Privacy Policy
Status: 12.12.2024
In accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation; "GDPR"), the controller must inform the data subject about the processing of personal data. This document provides you with information about the personal data processed.
Definitions
To better understand this Privacy Policy, here's a brief explanation of the terms used:
Personal Data ("Data") refers to any data containing information about the personal or factual circumstances of natural persons, such as name, address, email address, phone number, date of birth, age, gender, social security number, video recordings, photos, etc. Data of legal entities are not subject to the provisions of the GDPR.
Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency, or other body to which personal data are disclosed, whether or not it is a third party.
Our Contact Information
Should you have further questions, please feel free to contact us, as the controller of the data processing discussed herein, at the following contact details:
Stefan Schertler
Anichstraße 36, 6020 Innsbruck
Phone: +43 512 562213
Email: office@pipo.at
Purposes and Legal Basis of Processing
Data may only be processed for a specific purpose and only if the processing can be based on a corresponding legal basis. Processing can be justified for the following reasons:
| Justification for Processing | Legal Basis |
|---|---|
| Based on your voluntary consent for a specific purpose | Art 6 (1) (a) GDPR |
| For contract fulfillment, if you are a contractual partner, or for initiating a contract if processing is based on your request | Art 6 (1) (b) GDPR |
| Based on a legal obligation to which we are subject | Art 6 (1) (c) GDPR |
| To protect your vital interests or the vital interests of another person | Art 6 (1) (d) GDPR |
| For the performance of a task carried out in the public interest or in the exercise of official authority vested in us | Art 6 (1) (e) GDPR |
| Based on a balancing of interests between our interest or the interest of a third party in the processing on the one hand, and your interest or your fundamental rights and freedoms on the other | Art 6 (1) (f) GDPR |
We process your data for the following purposes based on the following legal grounds:
| Categories of Data Collected | Purpose of Processing | Legal Basis |
|---|---|---|
| Applicant Data (Name, Date of Birth, Place of Birth, Address, Email Address, Phone Number, other data from resumes) |
This data is necessary for the use of our services and for contract initiation and is collected from you. | Art 6 (1) (a) and (b) GDPR |
| Contact Data (Name, Address, Email Address, Phone Number) |
This data is necessary for the use of our services or for contract initiation and is collected from you when you contact us. | Art 6 (1) (a) and (b) GDPR |
| Technical Information (IP address, operating system) |
This data is required so that the website opened at your initiative can be displayed to you in the correct format. | Art 6 (1) (f) GDPR |
Recipients
Recipients assist us in complying with legal or statutory obligations, in contract initiation and fulfillment, in services that require your consent, or in carrying out processing that is in our legitimate interest. We sometimes transmit or disclose data, particularly to the following recipients (processors or controllers):
| Recipient | Description |
|---|---|
| IT Service Providers | Operation of our IT system, especially email services, hosting services, etc. |
| Subcontractors | Insofar as services are not provided by us and a justification for processing exists |
| Tax Consultant, Accountant | Processing of data due to tax or accounting reasons |
| Lawyer, Court, Debt Collection Agency | If necessary, for enforcing or defending against claims |
| Onepage | For the creation of brochures upon request, we use the services of Onepage GmbH, Neue Rothofstr. 13-19, 60313 Frankfurt am Main, for data processing. Further information on Onepage and data protection at Onepage can be found here: https://onepage.io/de/datenschutzerklarung |
| Lead Table | For the creation of brochures upon request, we use Lead Table. The service provider is Katiba Technology UG (haftungsbeschränkt), Heisinger Straße 12, 87437 Kempten. Further information on Lead Table and data protection at Lead Table can be found here: https://www.lead-table.com/datenschutz |
We only transfer your data to other recipients if you have given your express consent in accordance with Art 6 (1) (a) GDPR, if it's legally permissible and necessary for the fulfillment of a contractual relationship with you according to Art 6 (1) (b) GDPR, if we are under a legal obligation to do so according to Art 6 (1) (c) GDPR, or if the transfer is necessary for the protection of our legitimate interests and for the assertion, exercise, or defense of legal claims according to Art 6 (1) (f) GDPR, and there's no reason to assume that you have an overriding legitimate interest in your data not being transferred.
We intend to transfer data to the following third country: United States of America.
