EU General Data Protection Regulation (GDPR)
The provisions of the GDPR and the Austrian Data Protection Act (DPA) in the version of the Data Protection Adaptation Act 2018 apply from May 25, 2018. In compliance with the European DIRECTIVE 95/46/EC of October 24, 1995 on the protection of natural persons with regard to the processing of personal data and on the free movement of data, we inform you that we treat the personal data provided by you confidentially and with the utmost human care and technical security and store and process them exclusively in the company's own server landscape of Supanz GmbH with its registered office in 9074 Keutschach am See, Reauz 9a (Austria).
The protection of your data is very important to us.
Customer satisfaction is our top priority. For us, this of course also includes the safe handling of your data and the protection of your privacy.
With the following information we give you an overview of how we process your personal data and your data protection rights. Which data is processed in detail and how it is used depends largely on the services and products (software licenses) requested or agreed upon. In addition, we use personal data for customer service and marketing purposes. Specifically, the personal data is used to fulfill and process the creation of offers, the processing of orders and for storage based on legal obligations to provide evidence.
Who is responsible for data processing and who can you contact?
If you have any questions about the collection, processing or use of your personal data, if you would like information, correction, blocking or deletion of data as well as the revocation of any consent that may have been given or objection to a specific use of data, please contact Supanz GmbH (also referred to as “SUPANZ” in the text):
Supanz GmbH
Reauz 9a
A-9074 Keutschach/See
Austria
phone: +43 463 281 173
E-Mail: office@supanz.org
Ing. Bernhard Supanz – data protection officer
Technical and organizational measures taken
The website, the underlying systems hosted by us and the facilities necessary for its operation are protected by technical and organizational measures against loss, destruction, access, alteration or processing of the information by unauthorized persons. We strive to secure our systems as best as possible and subject them to strict control mechanisms such as access, access and access controls. Our employees always process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Data Protection Act (DSG).
What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Data Protection Act (DSG):
- a) To fulfill contractual obligations (Art. 6 Para. 1 b GDPR)
Data is processed to provide banking transactions and services as part of the implementation of our contracts with our customers or to carry out pre-contractual measures upon request (e.g. from interested parties). The purposes of data processing are primarily based on the specific product or service (e.g. advice, support, procurement of licenses) and can include, among other things, needs analysis, advice and the execution of transactions. Further details on the data processing purposes can be found in the relevant contract documents and terms and conditions.
- b) As part of the balancing of interests (Art. 6 Para. 1 f GDPR)
If necessary, we process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. Examples:
- Examination and optimization of procedures for needs analysis for the purpose of direct customer contact,
- Advertising or market and opinion research, unless you have objected to the use of your data,
- Assertion of legal claims and defense in legal disputes,
- Ensuring IT security and IT operations,
- Prevention and investigation of crimes,
- Measures for building and system security (e.g. access controls),
- Measures to ensure house rules,
- Measures for business management and further development of services and products
- c) Based on your consent (Art. 6 Para. 1 a GDPR)
If you have given us your consent to process personal data for specific purposes (e.g. evaluating your data on the website for marketing purposes such as “success stories”, customer opinions|references or subscribing to the newsletter), the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. The revocation of consent does not affect the lawfulness of the data processed up to the revocation.
- d) Due to legal requirements (Art. 6 Para. 1 c GDPR) or in the public interest (Art. 6 Para. 1 e GDPR)
In addition, as a company, we are subject to various legal obligations, i.e. legal requirements (e.g. banking law, money laundering law, tax laws). The purposes of processing include creditworthiness checks, identity verification, fraud and money laundering prevention, the fulfillment of tax control and reporting obligations as well as the assessment and management of Supanz GmbH's risks.
Who gets your data?
Within Supanz GmbH, those departments that need it to fulfill our contractual and legal obligations have access to your data. Service providers and vicarious agents employed by us can also receive data for these purposes if they comply with the DSG and GDPR and have committed themselves to confidentiality and secrecy. These are companies in the categories IT services, logistics, printing services, telecommunications, debt collection, advice and consulting as well as sales and marketing. With regard to the transfer of data to recipients outside of our company, it should first be noted that, as an IT service provider, we are obliged to maintain confidentiality and confidentiality regarding all customer-related facts and evaluations of which we become aware. We may only pass on information about you if required by law, if you have consented or if we are authorized or obliged to provide information. Under these conditions, recipients of personal data can e.g. B. be:
- Public bodies and institutions (e.g. tax authorities, law enforcement authorities) if there is a legal or official obligation.
