Name and address of the responsible party

The responsible party within the meaning of the general data protection regulation and other national data protection laws of the member states as well as other data protection regulations is:

Maydell Advice GmbH

Herrengasse 1-3, 2nd Floor, 1010 Vienna

T + 43 1 23060-6141
office@maydell.com

General notes on data processing

Scope of personal data processing

As a matter of principle, we collect and utilize our users’ personal data only to the extent necessary for providing a functional website as well as our content and services. As a routine, users’ personal data are collected and utilized only after the users have provided their consent. An exception here are cases in which obtaining consent in advance is not possible for tangible reasons, and processing of data is permitted by legal regulations. Further information in this regard is provided in the following statement.

Legal basis for processing personal data

Article 6, Paragraph 1, Item a) of the EU’s general data protection regulation (GDPR) serves as the legal basis for processing personal data, insofar as we have obtained the concerned person’s consent to processing of such data.

Article 6, Paragraph 1, Item b) of the GDPR serves as the legal basis for processing personal data needed to fulfil a contract to which the concerned person is party. This also applies to processing operations needed to implement pre-contractual measures.

Article 6, Paragraph 1, Item c) of the GDPR serves as the legal basis for processing personal data needed to fulfil a legal obligation to which our company is subject.

Article 6, Paragraph 1, Item d) of the GDPR serves as the legal basis for cases in which vital interests of the concerned person or another natural person require processing of personal data.

Article 6, Paragraph 1, Item f) of the GDPR serves as the legal basis for processing if this is needed to safeguard a legitimate interest of our company or a third party, and this interest is not outweighed by the interests or basic rights and freedoms of the person concerned.

Data deletion and storage duration

An individual’s personal data are deleted or blocked once the need for storage has expired. Storage beyond this scope is possible if provided for by European or national legislation as part of the EU’s legal ordinances, laws or other regulations to which the responsible party is subject. Blocking or deletion of data takes place also when a storage deadline prescribed by the mentioned standards expires, unless there is a need for continued storage of data for contract conclusion or fulfilment.

Website provision and creation of log files

1. Description and scope of data processing

Each time our website is invoked, our system automatically registers data and information from the invoking computer’s system.

The following data are collected here:

(1) Information about the browser type and version being used

(2) The user’s IP address

(3) Referrer URL

(4) Date and time of access

(5) Operating system and its interface

These data form part of the information saved in our system’s log files. The data are not stored together with the user’s remaining personal data.

2. Legal basis for data processing

Article 6, Paragraph 1, Item f) of the GDPR serves as the legal basis for temporary storage of data and log files.

3. Purpose of data processing

Temporary storage of IP addresses by the system is needed to ensure website access from the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

Log files are used for storage to ensure the website’s functionality. In addition, the data allow us to optimize the website and to ensure the security of our information technology systems. Data analysis for marketing purposes does not take place in this context.

These purposes also contain our legitimate interest in data processing according to Article 6, Paragraph 1, Item f) of the GDPR.

4. Duration of storage

Data are deleted as soon as they are no longer necessary for achieving the purpose of their collection. For data collected in order to make the website accessible, this is the case when the session is finished.

For data stored in log files, this is the case after no later than seven days. Storage beyond this scope is possible. In this case, the user’s IP address is deleted or modified so that association with the invoking client is no longer possible.

5. Possibility of objection and removal

Collection of data to enable website access, and storage of data in log files are absolutely necessary for website operation. The user is therefore not able to raise any objections in this regard.

Use of technically required cookies

1. a) Description and scope of data processing

Our website uses cookies. Cookies are text files stored in the Internet browser, i.e. by the Internet browser on the user’s computer system. When a user accesses a website, a cookie can be saved on the user’s operating system. This cookie contains a characteristic string allowing unique identification of the browser when the website is invoked again.

We utilize cookies to make our website more user-friendly. Some elements of our website require the invoking browser to be identifiable even after a change of page.

For this purpose, the following data are saved in the cookies and communicated for the duration of the website visit:

(1) Language settings, search expressions

(2) Login details

1. b) Legal basis for data processing

Article 6, Paragraph 1, Item f) of the GDPR serves as a legal basis for processing of personal data using cookies.

