Logo Rudolf Großfurtner GmbH Logo Rudolf Großfurtner GmbH
Vacancies 10 Listing Prices Notierungspreise Icon

Data protection

Introduction

By providing the following Privacy Statement, we would like to inform you about the types of personal data concerning you (hereinafter also shortly referred to as “data”) we process as well as about the purposes and extent of its processing. The Privacy Statement applies to all processing operations of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender-specific.

Last update: 17/12/2019

Controller

Rudolf Großfurtner GmbH
Hofmark 1
4972 Utzenaich
Austria

Persons entitled to represent: Rudolf Großfurtner

E-Mail address: office@grossfurtner.at

Telephone: +43 7751 7171

Site noticehttps://www.grossfurtner.at/site-notice/

Overview of processing operations

The following overview is a summary of the types of data processed and of the purposes of its processing and contains references to the data subjects.

Types of Data Processed

  • inventory data (e.g. names, addresses)
  • content data (e.g. text inputs, photographs, videos)
  • contact data (e.g. e-mail, telephone numbers)
  • meta/communications data (e.g. device information, IP addresses)
  • usage data (e.g. visited websites, interest in contents, access times)

Categories of Data Subjects

  • prospects
  • communications partners
  • users (e.g. website visitors, users of online services)

Purposes of Processing

  • provision of our online offering and user friendliness
  • visiting action evaluation
  • interest-based and behavioural marketing
  • contact requests and communication
  • conversion measurement (measurement of the effectiveness of marketing measures)
  • profiling (creation of user profiles)
  • remarketing
  • reach measurement (e.g. access statistics, recognition of recurring visitors)
  • security measures
  • tracking (e.g. interest-based/behavioural profiling, use of cookies)
  • contractual services and service
  • administration of and responding to requests

Relevant Legal Bases

The following is to inform you of the legal bases of the General Data Protection Regulation (GDPR) based on which we process the personal data. Please note that the national data protection regulations may apply in your or our country of residence and domicile in addition to the GDPR regulations.

  • Consent (point (a) of Art. 6(1) GDPR) – The data subject has given consent to the processing of the person’s personal data for one or more specific purpose/s.
  • Contract performance and pre-contractual requests (point (b) of Art. 6(1) GDPR) – The processing is necessary for the performance of a contract to which the data subject is party or the implementation of pre-contractual measures taken at the data subject’s request.
  • Legitimate interests (point (f) of Art. 6(1) GDPR) – The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

National data protection regulations in Austria: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection in Austria apply. This includes, in particular, the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act – DSG). In particular, the Data Protection Act contains special regulations on the right of access, the right to rectification or erasure, the processing of special categories of personal data, the processing for other purposes and for transfer as well as the automated decision-making in a given case.

Security measures

In accordance with the legal stipulations and taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of processing as well as the varying probabilities of occurrence and the dimension of the threat to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

Such measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as the access concerning it and the input, sharing, safeguarding of availability and its separation. We have also established procedures to ensure the exercise of data subjects’ rights, the erasure of data and responses to the risk of the data being compromised. Furthermore, we already take the protection of personal data into account when developing or selecting hardware, software as well as procedures in line with the principle of data protection, by both technology engineering and privacy-friendly default settings.

SSL encryption (https): We use SSL encryption to protect your data transferred via our online offering. You can recognise such encrypted connections by the https:// prefix in the address line of your browser.

Transfer and disclosure of personal data

When we process personal data, it may be the case that the data is transferred or disclosed to other bodies, companies, legally autonomous organisational units or persons. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers entrusted with IT tasks or providers of services and contents that are integrated into a website. In such a case, we comply with the legal stipulations and enter, in particular, into appropriate contracts or agreements with the recipients of your data in order to protect your data.

Data processing in third countries

Where we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing is effected in the context of using services of third parties or disclosing or transferring data to other persons, bodies or companies, this is done only in accordance with the legal stipulations.