For the United States of America, an adequacy decision from the European Commission exists. The European Commission, by decision C(2023) 4745 final of July 10, 2023, determined that the United States of America offers an adequate level of data protection within the meaning of Art 45 GDPR, provided our contractual partner is registered on the EU/US Data Privacy Framework List. Information regarding the registration of individual providers on this list can be found in the respective section of this privacy policy.
Insofar as no adequacy decision exists, we may only transfer data based on appropriate safeguards, such as standard contractual clauses, binding corporate rules, approved codes of conduct, approved certification mechanisms, etc. Under the conditions of Art 49 GDPR, a transfer may still be permissible. You can obtain a copy of these safeguards for your specific case from us upon request.
There is no intention to transfer data to an international organization.
Storage Duration
Data is generally stored only as long as required by statutory retention obligations. Furthermore, data may be stored if necessary for the enforcement or defense of third-party claims. You can find important storage periods below:
| Retention Obligation | Anticipated Storage Duration |
|---|---|
| Commercial law retention obligation according to §§ 190, 212 UGB (Austrian Commercial Code) | 7 years |
| VAT law retention obligation for invoices according to § 11 (2) 3rd subparagraph UStG (Austrian VAT Act) | 7 years |
| VAT law retention obligations for export documents according to § 7 (7) UStG (Austrian VAT Act) | 7 years |
| Warranty according to § 933 ABGB (Austrian General Civil Code) | 2 years |
| Purchase price claim for movable goods according to § 1062 in conjunction with § 1486 ABGB (Austrian General Civil Code) | 3 years |
| Claims arising from a contract for work according to § 1486 ABGB (Austrian General Civil Code) (if the service was provided within the scope of a commercial or other business operation) | 3 years |
| General compensation for damages according to § 1489 ABGB (Austrian General Civil Code) (claims for compensation) | 3 years/30 years |
| Liability claims according to § 13 PHG (Austrian Product Liability Act) | 10 years |
Hosting
We use the web hosting provider Domain Factory for our website. The service provider is DomainFactory GmbH, Oskar-Messter-Straße 33, 85737 Ismaning, Germany.
You can learn more about the data processed through the use of Domain Factory in their privacy policy at https://www.df.eu/de/datenschutz/.
Google Services
General
The provider of the following services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. You can find Google's privacy policy here.
However, some services (such as Google Search or Google Maps) are provided by or transferred to the following company: Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043-1351, USA. Google LLC is based in a third country. Google LLC is registered on the list, meaning that data transfer to the USA complies with data protection regulations under Art 45 GDPR. You can find more information about Google LLC's certification here.
Some Google services use cookies. An overview of the cookies used, their purpose, and storage duration can be found in the cookie section of this privacy policy. For the use of Google services and the setting of the necessary cookies, your consent, as per Art 6 (1) (a) GDPR and § 165 (3) TKG, is obtained before processing. Your consent can be revoked at any time.
Prior consent for cookies is only not obtained if the sole purpose is the transmission of a message or if it is strictly necessary for us to provide you with a service you have explicitly requested.
Google Ads
We use Google Ads (formerly Google AdWords) as an online marketing measure to promote our products and services.
Google Ads is used to better analyze user actions. When you click on one of our Google Ads, a "Conversion" cookie from a Google domain is stored on your device.
We also use Google Ad Remarketing for our website.
The most important cookies used in this context are:
| Name | Duration | Description |
|---|---|---|
| Conversion | 3 months | This cookie stores every conversion you make on our website after coming to us via a Google Ad. |
| _gac | 3 months | This cookie is used to record various actions on our website. |
Google Tag Manager
We use Google Tag Manager as an organizational tool to centrally manage website tags via a user interface. Tags, for example, record your activities on our website. Most tags originate from Google products like Google Ads or Google Analytics.
Google Tag Manager does not set cookies or store any data. Instead, it functions as an administrator for the tags implemented in the system. The data is collected by the tags of the web analysis tools. In this sense, the data is channeled through to the individual tracking tools and not stored.
Meta Services
Meta Business Tools
Within our online offerings, we use Meta Business Tools, which are operated and provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").
The following processing operations are carried out exclusively based on your explicit consent in accordance with Art. 6 (1) (a) GDPR.
