EU data protection basic regulation (DSGVO)

The provisions of the DSGVO and the Austrian Data Protection Act (DSG) in the version of the Data Protection Adaptation Act 2018 shall apply from 25.5.2018. In compliance with the European Directive 95/46/EC of 24. October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, we hereby inform you that we shall treat the personal data supplied by you confidentially and with the utmost human care and technical security and that we shall store and process such data exclusively in the company’s own server environment of Supanz GmbH with its registered office in 9074 Keutschach am See, Reauz 9a (Austria).

The protection of your data is very important to us.

Customer satisfaction is our top priority. For us, this naturally includes the secure handling of your data and the protection of your privacy.

With the following information we give you an overview of the processing of your personal data by us and your rights from data protection. Which data is processed in detail and how it is used depends largely on the services and products (software licenses) applied for or agreed upon. In addition, we use personal data for customer service and marketing purposes. Specifically, personal data is used to fulfill and process the preparation of offers, the processing of orders and for storage on the basis of legal obligations to provide evidence.

Who is responsible for data processing and whom can you contact?

If you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data as well as revocation of any consents granted or objection to a specific use of data, please contact Supanz GmbH (also referred to in the text as “SUPANZ”):

Supanz GmbH

Reauz 9a

A-9074 Keutschach/See

Austria

Phone: +43 463 281 173

e-mail: office@supanz.org

Bernhard Supanz – Data protection officer

Technical and organisational measures taken

The website, the underlying systems hosted by us and the facilities necessary for its operation are protected by technical and organisational measures against loss, destruction, access, modification or processing of the information by unauthorised persons. We make every effort to secure our systems in the best possible way and subject them to strict control mechanisms such as access, entry and access controls. Our employees always process personal data in accordance with the provisions of the European Data Protection Basic Regulation (DSGVO) and the Data Protection Act (DSG).

What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European Data Protection Basic Regulation (DSGVO) and the Data Protection Act (DSG):

  1. For the fulfilment of contractual obligations

(Art. 6  para. 1 b DSGVO)

 

The processing of data is carried out to provide banking transactions and services within the scope of the execution of our contracts with our customers or to carry out pre-contractual measures which are carried out on request (e.g. by interested parties). The purposes of data processing are primarily based on the specific product or service (e.g. consulting, support, obtaining licenses) and may include, among other things, needs analyses, consulting and the execution of transactions. Further details on data processing purposes can be found in the relevant contractual documents and terms and conditions.

  1. Within the scope of the balancing of interests

(Art. 6 para. 1 f DSGVO)

As far as necessary, we process your data beyond the actual fulfilment of the contract in order to protect the legitimate interests of us or third parties. Examples:

  • Examination and optimisation of procedures for the analysis of requirements for the purpose of direct customer contact,
  • advertising or market and opinion research, unless you have objected to the use of your data,
  • Assertion of legal claims and defence in legal disputes,
  • Ensuring IT security and IT operation,
  • Prevention and investigation of criminal offences,
  • Measures for building and plant safety (e.g. access controls),
  • Measures to secure the right to the house,
  • Measures for business management and further development of services and products
  1. Based on your consent (Art. 6 para. 1 a DSGVO)

 

If you have given us permission to process personal data for specific purposes (e.g. evaluation of your data on the website for marketing purposes such as “success stories”, customer opinions|references or subscribing to the newsletter), the legality of this processing is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent that were issued to us prior to the validity of the DSGVO, i.e. before 25 May 2018. The revocation of consent does not affect the legality of the data processed until revocation.

  1. On the basis of legal requirements (Art. 6 para. 1 c DSGVO) or in the public interest (Art. 6 para. 1 e DSGVO)

Furthermore, as a company we are subject to various legal obligations, i.e. legal requirements (e.g. German Banking Act, Money Laundering Act, tax laws). The purposes of processing include, among other things, credit assessment, identity verification, fraud and money laundering prevention, compliance with fiscal control and reporting obligations, and the assessment and control of risks of Supanz GmbH.

Who gets your data?

Within Supanz GmbH, access to your data is granted to those entities that need it to fulfill our contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for these purposes, provided that they comply with the DSG and DSGVO and have undertaken to maintain secrecy and confidentiality. These are companies in the categories IT services, logistics, printing services, telecommunications, debt collection, consulting and advisory services as well as sales and marketing. With regard to the passing on of data to recipients outside our company, it should first be noted that we as IT service providers are obliged to maintain secrecy and confidentiality with regard to all customer-related facts and assessments of which we become aware. We may only pass on information about you if required by law, if you have given your consent or if we are authorised or obliged to provide information. Under these conditions, recipients of personal data may be, for example

  • Public bodies and institutions (e.g. tax authorities, criminal prosecution authorities) if there is a legal or official obligation to do so.
  • Other credit and financial service institutions or comparable institutions to which we transfer personal data in order to carry out the business relationship with you (depending on the contract, e.g. transfers in connection with invoices)
  • Other data recipients may be those entities for which you have given us your consent to the transfer of data or for which you have released us from the obligation of secrecy in accordance with the agreement or consent. (For example, these could be our business partners SAP worldwide and Neptune Software based in Norway or Germany).

