. This is necessary so that the emoji files can be delivered to users' browsers; Service provider: Aut O'Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://automattic.com; Data protection statement: https://automattic.com/privacy. Basis for third country transfers: Data Privacy Framework (DPF).
  • Profile pictures of Gravatar: Profile pictures - We use the Gravatar service within our online offer and in particular in the blog.

    Gravatar is a service where users can register and store profile pictures and their email addresses. If users leave posts or comments with the respective email address on other online presences (especially in blogs), their profile pictures can be displayed next to the posts or comments. For this purpose, the e-mail address provided by the users is transmitted to Gravatar in encrypted form for the purpose of checking whether a profile has been saved for it. This is the sole purpose of submitting the email address. It will not be used for other purposes, but will be deleted afterwards.

    Gravatar is used on the basis of our legitimate interests, since we use Gravatar to offer the authors of contributions and comments the opportunity to personalize their contributions with a profile picture.

    By displaying the images, Gravatar finds out the user's IP address, as this is necessary for communication between a browser and an online service.

    If users do not want an avatar associated with their Gravatar email address to appear in the comments, they should use an email address that is not stored with Gravatar to comment. We also point out that it is also possible to use an anonymous e-mail address or no e-mail address at all if the user does not want their own e-mail address to be sent to Gravatar. Users can completely prevent the transfer of data by not using our comment system; Service provider: Aut O'Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://automattic.com; Data protection statement: https://automattic.com/privacy. Basis for third country transfers: Data Privacy Framework (DPF).

Contact and inquiry management

When you contact us (e.g. by post, contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the information provided by the person making the inquiry will be processed to the extent that this is necessary to answer the contact inquiries and any requested measures.

  • Processed data types: Inventory data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as the information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and process data (e.g. IP addresses, time information, identification numbers, people involved).
  • Affected people: Communication partner.
  • Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR). Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing processes, procedures and services:

  • Contact form: When you contact us via our contact form, by email or other means of communication, we process the personal data sent to us in order to answer and process the respective request. This usually includes details such as name, contact information and, if necessary, other information that is communicated to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of establishing contact and communication; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Newsletters and Electronic Communications

We send newsletters, emails, and other electronic notifications (hereinafter "newsletters") exclusively with the recipient's consent or based on a legal basis. If the newsletter content is mentioned when registering for the newsletter, this content determines the user's consent. Providing your email address is usually sufficient to register for our newsletter. However, in order to offer you a personalized service, we may ask for your name so that we can address you personally in the newsletter or for additional information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing: We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove previously given consent. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the previous consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address on a block list (so-called "block list") for this purpose alone.

The registration process is logged on the basis of our legitimate interests for the purpose of proving that it was carried out correctly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure shipping system.

Contents:

Information about us, our services, promotions and offers.

  • Processed data types: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, persons involved); usage data (e.g., page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
  • Affected people: Communication partners. Users (e.g., website visitors, users of online services).
  • Purposes of processing: Direct marketing (e.g., by email or post). Provision of contractual services and fulfillment of contractual obligations.
  • Storage and deletion: 3 years - Contractual claims (AT) (Data required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and usual industry practices, will be stored for the regular statutory limitation period of three years (§§ 1478, 1480 ABGB).). 10 years - Contractual claims (CH) (Data required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and usual industry practices, will be stored for the statutory limitation period of ten years, unless a shorter period of 5 years applies, which is applicable in certain cases (Art. 127, 130 OR)).
  • Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).
  • Opposition possibility (opt-out): You can unsubscribe from our newsletter at any time, i.e. .H. Revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably email.

Further information on processing processes, procedures and services:

