1. data processing when visiting our website
1.1 Server log files
When you visit our website, the provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to our server. This includes your IP address, browser and language setting, country, referrer URL, operating system, your Internet service provider, and the date and time. This data is necessary to optimize the website in terms of system performance, quality assurance, user-friendliness and providing useful information about our services. The web server location is within the EU.
This data is not merged with personal data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.
This data processing is necessary to protect our legitimate interests (Art 6 para 1 lit f DSGVO), namely to ensure the operation, security and optimization of our website as well as for security reasons (e.g. to investigate acts of abuse or fraud).
Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. Necessary or functional cookies help us to make our website technically possible, to manage your declarations of consent and to achieve functionality and quality assurance. This corresponds to our legitimate interest within the meaning of Art 6 para 1 lit f DSGVO.
Insofar as the settings you have made or the voluntary consent you have given also include providers who store data in third countries, i.e. to countries without an adequacy decision pursuant to Article 45 (3) of the GDPR and without appropriate safeguards pursuant to Article 46 of the GDPR (such as, in particular, the USA), your consent pursuant to Article 49 of the GDPR shall expressly apply to this as well. There is the Risk that your data transferred in this way is subject to access by authorities in these third countries for control and monitoring purposes and that no effective legal remedies are available against this. In the opinion of the European Court of Justice, for example, there is currently no adequate level of protection for data transfers to the USA (for further details sh below; also under point 4.).
You can set your browser so that the storage of cookies is generally prevented or you are asked each time whether you agree to the setting of cookies. Once cookies have been set, you can delete again at any time. When disabling cookies, the functionality of our website may be limited.
The cookies used on our website are divided into the following categories:
- Necessary cookies: Necessary cookies are absolutely necessary for the website to function properly. These cookies anonymously ensure basic functions and security features of the website. The website cannot function properly without these cookies. These cookies can therefore not be deselected.
- Analytics: Analytical cookies are used to understand how visitors interact with the website. These cookies provide information on metrics such as number of visitors, bounce rate, traffic source, etc.
- Others: These cookies are analyzed in order to assign them to a specific category.
- Advertisement: These cookies are used to provide visitors with relevant advertising and marketing campaigns. They track visitors on various websites and collect information to provide tailored advertising.
1.2.1 Google Analytics
Our website uses functions of the web analytics service Google Analytics, Contract Administration Department Google Ireland Ltd, Gordon House Barrow Street Dublin 4, Ireland (“Google “). Cookies are used for this purpose, which enable an analysis of the use of the website by its users. Please note that when using this service, data transfer to a third country, in particular the USA, may occur or cannot be excluded. Your data will only be processed on the basis of your prior active, explicit and voluntary consent (Art 6 para 1 lit a DSGVO; Art 49 DSGVO). You can revoke your consent at any time with effect for the future. You can also prevent the collection of data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout
When the analysis function is activated, the following data is collected, among other things: the pages you visit (“your click path”), achievement of website goals (conversions, e.g. newsletter sign-ups), your user behavior (e.g. clicks, dwell time, bounce rates, your approximate location (region); your IP address (in shortened form); technical information about your browser and terminal devices; your Internet provider; the referrer URL (“analysis data”).
This information is usually transferred to a Google server and stored there. For this purpose, we have concluded a contract with Google for commissioned data processing in accordance with Art 28 DSGVO. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. According to Google, the IP address transmitted by your browser is not merged with other data from Google.
We use Google Analytics only with IP anonymization enabled by adding the code “anonymizeIP” to this website, This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server and shortened there. You can find out exactly where Google data centers are located here: https://www.google.com/about/datacenters/locations/.
The analysis data is deleted immediately after the retention period set by us in each case. Google Analytics gives us the following options for the retention period: 14 months, 26 months, 38 months, do not delete automatically. You can ask us at any time for the current retention period set by us.
More information on data processing conditions for Google products and the standard contractual clauses for data transfers to third countries can be found here: https://business.safety.google/adsprocessorterms/
1.2.2 Google Maps
On our website, the Google Maps service is integrated in order to better display geographical information about locations for users. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Please note that when using this service, data transfer to a third country, in particular the USA, may occur or cannot be excluded. Google Maps is an online mapping service that makes geographic information more readable to you, the user, via a terminal device. Among other things. Directions shown or map sections embedded in our website. When you start Google Maps, your browser connects to Google’s servers. This gives Google knowledge that our website was accessed via your IP address. The use of Google Maps enables Google to collect and process data about the use of this service. For this purpose, Google Maps processes your IP address and other data. entered search terms as well as latitude and longitude coordinates.
