Person responsible
Zlatko Hamzic
Dorfstrasse 4
8041 Graz
Austria
Email: info@hayuko.at
Click here for our imprint.
General information:
We are committed to protecting your data and your privacy and take this requirement seriously.
also very seriously. We ask you to read through this privacy policy to find out more,
why we collect your data and how we process it. The processing
The processing of personal data of data subjects includes, for example, the collection, storage and use of personal data,
Connecting, transferring or deleting data.
The “data subject” is the person to whom the data can be assigned.
These people can be grouped into categories of affected persons and are referred to as
Website visitors, customers and former customers as well as other persons who are in contact with us.
Contact us. All designations of persons and functions used in this data protection information
are written in the masculine form are also to be used in the feminine form.
understand.
Data processing of visitors to our website:
When you visit our website, data is collected in order to improve our information offering and
The following data is collected, stored and analyzed to ensure system security:
IP address of the requesting computer, date and time of access, name and URL of the
retrieved file, amount of data transferred, message whether the retrieval was successful (HTTP
status code), identification data of the browser and operating system used, website from which
from which access is made.
The storage period of the collected data is: 6 months.
In this context, we would like to point out that the IP address is only analyzed in the case of
attacks on our network infrastructure.
In order to achieve the above-mentioned purposes, it may be necessary for us to disclose your data to the following recipients (service providers) based in Austria, and in some cases also in other countries within the EU:
IT service companies and their service providers in the context of maintenance, support of the
Information technology and communication systems
IT service company in the context of website hosting and as an Internet service provider
IT service provider for the technical implementation of the website
This disclosure may be made by transmission, dissemination or any other form of
Provision.
Google Maps:
We use Google Maps on our website to display our location and to provide directions. This is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
Through certification in accordance with the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active, Google guarantees that the data protection requirements of the EU are also complied with when processing data in the USA.
In order to enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.
If you call up the Google Maps component integrated into our website, Google stores a cookie on your end device via your Internet browser. Your user settings and data are processed in order to display our location and create directions. We cannot rule out the possibility that Google uses servers in the USA.
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.
This connection to Google enables Google to determine from which website your request has been sent and to which IP address the directions are to be sent.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. Details on this can be found above under “Cookies”.
In addition, the use of Google Maps and the information obtained via Google Maps is subject to the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=de and the Terms and Conditions for Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.
In addition, Google offers further information at https://adssettings.google.com/authenticated https://policies.google.com/privacy.
Google Fonts:
We use Google Fonts on our website to display external fonts. This is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
Through certification in accordance with the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active, Google guarantees that the data protection requirements of the EU are also complied with when processing data in the USA.
In order to enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization and economic operation of our website.
The connection to Google established when you access our website enables Google to determine from which website your request has been sent and to which IP address the display of the font is to be transmitted.
Google offers further information at https://adssettings.google.com/authenticated https://policies.google.com/privacy, in particular on the options for preventing the use of data.
Sample data protection declaration of the law firm Weiß & Partner
Cookies:
Cookies are used to recognize and store temporary data of the website visitor.
You can specify in your browser settings whether cookies may be set or not.
You can refuse the installation of cookies by selecting the appropriate settings on your browser.
However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent.
Data processing of subscribers to our newsletter:
If you register for our newsletter via our website, the following data will be collected
Data processed:
name, your e-mail address, the time of registration and your IP address.
We also store which newsletters we have sent you, whether and when you opened them
or blocked or marked as spam, whether they are temporarily or permanently unavailable.
whether you subscribe to or unsubscribe from the newsletter and which and how
many links you click on in the newsletters.
The processing of this data is dependent on the consent given when registering for our newsletter.
includes. If you do not wish to provide this information, please do not register for the
Newsletter.
Our newsletters are sent by IT service providers for automated processing.
Communication solutions (technical implementation) based in Austria, occasionally also in other countries.
countries within the EU as a service provider.