  • Measurement of open and click rates: The newsletters contain so-called "web beacons," i.e., a pixel-sized file that is retrieved from our server or, if we use a mailing service provider, its server when the newsletter is opened. During this retrieval, technical information, such as details about your browser and system, as well as your IP address and the time of retrieval, are initially collected. This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes determining whether and when the newsletters are opened and which links are clicked. The information is assigned to the individual newsletter recipients and stored in their profiles until deleted. The evaluations serve to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of the opening and click rates as well as the storage of the measurement results in the user profiles – This text area must be activated with a premium license. – premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext ; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
  • Requirements for using free services: Consent to receive mailings may be made conditional upon the use of free services (e.g., access to certain content or participation in certain promotions). If users wish to use the free service without subscribing to the newsletter, please contact us.
  • Mailchimp: Email marketing, automation of marketing processes, collection, storage, and management of contact data, measurement of campaign performance, recording and analysis of recipient interaction with content, personalization of content; Service provider: Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://mailchimp.com; Data protection statement: https://mailchimp.com/legal/; Order processing contract: https://mailchimp.com/legal/; Basis for third country transfers: Data Privacy Framework (DPF). More information about cycling in the Leipzig Region as well as more interesting routes: Special security measures: https://mailchimp.com/de/help/mailchimp-european-data-transfers/.

Web analysis, monitoring and optimization

Web analytics (also known as "reach measurement") is used to evaluate visitor traffic to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. Reach analysis allows us, for example, to determine when our online offering or its features or content are most frequently used, or to encourage reuse. It also enables us to understand which areas require optimization.

In addition to web analysis, we can also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in a device and then read out. The information collected includes in particular websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to us or the providers of the services we use collecting their location data, the processing of location data is also possible.

In addition, the IP addresses of the users are stored. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) is stored as part of web analysis, A/B testing and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective processes.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

  • Processed data types: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (creating user profiles). Provision of our online offering and user-friendliness.
  • Storage and deletion: Deletion as described in the "General Information on Data Retention and Deletion" section. Cookies are stored for up to two years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Safety measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to a device in order to identify which content users have accessed within one or different usage processes, which search terms they have used, which they have accessed again or which have interacted with our online offering. The time of use and its duration are also stored, as are the sources of the users who refer to our online offering and technical aspects of their devices and browsers.
    Pseudonymous profiles of users are created with information from the use of various devices, whereby cookies can be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: city (and the city's derived latitude and longitude), continent, country, region, subcontinent (and ID-based counterparts). For EU data traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. They are not logged, are not accessible and are not used for any other purposes. When Google Analytics collects metrics, all IP queries are performed on EU-based servers before passing traffic to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Safety measures: IP masking (pseudonymization of the IP address); Data protection statement: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms/; Basis for third country transfers: Data Privacy Framework (DPF); Opposition possibility (opt-out): Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of commercials: https://myadcenter.google.com/personalizationoff. More information about cycling in the Leipzig Region as well as more interesting routes: https://business.safety.google/adsservices/ (Types of processing and the processed data).
  • Google Tag Manager: We use the Google Tag Manager, a software from Google that enables us to manage so-called website tags centrally via a user interface. Tags are small code elements on our website that are used to record and analyze visitor activities. This technology helps us to improve our website and the content offered on it. The Google Tag Manager itself does not create user profiles, does not save cookies with user profiles, and does not carry out independent analyses. Its function is limited to simplifying and making the integration and management of tools and services that we use on our website more efficient. Nevertheless, when using the Google Tag Manager, the user's IP address is transmitted to Google, which is necessary for technical reasons in order to implement the services we use. Cookies can also be set. However, this data processing only takes place if services are integrated via the Tag Manager. For more detailed information on these services and their data processing, please refer to the further sections of this data protection declaration; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Data protection statement: https://policies.google.com/privacy; Order processing contract:
    https://business.safety.google/adsprocessorterms. Basis for third country transfers: Data Privacy Framework (DPF).
  • Matomo: Matomo is software that is used for web analysis and range measurement purposes. When using Matomo, cookies are generated and stored on the user's end device. The user data collected as part of the use of Matomo is only processed by us and not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR). Deletion of data: The cookies have a maximum storage period of 13 months.

Affiliate Programs and Affiliate Links

In our online offering we include so-called affiliate links or other references (which may include, for example, search masks, widgets or discount codes) to the offers and services of third-party providers (collectively referred to as “affiliate links”). If users follow the affiliate links or subsequently take advantage of the offers, we may receive a commission or other benefits from these third parties (collectively referred to as “commission”).

In order to be able to track whether users have taken advantage of the offers of an affiliate link we use, it is necessary for the respective third-party providers to find out that the users have followed an affiliate link used within our online offering. The assignment of the affiliate links to the respective business transactions or other actions (e.g. purchases) serves the sole purpose of commission billing and will be canceled as soon as it is no longer necessary for the purpose.

