Schönbrunner Street 231
1120 Vienna, Austria
Company register: FN 529675i, Commercial Court of Vienna
Contact details of the data protection officer: DataCo GmbH, Dachauer Street 65, 80335 Munich, Germany, +49 89 7400 45840, www.dataguard.de
The term “personal data” is defined by the GDPR as any information relating to an identified or identifiable natural person (“data subject”). Personal data is any data that allows you to be identified or that can be linked to you.
Scope of the processing of personal data
As a matter of principle, we process personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services. The processing of personal data of our users is carried out with the consent of the user, unless exceptions provided by the law apply.
Legal basis for the processing of personal data I
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) p. 1 lit. a GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) sentence 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Article 6 (1) sentence 1 lit. d GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) p. 1 lit. f GDPR serves as the legal basis for the processing.
Data erasure and storage period
The personal data of the data subject will be deleted as soon as the purpose of storage ceases to apply. Storage may take place beyond this if this is required by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
We exclusively use our own JENTIS first-party cookies, which allow JENTIS to retain full control over the data collected, processed on the JENTIS server and owned by JENTIS. We may set two types of cookies:
Essential cookies: These are cookies that we set automatically, when you visit our Website. We currently set a cookie as part of our Consent Management Platform (CMP) to ensure that when you return to our Website, we know which cookie option you selected on your previous visit. This enables us to fulfill our legal obligation to document your consent. Furthermore, we use first-party cookies to collect non-personally identifiable aggregate statistics about your visit. By storing a randomly generated Client ID and Session ID on your device, we enable our JENTIS Data Capture Platform (DCP) to capture a limited amount of data strictly necessary to measure the audience, website usage and performance of our Website, modify this data to remove any identifiers and / or pseudonymise it, and only then forward the de-personalised data to a connected analytics tool (Google Analytics, provided by Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA)
In doing so, we receive the following aggregated statistical reports:
This allows us to resolve navigation and performance issues, which is necessary for the proper functioning and day-to-day administration of the Website.
If you consent to our first-party cookies via the CMP banner, we may use these cookies for more detailed personal and non-personal data analysis, e.g. with regard to the effectiveness of marketing campaigns, and track the users’ interaction with the Website to optimise the Website’s content. All personal data is processed on the JENTIS Twin Server (proxy server). You are free to reject our Analytics cookies – either via the CMP banner you will see on the first page you visit or by preventing the setting of cookies by our Website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using a common Internet browser or other software programs. However, if you deactivate the setting of any cookies, it may not be possible to use all the functions of our Website to their full extent. If you do not make a selection in the CMP banner, only essential cookies will be set and the banner will be displayed again each time you visit our Website.
Scope of data processing
The Website is hosted on servers by a service provider commissioned by us. Our service provider is: easyname GmbH, Canettistraße 5/10 , 1100 Vienna, Austria. The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the Website.
The information stored is:
This data is not merged with other data sources.
Legal basis for data processing
The collection of this data is based on our legitimate interests pursuant to Art. 6 (1) (f) GDPR in the technically error-free presentation and optimisation of the Website - for this purpose, the server log files must be collected. The location of the Website's server is geographically in the European Union (EU) or the European Economic Area (EEA).
Right to object and erasure
You can object at any time to this processing of this personal data or request its erasure by sending us an informal email here (see 10.). However, this could impede the correct functioning of our Website.
3.2 Website analytics
With respect for the privacy of our Website visitors as well as data protection requirements, we have limited the purpose of data processing via our JENTIS DCP to aggregated audience measurement and statistical analyses by:
For this purpose, we will automatically collect the following personal data about you during your visit to our Website:
We do not draw any conclusions about individual visitors to the Website. Via the JENTIS DCP, we are able to modify the captured personal data and have full control over the purpose of data processing. We apply a de-identification mechanism on our JENTIS Twin Server that automatically shortens IP addresses, making it impossible to identify a specific European visitor by IP address alone. Furthermore, we pseudonymise all other personal data, so it cannot be attributed to an identified or identifiable individual by the third-party provider of the analytics tool, even if cross-checked with other information. As a result, we are able to apply supplementary measures for the protection of your personal data and minimise the scope of data processing to de-identified strictly necessary data for the proper functioning and day-to-day administration operations of the Website.
Drawing on these safeguards and after careful assessment, we process this data on the basis of our legitimate interest to optimise the Website’s security and usability for our visitors. (Art. 6 (1) (f) GDPR). If you give us your voluntary and explicit consent (Art.6 (1) (a) GDPR) via the CMP banner, your personal data would further be processed for the measurement of our marketing campaigns’ effectiveness, i.e. the total number of users who responded to our advertisement, again without being transferred to the tool provider. All data in the server log files is stored separately from any personal data of the website visitor. As a result, your personal data remains in the EU and is not transferred to any third country.
Right to object, revocation of consent and erasure
You may object to the data processing, based on our legitimate interest, and you may freely revoke consent or request the erasure of your data at any time by simply sending us an email (see 10.).
3.3 Contact possibility via the Website
This Website contains information that enables a quick electronic contact, as well as direct communication with us, which also includes a general email address. If a data subject contacts us via email or a contact form, the personal data transmitted as the result are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data Controller is stored for the purpose of contacting the data subject. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6. (1)(f) GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (a) GDPR.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified. The user has the possibility to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. Data subjects can communicate their revocation of consent and objection to storage at any time here (see 10.). All personal data stored in the course of contacting us will be deleted in this case.