Subject to express consent or contractually or legally required transfer, we process or have the data processed only in third countries with an acknowledged level of data protection, which includes the US processors certified under the “Privacy Shield”, or on the basis of special safeguards, such as contractual obligation by ‘standard protection clauses’ of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Use of cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie serves primarily to store the information about a user during or after the user’s visit within an online offering. The stored information may include, for example, the language settings on a website, the login status, a shopping cart or the place where a video was viewed. The term ‘cookies’ also includes for us other technologies that fulfil the same functions as cookies (e.g. if user information is stored using pseudonymous online identifiers, also referred to as “user IDs”)

A distinction is made between the following types of cookie and functions:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed the user’s browser.
  • Permanent cookies: Permanent cookies remain stored even after the browser has been closed. This allows, for example, to save the login status or to display preferred contents directly when the user visits a website again. Such a cookie also serves to store the interests of users which will then be used for reach measurement or marketing purposes.
  • First-party cookies: First-party cookies are set by ourselves.
  • Third-party cookies: Third-party cookies are mainly used by advertisers (‘third parties’) to process user information.
  • Necessary (also: essential or absolutely essential) cookies: On the one hand, cookies may be absolutely essential to operate a website (e.g. to store logins or other user inputs or for reasons of security).
  • Statistics, marketing and personalisation cookies: Furthermore, cookies are, as a rule, also used as part of the reach measurement and when the interests of a user or a user’s behaviour (e.g. viewing certain contents, use of functions etc.) are stored on individual websites in a user profile. Such profiles are used to show users, for example, contents that suit their potential interests. This method is also referred to as “tracking”, i.e. tracing the potential interests of the users. To the extent that we use cookies or “tracking” technologies, we inform you separately in our Privacy Statement or within the scope of obtaining a consent.

Notes on legal bases: The legal basis on which we process your personal data with the help of cookies depends on whether we request your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g. in operating and improving our online offering in business management terms) or if the use of cookies is necessary to meet our contractual obligations.

General notes on withdrawal and objection (opt-out):

Depending on whether the processing is effected on the basis of a consent or legal permission, you have the possibility at any time to withdraw a given consent or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You may give notice of objection, first of all, by using the settings of your browser, e.g. by disabling the use of cookies (which may also result in the functionality of our online offering being restricted). Notice of objection to the use of cookies for purposes of online marketing may also be given by a variety of services, especially in case of tracking, via the websites http://optout.aboutads.info and http://www.youronlinechoices.com/. In addition, you may receive further objection notes as part of the information on the service providers and cookies used.

Processing of cookie data based on a consent: Before we process or have data processed as part of the use of cookies, we ask the users for a consent which may be withdrawn at any time. Before the consent has not been given, only cookies necessary to operate our online offering is used. These are used based on our interest and the interest of the users in the expected functionality of our online offering.

  • Types of data processed: usage data (e.g. visited websites, interest in contents, access times), meta/communications data (e.g. device information, IP addresses)
  • Data subjects: users (e.g. website visitors, users of online services)
  • Legal bases: consent (point (a) of Art. 6(1) GDPR), legitimate interests (point (f) of Art. 6(1) GDPR)

Real Cookie Banner

We use the “Real Cookie Banner” consent tool to manage the cookies and similar technologies used (tracking pixels, etc.) and to give consent in this regard. Details on how “Real Cookie Banner” works can be found at https://devowl.io/knowledge-base/real-cookie-banner-data-processing/.
The legal basis for the processing of personal data in this context is Art. 6 Abs. 1 lit. c GDPR  and Art. 6 Abs. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the relevant consents.
The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, you cannot manage your consents.

Change privacy settings | Privacy settings history | Revoke consents

Contacting

When you contact us (e.g. by contact form, e-mail, phone or via social media), the information of the requesting persons is processed to the extent that this is necessary to respond to the contact requests and to any requested measures.

Responding to the contact requests in the context of contractual or pre-contractual relationships serves to perform our contractual duties or to respond to (pre-)contractual requests and, other than that, on the basis of the legitimate interests in responding to the requests.