For the purposes of the aforementioned assignment of the affiliate links, the affiliate links can be supplemented with certain values ​​that are part of the link or otherwise, e.g. B. can be stored in a cookie. The values ​​may include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed based on our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

  • Processed data types: Contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
  • Affected people: Interested parties. Users (e.g. website visitors, users of online services).
  • Purposes of processing: Affiliate tracking.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.
  • Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Customer reviews and rating methods

We participate in review and rating processes to evaluate, optimize, and promote our services. If users rate us via the rating platforms or methods involved or give us feedback in any other way, the general terms and conditions of business or terms of use and the data protection notices of the providers also apply. As a rule, the evaluation also requires registration with the respective providers.

In order to ensure that the valuer has actually used our services, we will, with the consent of the customer, provide the necessary data relating to the customer and the service used to the respective rating platform (including name, email address and Order number or article number). These data are used solely to verify the authenticity of the user.

  • Processed data types: Contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
  • Affected people: Service recipients and clients. Users (e.g., website visitors, users of online services).
  • Purposes of processing: Feedback (e.g. collecting feedback via online form). Marketing.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Rating widget: We include so-called “rating widgets” in our online offering. A widget is a functional and content element integrated into our online offering that displays changeable information. It can e.g. B. can be presented in the form of a seal or comparable element, sometimes also called a “badge”. Although the corresponding content of the widget is displayed within our online offering, it is currently being retrieved from the servers of the respective widget provider. This is the only way to always show the current content, especially the current rating. To do this, a data connection must be established from the website accessed within our online offering to the widget provider's server and the widget provider receives certain technical data (access data, including IP address) that is necessary for the content of the widget to be sent to the browser of the user can be delivered. Furthermore, the widget provider receives information that users have visited our online offering. This information can be stored in a cookie and used by the widget provider to recognize which online offers that take part in the evaluation process have been visited by the user. The information may be stored in a user profile and used for advertising or market research purposes; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because it could, for example, make it more difficult to enforce user rights.

Furthermore, the data of users within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created based on the user's usage behavior and the resulting interests. The latter can in turn be used to place advertisements within and outside the networks that presumably correspond to the user's interests. Cookies are therefore usually stored on users' computers in which the user's usage behavior and interests are stored. In addition, data can also be stored in the user profiles regardless of the devices used by the users (especially if they are members of the respective platforms and are logged in there).

For a detailed description of the respective processing methods and the options for objection (opt-out), please refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would like to point out that these can be asserted most effectively with the providers. Only the latter have access to the user data and can directly take appropriate measures and provide information. If you still need help, you can contact us.

  • Processed data types: Contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and posts, as well as related information, such as authorship or time of creation); usage data (e.g., page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and features).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Communication; feedback (e.g., collecting feedback via online form). Public relations.
  • Storage and deletion: Deletion in accordance with the information in the section “General information on data storage and deletion”.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

  • Facebook Pages: Profiles within the social network Facebook – Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not further processing) of data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with, or the actions they take (see “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see “Device information” in the Facebook data policy: https://www.facebook.com/privacy/policy/). As described in the Facebook Data Policy under “How do we use this information?” Facebook also explains, collects and uses information to provide analysis services, so-called “Page Insights”, to site operators so that they can gain insights into how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook (“Information on Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of those affected (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the responsible supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data). The joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of the data to the parent company Meta Platforms, Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.facebook.com; Data protection statement: https://www.facebook.com/privacy/policy/. Basis for third country transfers: Data Privacy Framework (DPF).

Plug-ins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos, or city maps (hereinafter collectively referred to as "content").

Integration always requires that the third-party providers of this content process the user's IP address, as without an IP address they would not be able to send the content to their browser. The IP address is therefore required to display this content or functions. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, the time of visit and other information about the use of our online offering, but may also be linked to such information from other sources.

