Privacy policy

We, circledm e.U., as “controller” within the meaning of the General Data Protection Regulation (GDPR) inform you in accordance with its provisions and the Austrian Data Protection Act (DSG), which data we collect, process, how we use it and what options you have as a customer or website visitor:

 

ACCESS DATA / SERVER LOGFILES

The provider (or his web space provider) collects data through accesses to the homepage (so-called server log files). The access data includes: name of the website visited, file, date and time of visit, transferred data volume, notification of successful visit, browser type and version, the user’s operating system, referrer URL (previously visited website), IP address and the requesting provider. The provider uses the log data only for statistical evaluations for the purpose of operation, security and optimization of the website. However, the provider reserves the right to subsequently review the log data if, based on concrete indications, unlawful use is assumed.

According to Art 6 (1) (f) GDPR, the legal basis shall be the legitimate interest to enable the error-free operation of this website by recording webserver logfiles.

We do not use automated decision-making / profiling procedures that have any legal effect on you or that might similarly affect you significantly.

 

STORING PERSONAL DATA

Personal data that you send us electronically via this website or by e-mail to the specified e-mail address, such as name, e-mail address, address, or other personal information in the context of transmitting a form or in the app, will only be passed along to our service technicians (1 & 1 IONOS SE) as a processor. They serve to carry out the outreach activities, the registration as well as the further care of relations with the customer. All data collected via the corresponding forms will be stored until your written request for deletion (at least 7 years). We will not disclose this data without your consent, unless this is necessary for the fulfillment of the contract or for the implementation of pre-contractual measures (Art 6 para 1 lit b and d GDPR). Without this data we cannot conclude the contract with you.

 

PROFILING / QR CODES

We use the QR code management solution “QR-Server” for business cards and information leaflets. Since we used the QR code analysis or tracking function of the so-called dynamic/changeable QR codes, access data is stored in databases which the user’s browser transmits when he scans and calls the QR code.
This data is used to perform an approximate determination of the location from which the scan was made (“geolocation”). The IP addresses of the users will be deleted or anonymized after the end of use. However, these data and the described evaluation do not allow any conclusions about the person of the user. A merge with other data sources will not be done. The processor is Foundata GmbH, data protection QR-server, Steinhäuserstraße 20, 76135 Karlsruhe. For more information about goQR.me see http://goqr.me/de/rechtliches/datenschutz-qrserver.html.

 

TLS ENCRYPTION WITH HTTPS

We use https to transmit data tap-proof on the Internet. By using TLS (Transport Layer Security), an encryption protocol for secure data transmission over the Internet, we can ensure the protection of confidential data. You recognize the use of this security of data transfer with the small lock symbol in the upper left corner of the browser and the use of the https scheme (instead of http) as part of our Internet address.

 

COOKIES

Our website uses HTTP-cookies to store user-specific data. A cookie is a short data package that is exchanged between the web browser and the web server, but which is completely meaningless to them and only becomes relevant for the web application, e.g. an online shop, for example the content of a virtual shopping basket.

There are two types of cookies: Initial supplier cookies are created by our website; third-party cookies are created by other websites (e.g. Google Analytics). There are three categories of cookies: strictly necessary cookies to ensure basic functionality of the website, functional cookies to ensure website performance and targeted cookies to enhance the user experience.

We use cookies to make our website more user-friendly. Some cookies remain stored on your device until you delete them. They allow us to recognize your browser on your next visit.

If you want to know which cookies have been saved in your browser, change cookie settings or delete cookies, you can find this in your browser settings. If you do not wish the storage of data in cookies, you can set up your browser to inform you about the placement of cookies and allow this only in individual cases. You can always delete cookies that are already on your computer or disable cookies. If you generally do not allow us to use cookies, viz. disable them by setting the browser, some features and pages may not work as expected.

 

GOOGLE ANALYTICS

On this webpage we use Google Analytics from Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to statistically analyze visitor data. Google Analytics uses targeted cookies. For more information about Terms of Use and Privacy, please visit http://www.google.com/analytics/terms/en.html.