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text inputs, photographs, videos)
  • Data subjects: communications partners
  • Purposes of processing: contact requests and communication
  • Legal bases: contract performance and pre-contractual requests (point (b) of Art. 6(1) GDPR), legitimate interests (point (f) of Art. 6(1) GDPR)

Provision of the online offering and web hosting

In order to provide our online offering safely and efficiently, we make use of the services of one or more web hosting provider(s) from whose servers (or servers managed by the provider(s)) the online offering can be accessed. For these purposes, we may make use of infrastructure and platform services, computing capacity, storage space and database services as well as security and technical maintenance services.

The data processed in the context of the provision of the hosting offering may include all information relating to the users of our online offering that is obtained over the course of use and communication. This includes, on a regular basis, the IP address required in order to deliver the contents of online offers to browsers and all inputs made within our online offering or from websites.

E-mail dispatch and e-mail hosting: The web hosting services of which we make use also include dispatching, receiving and storing e-mails. For these purposes, the addresses of both the recipients and the senders as well as further information relating to the e-mail dispatch (e.g. the providers involved) and the contents of the respective e-mails are processed. The data set out above may further be processed for the purpose of detecting SPAM. Please note that e-mails are principally not dispatched in encrypted form on the Internet. As a rule, e-mails are encrypted in transit, but (unless any ‘end-to-end encryption method’ is used) not on the servers from and by which they are send out and received. We may thus not assume any responsibility for the transmission path of the e-mails between the sender and their receipt on our server.

Collection of access data and log files: We ourselves (or our web hosting provider) collect(s) data on each access to the server (‘server log files’). Such server log files may include the address and name of the websites and files accessed, date and time of the access, amounts of data transferred, notice of the successful access, browser type along with version, the user’s operating system, referrer URL (the previously visited website) and, as a rule, the IP addresses and the requesting provider.

The server log files may be used, on the one hand, for security purposes, e.g. to avoid any overloading of the servers (especially in the case of abusive attacks, also referred to as ‘DDoS attacks’) and, on the other hand, to ensure the utilisation of the servers and their stability.

  • Types of data processed: content data (e.g. text inputs, photographs, videos), usage data (e.g. visited websites, interest in contents, access times), meta/communications data (e.g. device information, IP addresses)
  • Data subjects: users (e.g. website visitors, users of online services)
  • Legal bases: legitimate interests (point (f) of Art. 6(1) GDPR)

Online marketing

We process personal data for the purposes of online marketing, which may include, in particular, the marketing of advertising spaces or the presentation of advertising and other contents (collectively referred to as “contents”) on the basis of potential interests of the users as well as the measurement of their effectiveness.

For these purposes, ‘user profiles’ are created and stored in a file (‘cookie’) or similar methods are used by means of which any information on the user that is relevant for the presentation of the contents referred to above is stored. This information may include, for example, contents viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used and information on usage times. Where users have consented to the collection of their location data, such data may be processed as well.

The users’ IP addresses are also stored. To protect users, however, we use available IP masking methods (i.e. pseudonymisation by shortening the IP address). Generally, no real data of the users (such as e-mail addresses or names), but pseudonyms is stored as part of the online marketing operation, which means that neither we nor the providers of the online marketing operations know the actual identity of the users, but only the information stored in their profiles.

As a rule, the information in the profiles is stored in the cookies or by means of similar methods. In general, these cookies may later also be read out and analysed for the purposes of displaying content on other websites, on which the same online marketing operation is used, as well as supplemented with further data and stored on the server of the online marketing operation provider.

As an exception, clear data may be attributed to the profiles. This is the case if the users are, for example, members of a social network, whose online marketing operation we use, and the network links the user profiles to the information referred to above. Please note that users may enter into additional agreements with the providers, e.g. by giving their consent in the context of the registration.

Basically, we only get access to summarised information about the success of our ads. In the context of ‘conversion measurements’, however, we may examine which of our online marketing operations have led to a ‘conversion’, i.e., for example, to a conclusion of a contract with us. The conversion measurement is used solely to analyse the success of our marketing measures.

Unless otherwise stated, please assume that cookies used are stored for a period of two years.

Notes on legal bases: If we ask the users for their consent to the use of the third-party providers, the legal basis for the processing of data is the consent. Otherwise, the data of the users is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and receiver-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this Privacy Statement.

