This Privacy Notice is intended to give you an overview of how we use the personal data provided by you. We would also like to inform you about the precautions we take to protect your personal data and about which rights and options you have to view your data and to protect your privacy.
This Privacy Notice contains information about which personal data we collect from you, how we process them and to which third parties we may forward your data.
Regarding the terms used, such as “processing” or “Controller”, we refer to the definitions in Art 4. of the General Data Protection Regulation (“GDPR”).
Who is responsible for the data processing, and whom can you contact?
We, iProspect GmbH, are the Controller for the processing of your personal data, within the meaning of the GDPR.
Controller responsible for data processing:
1020 Wien, Österreich
E-mail address: firstname.lastname@example.org
Link to the legal notice: https://www.iprospect.com/de/at/impressum/
Data Protection Officer:
EY Law – Pelzmann Gall Rechtsanwälte GmbH
RA MMag. Thomas Breuss
RAA Mag. Raphaela Mandl
Wagramer Strasse 19/33
1220 Vienna, Austria
E-mail address: email@example.com
Tel.: +43 1 26095-2100
For what purposes and on what legal basis are your personal data processed?
Based on your consent (Art. 6 (1) (a) GDPR)
If you have given us your consent to process your personal data, processing will only take place in accordance with the purposes defined and to the extent agreed in the declaration of consent. Consent given may be withdrawn at any time without giving reasons and with future effect, if you no longer agree to the processing.
For compliance with contractual obligations (Art. 6 (1) (b) GDPR)
Processing of personal data takes place in connection with account management, for the performance of our contract with you and for execution of your orders as well as all tasks necessary for the operation and administration of our company.
For compliance with legal obligations (Art. 6 (1) (c) GDPR)
Processing of personal data may be necessary for compliance with various legal obligations with regard to contract management, accounting and invoicing.
To protect the Controller’s legitimate interests (Art. 6 (1) (f) GDPR)
Where necessary, data processing may take place beyond the actual performance of the contract as part of a balancing of interests in favour of iProspect GmbH or a third party, in order to protect our legitimate interests or those of third parties.
Such processing of customer (employee) data takes place in the following cases:
Measures for business management and continuing development of products and services;
Measures for protecting customers and their employees as well as company property;
In the context of legal proceedings; and
Who receives your personal data?
The protection and confidentiality of your personal data is important to us. Therefore, we transfer your personal data only to the extent described below or within the scope of an instruction at the time the data are collected. In addition, personal data that we collect concerning you will neither be sold by us nor otherwise disclosed.
1. Transfer to networking companies and other parties
We transfer the personal data we collect to the companies of the Dentsu Aegis Network Group and certain service providers (e.g. external data protection officer). We transfer personal data for the purpose of account management and other operations requested by you as well as to conduct internal administrative activities efficiently in a shared way and to improve our products and services.
2. Transfer to other third parties
If we, iProspect GmbH, act as a service provider for third parties, we provide them with personal data we have collected on their behalf.
3. Transfers to processors
To a limited extent, we also pass on personal information to processors who perform services for us such as performance of contracts, account management, accounting, invoicing and sending out newsletters. Processors may only use or disclose these data to the extent absolutely necessary to perform services for us or to comply with legal rules. We contractually oblige these processors to ensure the confidentiality and security of the personal data that they process on our behalf.
4. Other transfers
We may also transfer personal information concerning you (i) if we are required to do so by law or in the context of legal proceedings, (ii) if we believe that disclosure is necessary to prevent damages or financial loss, or (iii) in connection with an investigation into suspected or actual fraudulent or illegal activities.
Are data transferred to a third country or an international organisation?
If we process personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third party services or disclosure and/or transfer of personal data to third parties, we shall only transfer personal data to comply with our (pre)contractual obligations, based on your consent, a legal obligation or our legitimate interests. Subject to legal or contractual authorisations, we process or have personal data processed in a third country only where the particular conditions of Art. 44 et seq GDPR are met. This means, for example, that processing and the transfer is carried out on the basis of special safeguards, such as the officially recognised setting of level of data protection corresponding to the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (known as “standard contractual clauses”).