Meta Pixel
Meta Pixel is a code that loads a collection of functions allowing Meta to track your user actions on our website. The Meta Pixel can store your actions on our website in one or more cookies. You can find more information about Meta Pixel here. We also use Custom Audiences. More information on this can be found here.
The pixel collects information such as your IP address and User ID and compares it with the data from your Facebook account.
Meta uses different cookies depending on interaction and user behavior. The following cookies are used as examples:
| Name | Duration | Description |
|---|---|---|
| _fbp | 3 months | This cookie is used for displaying advertising products. |
| fr | 3 months | This cookie ensures the functionality of Meta Pixel. |
| Comment_author_50ae8267e2bdf1253ec1a5769f48e062138118815-3 | 12 months | This cookie stores the text and name of a user, for example, when leaving a comment. |
| Comment_author_url_50ae8267e2bdf1253ec1a5769f48e062 | 12 months | This cookie stores the URL of the website that the user enters in a text field on our website. |
LinkedIn Insight Tag
We use the LinkedIn Insight Tag for our website. The service provider is the American company LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For data protection-related aspects in the European Economic Area (EEA), the EU, and Switzerland, LinkedIn Ireland Unlimited (Wilton Place, Dublin 2, Ireland) is responsible.
By embedding this tracking tool, data can be sent to, stored, and processed by LinkedIn. This is a JavaScript code that we've integrated into our website. This feature helps us to better tailor our advertising offers to your interests and needs.
You can find information on LinkedIn's Standard Contractual Clauses at https://de.linkedin.com/legal/l/dpa or https://www.linkedin.com/legal/l/eu‒sccs.
Learn more about the LinkedIn Insight Tag at https://www.linkedin.com/help/linkedin/answer/a427660. You can also find more about the data processed through the use of the LinkedIn Insight Tag in the privacy policy at https://www.linkedin.com/legal/privacy‒policy?.
Cookies
Cookies are text files stored on your device to recognize it. They can contain information about your use of our offers and services. Based on the ECJ's Planet49 GmbH ruling, consent is obtained for cookies even if they are not personal data.
Some cookies are only stored until you close our service (session cookies), while others are stored for a longer duration, allowing you to be recognized (persistent cookies). Some cookies are strictly necessary for the website's function (essential cookies), while others record visits and visitor origin and measure this data without establishing a personal connection to you (performance cookies). Certain cookies are used for marketing purposes (marketing cookies).
If individual cookies we use process personal data, processing occurs according to Art. 6 (1) (b) GDPR for contract performance, Art. 6 (1) (a) GDPR with your granted consent, or Art. 6 (1) (f) GDPR to protect our legitimate interests in the best possible website functionality and a customer-friendly, effective user experience.
When you first visit the website, you can select which cookies you wish to allow via the cookie declaration. Your consent is required for marketing cookies. If you wish to revoke your consent or change your cookie settings, you can do so directly in your browser.
Legal Information
Right of Access
You have the right to request confirmation as to whether personal data concerning you is being processed; if so, you have the right to access this personal data. This includes the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; any available information as to their source; the existence of automated decision-making, including profiling.
Right to Rectification
You have the right to obtain from the controller the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
Right to Erasure
You have the right to obtain from the controller the immediate erasure of personal data concerning you where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. You withdraw consent on which the processing is based and where there is no other legal ground for the processing. You object to the processing (Art 21 (1) GDPR) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art 21 (2) GDPR. The personal data have been unlawfully processed. The erasure of the personal data is necessary for compliance with a legal obligation. The personal data have been collected in relation to the offer of information society services referred to in Article 8(1). The right to erasure does not apply to the extent that processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation, for the performance of a task carried out in the public interest; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; for the establishment, exercise or defense of legal claims.
Right to Restriction of Processing
You have the right to obtain restriction of processing where one of the following applies: the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or on a contract and the processing is carried out by automated means.
In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art 6 (1) (e) or (f) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to Withdraw Consent
You have the right to withdraw consent based on Art 6 (1) (a) or Art 9 (2) (a) at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Austria, Phone: +43 1 521522569, Email: dsb@gsb.gv.at, if you believe that the processing violates applicable data protection law.
Other Information
The provision of personal data is in some cases legally required or necessary for entering into a contract. You're generally not obliged to provide the data. However, if you don't provide the data, entering into a contract won't be possible.
There's no automated decision-making, including profiling, as per Article 22 (1) and (4) of the GDPR.