  • Types of data processed: usage data (e.g. visited websites, interest in contents, access times), meta/communications data (e.g. device information, IP addresses)
  • Data subjects: users (e.g. website visitors, users of online services), prospects
  • Purposes of processing: tracking (e.g. interest-based/behavioural profiling, use of cookies), remarketing, visiting action evaluation, interest-based and behaviour-related marketing, profiling (creating user profiles), conversion measurement (measuring the effectiveness of marketing measures), reach measurement (e.g. access statistics, recognition of recurring visitors)
  • Security measures: IP masking (pseudonymisation of the IP address)
  • Legal bases: consent (point (a) of Art. 6(1) GDPR), legitimate interests (point (f) of Art. 6(1) GDPR)
  • Possibility to object (opt-out): We refer to the privacy notices of the respective providers and to the specified possibilities to object existing with the providers (“opt-out”). If no explicit opt-out option has been specified, you have the possibility, on the one hand, to disable cookies in the settings of your browser, which may, however, result in functions of our online offering being restricted. We thus additionally recommend the following opt-out options, which are offered in summarised form and aimed to respective areas: (a) Europe: https://www.youronlinechoices.eu
    (b) Canada: https://www.youradchoices.ca/choices
    (c) USA: https://www.aboutads.info/choices
    (d) Across areas: http://optout.aboutads.info

Services and service providers used:

Plugins and embedded features as well as contents

We integrate functional and content elements in our online offering which are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may be, for example, graphics, videos or social media buttons as well as posts (hereinafter uniformly referred to as “contents”).

Such integration always requires that the third-party providers of these contents process the users’ IP address, since they would not be able to send the contents to their browsers without having the IP address. The IP address is hence only necessary to display these contents or functions. We endeavour to only use contents whose respective providers use the IP address only to send out the contents. Third-party providers may further use ‘pixel tags’ (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” may be used to evaluate information, such as the visitor traffic on the pages of this website. The pseudonymous information may further be stored in cookies on the users’ device and may contain, among others, technical information on the browser and on the operating system, on referring websites, on the time of visit as well as further information on the use of our online offering, but may also be linked with such information from other sources.

Notes on legal bases: If we ask the users for their consent to the use of the third-party providers, the legal basis for the processing of data is the consent. Otherwise, the data of the users is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and receiver-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this Privacy Statement.

  • Types of data processed: usage data (e.g. visited websites, interest in contents, access times), meta/communication data (e.g. device information, IP addresses), inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text inputs, photographs, videos)
  • Data subjects: users (e.g. website visitors, users of online services)
  • Purposes of processing: provision of our online offering and user friendliness, contractual services and service, security measures, administration and responding to requests
  • Legal bases: legitimate interests (point (f) of Art. 6(1) GDPR), consent (point (a) of Art. 6(1) GDPR), contract performance and pre-contractual requests (point (b) of Art. 6(1) GDPR)

Services and service providers used:

Erasure of data

The data processed by us is erased in accordance with the legal stipulations as soon as the permitted consents given to its processing are withdrawn or any other permissions cease to apply (e.g. if the purpose of the processing of such data is has ceased to exist or it is not necessary for the purpose).

Where the data is not erased since it is necessary for any other and legally admissible purposes, its processing is limited to these purposes. This means that the data is blocked and not processed for any other purposes. This applies, for example, to data which must be stored for reasons under commercial or tax law or whose retention is necessary to assert, exercise or defend legal claims or to protect the rights of any other natural or legal person.

Further information on the erasure of personal data may further be provided as part of the individual privacy notices of this Privacy Statement.

Modifying and updating the privacy statement

We ask you to inform yourself regularly about the content of our Privacy Statement. We customise the Privacy Statement as soon as this becomes necessary due to the modifications to the data processing operations performed by us. We inform you as soon as any act of cooperation by you (e.g. consent) or any other individual notification becomes necessary as a result of the modifications.

Where we indicate addresses and contact information of companies and organisations in this Privacy Statement, please note that the addresses may change over time and check the information before contacting us.