Notes on legal bases: If we ask users for their consent to use third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

  • Processed data types: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
  • Affected people: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Providing our online offer and user-friendliness.
  • Storage and deletion: Deletion as described in the "General Information on Data Retention and Deletion" section. Cookies are stored for up to two years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).
  • Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

  • Google Fonts (obtained from Google Server): Obtaining fonts (and symbols) for the purpose of technically secure, maintenance-free and efficient use of fonts and symbols with regard to topicality and loading times, their uniform presentation and consideration of possible licensing restrictions. The font provider is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted that is necessary for the provision of the fonts depending on the devices used and the technical environment. This data can be processed on a server of the font provider in the USA - When you visit our online offering, the users' browsers send their browser HTTP requests to the Google Fonts Web API (i.e. a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Google Fonts Cascading Style Sheets (CSS) and then the fonts specified in the CCS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of website visitors, as well as the referral URL (i.e. the web page on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers and are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent and referral URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. With the Google Fonts Web API, the user agent needs to customize the font that is generated for each browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregate usage statistics are published on the Google Fonts Analytics page. Finally, the referral URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations based on the number of font requests can be generated. Google says it does not use any of the information collected by Google Fonts to create end-user profiles or serve targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://fonts.google.com/; Data protection statement: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF). More information about cycling in the Leipzig Region as well as more interesting routes: https://developers.google.com/fonts/faq/privacy?hl=de.

Processing of data in the context of employment relationships

Within the framework of employment relationships, personal data is processed with the aim of effectively managing the establishment, implementation, and termination of such relationships. This data processing supports various operational and administrative functions necessary for managing employee relations.

Data processing encompasses various aspects, ranging from contract initiation to contract termination. This includes the organization and administration of daily working hours, the management of access rights and authorizations, and the handling of personnel development measures and employee interviews. Processing also serves the accounting and administration of wage and salary payments, which are critical aspects of contract execution.

In addition, data processing takes into account the legitimate interests of the responsible employer, such as ensuring workplace safety or collecting performance data to evaluate and optimize operational processes. Furthermore, data processing includes the disclosure of employee data as part of external communication and publication processes where this is necessary for operational or legal purposes.

The processing of this data always takes place in compliance with the applicable legal framework, – This text area must be activated with a premium license. – premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext

  • Processed data types: Employee data (information about employees and other persons in a – This text area must be unlocked with a premium license. – premium text premium text premium text ).
  • Affected people: Employees (e.g. employees, applicants, temporary workers and other – This text area must be unlocked with a premium license. – premium text premium text premium text ).
  • Purposes of processing: Establishment and implementation of employment relationships (processing of employee data in the context of the establishment and implementation – This text area must be activated with a premium license. – premiumtext premiumtext premiumtext premiumtext ). Business processes and business procedures.
  • Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR); Legal obligation (Art. 1 (6) (c) GDPR); Legitimate interests (Art. 1 (1) (f) GDPR). Processing of special categories of personal data relating to healthcare, profession, and social security (Art. 6 (1) (h) GDPR).

Further information on processing processes, procedures and services:

