1) Processing activity Operation of a website[1]

2) Responsible person: Mag. Birgit Hayn
Peter Rosegger Gasse 58
3400 Klosterneuburg Tel: +43 (0)664 135 5866
Email: contact@birgithayn.com

3) Purposes of data processing on the

· Legal basis for the performance or preparation of a contract

a) Sales of online information offers about the company as well as the products and services to customers and interested parties
b) Accessibility and distribution of own and third-party advertising in the online information offers and products
c) Provision of communication channels to service the contractual relationship
d) Collection of user numbers to document the reach of the website

· Legal basis of (overriding) legitimate interests for direct marketing purposes

a) Recovery and acquisition of customers
b) Distribution/playout of advertising for (other goods) and services by way of direct advertising (“marketing purposes”) to the extent permitted by law.
c) Collection of user numbers to document the reach of the website and monitor the market

4) Change of purpose (forwarding) Direct advertising: The person responsible informs that personal data of customers are also processed for direct advertising purposes. Direct mail is intended to promote the sale of the advertised (own or third-party) products. For this purpose, this data will not be passed on to any third party. There is no incompatibility with the purpose of the original data collection.

5) Objection to processing for direct marketing purposes: The customer can object to the use of his personal data for direct advertising at any time and without giving reasons to the person responsible. The objection means that the customer’s personal data will no longer be processed for these purposes in the future.

6) Legal basis for data processing

1.) Online information: performance of contract. The use of the online media of the person responsible is based on a contract within the meaning of Art 6 Paragraph 1 lit b DS-GVO[2], through registration a registration relationship is established. The person responsible discloses that he sometimes includes third-party content (such as links, pixels, plug-ins) when providing the contractual services. Due to the technical circumstances when calling up the content or the Internet, electronic identification data, in particular the IP address and the browser settings of the user, are automatically transmitted to third parties who process them under their own responsibility when the page is opened. If the person responsible uses social media channels, the primary contractual relationship exists with the respective service provider.

2.) Additional services: Consent. For individual services on the online platform, the person responsible sometimes obtains express consent from the customer. Such consent can be revoked at any time with effect for the future.

3.) Direct advertising: overriding legitimate interests

7) Description of (overriding) legitimate interests for purposes

of direct mail:

The person responsible processes customer data (but not those of children or special categories of personal data within the meaning of Art 9 DSGVO[ 3] (“sensitive data”) also in order to use them for direct advertising purposes for (other) products (see also point 3.).The person responsible has a right to process personal data for direct advertising purposes Interest (Recital 47, last sentence of the GDPR). Only those customer data are processed that the person responsible has from the contractual relationship and for which the storage period is still running. This does not result in an extension of the storage period. The primary goal of data processing is customer acquisition and Customer retention with the aim of getting back into a (pre-)contractual relationship Last freedom of employment (Art. 6 StGG) and freedom of communication (esp. Art. 10 EMRK, which also protects advertising measures) and on the rights

for the transmission of postal advertising;

· to make marketing calls after consent;

· for the transmission of electronic mail after consent;

for the transmission of electronic mail in accordance with Section 107 (3) TKG;

When using this data, the person responsible complies with the communication law requirements, in particular § 107 TKG.

IT security

The controller stores the IP addresses of users for a period of 7 days to prevent targeted attacks in the form of server overload (“denial of service” attacks) and other to prevent damage to the systems. The person responsible has an overriding legitimate interest in this data processing for the purpose of maintaining the functionality of the services provided online (Recital 49 of the GDPR).

8) Change of purpose

(redirect)

The controller does not change the purpose of the processing of personal data.

9) Obligation to provide data: The customer is under no obligation to provide data.

10) Automated Decision Making: The customer is not subject to any automated decision that has legal effects on him.

11) Types of data processed

provided by the user via the contact form additionally collected by the person responsible
First and last name IP addresses (log files)
Email address Device data
Address Used browser
phone number Communication Protocol

Information on usage (e.g. creation date, number of logins, date of last query)

Time stamp: Date and time Initial and recurring (update)

SessionID

Communication History

12) Cookies:

The website uses so-called cookies. These are small text files that are stored on the website user’s end device with the help of the browser. They do no harm.
Cookies are used to make the offer user-friendly. Some cookies remain stored on the website user’s end device until they are deleted. They make it possible to recognize the user’s browser on the next visit.
If this is not desired, the customer’s browser can be set up so that it is informed about the setting of cookies and only allowed in individual cases.
If cookies are deactivated, the functionality of the website may be restricted.