The legal basis according to the GDPR is the improvement of our services and our web appearance. Since the privacy of our users is important to us, the user data is pseudonymized. Data processing takes place on the basis of the statutory provisions of § 96 (3) TKG and Art 6 (1) (a) GDPR (consent) and / or f (legitimate interest).

The browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js) allows site visitors to prevent Google Analytics from using their data.

You may prevent the collection by Google of the data generated by the cookie and related to your use of the website as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

By clicking on the deactivation link, you can prevent Google from recording further visits to this website. Attention: The deletion of cookies, the use of the incognito / private mode of your browser, or the use of another browser leads to data being collected again: Disable Google Analytics.

 

GOOGLE TAG MANAGER

Google Tag Manager manages website tags through a single interface, but without cookies and personal data processing. Google Tag Manager only triggers other tags, which in turn may collect data. For these respective third-party providers, appropriate explanations can be found in this privacy policy. Google Tag Manager does not use this data. If you have opted out from use of cookies, it will be honored for all tracking tags used by Google Tag Manager. Google may ask you for permission to share some product data (such as your account information) with other Google products to enable certain features. In addition, Google’s developer reviews product usage information from time to time to further optimize the product. However, Google will never share this type of data with other Google products without your consent. For more information, see the Google terms of service (Nutzungsrichtlinien) and Google privacy notices (Datenschutzhinweisen von Google) for this product.

 

Newsletter

By subscribing to our newsletter, you agree to the receipt and the procedures described.

  1. Content of the newsletter: We send newsletters, push messages and e-mails or other electronic notifications with information (hereinafter “newsletter”) only with the consent of the recipient or a legal permission.
  2. Double opt-in and logging: Registration for our newsletter is done in a double-opt-in procedure. This means you will receive an e-mail after logging in to ask for confirmation of your registration. This confirmation is necessary so that nobody can register with external e-mail addresses. Registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the logon data and the confirmation time, as well as the IP address. Likewise, changes to your data stored with MailChimp will be logged.
  3. Use of the email service provider “MailChimp”: We send newsletters, e-mails and other electronic notifications with information (hereinafter “newsletter”) only with the consent of the recipient or a legal permission. The newsletter is distributed via MailChimp, a newsletters distribution platform owned by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA. The e-mail addresses of our newsletter recipients, as well as other information described herein, are stored on the MailChimp servers in the USA. MailChimp uses this information to send and evaluate the newsletters on our behalf. Furthermore, MailChimp may, according to its own information, use this data to optimize or improve its own services, for example for the technical optimization and the presentation of newsletters or for economic purposes in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them or to pass data on to third parties. We rely on the IT and data security of MailChimp. MailChimp is certified under the US-EU privacy shield Privacy Shield and is committed to comply with the GDPR. Furthermore, we have concluded a Data-Processing-Agreement with MailChimp. This is a contract in which MailChimp commits to protecting our users’ privacy, processing it on our behalf in accordance with its privacy policy and, in particular, not disclosing it to third parties. You can view the privacy policy of MailChimp here (hier einsehen).
  4. Registration data: To subscribe to the newsletter, it is sufficient to provide your e-mail address.
  5. Statistical survey and analysis: The newsletters contain a so-called “web beacon”, i.e. a pixel file which is retrieved from the MailChimp server when the newsletter is opened. In the course of this, technical information, such as information about the browser and your system, as well as your IP address and time of the retrieval, are collected. This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our desire nor that of MailChimp to observe individual users. The evaluations serve to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
  6. Data Management: There are cases in which we direct the newsletter recipients to the MailChimp websites. For example, our newsletters contain a link that allows newsletter recipients to retrieve newsletters online (for example, in the event of problems with the e-mail program). Furthermore, newsletter recipients can correct their data, such as the e-mail address, at a later stage. Similarly, the privacy policy of MailChimp (Datenschutzerklärung) is only available on their homepage. In this context, we point out that on the websites of MailChimp cookies are used and thus personal data is processed by MailChimp, their partners and service providers used (for example, Google Analytics). We have no influence on this data collection. For more information, see the privacy policy (Datenschutzerklärung) of MailChimp.
  7. Termination / Revocation: You can cancel the receipt of our newsletter at any time, by revoking your consent. At the same time, your consent to receive our newsletter via MailChimp and the statistical analyzes expire. A separate revocation of the services regarding MailChimp or only the statistical evaluation is unfortunately not possible. A link to cancel the newsletter can be found at the end of each newsletter.
  8. Legal basis General Data Protection Regulation: In accordance with the requirements of the GDPR, we inform you that the consents to processing e-mail addresses are based on Art 6 (1) (a) GDPR. The use of the mail service provider MailChimp, carrying out the statistical surveys and analyzes as well as logging the registration process, are based on our legitimate interests in accordance with Art 6 (1) (f) GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of our users. We further point out that you may cancel the future processing of your personal data in accordance with the statutory requirements of Art 21 GDPR at any time.