1. c) Purpose of data processing

Technically necessary cookies are meant to simplify website utilization for users. Some functions of our website cannot be offered without a use of cookies. For this, it is necessary for the browser to be identifiable even after a change of page. We need cookies for the following purposes:

(1) Noting search expressions

(2) Registering log-in details for the duration of website usage

User data collected by technically necessary cookies are not employed to create user profiles.

1. d) Duration of storage; possibility of objection and removal

Cookies are stored on the user’s computer and transmitted from it to our website. As a user, you therefore have full control of the utilization of cookies. You can disable or restrict transmission of cookies by changing their settings in your Internet browser. Cookies already stored can be deleted at any time. This task can also be automated. Disabling cookies for our website might prevent full use of all the website’s functions in future.

Google Maps

Our website uses the map service of Google Maps via an API.

This service is offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To enable use of the functions of Google maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this website has no influence on this data transfer.

A use of Google Maps is intended for an appealing representation of our online offer and easy localization of the places specified by us at the website. This is a legitimate interest within the meaning of Article 6, Paragraph 1, Item f) of the GDPR.

More information on handling user data can be found in Google’s data privacy policy: https://policies.google.com/privacy

LinkedIn

Our website uses the map service of the LinkedIn network.

This service is offered by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our web pages with your IP address. If you click the "Recommend Button" of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. For more information, please refer to the LinkedIn privacy policy at: https://www.linkedin.com/legal/privacy-policy

SSL Encryption

This website uses, for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as a site operator, an SSL or. TLS encryption. You can recognize an encrypted connection by changing the address line of the browser from “http: //” to “https: //” and the lock symbol in your browser line.

If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.

Contact form and e-mail contact

1. Description and scope of data processing

A contact form available at our website can be used for establishing electronic contact. If a user avails of this possibility, the data specified in the input screen are transmitted to us and stored.

At the time of the sending of the message, the following data are also stored:

(1) The user’s IP address

(2) Date and time of registration

For the purpose of data processing, the user’s consent is obtained and this data protection statement is referred to during the sending procedure.

Alternatively, it is possible to establish contact via the e-mail address provided. In this case, the user’s personal data communicated in the e-mail are stored.

In this context, there is no transfer of data to third parties. The data are used exclusively for processing the conversation.

2. Legal basis for data processing

Article 6, Paragraph 1, Item a) of the GDPR serves as a legal basis for data processing if the user has consented.

Article 6, Paragraph 1, Item f) of the GDPR serves as a legal basis for processing data communicated via e-mail messages or contact forms. If contact is aimed at concluding a contract, then Article 6, Paragraph 1, Item b) of the GDPR serves as an additional legal basis.

3. Purpose of data processing

For us, processing of personal data from an input screen is intended solely as part of establishing contact. In case of contact establishment via e-mail, this also encompasses the required legitimate interest in data processing.

Other personal data processed during sending serve to prevent misuse of the contact form and ensure the security of our information technology systems.

4. Duration of storage

Data are deleted once no longer necessary for achieving the purpose of their collection. For personal data from the contact form’s input screen, this is the case when the respective conversation with the user is finished. The conversation is finished when circumstances indicate that the concerned issue has been conclusively clarified.

Personal data collected additionally during dispatch are deleted after a period of 26 months at the latest.

5. Possibility of objection and removal

The user is able to withdraw their consent to processing of personal data at any time. If the user has established e-mail contact with us, they can revoke storage of their personal data at any time. In such cases, the conversation cannot be continued.

Revocation is to be announced in writing (e-mail being sufficient) to the contact whose details are provided in I.

All personal data stored in the course of establishing contact are deleted in this case.

6. Right to revoke the declaration of consent regarding data privacy

You have the right revoke your declaration of consent regarding data privacy at any time. Revocation of consent does not influence the legality of the processing carried out on the basis of the consent until revocation.

7. Right of complaint to a supervisory authority

Irrespective of any other administrative or judicial appeal, you are entitled to file a complaint with a supervisory authority, in particular, in the member state containing your residence, your workplace or the location of the alleged infringement, if you believe that processing of data concerning your person is contrary to the GDPR.

The supervisory authority with which the complaint has been filed informs the complainant about the status and results of the complaint, including the possibility of legal remedy according to Article 78 of the GDPR.