Privacy Policy in accordance with Articles 13 and 14 of the GDPR – Fulfilment of information obligations

Thank you for visiting our website. We attach great importance to the protection of your data and inform you here in detail about the extent to which we process your data.

This policy applies to data processing within Saubermacher Dienstleistungs AG as well as to the use of our website. The legal basis for this data processing is the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

All personal designations always refer to all genders. The use of the masculine form is intended solely to simplify readability.

1 Data processing – General

1.1 Controller

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

Saubermacher Dienstleistungs AG
Hans-Roth-Strasse 1
8073 Feldkirchen near Graz
Tel.: +43 59 800
E-mail: office@saubermacher.at
Website: saubermacher.com

The company has appointed a data protection officer. Birgit von Maurnböck, VMCON OG, Opernring 2, 8010 Graz can be contacted at: datenschutz@saubermacher.at

1.2 Data processing in accordance with Art. 13 GDPR

We process the data that various people provide to us through their own information, for example as part of an enquiry by email, to initiate and conclude a contract or a business relationship.

1.3 Data processing in accordance with Art. 14 GDPR

In addition, we process data of persons who may be part of a contractual relationship, which we have legitimately received in the context of information from third parties (e.g. managing directors provide us with the data of their employees).

1.4  Data subjects

We process the following data from prospective clients: company name, name of the contact person, and professional contact and address details.

We process the following data from customers: company name, titles and names of contact persons, business address and contact details, bank details, contract details. For customers who have their business premises certified as part of the ISCC certification process, we also process geocoordinates.

We process the following data from suppliers and business partners: company name, titles and names of contact persons, business address and contact details, bank details, contract details.

We process the following data from contact persons and representatives of public authorities, associations, political parties and the press: company/authority, title and name of the contact person, business address details and contact details.

The following data is processed from newsletter recipients: email address.

We publish the names of authors upon request. As soon as the use of the works ceases, the personal data is automatically deleted.

1.5 Legal basis

The legal basis for data processing is:

  • Consent (e.g. when processing your email address for advertising purposes) pursuant to Art. 6(1)(a) GDPR
  • Pre-contractual and contractual purposes pursuant to Article 6(1)(b) of the GDPR
  • Legal obligations (e.g. statutory retention and documentation obligations, publication obligations under copyright law) pursuant to Article 6(1)(c) of the GDPR
  • Legitimate interests of our company (e.g. use of software) pursuant to Article 6(1)(f) of the GDPR

We will inform you separately of the legal basis and the purpose of the processing for each instance of data processing described below.

1.6 Transfer of data

Data is transferred exclusively for the purpose of contract performance in accordance with Article 6(1)(b) of the GDPR in order to provide you with our services.

  • Transfer within the Group: The personal data collected in connection with your enquiry or use of our services will – where necessary – be transferred within the Group to subsidiaries or affiliated companies. This is necessary in particular where certain services or IT services are provided by other companies within the Group. In such cases, it may be necessary to forward your data to the relevant group company for further processing. The transfer is carried out on the basis of internally concluded contracts.
  • Transfer to data processors: We work with data processors to whom personal data is transferred in order to provide services efficiently. These include companies that handle tasks such as contract fulfilment, payment processing, account management, the sending of newsletters and IT services.
  • Other transfers: In certain cases, such as where there are legal obligations or in the context of a legal dispute, personal data may be disclosed to public authorities or solicitors.

1.7 Storage/deletion of data

  • Contractual retention obligations: After termination of a contractual relationship or after the end of contractually agreed periods, personal data will be deleted or anonymised as soon as there are no legal retention obligations to the contrary.
  • Withdrawal of consent: If consent to the processing of personal data is withdrawn, the data will be deleted or anonymised unless there is another legal basis for processing.
  • Statutory retention obligations: The controller is subject to various statutory retention obligations. Personal data will be deleted after expiry of these statutory retention obligations. It may happen that personal data must be retained for legal reasons despite the revocation of consent or the expiry of contractually agreed periods and will only be deleted at a later date (after the expiry of the respective legal periods). The EU regulations and laws to be observed by the controller are listed below (without any claim to completeness):
    • Federal Tax Code (BAO)
    • Commercial Code (UGB)
    • Trade Regulation Act (GewO)
    • General Civil Code (ABGB)
    • Value Added Tax Act (UStG)
    • Whistleblower Protection Act (HSchG)
    • Data Protection Act (DSG)
    • General Data Protection Regulation (GDPR)

2 Contacting

When you contact us via email, telephone, WhatsApp, the contact form, the call-back service or social media, the data you provide is stored so that we can process your enquiries. This may include the following personal data: name, email address, telephone number or address. We will delete the data collected in this context once processing is no longer necessary, or restrict processing if statutory retention obligations apply.