Our website uses MailPoet to send newsletters; the provider is Wysija SARL, 6 rue Dieudé, 13006, Marseille, France. MailPoet is a service that can be used to organize and analyze the sending of newsletters. The data transmitted by you for the purpose of subscribing to the newsletter is stored on our server, but sent via MailPoet’s servers so that MailPoet processes your newsletter-related data (MailPoet Sending Service). Details can be found at https://account.mailpoet.com/. With the help of MailPoet, we are able to analyze our newsletter campaigns, which allows us to see whether a newsletter message has been opened and which links have been clicked on, for example to determine which links have been accessed particularly often. We can also evaluate whether certain predefined actions were carried out after opening or clicking. For example, we can track whether you have placed an order after opening it. MailPoet also allows us to cluster the newsletter recipients according to various categories, such as age, gender and place of residence, in order to better adapt the newsletter to the respective target groups. If you do not wish to be analyzed by MailPoet, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.
Detailed information on the functions of MailPoet can be found at https://account.mailpoet.com/ and https://www.mailpoet.com/mailpoet-features/. MailPoet’s privacy policy can be found at: https://www.mailpoet.com/privacy-notice/.
Data processing of applicants Applicants are persons who contact us via the contact form. We process your personal data in order to be able to process various suggestions or concerns that are transmitted to us. (Art 6 para 1 lit a and f GDPR). If you do not wish to provide us with your data, we will not be able to process your requests and suggestions. In order to achieve the above-mentioned purposes, it may be necessary in some cases for us to disclose your data to the following recipients based in Austria, and in some cases also in other countries within the EU.
IT service companies and their service providers in the context of maintenance, support of the
Information technology and communication systems IT service provider for website hosting and as an Internet service provider IT service provider for the technical implementation of the website. This disclosure may be made by transmission, dissemination or any other form of provision.
Data processing when downloading and installing our app
When downloading the app provided by us from an app store (Google Play
Store or Apple App Store), certain information is sent to the respective app store.
transferred. These are in particular your registration data, user data, name, e-mail address. Push notifications when using our app are sent via Firebase Cloud Messaging (FCM). When using iOS, the notification is also sent via the Apple Push Notification Service (APN). In order for such notifications to be sent to your device, a non-personal ID is generated as a random character sequence for the app and processed in FCM – for iOS additionally in APN – and in the app’s push notification service. We need your permission for you to receive push notifications. To enable this function, we use the Expo service (https://expo.io/). To send these notifications, Expo uses a so-called Expo token, which is generated by your mobile device and contains information about the device type and the operating system used. Depending on the end device used, this information is transmitted to FCM or APM, which returns a so-called identifier. After deleting the app, the identifier is deleted. The Expo push notification service does not use or store the content of push notifications any longer than necessary to transmit them to Apple or Google. The response from Apple or Google, which only contains success or error data and not the content of the notification, is kept for a short time so that developers can find out whether their notifications were successfully sent to Apple or Google. Further information on data protection at Expo can be found at https://expo.dev/privacy.
You can stop receiving push messages at any time by deactivating the function in the
settings of your end device for the future
When participating in the scavenger hunt offered by us, you as a user will receive QR codes with
Timestamp assigned. If you purchase tickets, your name, your e-mail address, the name of the
purchase price paid and the payment information are stored.
Data retention periods:
We only store your data for as long as is necessary for the purposes for which we have collected your data. For reasons of documentation, we generally store requests and other correspondence for a period of 3 years.
Data processing of customers and contracting parties:
These are all persons who seek or enter into a contractual relationship with us.
We process your personal data either
– On the basis of your consent (Art 6 para 1 lit a GDPR), or
– for the performance of pre-contractual measures or for the performance of our contractual
Obligations (Art 6 (1) (b) GDPR) at the request of the data subject in the context of a customer relationship or to fulfill legal (statutory) obligations (Art 6 (1) (c) GDPR).
If the processing is based on your consent, you can revoke this at any time by sending an e-mail to datenschutz@hayuko.at.