Is data transferred to a third country or to an international organisation?

 

Data is transferred to bodies in countries outside the European Economic Area (so-called third countries) if

– it is necessary to execute your orders (e.g. payment and securities orders),

– it is required by law (e.g. tax reporting obligations) or

– you have given us your consent. (For example, this could be our business partners SAP worldwide and Neptune Software based in Norway and Germany respectively).

How long will your data be stored?

We process and store your personal data for as long as it is necessary to fulfil our contractual and legal obligations. It should be noted that our business relationship is designed to last for years.

If the data is no longer necessary for the fulfilment of contractual or legal obligations, it will be regularly deleted, unless its – temporary – further processing is necessary for the following purposes:

  • Fulfilment of commercial and tax law retention obligations:

These include the Austrian Enterprise Code (UGB), the Federal Fiscal Code (BAO), the E-Money Act 2010 (E-Money Act_2010), the Money Laundering and Terrorist Financing Risk Regulation 2016 (GTV). The periods of retention or documentation stipulated therein range from two to ten years.

  • Preservation of evidence within the scope of the statutory limitation regulations. According to §§ 933 et seq. of the German Civil Code (BGB), these periods of limitation can be up to 30 years, whereby the regular period of limitation is 3 years.

 

What data protection rights do you have?

According to the applicable data protection law and the data protection regulation, every person concerned has

– the right to information in accordance with Article 15 of the DSGVO (free of charge at reasonable intervals, approximately once a year)

– the right of rectification under Article 16 DSGVO,

– the right to deletion in accordance with Article 17 DSGVO (insofar as this is legally permissible, as we too have a duty of proof to the legislator

(e.g. tax office, social insurance agencies, law enforcement agencies),

– the right to restrict processing under Article 18 DSGVO,

– the right of objection under Article 21 DSGVO and

– the right to data transferability from Article 20 DSGVO.

The right to information and the right of deletion are subject to the restrictions set out in Article 5, Section 5, § 26 and § 27 of the DSG 2000. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 DSGVO in conjunction with Article 31 DSG).

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent granted to us prior to the validity of the Basic Data Protection Regulation, i.e. prior to 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

To what extent is there automated decision making?

As a matter of principle, we do not use fully automated automatic decision making in accordance with Article 22 DSGVO to establish and carry out the business relationship. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.

Does profiling take place?

We do not process any of your data automatically with the aim of evaluating certain personal aspects (profiling). We therefore generally do not use profiling.

Information about your right of objection according to Article 21 of the Basic Data Protection Regulation (DSGVO)

  1. right of objection on a case-by-case basis

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 paragraph 1 letter e) DPA (data processing in the public interest) and Article 6 paragraph 1 letter f) DPA (data processing based on a balancing of interests), including profiling within the meaning of Article 4 No. 4 DPA, based on this provision. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

  1. the right to object to the processing of data for direct marketing purposes

In individual cases, we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such direct marketing;. If you object to the processing for direct marketing purposes, we will no longer process your personal data for those purposes. The objection may be made without any formality and should be addressed, if possible, to:

Supanz GmbH

Reauz 9a

A-9074 Keutschach/Lake

Austria

Phone: +43 463 281 173

e-mail: office@supanz.org

Bernhard Supanz – Data protection officer

Newsletter

In order to be able to use the information offered by SUPANZ via e-mail (newsletter), we need your first name, last name and e-mail address. When disclosing these data, the consent of the recipient and confirmation of the e-mail address are also required. This procedure is called Double-Opt-In and is intended to ensure that no unwanted advertising mail is received.

The data provided will be used exclusively for our own advertising purposes and will not be passed on to third parties. There is always the possibility of revocation and thus unsubscription from the newsletter. In addition, there is always the possibility to unsubscribe from the newsletter for the future via a specially provided unsubscribe link at the end of each newsletter.

Website

This website is encrypted with an SSL certificate. A well-functioning SSL encryption is characterized by the fact that the data sent is absolutely secure. The content of sent messages only goes over the net encrypted. In addition, effective algorithms check the data for completeness and status before it reaches the recipient. A connection secured in this way via the HTTPS protocol can be recognized.