Legal basis: Article 6(1)(f) GDPR (Legitimate interest)

3 Visitor registration

As part of the visitor registration process, personal data such as name, email address, and the date and time of the visit are collected. This data is processed solely for the purposes of identification, access control, ensuring security on the premises, assisting with emergency and evacuation procedures, tracking visits, safeguarding trade secrets, and investigating security incidents. The data is stored for 4 weeks and then deleted.

Legal basis: Article 6(1)(f) GDPR (Legitimate interest)

4 Candidate management

General: When you send us your application documents, we process the personal data contained therein for the purpose of staff selection and recruitment.

Legal basis: Article 6(1)(b) GDPR (pre-contractual and contractual processing)

Deletion: In the event of a rejection, we will delete your documents 7 months after sending the rejection to you.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

Retention: Should we wish to keep your details on file to contact you at a later date, we will contact you with a separate request for your consent. If you explicitly grant us this consent, we will store your application documents. Should no further opportunity for a vacancy arise within one year of receiving your consent, we will delete all your application documents.

Legal basis: Art. 6(1)(a) GDPR (consent)

Application portal: All applications are processed via our application portal. Anyone interested in working for our company can apply directly via the application portal on our website. The application process is managed via the BITE service, provided by BITE GmbH, Magirus-Deutz-Straße 12, 89077 Ulm, Germany. You will be informed of this via a separate privacy policy for applicants: https://saubermacher.com/datenschutz-jobportal/.

As the application process continues, you will have the opportunity to upload your application documents (e.g. CV). Alternatively, applications may also be submitted in paper form. These will also be entered into the BITE applicant management system by the HR department, so that the entire application process – regardless of the method of submission – is handled centrally via the tool.

For those submitting their application in paper form directly at one of our sites, the privacy policy can be accessed digitally via a QR code provided on site. Alternatively, a printed copy of the privacy policy can be provided on request.

Further information is available at https://saubermacher.com/karriere/offene-stellen/.

5 Social media presence

We operate social media pages on Instagram, Facebook, LinkedIn, Kununu, XING and Flickr. When you visit our social media presence, personal data – including the IP address provided by the respective provider – is processed and cookies are used for data collection. Please refer to the privacy policy of the respective service to find out exactly what information is transmitted. There you will also find information on how to contact us and how to restrict the processing of this data.

Furthermore, we would like to point out that you use the respective services and their functions at your own risk. This applies in particular to the use of interactive functions (for example, sharing, commenting or rating).

The providers of the social media services have provided us with relevant agreements – in most cases, these are agreements regarding joint responsibility for data processing. The use of social media platforms is based on our legitimate business interest.

Where we are obliged to fulfil data subject rights (see , point 18), you may contact both us and the provider of the relevant social media platform.

Legal basis: Art. 6(1)(f) GDPR (Legitimate interest)

6 Participation in competitions

We occasionally organise competitions. To take part in these competitions, we require certain information from you: first name, surname, address and email address. This data is used exclusively for the purpose of administering the competition. If we have no business relationship with you and are not subject to any statutory retention obligations, the data collected will be deleted or anonymised once the competition has concluded and the prizes have been dispatched.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual and contractual processing)

7 Event management

To organise and run events, we use the event tool “Invitario” provided by Invitario GmbH, Lerchenfelder Straße 74/1/6, 1080 Vienna, Austria. The tool is used in particular to send invitations, monitor confirmations and send event summaries to participants. As part of event organisation, we process the following personal data via “Invitario”: name, email address, telephone number, company affiliation and – depending on the event – voluntary information regarding dietary preferences.

Legal basis: Article 6(1)(f) GDPR (Legitimate interest)

8 CCTV

As part of our security measures, we use video surveillance technology at various sites to ensure the safety of people and the protection of property. These sites are: Saubermacher Headquarters (Ecoport), Krems, Lannach, Premstätten, Trofaiach and Vienna Oberlaa. All entrances and exits, as well as the entrance and exit to the Ecoport’s underground car park, are monitored by CCTV. At the other sites, video surveillance is mainly carried out in the entrance areas, in the car parks and in the sorting and storage areas of the premises.