13) External recipients of data

Processor –

Categories of external economic service providers:

Certified Accountant
Lawyers
Banks and payment processors
IT service provider
Postal Services
Printers
Communication Service Provider
Logistics company
All external recipients of data can be written to and contacted in relation to data protection issues via the person responsible.

14) External recipients of data via “Social-Plug-Ins”

“Social plugins” (“Plugins”):

The person responsible does not collect any personal data via “social plug-ins” and their use. However, it is possible that personal data about visitors to the website is collected via the plugins, transmitted to the respective service and linked to the respective service of the visitor. In order to prevent data from being transmitted to service providers in third countries (e.g. also the USA) without the knowledge of the user, the person responsible uses the so-called “Shariff solution” on his website. This means that the plugins are initially only integrated as graphics. The graphic contains a link to the website of the respective provider; the user is only forwarded to the provider’s service when he clicks on it. This prevents personal data from being automatically forwarded to the plugin providers when the website of the person responsible is visited. Data can only be transferred by clicking on the graphic. By clicking, the respective service provider receives the information that the user has visited the respective page of the online offer of the person responsible. The website user does not have to be logged in to the respective provider or have a user account. If such exists, the data collected by the plugin provider can be assigned to the account there. The person responsible has no influence on whether and to what extent the service provider collects personal data. The person responsible is not aware of the scope, purpose and storage periods as well as the further processing and use of the data there. Information on data protection rights and setting options can be found directly in the data protection information on the website of the respective service.

Types of data processed IP address, URLs, cookies and browser settings data
Service Provider

LinkedIn

LinkedIn Ireland Unlimited Company
Attn: Legal Dept. (Privacy Policy and User Agreement)
Wilton Place, Dublin 2, Ireland

LinkedIn Corporation
Attn: Legal Dept. (Privacy Policy and User Agreement)
1000 W. Maude Avenue, Sunnyvale, CA 94085, USA

https://de.linkedin.com/legal/privacy-policy

15) Third country transfer In the course of data processing, no data will be transmitted to countries outside dBeer EU beyond point 14:

16) Storage time Unregistered website users: The personal data (esp. IP address) of (unregistered) website visitors are stored for 7 days for IT security purposes.
Customer data collected via contact form: The data collected in the course of the contact via the contact form are fundamentally still still Processed 6 months after contact and then deleted (at least the personal reference). Thereafter, personal data processing of invoice data continues until the end of the statutory retention requirements or due to an otherwise legitimate interest.

17) Rights of the data subject Base Content
Art 15 GDPR “Information”: The data subject has the right to request information as to whether personal data is being processed.

Art 16 GDPR “Correction”: The person concerned has the right to immediately request the correction of inaccurate personal data or their completion.

Art 17 GDPR “delete”: The person concerned has the right to demand that the personal data be deleted immediately, provided that the reasons stated in Art. 17 Para. 1 GDPR are met.

Art 18 GDPR “Restriction”: The data subject has the right to demand that the processing of personal data be restricted, provided that the reasons stated in Art. 18 Para. 1 GDPR are met.

Art 21 GDPR “Contradiction”: The data subject has the right to object at any time to the processing of his personal data on the basis of legitimate interest.

Art 20 GDPR “Data Portability”: The person concerned has the right to receive their personal data in a structured, commonly used and machine-readable format.

18) Right of appeal

Art 77 GDPR

Every data subject has the right to lodge a complaint with the supervisory authority if they believe that the processing of their personal data is in breach of this regulation.

19) Regulatory Authority Austrian data protection authority
Barichgasse 40-42, 1030 Vienna, Telephone: +43 1 52 152-0
Email: dsb@dsb.gv.at

As of February 2023

[1] If designations relating to natural persons are only given in the masculine form in this data protection information, they refer to women and men in the same way. When applying the designation to specific natural persons, the respective gender-specific form is to be used. Customers are understood to mean both consumers (consumers) and entrepreneurs.

[2] Kühling/Buchner GDPR 2017, Art 6 margin number 59

[3] General Data Protection Regulation, available at http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32016R0679

NOTICE: This Data Protection Information is a translation of the German Data Protection Information into English language. In the event of interpretation difficulties, misunderstandings or loopholes, etc., the current German version of the Data Protection Information shall take precedence.