If you use the route planner function of Google Maps, the entered start address will also be saved. This data processing takes place exclusively through your voluntary use of Google Maps and is not subject to our sphere of influence.
When this service is executed, the “NID” preference cookie is (currently) set. Google Maps does not currently offer the option to operate this service without this cookie. The NID cookie contains information about your user behavior, which Google uses to optimize its own services and to provide individual, personalized advertising for you. Google anonymizes data in server logs by deleting a portion of the IP address and cookie information after 9 and 18 months, respectively.
You can find more information about cookies from Google here: https://policies.google.com/technologies/cookies?hl=de
Information on data processing conditions for Google products and the standard contractual clauses for data transfers to third countries can be found here: https://business.safety.google/adsprocessorterms/
Google data center location information can be found here: https://www.google.com/about/datacenters/locations/.
1.2.3 Microsoft Clarity
On our website we use the service of Microsoft Clarity for statistical analysis of the use of our website. The provider of Microsoft Clarity is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA (“Microsoft”). Please note that when using this service, data transfer to a third country, in particular the USA, may occur or cannot be excluded.
Your data will only be processed on the basis of your prior active, explicit and voluntary consent (Art 6 para 1 lit a DSGVO; Art 49 DSGVO). You can revoke your consent at any time with effect for the future.
Microsoft’s privacy notice and additional information can be found here: https://privacy.microsoft.com/de-de/privacystatement.
On our website we use the service of vimeo.com, Inc., 555 West 18th street, New York, New York 10011, USA (“vimeo”). Please note that when using this service, data transfer to a third country, in particular the USA, may occur or cannot be excluded.
Through the service of vimeo you can see video footage directly on our website. In the process, certain data may be transferred from you to Vimeo. When you visit our website that has a vimeo video embedded, your browser connects to the servers of vimeo. vimeo’s computer systems, servers and databases are located in the United States and other countries.
Your data will only be processed on the basis of your prior active, explicit and voluntary consent (Art 6 para 1 lit a DSGVO; Art 49 DSGVO). You can revoke your consent at any time with effect for the future.
Vimeo collects data whether or not you have a vimeo account. This includes your IP address, technical information about your browser type, operating system or basic device information, the website you visited or search query you entered before arriving at the site, and your activities. Vimeo may track this activity using cookies and similar technologies.
If you are logged into vimeo as a registered member, more data may be collected or linked to your vimeo account. This processing is influenced by the cookie settings in your browser. To prevent this, you must log out of vimeo while visiting our website, or edit your cookie settings.
More information about vimeo’s standard contractual clauses in connection with third country transfers can be found here: https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights.
Our website uses the service “Youtube” to embed videos. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Youtube”). Google operates servers all over the world. Please note that when using this service, data transfer to a third country, in particular the USA, may occur or cannot be ruled out.
We only embed Youtube videos in the so-called “extended data protection mode” on our website. If you allow only functional cookies when accessing the site, these videos will be blocked. This prevents Youtube cookies from being set until you click the play button. By clicking on the button, you consent to Youtube setting cookies on the terminal device you are using, which may also be used to analyze usage behavior for market research and marketing purposes. As soon as you start a Youtube video, a connection to Youtube’s servers is established. This gives Youtube knowledge of which of our pages you have visited. If you are logged into your Youtube account, you enable Youtube to assign your surfing behavior directly to your personal profile. This can be prevented by logging out of your account. Even if you are not logged in with your YouTube account, YouTube optimizes its recommendations based on the videos you watch on that device. You can delete the history from your device or pause it. You can find more information about privacy settings of your Youtube account here: https://support.google.com/youtube/topic/9257518?hl=de&ref_topic=9257107.
1.2.6 Meta Business Tools
Our website uses business tools from Meta (formerly: Facebook) for the purpose of analysis, optimization and economic operation of the online offer. This service is provided by Meta Platforms Ireland Limited (formerly: Facebook Ireland Limited), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”). Please note that when using this service, data transfer to a third country, in particular to the USA, may occur or cannot be excluded.