4.1 Event management
We use Eventjet, a service provided by Datascroll Eventsupport GmbH for managing the registrations for the Heroes of Data & Privacy event (“Event”). Contact details of Datascroll Eventsupport GmbH are Eggerthgasse 9 1060 Wien Austria, URL: https://about.eventjet.at/. To register for the Event, you must purchase a ticket or redeem a voucher code via Eventjet. You will be redirected from our Website to the Eventjet plattform. . To execute your order, Eventjet will process various data from you. Detailed information on how Eventjet processes your personal data necessary for the registration process, can be found here: https://about.eventjet.at/datenschutz/
We may have access to the following personal data:
4.2 Photo and video recordings
We will photo, audio and video record the Event and/or broadcast it through web streaming. This is done with the purpose to document the Event and inform the general public about our activities. The publication of the recordings might be on a publicly available website and / or be shared via social media channels. In the course of the Event, automation-supported, personal photographs and video recordings serve this documentation and information purpose. The processing of the photo and video material is based on our legitimate interest within the meaning of Art. 6 (1) (f) GDPR to document its activities and to report on them in a transparent manner. There is neither a contractual nor a legal obligation to process this data; failure to provide the data will have no consequences. We take care to ensure that production of image and video material does not unduly interfere with the rights and freedoms of natural persons.
The wish not to be depicted in photographs or video recordings shall be respected, especially in the case of individual recordings. You have the right to object to this data processing on grounds relating to your person. To exercise this right, please send us your justified objection, if possible mentioning the Event, here (see 10.).
The storage period is limited to its purpose. Image and video material is generally deleted at the end of the second calendar year after it was taken. Deletion on websites or social media platforms shall take place within the scope of technical possibilities.
After careful selection, the image and video material will be transmitted to the following categories of recipients or published in the following media:
4.3 Streaming of the Event
We may stream the Event for the purpose of reaching people who cannot directly attend the Event, especially due to the ongoing COVID-19 pandemic. As part of the live stream of the Event, only the stage area is filmed and the associated videos and sound recordings are processed. The processing of the video material is based on the legitimate interest within the meaning of Art. 6 (1) (f) GDPR of the data Controller to reach a larger group of people via livestreams despite the COVID-19 pandemic. You have the right to object to this data processing on grounds relating to your person. To exercise this right, please send us address your justified objection, if possible mentioning the Event, here (see 10.). The data will only be streamed for the duration of the livestream.
The livestream is provided via common streaming platforms.
4.4 Business (non-personal) data tracking
The data collected with this technology is encrypted via a non-reversible one-way function (so-called hashing). The data is immediately pseudonymised and is not used to personally identify the visitor to this website. The data stored as part of SalesViewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. You can object to the collection and storage of data at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection by SalesViewer within this website in the future. In doing so, an opt-out cookie for this website will be placed on your device. If you delete your cookies in this browser, you must click this link again.
Your personal data will be stored for as long as this is necessary for achieving the defined purposes of processing. After expiration of that period, the corresponding data is routinely erased as long as it is no longer necessary for the initiation or the fulfillment of contractual obligations.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another authorised legislator expires, the personal data are routinely erased in accordance with legal requirements.
We use a select number of trusted external service providers for certain technical data analyses, and processing and/or storage offerings (e.g., IT and related services). We may also use the assistance of third parties to improve our Website as well as certain tools for our marketing activities. These third-party service providers are carefully selected and meet high data protection and security standards. We contractually obligate them to keep any information we share with them confidential and to process personal data only according to our instructions. The legal basis for such processing would be legitimate interest pursuant to Art. 6(1)(f) GDPR.
If you give us your consent to do so, we may share your data with our marketing partners or sponsors who may send you information about their services and events. You will see the consent options when you purchase the tickets in the course of the registration process. In addition to service providers, other categories of third parties may include vendors and / or public institutions. To the extent that this is necessary in order to make use of certain services requiring special expertise (such as legal, accounting or auditing services) we may share personal data with vendors of such services or public institutions that offer them.
The legal basis of this data processing is Art. 6(1)(f) GDPR.
We are very committed to establishing internal procedures to ensure that your personal information is both accurate and protected from accidental loss, unauthorised access, use, alteration, or disclosure. However, internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by post.
You may at any time and at no cost request us to provide you with information about your personal data processed by us, correction of any errors in your personal data, termination of processing of your personal data, or erasure of your personal data – subject to mandatory legal provisions or obligations to the contrary.
In particular, if you qualify as the “data subject” under the terms of GDPR,
Exercise of data subject rights
To exercise your rights, please send us your request to firstname.lastname@example.org, if possible with information about the data processing to which you are referring to. Please include any information that would help us identify you in our database, such as your full name and email address.
If you have any questions or concerns about the processing of your personal data or wish to exercise your right to object, you may contact our privacy team by sending an email. Please include in your email the subject of your message and provide any additional information about the data processing to which you are referring. We require your email address to respond to your request and to ensure that we comply with your rights. We will not use your email address or any information provided in the email for any other purpose.
JENTIS GmbH ,Schönbrunner Straße 231 1120 Vienna Austria
Status: March 2023