For how long are personal data stored and processed?
We process your data for the duration of the entire business relationship (from initiation through performance to termination of a contract), and beyond this, pursuant to statutory retention and documentation obligations. These derive, for example, from:
the Austrian Commercial Code (UGB); and
the Federal Tax Code (BAO).
In addition, the storage period must take into account the statutory limitations periods, which, according to the Austrian Civil Code (ABGB), for example, may range up to 3 years in certain cases (the general limitations period is 30 years).
Unless expressly stated in this Privacy Notice, personal data processed by us shall be erased as soon as they are no longer required for their intended purpose and the erasure does not conflict with any statutory retention obligations.
What rights and options do you have?
1. Right of access
You have the right to request confirmation from us as to whether we are processing personal data concerning you.
Where personal data concerning you are being processed, you have the right, as the data subject, to receive information from us at any time regarding the personal data stored about you and to receive a copy of the personal data concerning you which is undergoing processing. In this regard, as the data subject, you shall have the right to obtain the following information:
The purposes of the processing;
The categories of personal data being processed;
The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
The existence of a right to rectification or erasure of the personal data concerning you, or to restriction of processing by the Controller, or to object to such processing;
The existence of the right to lodge a complaint with a supervisory authority;
Any available information about the origin of the data where the personal data were not collected directly from you; and
Where present, the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Where personal data concerning you are transferred to a third country or to an international organisation, you shall also have the right to be informed of the appropriate safeguards relating to the transfer.
2. Right to rectification
You shall have the right to request the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. Right to erasure
You shall have the right to request from iProspect GmbH the erasure of personal data concerning you without undue delay where one of the following grounds applies and if no further processing is required:
The personal data are no longer needed for the purposes for which they were collected;
You withdraw your consent on which the processing was based and where there is no other legal ground or overriding legitimate interest for the processing;
The personal data have been unlawfully processed;
Erasure of the personal data is required for compliance with a legal obligation under Union or Member State law to which the Controller is subject; or
The personal data have been collected in relation to the offer of information society services pursuant to Art. 8 (1) GDPR.
4. Right to restriction of processing
You shall have the right to request from us the restriction of processing where one of the following conditions applies:
You contest the accuracy of the personal data (the restriction shall be put in place for a period which enables the Controller to verify the accuracy of the personal data);
The processing of your personal data was unlawful and you oppose the erasure of your personal data and request instead the restriction of their use;
The Controller no longer requires your personal data for the purposes of the processing, but you require them for the assertion, exercise or defence of legal claims; or
You have objected to processing of your personal data and it has not yet been determined whether the legitimate grounds of the Controller override your own.
5. Right to data portability
You shall have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format. You shall also have the right to request that we transfer these data directly to another controller, designated by you, where this is technically feasible and does not adversely affect the rights and freedoms of others. The right to data portability may only be exercised where the basis of the processing is either your consent or a (pre)contractual necessity, and where the processing is carried out by automated means. The right to data portability does not apply to processing which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
6. Right to object
You shall have the right at any time to withdraw your consent to the processing of your personal data.
If you have objected to processing, we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is for the assertion, exercise or defence of legal claims.
You shall have the right to object, on grounds relating to your particular situation, to processing by iProspect GmbH of personal data concerning you for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
Should you wish to exercise one or more of the above-mentioned rights, you can contact our Data Protection Officer EY Law – Pelzmann Gall Rechtsanwälte GmbH at any time (see above for contact details).
With which supervisory authority may you lodge a complaint?
Pursuant to Art. 77 GDPR, you shall have the right to lodge a complaint with the competent supervisory authority. In Austria, this is the Data Protection Authority (Datenschutzbehörde).
Are personal data processed for purposes other than those for which the personal data were collected?
As a general principle, we only process data for the purposes for which they were collected.
In exceptional cases, however, we may process personal data which we have collected for one specific purpose for another purpose. In this case, we will inform you before the intended processing about the purpose, the period for which your personal data will be stored, the exercise of data subject rights, the option to withdraw consent, the existence of the right to lodge a complaint with the data protection authority, whether provision of the data was necessary on legal or contractual grounds and what the consequences would be if it were not provided, and whether automated decision-making or profiling is carried out.
