Data is processed on the basis of the provisions of § 96 (3) TKG and Article 6 paragraph 1 (a) (consent) and/or (b) (processing is necessary for the performance of a contract) and/or (f) (legitimate interest) of the GDPR. If we engage a third party to process data under a so-called “contract processing” agreement, this is done in accordance with Article 28 GDPR.
If within the framework of our data processing activities we disclose or transfer data to other natural persons and enterprises (processors or third parties) or otherwise grant them access to the data, this is done solely on the basis of legal consent (e.g. if it is necessary to transfer data to third parties, for example, to a payment services provider, for the performance of a contract), your consent, a legal obligation, or on the basis of our legitimate interest (e.g. the use of web hosts or web analysis services).
Contact with Us
If you contact us using the form on the website or by e-mail, the data you provide will be stored by us for the purpose of processing your enquiry and in case you have any follow-up questions until you revoke this consent. This also includes data that you enter (e-mail address) when using our comments function. We will not pass on this data without your consent.
Storage of Data
On the grounds of our legitimate interest we collect data about each access to the server on which this service is hosted (server logfiles). Such access data includes, inter alia, the name of the website that was visited, file, date and time of access, the volume of data transferred, IP address and the requesting provider.
For security reasons (e.g. to prevent and identify misuse or fraud) logfiles will be stored for a maximum period of 90 days after which they will be deleted.
In the case of donations, we also store the e-mail address of the donor, the amount of the donation and the transaction ID. In the case of purchases, we also store the name and the address of the buyer.
At no time are credit card details stored on our server or cached; they are processed directly by our payment services provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. The data you provide is required for the performance of the contract or to carry out precontractual measures. Without this data we are unable to conclude the contract with you.
Furthermore, in the case of donations we will store the following data of the donor on an explicitly voluntary basis: The name of the donor, country and where appropriate region/city.
After the purchase or donation process is abandoned the data we have stored will be deleted. If a contract is concluded, the data from the contractual relationship will be stored by us until the end of the retention period under tax law (7 years).
When logging your interactions with this website for statistical purposes using Google Analytics, your IP address is anonymized. This means your IP address will be truncated within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Consequently, only general geo-localisation is possible. Only in exceptional cases will the complete IP address be communicated to a Google server in the USA and truncated there. Google will use this information on our behalf to analyse your use of our website, to compile reports about website activities and to provide further services to the website provider relating to website and Internet use. The IP address communicated by your browser within the context of Google Analytics is not combined with other data by Google.
Cookies are small text files that are stored on a visitor’s computer by the website to ensure basic website functions or to make the website more user-friendly.
You may prevent Google from collecting the data generated by the cookie and relating to your use of the website and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout
If you disable cookies, you may not be able to use the full functionality and certain pages of the website.
Social Media Plug-ins
Our websites integrate social media plug-ins to recommend and to share content via social network channels, such as Facebook or Twitter. Data is only transferred to third parties if the user clicks on one of the icons shown in the social media icon bar. We can neither control nor access cookies set by Facebook, Twitter etc.
To create and send newsletters we use the MailChimp service of The Rocket Science Group, LLC 675 Ponce de Leon Ave, NE Suite 5000 Atlanta, GA 30308, USA. You have the option of subscribing to our newsletter when you visit our website. At no time is your e-mail address that is required for this purpose stored on our server or cached but is directly imported by MailChimp. We currently work with a “double opt-in” procedure, i.e. you have to click on a link in the confirmation e-mail to ensure that you are actually registered.
You may cancel your subscription to the newsletter at any time by clicking on Unsubscribe in the footer of the newsletter. Alternatively, you can unsubscribe by sending an e-mail to: firstname.lastname@example.org. We will then promptly delete your data from our mailing list.
We are constantly trying to improve the availability and quality of our service. To this end, we use a third-party service provider to collect information about any anomalies such as bugs and outages during your visit to our website. The collected information is retained up to 90 days and may include, without limitation, IP addresses, browser agents, as well as browser and operating system identifiers. The information is processed by Functional Software, Inc. dba Sentry, 132 Hawthorne Street, San Francisco, CA 94107, USA. We have concluded a data processing contract with Sentry.
Data Transfer to Third Countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the course of engaging the services of a third party or of disclosing or transferring data to a third party, this is done solely for the purpose of fulfilling our (pre)contractual obligations on the basis of your consent, a legal obligation or our legitimate interest. Subject to statutory or contractual consent, we process data or have it processed in a third country only if the specific requirements of Article 44 ff. GDPR are met. This means that processing takes place on the basis of specific guarantees, such as official recognition that a third country offers an adequate level of data protection (e.g. for the USA by the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active) or complies with specific contractual obligations (so-called “standard contractual clauses”).
You have a fundamental right to information, access to and rectification or erasure of personal data, the right to data portability, the right to object and the right to withdraw consent. If you consider that the processing of your data breaches data protection laws or your rights under data protection law have been infringed in any other way, you may lodge a complaint with the supervisory authority. In Austria this is the Data Protection Authority.