Surveillance serves to enforce the right of access to the premises and to investigate criminal offences and security-related incidents. Monitored areas are marked with appropriate signs. The recordings are stored for a period of 72 hours and then deleted, unless they are required to clarify incidents or to initiate legal proceedings.

Access to the recordings is restricted to authorised persons. The data will only be passed on to law enforcement authorities where necessary for the investigation of criminal offences.

Legal basis: Article 6(1)(f) GDPR (Legitimate interest)

9 Whistleblowing system – Whistleblowing online portal

We have set up a whistleblowing system (Saubermacher Group Whistleblowing Online Portal) on our website. The whistleblowing system enables you to contact us and report compliance and legal breaches without whistleblowers having to fear reprisals. Further information is available at https://saubermacher.com/hinweisgeber/.

Legal basis: Article 6(1)(c) GDPR (Legal obligation)

10 Data processing when visiting our website

10.1 Informational use of the website

When you use the website for information purposes only, we collect only the personal data that your browser transmits to our server (server log files). When you wish to access our website, we collect the data that is technically necessary for us to display our website to you and to ensure its stability and security:

  • IP address
  • Date and time of the request
  • Time zone difference from Coordinated Universal Time (UTC)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

This data is not combined with sources of personal data. We reserve the right to review this data retrospectively if we become aware of specific indications of unlawful use, and to pass the data on to law enforcement authorities should a hacking attack have taken place. No further disclosure to third parties takes place.

Legal basis: Art. 6(1)(f) GDPR (Legitimate interest)

10.2 Cookies

When you visit our website, cookies are stored on your device. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive. They enable us or third-party providers to collect certain information. Cookies cannot run programs or transmit viruses to your computer.

The information contained in the cookies is used, for example, to determine whether you are logged in, what data you have already entered, or to recognise

We distinguish between technical cookies, which serve solely to ensure the operation of a website, and other cookies that are set by us or third-party providers for the purposes of statistical analysis, tracking or advertising/marketing.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest; for technical cookies), Art. 6(1)(a) GDPR (consent; for all other cookies)

10.3 Newsletter subscription

You can subscribe to our newsletter by providing us with your email address. You can unsubscribe at any time. To do so, use the unsubscribe link found in every newsletter, or send an email tooffice@saubermacher.at .

To ensure that the registration is actually made by you, we use the so-called double opt-in procedure. After you have registered, you will receive a confirmation email containing a link. Your registration will only be activated and your address added to the mailing list once you have clicked on this confirmation link. In this way, we ensure that no one uses your email address without your consent and that you have expressly agreed to receive the newsletter.

Once you have unsubscribed, we will no longer use your data to send you the newsletter.

If we have no business relationship with you and are not subject to any statutory retention obligations, your data will be deleted after you unsubscribe from the newsletter.

Legal basis: Art. 6(1)(a) GDPR (consent)

10.4 Cookiebot (Consent Management)

To obtain consent in accordance with data protection regulations for the use of cookies and services requiring consent on our website, we use the Cookiebot consent banner from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

The consent banner records and stores the selection of cookies and services requiring consent made by the respective user of our website. The website visitor’s explicit consent ensures that statistical and marketing cookies and services requiring consent are only set once this consent has been given.

The consent tool records, logs and stores the website visitor’s settings for the duration of the session. To ensure that the selected settings can be clearly assigned to the respective website visitor, Cookiebot collects, transmits and stores certain user information (including the IP address).

For further information, please refer to Cookiebot’s privacy policy
https://www.cookiebot.com/de/privacy-policy/

Legal basis: Art. 6(1)(f) GDPR (Legitimate interest)

11 Use of data in connection with Google services

We use services provided by Google Ireland Limited (“Google”) on our website, a company incorporated and operating under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland.

Further information is available in Google’s privacy policy at https://policies.google.com/privacy?hl=de.

11.1 Google Analytics & IPmeta

On our website, we use Google Analytics, a tool that allows us to analyse how our website is used. With Google Analytics, we can see how many people visit our website and how long they stay.

This website uses the “IP anonymisation” feature (i.e. Google Analytics has been extended with the code “gat._anonymizeIp();” to ensure that IP addresses are collected in an anonymised form (so-called IP masking)). This means that your IP address is truncated by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.

Google uses the information collected to analyse your use of the website, to compile reports on website activity and to provide other services relating to website usage.

Your IP address, which is transmitted by your browser to Google Analytics, will not be merged with other data held by Google. However, Google may pass this information on to third parties where required by law or where such third parties process the data on Google’s behalf.