Cookies

By confirming the information bar on the homepage by clicking “OK”, the user agrees to the use of cookies. Cookies are small text files that enable the user to be recognised and are necessary for the use of the website in its full functional scope. These cookies are stored by SUPANZ for about 8 weeks. However, no personal data such as your name or address will be stored. You cannot therefore be personally identified by means of cookies. Most internet browsers offer the possibility to restrict the use of cookies or to reject them in general and to delete them at any time.  We would like to point out that if cookies are deactivated, it is not possible to use our site to its full extent.

 

Google Analytics

This website uses Google (Universal) Analytics, a web analysis service of Google Inc. (www.google.de). Google (Universal) Analytics uses methods that enable an analysis of your use of the website, such as so-called “cookies”, text files that are stored on your computer. The information generated about your use of this website is usually transferred to a Google server in the USA and stored there. By activating IP anonymisation on this website, the IP address is shortened before transmission within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The anonymised IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data.

You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plugin, you can click this link to prevent Google Analytics from recording data on this website in the future. In doing so, an opt-out cookie will be stored on your end device. If you delete your cookies, you have to click the link again.

Plug-ins

Our website contains programs (plug-ins) from the social networks YouTube, Twitter, LinkedIn, Xing, Facebook and Google+, in order to offer the voluntary possibility to share or view interesting information. When you visit our website, direct connections are created between your browser and the servers of the specified providers. Through this, information from your visit is transmitted to the above-mentioned service providers. If you wish to prevent such data transmission, you must log out of your accounts before visiting our website.

YouTube

Our website displays videos, mostly self-made tutorials and product descriptions, via the video platform (“YouTube Videos”) of the video service YouTubes, which is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA (“YouTube”). The plug-ins are marked with a YouTube logo, for example in the form of a white triangle (play button) on a red background. An overview of the YouTube plugins and their appearance can be found here: https://developers.google.com/youtube/

If you call up a page of our website that contains such a plugin, your browser will establish a direct connection to the servers of YouTube. The content of the plugin is transmitted from YouTube directly to your browser and integrated into the page. Through the integration, YouTube receives the information that your browser has called up the corresponding page of our website, even if you do not have a profile on YouTube or are not currently logged in to YouTube. This information (including your IP address) is transmitted by your browser directly to a YouTube server in the USA and stored there.

If you are logged in to YouTube, YouTube is able to associate your visit to our website directly with your YouTube account. If you interact with the plugins, for example by clicking the “YouTube” button, the corresponding information is also transmitted directly to a YouTube server and stored there. The information is also published to your YouTube account and displayed to your contacts.

The purpose and scope of data collection and the further processing and use of the data by YouTube, as well as your rights and settings options for protecting your privacy, can be found in YouTube’s data protection information: https://www.google.de/intl/de/policies/privacy/. If you do not want YouTube to associate the data collected via our website directly with your YouTube account, you must log out of YouTube before visiting our website. You can also completely prevent the loading of YouTube plugins with add-ons for your browser, e.g. with the script blocker “NoScript” http://noscript.net/

Twitter

On our website, so-called social plugins (“Plugins”) of the microblogging service Twitter are used, which is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). The plugins are marked with a Twitter logo, for example in the form of a blue “Twitter bird”. An overview of the Twitter plugins and their appearance can be found here: https://twitter.com/about/resources/buttons

If you call up a page of our website that contains such a plugin, your browser will establish a direct connection to the servers of Twitter. The content of the plugin is transmitted by Twitter directly to your browser and integrated into the page. Through the integration, Twitter receives the information that your browser has called up the corresponding page of our website, even if you do not have a Twitter profile or are not currently logged in to Twitter. This information (including your IP address) is transmitted by your browser directly to a Twitter server in the USA and stored there.

If you are logged in to Twitter, Twitter can directly assign your visit to our website to your Twitter account. If you interact with the plugins, for example by clicking the “Twitter” button, the corresponding information is also transmitted directly to a Twitter server and stored there. The information is also published on your Twitter account and displayed to your contacts.

For the purpose and scope of data collection and the further processing and use of the data by Twitter as well as your rights and settings options to protect your privacy, please refer to the Twitter data protection information: https://twitter.com/privacy

If you do not want Twitter to associate the data collected via our website directly with your Twitter account, you must log out of Twitter before visiting our website. You can also completely prevent the loading of the Twitter plugins with add-ons for your browser, e.g. with the script blocker “NoScript” http://noscript.net/.