In the case of customer relationships, we use your contact details to send you by post or e-mail
to send information about our range of services and invitations to events (Art. 6
para. 1 lit f GDPR). You have the right to object to this processing of your data for the purpose of direct advertising at any time without giving reasons by letter or e-mail to
datenschutz@hayuko.at. We will process your data for this purpose for as long as you do not
but only up to three years after termination of the contract. The processing of your
personal data for the purpose of direct advertising is necessary for the processing of our
contractual relationship is not required. In order to achieve the above-mentioned purposes, it may be necessary for us to disclose your data to the following recipients based in Austria, and in some cases also in other EU countries. This disclosure may be made by transmission, dissemination or any other form of provision.
IT service companies and their service providers in the context of maintenance, support of the
Information technology and communication systems IT service providers in the context of website hosting and as Internet service providers Companies tasked with the collection of unpaid debts (debt collection agencies, creditor protection associations) Courts and legal representatives (lawyers, notaries). You also have the option of registering with a customer account. If you do so, the following categories of data may also be processed: Orders, customer number, reviews.
We process this data for the purpose of storing your information in the customer account
including your ratings, if such ratings are made by you. The processing
This data is processed on the basis of your voluntary consent (Art. 6 para. 1 lit. a GDPR) or is justified by our overriding legitimate interest in the evaluation (Art. 6 para. 1 lit. F GDPR). You can revoke your consent to the storage of a customer account at any time, whereby the data processing carried out up to the point of revocation is justified. You are not obliged to register for a customer account, however, we cannot provide you with numerous additional services without a customer account.
Payment service provider:
We offer efficient and secure payment options and use payment service providers
this in accordance with Art. 6 para. 1 p. 1 lit. b. GDPR for contract fulfillment and processing
pre-contractual inquiries and with regard to our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f. GDPR.
The data processed by the payment service providers includes inventory data, such as name and e-mail address.
address as well as bank data such as account numbers or credit card numbers, passwords, TANs and
Checksums as well as the contract-, sum- and recipient-related information. The information is
required to carry out the transactions. The data entered – without which the
payment cannot be executed – but are only processed by the payment service providers.
processed and stored by them, so that we do not process any account or credit card-related data.
information, but only information with confirmation or negative information from the
Payment. Under certain circumstances, the data may be transferred by the payment service providers to
transmitted to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers. Payment transactions are subject to the terms and conditions and the data protection notices of the respective payment service providers, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and the assertion of rights of revocation, information and other rights of data subjects. The payment service provider we use is, among others, “Stripe”, payment processing is carried out via Stripe Payments Europe Ltd, 1 Grand Canal, Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process as well as the information about your order (name, address, account number, bank code, credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. B GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent that it is necessary for this purpose. Within the framework of the order processing relationship, Stripe will act exclusively in accordance with our instructions and has been contractually obliged to comply with the data protection regulations within the meaning of Art. 28 GDPR.
You can find more information on data protection from “Stripe” at https://stripe.com/de/privacy#translation.
The payment service provider we use is, among others, “PayPal”. If you choose to pay via PayPal, your personal data will be transferred to PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg as an online payment service provider.
payment service provider and trustee, whereby the aforementioned company in particular
also offers buyer protection services. In particular, the first name, surname, address, e-mail address
address, IP address or other data required for payment processing are transmitted. To process the payment, personal data directly related to the order (in particular invoice amount, taxes included, number of items, and
other billing information). The transmission of this data serves to confirm your
identity and the processing of the payment order. PayPal provides this data at most
affiliated companies and service providers or subcontractors, insofar as this is necessary for the
fulfillment of contractual obligations or the data is processed in accordance with the order. PayPal may also transmit the data provided by us to credit reference agencies, which serves to check identity and creditworthiness and is based on the
The result of the credit assessment, taking into account the statistical
The probability of non-payment determines the decision on the provision of the respective
payment method. The credit report may contain probability values which are based on a scientifically recognized mathematical-statistical procedure. The following link discloses which credit reporting agencies PayPal uses: https://www.paypal.com/de/webapps/mpp/ua/privacy-full#rAnnex
You have the option of revoking your consent to the processing of your personal data at any time vis-à-vis PayPal, but this will affect the legality of the processing carried out up to that point.
processing is not affected, however, provided that the data is used to process payments in accordance with the order.
must be processed, used or transmitted. PayPal’s privacy policy is available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
The payment service provider we use is, among others, “Klarna”. If you choose to pay via PayPal, your personal data will be transmitted to Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden as the online payment service provider. Klarna also offers additional services such as buyer protection or an identity and credit check.