What types of personal data are processed?
We process, inter alia, the following types of personal data:
Inventory data (e.g. name, title, sex, addresses, date of birth);
Contact data (e.g. e-mail, telephone numbers);
Content data (e.g. text input, photos, videos);
Usage data (e.g. websites visited, interest in contents, times of access);
Meta/communication data (e.g. device information, IP addresses); and
Advertising and sales data.
We stress that we process personal data only to the extent necessary. In individual cases, therefore, less than the above data may suffice.
We send newsletters, e-mails and other electronic notifications for advertising purposes and to announce news (hereinafter “newsletter”) only with your consent, which is recorded during registration for the newsletter, or where there is a legal basis to do so (e.g. Art. 107 (2) and (3) of the Telecommunications Act (TKG)).
You may unsubscribe from our newsletter, i.e. withdraw your consent, at any time. You will find a link to unsubscribe at the end of each newsletter. Please note that we will continue to process your personal data until you withdraw your consent, so that we can prove consent previously given to receive newsletters. The processing of these data is limited to the purpose of a possible defence against claims. You shall have the right to request the erasure of your personal data.
If you contact us (e.g. by contact form, e-mail, telephone or via social media), your details will be processed for the purpose of handling and processing the contact request. Your personal data may be stored in a customer relationship management system (“CRM system”) or a similar organisational tool.
We will erase the contact requests, and your personal data provided to us in them, if their storage is no longer necessary.
Online presence in social media
We maintain an internet presence on social media and platforms in order to communicate with active customers, prospective customers and users and inform them about our services. When you access the respective networks and platforms, the general terms and conditions and data privacy policies of the respective platform operators apply.
Unless otherwise stated in our Privacy Notice, we process the personal data of users who communicate with us within social networks and platforms, e.g. post articles on our websites or send us messages.
How are my data protected?
We take the protection of your personal data very seriously and implement appropriate technical and organisational measures to protect you against unauthorised or illegal processing of your personal data, and against accidental loss, destruction or damage.
How will I find out about changes to this Privacy Notice?
We, iProspect GmbH, are committed to upholding the principles of privacy and data protection. For this reason, we regularly review our Privacy Notice. This is to ensure that it is correct and clearly displayed on our website, contains appropriate information about your rights and our processing activities and is implemented in accordance with applicable law and thus complies with data protection requirements. We update this Privacy Notice when required, in order to take current circumstances into account. In the event that we make significant changes to this Privacy Notice, we will notify you on our website and provide you with the updated version of the Privacy Notice.
General information regarding cookies
Cookies are used to optimise our website and range of products and services. These are usually what are known as “session cookies”, which are deleted after your visit.
However, some of these cookies also provide information which is used to recognise you automatically next time you visit the website. For this purpose, many cookies contain what is known as a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that websites and servers associate with the specific internet browser in which the cookie was stored. This allows websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognised and identified via the unique cookie ID. However, a person cannot be identified via this cookie. There may be exceptions for individual analysis tools, which are explained below. Using cookies also makes it possible to provide more user-friendly services to users of this website.
The online shop remembers the articles that a customer has placed in the virtual shopping basket via a cookie.
The data subject can prevent the setting of cookies through our website at any time by means of an appropriate setting in the internet browser used and may thus permanently object to the setting of cookies. Cookies which have already been set can also be deleted at any time via the internet browser or other software programs. This can be done in all commonly used internet browsers. If the setting of cookies is disabled in the internet browser used, not all functions of our website may be fully usable.
The tracking tools we use are explained in detail below. In addition to the opt-out options described there, web tracking can be enabled and disabled for most providers at http://www.youronlinechoices.eu.
Privacy notice for the use of Google Analytics (with anonymisation feature)
We have integrated the Google Analytics component (with the anonymisation feature) into this website. Google Analytics is a web analytics service. Web analytics is the collection, compilation and analysis of data regarding the behaviour of visitors to websites. A web analytics service collects, amongst other things, data on the website the data subject has come from (known as the referrer), which sub-pages were accessed, or how often and for how long a sub-page was viewed. Web analytics are used mainly for the optimisation of a website and for cost-benefit analysis for internet advertising.