- Other credit and financial services institutions or comparable institutions to which we transmit personal data in order to carry out the business relationship with you (depending on the contract, e.g. transfers as part of invoices)
- Other data recipients may include those entities for which you have given us your consent to transfer data or for which you have released us from the obligation of confidentiality in accordance with the agreement or consent. (For example, this could be our business partners SAP worldwide and Neptune Software based in Norway and Germany, respectively.)
Will data be transferred to a third country or to an international organization?
Data will be transferred to locations in countries outside the European Economic Area (so-called third countries), to the extent that
- it is necessary to execute your orders (e.g. payment and securities orders),
- it is required by law (e.g. tax reporting obligations) or
- You have given us your consent. (For example, this could be our business partners SAP worldwide and Neptune Software based in Norway and Germany, respectively.)
How long is your data stored?
We process and store your personal data for as long as it is necessary to fulfill our contractual and legal obligations. It should be noted that our business relationship is designed to last for years.
If the data is no longer required to fulfill contractual or legal obligations, it will be regularly deleted unless its further processing - for a limited period of time - is necessary for the following purposes:
- Fulfillment of commercial and tax retention obligations:
These include the Corporate Code (UGB), the Federal Tax Code (BAO), the Electronic Money Act 2010 (E-Money Law_2010), and the Money Laundering and Terrorist Financing Risk Ordinance 2016 (GTV). The periods specified there for storage and documentation are two to ten years. - Preservation of evidence within the framework of the statutory statute of limitations. According to §§ 933ff. According to the Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being 3 years.
What data protection rights do you have?
In accordance with the applicable Data Protection Law and the Data Protection Regulation, each data subject has:
- the right to information according to Article 15 GDPR (free of charge at appropriate intervals approximately once a year)
- the right to rectification according to Article 16 GDPR,
- the right to deletion in accordance with Article 17 GDPR (if this is legally permissible, because we also have obligations to provide evidence to the legislature
(e.g. tax office, social security institutions, law enforcement bodies), - the right to restrict processing in accordance with Article 18 GDPR,
- the right to objection under Article 21 GDPR as well
- the right to data portability under Article 20 GDPR.
The restrictions in accordance with DSG 2000 Section 5 § 26 and § 27 apply to the right to information and the right to deletion. In addition, there is a right to lodge a complaint with a responsible data protection supervisory authority (Article 77 GDPR in conjunction with § 31 DSG).
You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us before the General Data Protection Regulation came into force, i.e. before May 25, 2018. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.
To what extent is there automated decision making?
In principle, we do not use fully automated decision-making in accordance with Article 22 of the GDPR to establish and implement the business relationship. If we use these procedures in individual cases, we will inform you separately if this is required by law.
Is profiling taking place?
We do not process any of your data automatically with the aim of evaluating certain personal aspects (profiling). We therefore generally do not use profiling.
Information about your right to object in accordance with Article 21 of the General Data Protection Regulation (GDPR)
- Right to object on a case-by-case basis
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6 Paragraph 1 Letter e of the GDPR (data processing in the public interest) and Article 6 Paragraph 1 Letter f of the GDPR (data processing based on a balance of interests); This also applies to profiling based on this provision within the meaning of Article 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
- Right to object to the processing of data for direct advertising purposes
In individual cases, we process your personal data to conduct direct advertising. You have the right to object at any time to the processing of your personal data for the purpose of such advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made informally and should, if possible, be addressed to:
Supanz GmbH
Reauz 9a
A-9074 Keutschach/See
Austria
phone: +43 463 281 173
E-Mail: office@supanz.org
Ing. Bernhard Supanz – data protection officer
Newsletter
In order to be able to use SUPANZ's information offering via email (newsletter), we need your first name, last name and email address. When disclosing this data, the recipient's consent and confirmation of the email address are also required. This procedure is called double opt-in and is intended to ensure that no unwanted advertising mail is received.
The data provided will be used exclusively for our own advertising purposes and will not be passed on to third parties. You have the option of revoking your consent and thus unsubscribing from the newsletter at any time. You also have the option at any time to unsubscribe from the newsletter in the future using a dedicated unsubscribe link at the end of each newsletter.
Website
This website is encrypted with an SSL certificate. A well-functioning SSL encryption is characterized by the fact that the data sent is absolutely secure. The content of sent messages is only encrypted over the network. In addition, effective algorithms check the data for completeness and condition before it reaches the recipient. You can recognize a secure connection via HTTPS Protocol.
Cookies
By confirming the information bar on the homepage with “OK”, the user agrees to the use of cookies. Cookies are small text files that enable the user to be recognized and are necessary for the full functionality of the website. These cookies are stored by SUPANZ for approximately 8 weeks. However, no personal data, such as your name or address, is stored. You cannot therefore be personally identified using cookies. Most internet browsers offer the option of restricting or generally rejecting the use of cookies and, if necessary, deleting them at any time. We would like to point out that if cookies are deactivated, you will not be able to use our site to its full extent.