An overview of various meta products can be found here: https://www.facebook.com/help/1561485474074139?ref=cookies.
On our website, the service Meta Pixel is switched, which makes it possible to determine the visitors of our website as a target group for the display of ads (so-called “Facebook Ads”). This means that Facebook ads placed by us can only be displayed to Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited). In this way, we ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the so-called “conversion”, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad.
Your actions are thereby stored in one or more cookies. These cookies allow Meta to match your user data (such as IP address, user ID) with your Facebook account data. The collected data is anonymous and not visible to us and is only used in the context of advertisements. You can prevent the link with your Facebook account by logging out before you take any action. You can edit your Facebook account settings here: https://www.facebook.com/settings?tab=ads. You can find more information about cookies and other storage technologies here: https://de-de.facebook.com/policies/cookies/
The processing of your data is based on your consent within the meaning of Art 6 para. 1 lit a DSGVO. You can revoke this consent at any time with effect for the future.
For more information on Meta products, additional tools and information, in particular also on the exercise of data subject rights vis-à-vis Meta, please refer to Facebook’s Data Policy: https://de-de.facebook.com/policy.php.
2. data processing in contract negotiation and management
2.1 Contact request by you
If you contact us by e-mail, telephone, fax, post or via our form, the personal data you provide (e.g. name, contact address, e-mail address, mobile number) will be stored for the purpose of processing the request and in case of follow-up questions. The processing is based on your consent (Art 6 para 1 lit a DSGVO) or to fulfill (pre)contractual measures (Art 6 para 1 lit b DSGVO).
2.2 Registration and contract management
The registration of your user account and the ongoing administration of your user account are basic requirements for the further performance of our service or for the actual fulfillment of the contract. By doing so, you are considered an “authenticated” user of our website. Therefore, in order to offer you our services, it is necessary to process the following data:
|First and last name|
of the contracting party/business owner
|Identification of the contracting party;|
(Company address, telephone, mail address, UID; optional: concept partner)
|Official photo identification||Identification of the contracting party;|
|Trade license||Verification of the commercial authorization of the contracting party|
|Bank or payment data||Processing of the payment transaction; execution of any payment obligations;|
As payment options you can choose between services from Stripe or PayPal (see details below). If you do not agree to the use of any of these payment services, contract fulfillment by us through the Website cannot occur – Contact us to discuss alternative payment options without obligation, if necessary. The basis for the aforementioned data processing results from Art 6 para 1 lit b DSGVO, as it is necessary for the conclusion of a contract with you (your company). Without this data, no contract can be concluded with us. We offer our services exclusively to companies with a valid business license.
For data processing in the course of our performance of services under the Service Agreement with you (or your company) (actual “Contract Performance”), please refer to the separate Commissioned Data Processing Agreement and our Service Agreement.
2.3 Payment process via Paypal
In the area for authenticated users on our website, components of PayPal are integrated. PayPal is an online payment service provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (“PayPal”).
With the help of this service, payments can be made through PayPal accounts, which are virtual personal or business accounts. In addition, PayPal offers the possibility to process virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is associated with an email address in place of an account number. PayPal makes or receives online payments to third parties. PayPal also offers escrow functions or buyer protection services. Cookies, beacons or similar technologies are used to fulfill these services. More information can be found here: https://www.paypal.com/AT/webapps/mpp/ua/cookie-full.
2.4 Payment process via Stripe
The authenticated user area on our website integrates components from Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (“Stripe”). These components comprise products and services relating to electronic payment transactions. You can find more information about cookies and similar technologies here: https://stripe.com/cookies-policy/legal.
If you select the payment method Sofortüberweisung or credit card in our online store, you consent to the transmission of personal data. This means that data such as credit card numbers and account data, in particular, are processed as part of payment processing. In accordance with PCI-DSS regulations, data is stored exclusively in encrypted form in Stripe’s databases.
As an authenticated customer, you have the option to subscribe to our newsletter via our website. For this purpose, we process your e-mail address, your name and your declaration that you agree to receive the newsletter. Once you have signed up for the newsletter, we will send you a confirmation email with a link to confirm your subscription.
The processing of your data for sending the newsletter is based on your consent (Art 6 para 1 lit a DSGVO). If you do not want Sendinblue to analyze your data, you must unsubscribe from the newsletter. You can cancel or revoke your subscription to the newsletter at any time without giving reasons (at the end of each newsletter or by contacting us) with effect for the future.