 

SOCIAL MEDIA PRESENCE

We have accounts and appearances on websites of various social media: YouTube, Instagram, Xing, LinkedIn and Facebook. On the websites of these third-party providers, data may be collected, processed and used by these media. They also so carry out a data processing and are therefore another responsible person. We have no control over the amount of data that these third parties collect, process and use. Purpose and extent of the data collection as well as the further processing and use of this data can be taken from the data protection instructions of the respective third-party provider.

We also have no influence on comments from third parties on the websites of these providers. All data that you enter as a user on our social media appearances, such as pictures, videos, comments, links, likes, etc., are published by the operators of the respective social media platforms. We make sure that our social media sites are as privacy-compliant as possible and use the opportunities that the respective platform operator provides. We cannot or only to a small extent influence statistics, that the operators of the platforms create and make available.

Information on the processing of the data by the operators of the platforms can be found in the respective privacy statements:

You have the right to be informed about the data you have stored. This is solved differently for each platform operator:

• Usually you can correct the data yourself at any time in the profile settings of the respective platform. You have the right of deletion at any time; this is solved differently for each platform operator:

The right of restriction, data portability and opposition is also solved differently by each platform operator and has to be requested from the respective platform operator.

 

FACEBOOK-FANPAGES

The Facebook fan page can track through insights. Affected rights may be claimed against Facebook Ireland as well as us, but the primary responsibility in the sense of the GDPR for the processing of Insights data lies with Facebook and it fulfills all obligations in the sense of the GDPR with regard to the processing of Insights data; Facebook Ireland will provide the point of the Site Insights Supplement for the individuals concerned, and we as the operator will not make any decisions regarding the processing of Insights Data and any other information resulting from Art 13 GDPR, including legal basis, identity of the person responsible and storage period of Cookies on user terminals.

 

FACEBOOK-PIXEL

Details of the cookies used by Facebook and the data collected can be found in the detailed list in the Cookie Policy. The Facebook pixel captures these five types of data: Http-header, pixel-specific data (pixel-ID and Facebook-cookie), button-click-data, optional values, form-field-names (such as “email”, “address” and “quantity” to be filled in when purchasing a product or service). Information on the processing of the data by the operator of the platform can be found in the privacy policy.

 

CONTACT DETAILS

You can reach our contact person for privacy at datenschutz@circled7.com.

 

YOUR RIGHTS

According to the provisions of the GDPR and the DSG, you have the following rights in principle:

  • Rectification (Art. 16 GDPR)
  • Deletion (“Right to be forgotten”, Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Notification – Notification obligation regarding rectification or erasure of personal data or restriction of processing (Art. 19 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Not to be subject to a decision based solely on automated processing – including profiling – (Art. 22 GDPR)

If you have the opinion that the processing of your data violates data protection laws or your data protection claims have otherwise been violated in any way, you may complain to the supervisory authority, which is the data protection authority in Austria whose website you can find under https://www.dsb.gv.at/.