Rights of the data subjects

As a data subject, you have various rights under the GDPR which follow, in particular, from Art. 15 to 18 and 12 GDPR:

  • Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right of withdrawal for consents: You have the right to withdraw any consents given at any time.
  • Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to both such data and further information as well as a copy of the data in line with the legal stipulations.
  • Right to rectification: In accordance with the legal stipulations, you have the right to have incomplete data concerning you completed or to obtain the rectification of inaccurate data concerning you.
  • Right to erasure and to restriction of processing: You have the right in accordance with the legal stipulations to obtain the erasure of data concerning you without undue delay or, alternatively, in accordance with the legal stipulations, to obtain restriction of processing of the data.
  • Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to require its transmission to any other controller in accordance with the legal stipulations.
  • Complaint with a supervisory authority: You further have the right, in accordance with the legal stipulations, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning to you infringes the GDPR.

Definitions of terms

This section contains an overview of the terminology used in this Privacy Statement. Many of the terms are inferred from law and are defined, above all, in Art. 4 GDPR. The legal definitions are binding. The following explanations, however, are intended, above all, to ensure understanding. The terms are sorted alphabetically.

    • Visiting action evaluation: “Visiting action evaluation” (also referred to as “conversion tracking”) is a method which can be used to establish the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users’ devices within the websites on which the marketing measures are performed and is then accessed again on the target website. This allows us, for example, to see whether the ads placed by us on other websites were successful.
    • IP masking: “IP masking” is a method in which the last octet, i.e. the last two numbers of an IP address, is deleted so that the IP address can no longer serve to unambiguously identify a person. IP masking is hance a means for pseudonymising processing operations, especially in online marketing.
    • Interest-based and behavioural marketing: Interest-based and/or behavioural marketing means that potential interests of users in advertisements and other contents are predetermined as precisely as possible. This is effected on the basis of information on their previous behaviour (e.g. visiting and surfing on certain websites, purchasing behaviour or interaction with other users, which is stored in a ‘profile’. As a rule, this is done using cookies.
    • Conversion measurement: Conversion measurement is a method which can be used to establish the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users’ devices within the websites on which the marketing measures are performed and is then accessed again on the target website. This allows us, for example, to see whether the ads placed by us on other websites were successful.
    • Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    • Profiling: “Profiling” means any form of automated processing of personal data consisting of the use of personal data to analyse (depending on the type of profiling, this includes information in relation to age, gender, location data and movement data, interaction with websites and their contents, purchasing behaviour, social interactions with other human beings), evaluate or predict (e.g. the interests in certain contents or products, the click behaviour on a website or the position) certain personal aspects relating to a natural person. Cookies and web beacons are often used for profiling purposes.
    • Reach measurement: The reach measurement (also referred to as ‘web analytics’) is used to evaluate the visitor flows of an online offering and may include the behaviour or interests of the visitors in certain information, such as contents of websites. By using the reach analysis, website owners can, for example, establish the time at which visitors visit their website and the contents they are interested in. For example, this allows them to better customise the contents of the website to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognise recurring visitors and thus to obtain more accurate analyses on the use of an online offering.
  • Remarketing: The term “remarketing” or “retargeting” is used, for example, when it is noted for advertising purposes in which products a user has been interested in on a website, in order to remind the user on other websites of these products, for example in ads.
  • Tracking: “Tracking” means that the behaviour of users can be traced across several online offerings. As a rule, behavioural and interest information relating to the online offerings used is stored in cookies or on servers of the providers of the tracking technologies (‘profiling’). This information may then be used, for example, to display ads to the users that are likely to correspond to their interests.
  • Controller: “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Processing: “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term extends far and virtually includes each handling of data, be it collection, evaluation, retention, transfer or erasure.

Created with the free Datenschutz-Generator.de of Dr Thomas Schwenke

OUR EMPLOYEES ARE WHOLEHEARTED MEMBERS OF THE GROSSFURTNER TEAM. AND YOU?

YES, I WANT TO BECOME PART OF THE TEAM TOO!
Logo Rudolf Großfurtner GmbH
GDPR Cookie Consent with Real Cookie Banner