3. storage period
We will only store your data for as long as is necessary for those purposes for which we collected your data:
Server log files are deleted shortly after the purpose has been fulfilled, usually after a few days, unless further storage is required for evidence purposes. Otherwise, the data will be kept until the final clarification of the incident. We store data from your contact request for a period of six months after answering the request in order to be able to respond to any follow-up questions. For reasons of tax and company law, we generally store data in connection with contract performance for seven years after contract performance. In the event of the termination of the contract, contractually earmarked data shall be limited, after weighing the interests in accordance with Art. 6 (1) f DSGVO, only to the extent (in terms of time and content) that is directly required to assert any consequential claims arising from the termination of the contract (approximately 10 years in accordance with § 13 PHG). Data that is no longer immediately required will be deleted immediately. If a purchase transaction is cancelled, the transaction (cancellation) data stored by us in this respect will be deleted immediately.
If you have subscribed to our newsletter, we store your data in connection with the newsletter dispatch, but for a maximum of three years. In the event that you unsubscribe from our newsletter, we will delete this data immediately.
4. data transmission to third parties
To fulfill the above-mentioned purposes, in particular to provide you with a functional, quality-assured website (Art 6 para 1 lit f DSGVO), to conduct efficient contact and contract management or to fulfill contracts (Art 6 para 1 lit b DSGVO), or to enable customer request-based newsletter delivery (Art 6 para 1 lit a DSGVO), but also to comply with official/legally enforceable requests (Art 6 para 1 lit e DSGVO) or based on your consent (Art 6 para 1 lit a DSGVO) it may be necessary on a case-by-case basis that we disclose your data to the following recipients or categories of recipients:
- IT service provider or hosting provider;
- Other service providers, providers of tools and software solutions; including (1) Sendinblue GmbH, Köpenicker Straße 126m 10179 Berlin, as service provider for newsletter dispatch; server location in the EU;
- Payment service providers, banks;
- Consulting companies (lawyers, tax consultants, auditors);
- Courts, authorities, other public bodies (in case of need and only to the extent required by law; e.g. tax office);
- Digital service booklet operators (for actual contract fulfillment);
In the context of the data processing described above, your data may be transferred to recipients outside the European Union (so-called. third countries). We transmit your personal data only (i) in countries for which the EU Commission has decided that they provide an adequate level of data protection, or (ii) if we take measures to ensure that the respective recipient provides an adequate level of protection (in particular by concluding standard data protection clauses).
Please note: In a ruling of 16.7.2020 by the European Court of Justice (C-311/18), the US Privacy Shield was declared invalid. Data protection in the U.S. is not considered equivalent to data protection in the EU. For you as a user, due to the extensive powers of U.S. intelligence agencies and the legal situation in the U.S., there are in particular the following risks, unrestricted surveillance measures, lack of legal remedies for affected individuals, and lack of proportionality barriers (see: Sec 702 of the Foreign Intelligence Surveillance Act – FISA; Presidential Policy Directive 28 – PPD-28).
The EU Commission’s newly drafted EU standard contractual clauses (2021/914 of June 4, 2021) are still valid, but – after evaluating the access possibilities of U.S. authorities – must be additional measures are taken. Where US service providers offer the option, we choose to process on server locations in the EU. This should ensure that US authorities cannot access data within the EU. We also make every effort to enter into the aforementioned standard contracts with U.S. vendors and to obtain additional guarantees.
5. your data subject rights
In principle, you have the rights to information, correction, deletion, restriction of processing, data portability, revocation and objection (Art. 15 ff DSGVO). If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can contact us or complain to the supervisory authority at any time. In Austria, this is the Data Protection Authority, Barichgasse 40-42, 1030 Vienna; Tel: +43 1 52 152 -0; firstname.lastname@example.org.
Please note: If we process your data on the basis of your consent, you have the right to revoke this consent, whereby the lawfulness of the data processing carried out up to this point is not affected (Art 7 para 3 DSGVO). Failure to provide data may result in the conclusion of a service contract or the further fulfillment of the contract by OE Service GmbH not being possible.
If you have any questions or wish to exercise your data protection rights, please contact us at the following address:
OE Service GmbH
Dr. Franz Palla Lane 21
Mobile: +43 (0) 660 4419 993