You can prevent cookies from being stored on your computer by adjusting the relevant settings in your browser. Please note, however, that in this case you may not be able to make full use of all the features of our website.

Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html or at https://support.google.com/analytics/answer/6004245?hl=de.

Legal basis: Art. 6(1)(a) GDPR (consent)

We also use the service ipmeta.io, which is a freely available plugin for Google Analytics. We use the plugin to analyse and implement ‘Service Provider’, ‘Network Domain’ and ‘Network Type’ in Google Analytics in order to see who has visited our websites and to obtain statistics on this. The retrieval of data for the network-related dimensions is based on your IP address. The plugin is used solely to convert this into network data. The data collected for this purpose is then deleted immediately.

Further information can be found at: https://ipmeta.io/#how-network-type-works.

Legal basis: Art. 6(1)(a) GDPR (consent)

11.2 Google AdSense

Our website uses Google AdSense, a service for integrating advertising. Google AdSense enables us to generate revenue by displaying advertisements on our website. The advertisements are automatically selected by Google based on the content of our website and the interests of visitors.

The use of Google AdSense involves the collection of various data, including cookies, web beacons and usage data. Web beacons are invisible graphics that also collect information about the use of our website. Usage data includes information about the websites visited, the adverts clicked on, the IP address, the browser type and the language settings.

The data collected is used to measure the effectiveness of the advertisements, to optimise the ad content and to generate reports on website activity. This information may also be combined with other data that Google has collected about you.

By adjusting the settings in your web browser, you can prevent the aforementioned cookies from being stored on your computer. However, this may mean that you are no longer able to use the content of this website to the same extent. By using this website, you consent to the processing of your personal data by Google in the manner and for the purposes described above.

Legal basis: Art. 6(1)(a) GDPR (consent)

11.3 Google Ads Conversion Tracking

This website uses Google Conversion Tracking. In this process, Google Ads places a cookie on your computer if you have arrived at our website via a Google advert. These cookies expire after 30 days and are not used for personal identification. The information collected via the conversion cookie is used to generate conversion statistics for us. We are informed of the total number of users who clicked on our advert and were redirected to our page tagged with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking process, you can also refuse the setting of the cookie required for this – for example, via a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by configuring your browser to block cookies from the domain “www.googleadservices.com”.

If you use SSL search, Google’s encrypted search function, the search terms are usually not sent as part of the URL in the referrer URL. There are, however, some exceptions to this, for example if you use certain, less common browsers. Further information on SSL search is available here: https://support.google.com/websearch/answer/173733?hl=de.

Search queries or information contained in the referrer URL may, in some circumstances, also be viewed via Google Analytics or an Application Programming Interface (API). In addition, advertisers may receive information about the exact search terms that triggered a click on an advert.

For further details, please refer to Google’s FAQs: https://policies.google.com/faq?hl=de.

Legal basis: Article 6(1)(a) of the GDPR (consent)

11.4 Google Fonts

We use Google Fonts on our website. To ensure a consistent and attractive display of fonts and icons, your browser loads the necessary fonts into your browser cache. To do this, the browser you are using must connect to the Google Fonts servers, which means that Google Fonts becomes aware that our website has been accessed via your IP address.

You can find out what data Google collects and how this data is used at https://www.google.com/intl/de/policies/privacy/.

Legal basis: Art. 6(1)(a) GDPR (consent)

you as a user when a connection is established between our web server and your browser.

11.5 Google Maps

We use Google Maps on this website. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently. When you visit the website, Google receives the information that you have accessed the relevant subpage of our website. In addition, the data already mentioned under the heading “Informational use of the website” is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in, or whether no user account exists. If you are logged in to Google, your data is directly assigned to your account. If you do not wish for this data to be linked to your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such analysis is carried out in particular (even for users who are not logged in) to provide tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, in which case you must contact Google to exercise this right.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and settings options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.

Legal basis: Art. 6(1)(a) GDPR (consent)

11.6 Google Photos

To ensure a user-friendly experience, we use the cloud-based storage service Google Photos. When you view images on our website, your browser establishes a connection to Google’s servers. To do this, your IP address is transmitted to Google. To display the images correctly, the necessary pages are loaded into your browser cache.

You can find more detailed information here: https://www.google.com/photos/.

Legal basis: Art. 6(1)(a) GDPR (consent)

11.7 Google Tag Manager

We use Google Tag Manager on our website, which enables us to integrate and manage website tags, such as tracking codes or conversion pixels. This collects data on the website and forwards it to associated analytics tools, which store and analyse this data. Although Google Tag Manager collects data (e.g. IP address), it does not store this data and has no access to it. It merely acts as an interface between the website and the analytics software.