By selecting this payment option, you consent to this transfer of data to Klarna. This includes, in particular, first name, surname, address, date of birth, gender, email address, IP address, telephone number, cell phone number and other data required to process the purchase. For example, bank details, card number, expiry date and CVC code, number of items, item number, data on goods and services, prices and tax charges, information on previous purchasing behavior or other information on your financial situation are mutually compared.
The transmission of the data is used in particular for identity verification, payment processing and
the prevention of fraud. This data can be used by Klarna for identity and credit checks.
in particular to credit reference agencies and transmitted to affiliated companies in
Klarna Group and to service providers or subcontractors if this is necessary to fulfill contractual obligations or if the data is to be processed on behalf of Klarna. Prior to the conclusion or processing of an order, Klarna collects and uses data and information about your previous payment behavior and probability values for your behavior in the future, whereby the relevant calculation is carried out on the basis of scientifically recognized mathematical-statistical methods. You can revoke your consent to Klarna to process your data at any time, but this does not affect data that must be processed or used for payment processing in accordance with the order.
You can view Klarna’s current privacy policy at
https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf abrufen.
Web analytics and marketing:
We use the Google Analytics tool to process data about your use of our online offering in order to adapt it to your interests in the best possible way.
This is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Purpose of processing: Google Analytics stores cookies in order to recognize you and subsequently create personalized user statistics about your website activities.
Legal basis for processing: Your data is processed on the basis of your consent (Art. 6 (1) (a) GDPR). If you consent to the processing of your data on our cookie banner, you agree that we may process your data to the extent described here. Recipient of the data: The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. The appropriate level of protection for the transfer results from standard contractual clauses in accordance with Art 46 GDPR. Further information on the standard contractual clauses and suitable or appropriate guarantees can be found at https://privacy.google.com/businesses/processorterms/.
Google acts as a processor for us and may only use the transmitted data for the purpose of processing your request.
of the specific orders and is contractually obligated to us to comply with the legal requirements.
data protection regulations.
Further information: You can prevent the storage of cookies by selecting the appropriate settings in your browser software. However, we would like to point out that in this case you may not be able to use all functions of the websites to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the websites (including your anonymized IP address) and from processing this data by Google by clicking on the following link
(http://tools.google.com/dlpage/gaoptout?hl=de) to download the available browser plugin and
install. Furthermore, we use the analysis tool Koko Analytics for our website to statistically evaluate visitor access, analyze usage behavior on the website and page views as well as page interactions. The provider is ibericode BV, Oosthavendijk 9, 4475AA Wilhelminadorp, The Netherlands (https://ibericode.com/).
Koko Analytics is an open-source (GPLv3) analytics plugin for WordPress that does not require any
personal data and does not transfer anything to external servers or third parties. Cookies that Koko Analytics uses to better recognize returning visitors are activated. Koko Analytics determines the browser and device used as well as the number of visitors and page views, displays a top list of the most frequently visited posts and records the sources of origin, i.e. which referring websites the visitors came from. The tool helps to make this website more user-friendly without tracking personal data or using external services, whereby storage only takes place on the server side. Our legitimate interest is that we need to know whether our site is being visited and whether the plugin is working properly.
We use this information to evaluate the use of our online offer in order to
to gain knowledge about the activities within our online offer and to provide further services associated with the use of this online offer and the use of the Internet.
provide. We are unable to create user profiles from the processed data, and
do not establish a personal reference. Our website also uses Borlabs cookie consent technology to obtain your consent to the storage of certain cookies in your browser and to document this in compliance with data protection regulations. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg. After accessing our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are recorded, whereby this data is not passed on to the provider of the Borlabs cookie.