LinkedIn

Our website uses social plugins (“Plugins”) from the LinkedIn social network, operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The Plugins are marked with a LinkedIn logo, for example, in the form of two white letters “in” on a blue background. An overview of the LinkedIn plugins and their appearance can be found here: https://developer.linkedin.com/plugins.

If you visit a page of our website that contains such a plugin, your browser will establish a direct connection to the LinkedIn servers. The content of the plugin is transmitted by LinkedIn directly to your browser and integrated into the page. Through the integration LinkedIn receives the information that your browser has called up the corresponding page of our website, even if you do not have a profile with LinkedIn or are not currently logged in with LinkedIn. This information (including your IP address) is transmitted by your browser directly to a LinkedIn server in Ireland and stored there.

If you are logged in to LinkedIn, LinkedIn is able to associate your visit to our site with your LinkedIn account. When you interact with the plugins, for example by clicking the “LinkedIn” button, the information is also sent directly to a LinkedIn server and stored there. The information is also published on your LinkedIn account and displayed to your contacts.

The purpose and scope of data collection and the further processing and use of the data by LinkedIn, as well as your rights and settings options to protect your privacy, can be found in the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

If you do not want LinkedIn to associate the information collected through our website directly with your LinkedIn account, you must log out of LinkedIn before visiting our website. You can also completely prevent LinkedIn plugins from loading by using add-ons for your browser, such as the script blocker “NoScript” http://noscript.net/.

Xing

Our website uses so-called social plugins (“plugins”) from the social network Xing, which is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (“Xing”). The plugins are marked with a Xing logo, for example in the form of the white letter “X” on a turquoise background. An overview of the LinkedIn plugins and their appearance can be found here: https://dev.xing.com/plugins.

If you visit a page of our website that contains such a plugin, your browser will establish a direct connection to the Xing servers. The content of the plugin is transmitted by Xing directly to your browser and integrated into the page. Through the integration, Xing receives the information that your browser has called up the corresponding page of our website, even if you do not have a profile with Xing or are not currently logged on to Xing. This information (including your IP address) is transmitted by your browser directly to a Xing server in Germany and stored there.

If you are logged in to Xing, Xing can directly assign your visit to our website to your Xing account. If you interact with the plugins, for example by clicking the “Xing” button, the corresponding information is also transmitted directly to a Xing server and stored there. The information is also published on your Xing account and displayed to your contacts.

For the purpose and scope of data collection and the further processing and use of the data by Xing, as well as your rights and possible settings to protect your privacy, please see the Xing data protection information: https://www.xing.com/privacy. If you do not want Xing to assign the data collected via our website directly to your Xing account, you must log out of LinkedIn before visiting our website. You can also completely prevent the Xing plugins from loading with add-ons for your browser, e.g. with the script blocker “NoScript” http://noscript.net/

Facebook

Our website uses so-called social plugins (“plugins”) of the social network Facebook, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are marked with a Facebook logo or the addition “Social Plug-in from Facebook” or “Facebook Social Plugin”. An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins

When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plugins, for example by clicking the “Like” button or submitting a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.

For the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your rights and settings options for protecting your privacy, please refer to the Facebook data protection information: http://www.facebook.com/policy.php

If you do not want Facebook to assign the data collected via our website directly to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the loading of the Facebook plugins with add-ons for your browser, e.g. with the “Facebook Blocker” http://webgraph.com/resources/facebookblocker/

Google+

Our website uses so-called social plugins (“Plugins”) of the social network Google+, which is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The Plugins can be recognized by buttons with the character “+1” on a white or colored background. An overview of the Google plugins and their appearance can be found here: https://developers.google.com/+/plugins

If you call up a page of our website that contains such a plugin, your browser will establish a direct connection to the servers of Google. The content of the plugin is transmitted by Google directly to your browser and integrated into the page. Through the integration, Google receives the information that your browser has called up the corresponding page of our website, even if you do not have a profile on Google+ or are not currently logged in on Google+. This information (including your IP address) is transmitted by your browser directly to a Google server in the USA and stored there.

If you are logged in at Google+, Google can assign the visit of our website directly to your Google+ profile. If you interact with the plugins, for example by pressing the “+1” button, the corresponding information is also transmitted directly to a Google server and stored there. The information is also published on Google+ and displayed to your contacts.

The purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights and settings options to protect your privacy, can be found in Google’s privacy policy: http://www.google.com/intl/de/+/policy/+1button.html If you do not want Google to associate the data collected via our website directly with your profile on Google+, you must log out of Google+ before visiting our website. You can also completely prevent the Google plugins from loading with add-ons for your browser, e.g. with the script blocker “NoScript” http://noscript.net/.

Download als PDF: Datenschutzrichtlinien Supanz GmbH