Google Analytics
This website uses Google (Universal) Analytics, a web analysis service from Google Inc. (www.google.de). Google (Universal) Analytics uses methods that enable analysis of your use of the website, such as so-called “cookies”, text files that are stored on your computer. The information generated about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating IP anonymization on this website, the IP address is shortened before transmission within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics is not combined with other Google data.
You can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
As an alternative to the browser plug-in, you can click this link to prevent Google Analytics from recording data on this website in the future. An opt-out cookie is stored on your device. If you delete your cookies, you must click the link again.
Plug-ins
Our website contains programs (plug-ins) from the social networks YouTube, Twitter, LinkedIn, Xing, Facebook and Google+ to offer the voluntary opportunity to share or view interesting information. When you visit our website, direct connections are created between your browser and the servers of the specified providers. This means that information from your visit is transmitted to the service providers specified above. If you would like to prevent such data transfer, you must log out of your account before visiting our website.
YouTube
On our website, videos, mostly self-created tutorials and product descriptions, are displayed via the video platform (“YouTube Videos”) of the video service YouTube, which is operated by YouTube LLC, with its headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA (“YouTube”). The plugins are marked with a YouTube logo, for example in the form of a white triangle (play button) on a red background. You can find an overview of the YouTube plugins and their appearance here: https://developers.google.com/youtube/
If you access a page on our website that contains such a plugin, your browser establishes a direct connection to YouTube's servers. The content of the plugin is transmitted directly to your browser by YouTube and integrated into the page. Through the integration, YouTube receives the information that your browser has accessed the corresponding page on our website, even if you do not have a YouTube profile or are not currently logged in to YouTube. This information (including your IP address) is transmitted from your browser directly to a YouTube server in the USA and stored there.
If you are logged in to YouTube, YouTube can directly assign your visit to our website to your YouTube account. If you interact with the plugins, for example by clicking the “YouTube” button, the corresponding information is also transmitted directly to a YouTube server and stored there. The information will also be published on your YouTube account and shown to your contacts there.
The purpose and scope of data collection and the further processing and use of the data by YouTube as well as your related rights and setting options to protect your privacy can be found in YouTube's data protection information: https://www.google.de/intl/de/policies/privacy/ If you do not want YouTube to directly assign the data collected via our website to your YouTube account, you must log out of YouTube before visiting our website. You can also completely prevent the YouTube plugins from loading using add-ons for your browser, e.g. B. with the script blocker “NoScript” http://noscript.net/
Twitter
Our website uses so-called social plugins (“plugins”) from the microblogging service Twitter, which is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). The plugins are marked with a Twitter logo, for example in the form of a blue “Twitter bird”. You can find an overview of the Twitter plugins and their appearance here: https://twitter.com/about/resources/buttons
If you access a page on our website that contains such a plugin, your browser establishes a direct connection to Twitter's servers. The content of the plugin is transmitted directly to your browser by Twitter and integrated into the page. Through the integration, Twitter receives the information that your browser has accessed the corresponding page on our website, even if you do not have a Twitter profile or are not currently logged in to Twitter. This information (including your IP address) is transmitted from your browser directly to a Twitter server in the USA and stored there.
If you are logged in to Twitter, Twitter can directly assign your visit to our website to your Twitter account. If you interact with the plugins, for example by clicking the “Tweet” button, the corresponding information is also transmitted directly to a Twitter server and stored there. The information will also be published on your Twitter account and shown to your contacts there.
The purpose and scope of data collection and the further processing and use of the data by Twitter as well as your related rights and setting options to protect your privacy can be found in Twitter's data protection information: https://twitter.com/privacy
If you do not want Twitter to directly assign the data collected via our website to your Twitter account, you must log out of Twitter before visiting our website. You can also completely prevent the Twitter plugins from loading using add-ons for your browser, e.g. B. with the script blocker “NoScript” http://noscript.net/.
LinkedIn
Our website uses so-called social plugins (“plugins”) from the social network LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The plugins are marked with a LinkedIn logo, for example in the form of two white letters “in” on a blue background. You can find an overview of the LinkedIn plugins and their appearance here: https://developer.linkedin.com/plugins.
If you access a page on our website that contains such a plugin, your browser establishes a direct connection to LinkedIn's servers. The content of the plugin is transmitted directly to your browser by LinkedIn and integrated into the page. Through the integration, LinkedIn receives the information that your browser has accessed the corresponding page on our website, even if you do not have a LinkedIn profile or are not currently logged in to LinkedIn. This information (including your IP address) is transmitted from your browser directly to a LinkedIn server in Ireland and stored there.