The data collected will be stored until you delete the Borlabs cookie, request us to delete it or request us to delete it.
request or the purpose for data storage no longer applies. Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
Borlabs cookie consent technology is used in accordance with Art. 6 para. 1 p. 1 lit. c GDPR in order to obtain the legally required consent for the use of cookies. We use videos from the YouTube portal on our website, some of which can be played directly from our website. In principle, your IP address is already sent to YouTube (Google) when you access a page with embedded videos, in particular by playing the videos, and cookies are installed on your device.
In this context – over which we have no influence – the following data is collected
transmitted: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transmitted in each case, website from which the request originates, browser, operating system and its interface, language and version of the browser software, hardware used (PC, smartphone, etc.), location (if Google Maps is activated).
By visiting our website and playing the videos, YouTube (Google) receives the
information that you have accessed the corresponding subpage of our website. If you work with
Google, this data is assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. If you do not have a Google user account, YouTube (Google) also stores data as user profiles and uses these for the purposes of advertising, market research and the needs-based design of its website. Such an evaluation is also carried out in particular for users who are not logged in or for users without a corresponding account in order to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland https://policies.google.com/technologies/product-privacy?hl=de and https://www.google.de/intl/de/policies/privacy. The information collected by the cookies from this provider is generally transmitted to YouTube servers – some of which are located in the USA and some to the parent company Google Inc. The data is sent to and stored by Google with its registered office there, to other Google companies and to external Google partners, each of which may be located outside the European Union. In the case of the transfer of data to the USA, the data transfer is based on the existence of standard contractual clauses. The transfer of personal data by Google, in particular to third countries, is outside our area of responsibility and we cannot be held liable in this regard. We expressly point out that in this case of data transfer to third countries, the level of data protection in the third country may not have been determined by the EU Commission in accordance with Article 45 GDPR and that there are no suitable guarantees within the meaning of Article 46 GDPR. It is therefore possible that a level of data protection exists in the third country that is not equivalent to that in the GDPR. For example, data can be used for commercial interests in order to display specific advertising to users. Furthermore, YouTube (Google) also analyzes the content you share to determine which topics you are interested in, stores and processes confidential messages that you send directly to other users and can determine your location using geolocation data such as GPS or Galileo, information on wireless networks or your IP address in order to send you advertising or other content.
In the general settings of your Google account, there are options for restricting the processing of your data; for mobile devices (smartphones, tablets), you can restrict the processing of your data in the settings there.
Setting options for Google access to contact data and calendar data, photos,
Restrict location data, depending on the operating system used.
The WooCommerce open source store system is integrated as a plugin on our website. This is based on the WordPress content management system, which is a subsidiary of Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA). The implemented functions transfer data to Automattic Inc. sent, stored and processed. Below we inform you what data is involved, how the network uses this data and how you can manage or prevent data storage.
WooCommerce is an online store system that has been part of the WordPress directory since 2011 and was developed specifically for WordPress websites. It is a customizable, open-source eCommerce platform that is based on WordPress and has also been integrated into our website as a WordPress plugin.
This practical online store solution is used by us to offer you our physical or online store.
digital products or services on our website in the best possible way. The aim is to provide you with simple and easy access to our services so that you can
to your desired search results quickly and easily. With WooCommerce, we have found a good plugin that meets our requirements for an online store.
Information that you actively enter in a text field in our online store can be used by
WooCommerce or Automattic are collected and stored. So when you register with us or order a product, Automattic can collect, process and store this data. In addition to e-mail address, name or address, this may also include credit card or billing information. Automattic can subsequently use this information for its own marketing campaigns.
In addition, there is also information that Automattic automatically collects from you in so-called server log files: IP address, browser information, default language setting, date and time of web access. WooCommerce also sets cookies in your browser and uses technologies such as pixel tags (web beacons), for example to clearly identify you as a user and possibly offer interest-based advertising. WooCommerce uses a number of different cookies that are set depending on the user action. This means, for example, that when you place a product in the shopping cart, a cookie is set so that the product remains in the shopping cart when you leave our website and return at a later time. In particular, these are the following cookies that can be set by WooCommerce:
Name: woocommerce_items_in_cart
Value: 1
Purpose: The cookie helps WooCommerce to determine when the content in the shopping cart changes.