  • Deletion of employee data: Under Austrian law, employee data will be deleted if it is no longer required for the purpose for which it was collected, unless it must be retained or archived due to legal obligations or the interests of the employer. The following retention and archiving obligations apply:
    • Data relating to wage tax and other contributions under Section 132 Paragraph 1 of the Federal Fiscal Code (BAO) – 7 years. Start of the period – from the end of the calendar year relevant to the data.
    • Statute of limitations for the obligation to pay social security contributions according to Section 68 of the General Social Security Act (ASVG) (statute of limitations for assessment) – 3 or 5 years. The period begins – generally on the day the contributions are due; if no notification is made, from the date of notification.
    • Retention periods in social insurance – 7 years according to the UGB.
    • Vacation entitlement under Section 4 (5) of the Vacation Act (UrlG) – 2 years from the end of the vacation year in which the vacation accrued. The period begins 2 years after the end of the vacation year in which the vacation accrued.
    • Claim for vacation compensation according to Section 1486 Z 5 ABGB – 3 years. The period begins on the due date of the final settlement claim, which is the last working day.
    • Records and reports of work-related accidents according to Section 16 of the Workplace Accidents Act (Arbeitsschutzgesetz) – at least 5 years. The period begins on the day of the accident.
    • Records of temporary employment under Section 13 (3) of the Temporary Employment Act (AÜG) – 5 years. Start of the period – the day on which the last remuneration claim of the temporary employee is due.
    • Youth register according to Section 26 Paragraph 2 of the KJBG – 2 years. The period begins – when the register is created, two years after the last entry.
    • Claims for compensation due to discriminatory termination of the employment relationship under Sections 15 (1a) and 29 (1a) of the GlBG (Equal Treatment Act) and Section 7k (1) in conjunction with (2) (3) of the BEinstG (Employment Tax Act) – 6 months. The period begins on the date the termination notice is received.
    • Compensation claims by the employer or employee arising from premature termination of the employment relationship under Section 34 AngG or Section 1162d ABGB – 6 months. The period begins on the date the claims become due, usually from the date the termination notice is received.
    • Entitlement to a service certificate according to Section 1478 of the Austrian Civil Code (ABGB) – 30 years. The period begins upon termination of the employment relationship.
    • Claims for compensation due to discriminatory rejection of an application under Sections 15 (1) and 29 (1) of the Equal Treatment Act (GlbG) and Section 7k (1) in conjunction with (2) No. 1 of the Employment Tax Act (BEinstG) – 6 months. The period begins on the day the rejection was received or 7 months from the receipt of the application.
    • Claims for reimbursement of any performance costs under Section 1486 Z 5 ABGB – 3 years. The period begins on the day on which the costs were incurred.
    • Liability for severance pay claims and company pensions after a business transfer according to Section 6 Paragraph 2 AVRAG – 5 years. The period begins at the time of the business transfer.
    • Claims for compensation due to discriminatory denial of promotion under Sections 15 (1) and 29 (1) of the Equal Opportunities Act (GlbG) and Section 7k (1) in conjunction with Section 2 (1) of the Employment Tax Act (BEinstG) – 6 months. The period begins on the day on which the denial of promotion was received.
    • Claims for compensation due to discriminatory discrimination regarding pay, voluntary social benefits, training and further education measures, or other working conditions pursuant to Sections 15 (1) and 29 (1) of the Equal Treatment Act (GlbG) and Section 7k (1) in conjunction with (2) No. 5 of the Federal Employment Tax Act (BEinstG) – 3 years. The start of the limitation period is the point in time at which the right could first have been exercised and the objective possibility of filing a lawsuit exists.
    • Claims for compensation for discriminatory harassment under Sections 15 (1) and 29 (1) of the Equal Treatment Act (GlbG) and Section 7k (1) in conjunction with Section 2 (4) of the Federal Employment Act (BEinstG) – 1 year. The limitation period begins at the time the discrimination becomes known.
    • Claims for compensation due to discriminatory rejection of an application under Sections 15 (1) and 29 (1) of the Equal Treatment Act (GlbG) and Section 7k (1) in conjunction with (2) No. 1 of the Employment Tax Act (BEinstG) – 6 months. The period begins on the day the rejection was received or 7 months from the receipt of the application.
    • Claims for compensation for sexual harassment under Section 15 (1) of the Equality Act (GlbG) – 3 years. The period begins at the time the discrimination becomes known.
    • Claims for reimbursement of any performance costs under Section 1486 Z 5 ABGB – 3 years. The period begins on the day on which the costs were incurred.
    • Employee claims for remuneration or reimbursement of expenses, as well as employer claims for advance payments granted thereon under Section 1486 Z 5 of the Austrian Civil Code (ABGB), are subject to a three-year limitation period. The limitation period begins when the respective claims become due.
    • Limitation period for prosecution for underpayment under Section 31 (1) of the Administrative Tax Act in conjunction with Section 29 (4) of the LSD-BG – 3 years. The limitation period begins when the remuneration is due.
    • Claims for damages by the employer against the employee arising from employee liability for slight negligence under Section 6 of the German Employment Act (DHG) are limited to six months. The limitation period begins on the day on which they can be asserted.
    • Employer claims for damages against employees arising from employee liability in cases of gross negligence or willful misconduct, as well as other employer claims for damages under Section 1489 of the Austrian Civil Code (ABGB) – 3 years or 30 years. The limitation period begins – for short periods, upon knowledge of the damage and the person responsible; for long periods, upon the occurrence of the damage.

Created with free Datenschutz-Generator.de by Dr. Thomas Schwenke

your shopping basket0
There are no products in your shopping cart!
0
Browse our online shop