If you are logged in to LinkedIn, LinkedIn can directly assign your visit to our website to your LinkedIn account. If you interact with the plugins, for example by clicking the “LinkedIn” button, the corresponding information is also transmitted directly to a LinkedIn server and stored there. The information will also be published on your LinkedIn account and shown to your contacts there.
The purpose and scope of data collection and the further processing and use of the data by LinkedIn as well as your related rights and setting options to protect your privacy can be found in LinkedIn's data protection information: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
If you do not want LinkedIn to directly assign the data collected via our website to your LinkedIn account, you must log out of LinkedIn before visiting our website. You can also completely prevent the LinkedIn plugins from loading with add-ons for your browser, e.g. B. with the script blocker “NoScript” http://noscript.net/.
Xing
Our website uses so-called social plugins (“plugins”) from the social network Xing, which are provided by the XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (“Xing”). The plugins are marked with a Xing logo, for example in the form of the white letter “X” on a turquoise background. You can find an overview of the LinkedIn plugins and their appearance here: https://dev.xing.com/plugins.
If you access a page on our website that contains such a plugin, your browser establishes a direct connection to the Xing servers. The content of the plugin is transmitted directly to your browser by Xing and integrated into the page. Through the integration, Xing receives the information that your browser has accessed the corresponding page on our website, even if you do not have a profile on Xing or are not currently logged in on Xing. This information (including your IP address) is transmitted from your browser directly to a Xing server in Germany and stored there.
If you are logged in to Xing, Xing can directly assign your visit to our website to your Xing account. If you interact with the plugins, for example by clicking the “Xing” button, the corresponding information is also transmitted directly to a Xing server and stored there. The information will also be published on your Xing account and shown to your contacts there.
The purpose and scope of data collection and the further processing and use of the data by Xing as well as your related rights and setting options to protect your privacy can be found in Xing's data protection information: https://www.xing.com/privacy If you do not want Xing to directly assign the data collected via our website to your Xing account, you must log out of LinkedIn before visiting our website. You can also completely prevent the Xing plugins from loading with add-ons for your browser, e.g. B. with the script blocker “NoScript” http://noscript.net/.
Facebook
Our website uses so-called social plugins (“plugins”) from the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins are marked with a Facebook logo or the addition “Social Plug-in from Facebook” or “Facebook Social Plugin”. You can find an overview of the Facebook plugins and their appearance here: https://developers.facebook.com/docs/plugins
If you access a page on our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly to your browser by Facebook and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page on our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted from your browser directly to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plugins, for example by clicking the “Like” button or making a comment, this information will also be transmitted directly to a Facebook server and stored there. The information will also be published on your Facebook profile and displayed to your Facebook friends.
The purpose and scope of data collection and the further processing and use of the data by Facebook as well as your related rights and setting options to protect your privacy can be found in Facebook's data protection information: http://www.facebook.com/policy.php
If you do not want Facebook to directly assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the Facebook plugins from loading with add-ons for your browser, e.g. with the “Facebook Blocker”. http://webgraph.com/resources/facebookblocker/
Google+
Our website uses so-called social plugins (“plugins”) from the social network Google+, which is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). The plugins are e.g. B. recognizable by buttons with the sign “+1” on a white or colored background. You can find an overview of the Google plugins and their appearance here: https://developers.google.com/+/plugins
If you access a page on our website that contains such a plugin, your browser establishes a direct connection to Google's servers. The content of the plugin is transmitted directly to your browser by Google and integrated into the page. Through the integration, Google receives the information that your browser has accessed the corresponding page on our website, even if you do not have a Google+ profile or are not currently logged in to Google+. This information (including your IP address) is transmitted from your browser directly to a Google server in the USA and stored there.
If you are logged in to Google+, Google can directly assign your visit to our website to your Google+ profile. If you interact with the plugins, for example by clicking the “+1” button, the corresponding information is also transmitted directly to a Google server and stored there. The information is also published on Google+ and shown to your contacts there.
The purpose and scope of data collection and the further processing and use of the data by Google as well as your related rights and setting options to protect your privacy can be found in Google's data protection information: http://www.google.com/intl/de/+/policy/+1button.html If you do not want Google to directly assign the data collected via our website to your profile on Google+, you must log out of Google+ before visiting our website. You can also completely prevent the Google plugins from loading using add-ons for your browser, e.g. B. with the script blocker “NoScript” http://noscript.net/.
Download as PDF: Data protection guidelines Supanz GmbH