Expiration date: after the end of the session
Name: woocommerce_cart_hash
Wert: 447c84f810834056ab37cfe5ed27f204311178450-7
Purpose: This cookie is also used to recognize and save changes in the shopping cart.
Expiration date: after the end of the session
Name: wp_woocommerce_session_d9e29d251cf8a108a6482d9fe2ef34b6
Wert: 1146%7C%7C1589034207%7C%7C95f8053ce0cea135bbce671043e740311178450-4aa
Purpose: This cookie contains a unique identifier for you so that the shopping cart data can also be found in the database.
Expiration date: after 2 days
Unless there is a legal obligation to retain data for a longer period of time, WooCommerce will delete the data when it is no longer needed for the purposes for which it was stored. For example, server log files containing technical data about your browser and your IP address are deleted after 30 days. Until then, Automattic uses the data to analyze the traffic on its own websites (e.g. all WordPress sites) and to fix potential problems. The data is stored on Automattic’s American servers.
You have the right to access your personal data at any time and to object to its use and processing. You can also apply at any time to a state
supervisory authority to lodge a complaint. In your browser, you also have the option of individually managing, deleting or deactivating cookies. Please note, however, that deactivated or deleted cookies may have a negative impact on the functions of our WooCommerce online store. Depending on which browser you use, the management of cookies works slightly differently.
Automattic is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information about this at https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC.
You can find more details about the privacy policy and what data is collected by WooCommerce and how at https://automattic.com/privacy/ and general information about
WooCommerce at https://woocommerce.com/.
Contact details of the person responsible for data processing
HAYU – Zlatko Hamzic
Dorfstraße 4, 8041 Graz
Tel.: +43 6505403268
Customer service: info@hayuko.at
Data protection officer: datenschutz@hayuko.at
Rights of data subjects affected by the processing of their personal data As part of the information obligation stipulated by the GDPR, we explicitly point out the rights of data subjects affected by the processing of their personal data as follows:
Right to information:
Art. 15 of the GDPR stipulates that a data subject has the right to object to the
controller to obtain confirmation as to whether or not personal data concerning him or her are
be processed. If this is the case, the data subject has a right to information about the type
and content of the processing of personal data.
Right to rectification:
In Art. 16, the GDPR provides the data subject with the right to obtain from the controller
to demand the correction of incorrect personal data without delay.
Taking into account the purposes of the processing, the data subject shall have the right to obtain the
Completion of incomplete personal data – also by means of a supplementary declaration
Declaration – to demand.
Right to erasure:
Art. 17 GDPR gives the data subject the right to obtain from the controller the
demand that the personal data in question be deleted immediately. The
The controller is obliged to erase personal data without undue delay, provided that no
legitimate reasons to the contrary.
Right to restriction of processing:
Art. 18 GDPR grants the data subject the right to restriction of processing.
given. You have the right to request the controller to stop processing your data.
unless there are legitimate reasons for not doing so.
Right to data portability:
Art. 20 GDPR grants the data subject the right to data portability. The data subject shall have the right to obtain from the controller the personal data concerning him or her, which have been provided to the controller, in a structured, commonly used and machine-readable format. The data subject shall also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where there are no legitimate grounds for doing so.
Withdrawal of consent:
Art. 7 GDPR grants the data subject the right to withdraw consent, provided that consent has been given and the processing is not based on any other legal grounds.
Right to object:
In Art. 21 GDPR, the data subject is granted the right to object, provided that the
processing is not necessary for the performance of a task is not in the public interest and is not carried out in the exercise of official authority vested in the controller
transferred and is not necessary for the purposes of the legitimate interests pursued by the controller or
of a third party is necessary, unless the interests or fundamental rights and freedoms of the data subject
outweigh the interests of the data subject which require the protection of personal data, in particular
if the person concerned is a child.
Right to lodge a complaint with a supervisory authority:
In accordance with the information obligation under the GDPR, it is pointed out that the data subject whose data is processed by a controller has the right to lodge a complaint with the competent data protection authority.
Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
E-mail: dsb@dsb.gv.at