The Google Analytics module is operated by Google LLC (“Google”), 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
For web analytics via Google Analytics, we use the “_gat._anonymizeIp” add-on. With the aid of this add-on, the IP address of the data subject’s internet connection is truncated and anonymised by Google when our web pages are accessed from a European Union Member State or from another signatory state of the Agreement on the European Economic Area.
The purpose of the Google Analytics module is to analyse visitor traffic on our website. Google uses the data and information collected, amongst other purposes, to evaluate the use of our website, to compile online activity reports for our websites for us, and to provide other services in connection with the use of our website.
Google Analytics sets a cookie on the data subject’s IT system. The definition of cookies has already been explained above. By setting the cookie, Google is able to analyse the use of our website. Each time the browser uses the integrated Google Analytics component to access one of the individual pages of this website operated by us, the internet browser on the data subject’s IT system is automatically prompted by the Google Analytics component to transfer data to Google for the purpose of online analysis.
As explained above, the data subject can prevent the setting of cookies through our website at any time by means of an appropriate setting in the internet browser used and may thus permanently object to the setting of cookies. Setting the internet browser in such a way would also prevent Google from setting a cookie on the data subject’s IT system. Cookies already set by Google Analytics can also be deleted at any time via the internet browser or other software programs.
Google Tag Manager
Google Tag Manager manages site tags through a single interface. The Tag Manager tool itself (which implements the tags) is a domain without cookies and does not collect any personally identifiable information. The tool triggers other tags which may collect data. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.
Privacy notice for the use of DoubleClick
We have integrated the DoubleClick by Google component into this website. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers.
DoubleClick by Google is operated by Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
DoubleClick by Google transfers data to the DoubleClick server with every impression, click, or other activity. Each of these data transfers triggers a cookie request to the data subject’s browser. If the browser accepts this request, DoubleClick sets a cookie on the data subject’s IT system. The definition of cookies has already been explained above. The purpose of the cookie is to optimise and display advertising. The cookie is used, among other things, to place and display advertising which is relevant to users, as well as to generate or improve reports on advertising campaigns. The cookie is also used to prevent multiple displays of the same advertisement.
DoubleClick uses a cookie ID which is required to execute the technical process. The cookie ID is needed, for example, to display an ad in a browser. DoubleClick can also use the cookie ID to see which ads have already been displayed in a browser, to prevent duplication. The cookie ID also enables DoubleClick to track conversions. Conversions are captured, for example, when a DoubleClick ad was previously shown to a user and that user subsequently makes a purchase on the advertiser’s website using the same internet browser.
A DoubleClick cookie does not contain any personal data. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier is used to identify the campaigns with which the user was already in contact. Each time the browser uses an integrated DoubleClick component to access one of the individual pages of this website operated by the Controller, the internet browser on the data subject’s IT system will automatically be prompted by the DoubleClick component to submit data to Google for the purposes of online marketing and commission billing. As part of this technical process, Google receives data that it also uses to generate commission billing. Google is able to track, among other things, that the data subject has clicked on certain links on our website.
As explained above, the data subject can prevent the setting of cookies through our website at any time by means of an appropriate setting in the internet browser used, and may thus permanently object to the setting of cookies. Setting the internet browser in such a way would also prevent Google from setting a cookie on the data subject’s IT system. Cookies already set by Google can also be deleted at any time via the internet browser or other software programs.
You can opt out of personalised advertising on Google by means of a browser plugin at https://support.google.com/ads/answer/7395996?hl=deor disable it at https://adssettings.google.com.
New Relic is used to monitor the technical performance of the website. For example to see, if the site can be viewed and how quickly each page is displayed. In addition, New Relic collects data, such as system data on add-ons used, usage times, browsers used, hardware and software used (so-called "application data"). New Relic generates one or more cookies in your browser.
You may opt-out of the collection and storage of data for the purpose of web analytics at any time by deactivating cookies in your browser settings.