You can find more detailed information here: https://www.google.com/intl/de/tagmanager/faq.html.

Legal basis: Art. 6(1)(a) GDPR (consent)

11.8 YouTube

We operate a YouTube channel and have embedded YouTube videos on our website that are stored at http://www.YouTube.com. The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, 94066 California, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube videos in enhanced privacy mode. With this setting, YouTube does not store cookies when you visit our website. A connection to YouTube’s servers is only established once you start playing the embedded videos. YouTube uses cookies for data collection and statistical analysis. In doing so, YouTube is informed of which pages you visit. If you are logged in to YouTube, your data is directly associated with your account. YouTube uses your data for advertising and market research purposes.

The use of this service involves the transfer of personal data to the USA, or such a transfer cannot be ruled out. Google has been certified under the Adequacy Decision for the transfer of personal data to the USA. The European Commission has concluded that an adequate level of protection exists for personal data transferred from the EU to a company in the USA certified under the EU-US Privacy Shield Framework, and therefore data transfer is permitted in accordance with Article 45 of the GDPR.

The integration of YouTube results in YouTube images being reloaded.

Further information on data protection at “YouTube” can be found in the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy/.

Legal basis: Article 6(1)(a) of the GDPR (consent)

12 Data processing in connection with Meta services

We use services provided by Meta Platforms Ireland Ltd. (“Meta”) on our website, a company incorporated and operating under Irish law with its registered office at Merrion Road, Dublin 4, Ireland.

For further information, please refer to Meta’s privacy policy at https://www.facebook.com/about/privacy/.

12.1 cdninstagram.com

Our website uses what is known as cdninstagram, where CDN stands for ‘Content Delivery Network’. This is an infrastructure domain provided by Meta Platforms Ireland Ltd. (‘Meta’), a company incorporated and operating under Irish law with its registered office at Merrion Road, Dublin 4, Ireland.

cdninstagram enables photos and videos to be delivered quickly and securely. The CDN service processes the website visitor’s IP address, the timestamp of the request, the browser and operating system used, and the specific file accessed.

For further information, please refer to Meta’s privacy policy at https://www.facebook.com/about/privacy/.

Legal basis: Article 6(1)(a) of the GDPR (consent)

13 Data processing in connection with Microsoft services

We use services provided by Microsoft Ireland Operations Limited (“Microsoft”) on our website, a company incorporated and operating under Irish law with its registered office at One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

We use Microsoft’s cloud services and its Software-as-a-Service offerings for various purposes. These include, for example, the publication of websites, forms and other content, as well as the storage and management of documents and the sending of emails.

For further information, please refer to Microsoft’s Privacy Statement at https://privacy.microsoft.com/de-de/privacystatement.

13.1 Microsoft Clarity

We use the Microsoft Clarity analytics tool on our website.

This tool enables us to analyse user behaviour on our website in order to improve the user experience. Microsoft Clarity uses cookies and other tracking technologies to collect information such as user interactions, mouse movements, scrolling activities and keystrokes.

This data is anonymised and aggregated to help us improve the performance and effectiveness of our website.

Legal basis: Art. 6(1)(a) GDPR (consent)

14 Ahrefs

We use Ahrefs Web Analytics, an analytics tool provided by Ahrefs Pte. Ltd., 16 Raffles Quay, #33-03 Hong Leong Building, Singapore 048581, to statistically evaluate the use of our website and improve our online offering. Ahrefs Web Analytics enables us to analyse aggregated information regarding website visits, pages viewed, referral sources, browsers used, device types, operating systems, language settings, and the approximate location of visitors at country and city level.

According to Ahrefs, Ahrefs Web Analytics operates without cookies and without permanent user identifiers. Individual visitors are not tracked across different websites, devices or days. The analysis is primarily statistical.

In particular, the following data is collected: the URL of the page visited, the referring website, information about the browser and device, the operating system, language settings, and the approximate location at country and city level. The location is determined based on the IP address. According to Ahrefs, the IP address itself is not stored but is discarded after processing.

Further information can be found in Ahrefs’ privacy policy at: https://ahrefs.com/legal/privacy-policy

Legal basis: Art. 6(1)(a) GDPR (consent)

 

15 Hotjar

We use Hotjar, an analytics tool provided by Hotjar Ltd., Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian’s, STJ 3141, Malta, to analyse user behaviour on our website and improve its user-friendliness. Hotjar enables us to better understand our users’ behaviour on our website by recording activities such as mouse clicks, mouse movements and scrolling behaviour. This information helps us to adapt our website to the needs of our visitors and make it more user-friendly.

