Privacy and Personal Data Protection Policy
The Gewista Advertising Company is aware of its immense responsibility regarding the processing of personal data and is, therefore, committed to complete adherence of data protection laws within the framework of its social responsibility. Of uppermost priority to us, is the safeguarding of the personal rights and privacy of each individual in the handling of personal data.
We, hereby, conduct ourselves in accordance with the principles of legality, transparency, appropriation, storage limitation and data security.
It will also describe those measures that we have put into place in order to protect the security and confidentiality of data.
We process personal data solely for the purposes that were determined prior to the collection of data. We only process the type of personal data that is necessary for the implementation of our services and for the administration of clients and potential clients. This only applies when the service is purchased or we are obliged by legal stipulations. The processing of all personal data follows strict observance of current regulations regarding data protection laws. Personal data is neither published nor passed on unauthorized to any third party by us. The processing of data takes place exclusively within the European Union.
Legal Principles of our Data Processing
We process data of clients, as well as potential clients and information purchasers that have made their personal data available to us on the basis of their enquiry.
The data protection is based on the following legal principles:
1. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
2. the data subject has given consent to the processing of his or her personal data for one or more specific purposes. This consent may be revoked at any time
Contract Data Processor
A data processing order exists when a data processor is charged with the processing of personal data, without being held responsible for the associated business process. In such cases we reach an agreement with the external data processor regarding a data processing order. In doing so, we maintain full responsibility for the correct implementation of the data processing in accordance with data protection laws. The data processor may only process personal data within the framework of the instructions issued by the person responsible.
We only work with contract data processors (for example, printers or mail-order agencies) that provide sufficient guarantees that suitable technical and organisational measures will be taken in the processing, in accordance with the requirements of the GDPR and, therefore, ensuring the protection of personal data. The processing by a contract data processor only takes place on the basis of a contract with us, that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller. All contract data processors that process and check personal data are monitored on a regular basis to verify that they are complying with the stipulations of data protection laws.
Data Types and the Purpose of Processing
The personal data of our clients and potential clients is collected and processed by us for the purpose of service and information provision. The personal data is stored for the duration of their service or information reference and for as long as claims arising from it may exist or legal regulations require the processing.
Duration of Data Storage
We only store personal data for as long as the purpose of processing requires it and legal claims may exist, or for as long as legal regulations stipulate us to. They will be irrevocably deleted afterwards.
For example, the personal data in question must be stored for 7 years due to legal regulations (record preservation obligations) of the Austrian Commercial Code (§ 212) and the Federal Fiscal Law (§ 132) for accounting and financial data.
Collection and processing of personal data when visiting our website.
When you visit our website, our web server stores each request temporarily in a log file. The following data is, thereby, gathered and stored encrypted for 12 months:
• IP-Address of the enquiring computer
• Date and time of the request
• Name and URL of the requested page
• Data quantity transferred
• Report if the retrieval was successful
• Identification data of the browser used and operating system
The processing of this data takes place for the purpose of enabling use of the website, system security, the technical administration of the network infrastructure, as well as the optimisation of the internet presence. The log file will only be analysed in the event of attacks on our network infrastructure.
Eyepin – Newsletter
We use the newsletter tool provided by eyepin. The Newsletters of the eyepin GmbH,
Billroth Straße 52, 1190 Vienna, contain the so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in emails sent in the HTML format, to enable a log file record and a log file analysis. As a result, a statistical evaluation of the success or failure of online marketing campaigns is carried out. With the aid of the embedded tracking pixel, the eyepin GmbH can detect if and when an email was opened by a person concerned. Furthermore, via the Newsletter-Tracking, it is ascertained which links in the email were accessed by persons concerned. Personal data collected by the tracking pixel contained in the Newsletter and the Newsletter tracking is stored and evaluated by the person responsible for processing to optimise the Newsletter delivery and to better adapt the content of future Newsletters to the interests of persons concerned. This personal data will not be passed onto third parties. Persons concerned are entitled, at any time, to revoke the, in this regard, separate declaration of consent to unsubscribe from receipt of the Newsletter through the Double-Opt-In procedure. Following a revocation, no further data will be collected at all and the address will be placed on a block list to document the notice of departure and to prevent further mailings.
The data protection clarification of the eyepin can be found at:
https://support.eyepin.com/hc/de/articles/360001151006-Datenschutz-bei-eyepin. (eyepin data protection).
Data Security Measures
Personal data that is processed by us will be stored and secured with particular care, both on a technical and organizational level. You are protected from accidental or unlawful destruction and loss and we ensure that it is used properly and that the data is not accessible to unauthorized persons.
All our contract data processors are bound by a contractual agreement with us to adhere to all technical and organizational measures to ensure secure processing. This is verified by us on a regular basis.
Data Protection Officer
The data protection officer works in conjunction with the highest level of the organization and is the first person of contact in matters of data protection. They meet on a regular basis to discuss matters of data security and protection.
He works, when necessary, in conjunction with the supervisory authorityand acts as person of contact for the supervisory authority in matters related to the processing of personal data, inclusive of prior consultation. Persons concerned may consult the data protection officer on any matter relating to the processing of their personal data and the exercise of their rights in relation to any matters that may arise.
In the event of a personal data breach, we are obliged to notify the supervisory authorityof such a breach immediately. It is likely that such a breach will harm the privacy of persons concerned or the personal data itself, therefore, the supervisory authoritymay require us to communicate the personal data breach to the data subject, after consideration of the probable effects of the breach.
Information regarding the rights of persons concerned
As a data subject you are entitled to a right to information regarding personal data stored about you, a right to rectify incorrect data, to restriction and opposition to processing and to deletion. In order to exercise this right, you must provide a suitable form of identification.
Our information will provide the processed data, information about their origin, any recipients or recipients of transfers, the purpose of the use of the data and the legal basis for this in a generally understandable form. On your request, names and addresses of contract processors are also made known.
As a solicitor of information, you must participate in the information procedure to an extent that is reasonable to you in order to avoid unjustified and disproportionate efforts on the part of the person responsible for data processing.
Within a month following arrival of your request, we will issue the information or state in writing why it cannot be issued or not fully issued.
The Supervisory Authority
In the case of an alleged inadequacy of the protection of personal data, persons concerned have the possibility to lodge a complaint with the Austrian Data Protection Authority - Datenschutzbehörde (http://www.dsb.gv.at).
The company responsible is the Gewista Advertising Company GmbH; Address: Litfaß Straße 6, 1031 Vienna, E-Mail: firstname.lastname@example.org
Contact address of the data protection officer: email@example.com