Legal Information & Data Protection

As of: August 01, 2022

The protection of your personal data is of special concern to us. We process your data exclusively based on legal regulations (GDPR, Data Protection Amendment Act, TKG), as well as this privacy policy. This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offering and the associated websites, functions, and content as well as external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). With regard to the terminology used, such as "personal data" or its "processing," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Contacting Us

When contacting us (by email), the user's information is processed for the purpose of handling the contact request and its processing in accordance with Article 6(1)(b) GDPR, and stored for twelve months in case of follow-up questions. This data will not be disclosed without your consent. We collect personal data for the following reasons:

1. Legal Basis for Legitimate Interests

We process data about you based on our legitimate interests or those of a third party.

2. Legal Basis for Consent

You have voluntarily provided us with data about yourself, and we process this data based on your consent. Examples of reasons include participating in a survey, consenting to receive a newsletter. You can revoke this consent at any time. Revoking consent will result in us no longer processing your data for the purposes mentioned above. To revoke consent, please contact us via email.

You can reach us at the following contact details:

weasQ FlexKapG
Kundmanngasse 10/4
A-1030 Wien
jakob.januschkowetz@weasq.io
bernhard.kienecker@weasq.io

Data Protection Officer:

Dr. Norbert Berndorfer, MBA
Personal- und Organisationsentwicklung e.U.
Altschwendt 70,
A-4721 Altschwendt
+43 660 6029991
norbert.berndorfer@nb3.at

Data Protection Manager:

There is no Data Protection Manager in our company, as we are not legally obliged to have one.

Relevant Legal Bases

In accordance with Article 13 GDPR, we inform you of the legal bases for our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR, the legal basis for processing for the performance of our services and the execution of contractual measures as well as responding to inquiries is Article 6(1)(b) GDPR, the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

Changes and Updates to the Privacy Policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or individual notification.

Security Measures

In accordance with Article 32 GDPR, and taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk; Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to data, as well as their access, input, disclosure, securing availability, and separation. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, data deletion, and the response to data breaches. We also take into account data protection during the development, or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default (Article 25 GDPR).

Collaboration with Data Processors and Third Parties

If, in the context of our processing, we disclose data to other persons and companies (processors or third parties), transmit them to them, or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g., if data transmission to third parties, such as payment service providers, is necessary for the performance of the contract), you have consented, a legal obligation provides for it, or based on our legitimate interests (e.g., when using agents, web hosts, etc.). If we engage third parties to process data on the basis of a so-called "data processing agreement," this is done based on Article 28 GDPR.

Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or the disclosure, transmission, or granting of data to third parties, this will only occur if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we will only process data in a third country if the special requirements of Articles 44 et seq. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection equivalent to that in the EU (e.g., for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

Rights of Data Subjects

Right to Withdraw Consent

You have the right to withdraw any consent you have given under Article 7(3) GDPR with future effect.

Right to Object

You can object at any time, in accordance with Article 21 GDPR, to the future processing of data concerning you. The objection can be made in particular against processing for the purposes of direct marketing.

Competent Supervisory Authority

Österreichische Datenschutzbehörde
Wickenburggasse 8-10
1080 Wien
Tel.: +43 1 531 15-202525
E-Mail: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data Deletion

The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data we store will be deleted as soon as it is no longer necessary for its intended purpose and there are no legal retention obligations preventing deletion. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons. In accordance with legal requirements in Austria, data is retained for 7 years in accordance with § 132(1) BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years for documents related to electronically provided services, telecommunications, radio, and television services provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop Shop (MOSS) is used.

Collection of Access Data and Log Files

Based on our legitimate interests within the meaning of Article 6(1)(f) GDPR, we collect data about every access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed webpage, file, date and time of access, amount of data transferred, message about successful access, type of browser and version, the user's operating system, referrer URL (previously visited page), IP address, and requesting provider. Logfile information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of seven days and then deleted. Data that must be retained for evidence purposes is excluded from deletion until the respective incident is finally clarified.

Integration of Third-Party Services and Content

Within our online offering, we use content or service offerings from third-party providers based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Article 6(1)(f) GDPR) to incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of this content perceive the IP address of the users, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We strive to only use content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. With the help of "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. Pseudonymous information may also be stored in cookies on the user's device and may contain technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offering, as well as may be linked to such information from other sources. The following presentation offers an overview of third-party providers and their content, along with links to their privacy policies, which provide further information on data processing and, in some cases, already mentioned opt-out options (so-called opt-out):

Google Recaptcha
Service for form protection against bot attacks from third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://www.google.com/settings/ads/.