Hotjar uses cookies and other technologies to collect data about our users’ behaviour and their devices, specifically the device’s IP address (in anonymised form), screen size, device type (Unique Device Identifiers), browser information, geographical location (country only) and preferred language for displaying our website. Neither Hotjar nor we use this information to identify individual users or combine it with other data relating to individual users.

Further information can be found in Hotjar’s privacy policy at: https://www.hotjar.com/legal/policies/privacy.

Legal basis: Art. 6(1)(a) GDPR (consent)

16 Onlim

To provide a chatbot on our website, we use the Onlim service provided by Onlim GmbH, Neutorgasse 13/5, 1010 Vienna, Austria, which acts as our data processor.

Onlim enables us to provide automated chat functions to respond to user enquiries. When you contact us via the chatbot, we store the data you provide in order to answer your questions. We delete the data collected in this context once processing is no longer necessary, or restrict processing if statutory retention obligations apply.

When you contact us via the chatbot, Onlim may collect, process and store personal data such as IP addresses, chat histories and technical information relating to the time of use (e.g. browser type, operating system). When you use our chat functions, , the data you enter is transmitted to Onlim’s servers. This data includes the information you have entered, as well as the date and time of the chat history.

Your data will be deleted or fully anonymised after 30 days at the latest. You also have the option to adjust the retention period for your data directly within the chat. Your personal data will then be deleted within 24 hours.

Onlim’s privacy policy can be found at https://onlim.com/de/datenschutzerklaerung/.

Legal basis: Art. 6(1)(f) GDPR (Legitimate interest)

17 Flickr

We use the Flickr photo service on our website, provided by SmugMug Inc., 67 E. Evelyn Ave, Mountain View, 94041 California, USA.

Every time you access or click on a Flickr component, cookies are set by Flickr. Cookies are small text files that are stored on your computer and enable an analysis of your use of Flickr’s services. We are unaware of exactly which user information and user behaviour is collected and transmitted to the web servers of Flickr and its affiliated companies in the USA for further processing.

If, as a user, you do not consent to this processing of your data, you have the option to disable the Flickr service and thereby prevent the transfer of data to the servers of Flickr and its affiliated companies. To do this, you must disable JavaScript in your browser. However, we would like to point out that in this case you will not be able to use Flickr, or only to a limited extent.

For further information, please refer to Flickr’s privacy policy at https://www.flickr.com/help/privacy.

Legal basis: Art. 6(1)(a) GDPR (consent)

18 Matomo

We have integrated the web analytics service Matomo, provided by InnoCraft Limited, 7 Waterloo Quay, PO625, 6140 Wellington, New Zealand, into our website for the statistical analysis of user behaviour and for optimisation and marketing purposes. By installing and integrating Matomo on our own server, we guarantee that no data is passed on to third parties. In addition, we operate Matomo with settings that ensure no cookies are set.

The following data is processed: browser type, browser version, operating system, country of origin, date and time of the server request, number of visits, time spent on the website, and the external links you click on. Before the IP address is stored, it is anonymised. Pseudonymised usage profiles can be created and analysed from this data. The data collected is processed on our servers and is not passed on to third parties.

The information generated in the pseudonymous user profile is not used to personally identify the website visitor and is not merged with personal data relating to the holder of the pseudonym.

For further information, please refer to Matomo’s privacy policy at https://matomo.org/privacy-policy.

Legal basis: Article 6(1)(a) of the GDPR (consent)

19 Your rights

You have the following rights in relation to us regarding your personal data:

  • Right of access, rectification and erasure
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability

In addition to the above rights, you have the right to lodge a complaint with a data protection authority; in Austria, this is the Austrian Data Protection Authority:

  • Address: Barichgasse 40–42, 1030 Vienna
  • Telephone: +43 1 52 152-0
  • Email: dsb@dsb.gv.at

If you believe that we have breached Austrian or European data protection law in the processing of your data and thereby infringed your rights, we ask you to contact us so that we can clarify any questions you may have.

Please send your enquiries and concerns by email todatenschutz@saubermacher.at or contact us using the contact details provided.

20 Changes to this Privacy Policy

We reserve the right to make changes to our privacy policy from time to time. Any changes to the privacy policy will be published by us on this page. Please refer to the current version of our privacy policy in this regard.