It is of utmost importance for NOVISMART OG, Zentagasse 6, A-1050 Vienna, Austria, ("NOVISMART", "we", "us") as data controller to protect your personal data. We therefore comply with the applicable data protection provisions, in particular the EU General Data Protection Regulation ("GDPR") and the Austrian Data Protection Act ("DSG")
We collect and process the following data when you use our Online Services (so called log files): browser type and browser version, used operating system, referrer URL, host name of the accessing computer, time of the server request, IP address.
These log files are generated automatically by our servers when you use our Online Services and are necessary so that we can provide you with the desired service. We therefore process log files solely to be able to operate our Online Services, to identify you as a user authorized to access, to distribute web server requests in our server pool as well as for security reasons (e.g. for clarification of abusive and fraudulent activities). Thus, this data processing activity is necessary to ensure our legitimate interests in operating user friendly and secure Online Services.
Cookies are files that are transmitted from our web server to your web browser and are stored on your device for later retrieval. Through such cookies, our Online Services can store important data to provide you with our services and to make the use of our Online Services more comfortable for you.
We use the following types of cookies within our Online Services:
"Necessary Cookies"and "Functionality Cookies" are necessary to be able to provide you with our Online Services, to operate our services and serve for the proper functionality and security of our Online Services. These cookies are therefore necessary to pursue our legitimate interests in the provision of a user friendly and secure Online Service.
"Tracking Cookies", "Marketing Cookies" and "Web-Analysis Cookies" record your user behaviour and your interactions with our Online Services. Through these cookies, we can adapt our Online Services specifically to you as well as place advertisements suitable for you. We place such cookies only on the basis of your consent that you can withdraw at any time. Further details about all those cookies requiring your prior consent are outlined below.
We use the following Tracking, Marketing and Web-Analysis Cookies provided that you render your consent:
Provided that you have given your consent to cookies, we use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") within our Online Services. The information generated through the Google Analytics cookie about the use of our Online Services are usually transmitted to the servers of Google in the United States of America and stored there. Google will use this information on our behalf to evaluate the usage of our Online Services by the users, to assemble reports about the activities within our Online Services and to deliver to us further services connected to the use of our Online Services. In doing so, pseudonymised user profiles of users can be generated from the processed data. Google will also potentially transmit the data to third parties if legally required or third parties process the data on behalf of Google. We use Google Analytics only with activated IP-anonymisation. This means that your IP address is shortened, in order to exclude a direct link to a specific device.
You can prevent the use of Google Analytics by downloading and installing the browser plug-in available through the following link: https://tools.google.com/dlpage/gaoptout?hl=en . You can find out more information about the data usage through Google, setting and objection possibilities here: https://policies.google.com/privacy .
Google Ads (former Google Adwords)
We also use the advertising tool "Google Ads" to promote our website. As part of this, we use the "Conversion Tracking" analytics service provided by Google. If you have reached our website via a Google Ad, a cookie will be stored on your device. These socalled "conversion cookies" lose their validity after 30 days and are not used for your personal identification. If you visit certain pages on our website and the cookie has not expired yet, we and Google may recognize that you, as a user, clicked on one of our Google ads and were redirected to our site.
The information obtained through the "Conversion Cookies" is used by Google to create visitor statistics for our website. These statistics tell us the total number of users who clicked on our ad and also which pages of our website were subsequently accessed by the respective user. However, we do not receive any information that personally identifies users.
Facebook Pixel and Facebook Custom Audience
Our website uses the remarketing feature "Facebook-Pixel" from Facebook Inc. ("Facebook"). This function serves to present to visitors of this website, as part of their visit to the social network Facebook, interest-based advertisements ("Facebook Ads"). For this purpose, Facebook pixel was implemented on our website. Via Facebook pixels, a direct connection to the Facebook servers is made when visiting the website. It is transmitted to the Facebook server that you have visited this website and Facebook assigns this information to your personal Facebook user account. Thus, we are together with Facebook joint controllers according to Art 26 GDPR.
We also use Facebook Custom Audience. Thereby, we upload our own contact lists that are compared with Facebook users. By this, we can create "Custom Audience" lists. We can then direct advertisements in the Facebook network (Facebook, Instagram) to these users (so-called "targeting"). We can also create such custom audience lists via the use of our website (via the Facebook pixel), the use of our apps or via certain interactions with our content (on Facebook or Instagram).
3. IS YOUR DATA TRANSMITTED TO THIRD PARTIES?
We entrust your personal data in the extent necessary to the following external service providers (data processors) that support us with the performance of our services:
IT-service providers and/or providers of data hosting solutions or similar services;
Other service providers, providers of tools and software solutions that support us with the performance of our services as well and operate on our behalf (including providers of marketing tools, marketing agencies, communication service providers and call centres).
All our data processors process your data only on our behalf and on the basis of our instructions so that we can provide you with our Online Services.
Apart from that, we transmit your personal data in the extent necessary to the following recipients (controllers):
Potential third parties that are participating in the provision of our services to you for the fulfilment of our contractual obligations (e.g. other users of our Online Services, banks for processing of the payment, payment service providers);
External third parties on the basis of our legitimate interests in the extent necessary (e.g. auditors and tax consultants, insurances in case of insured events, legal representatives in case of incidents);
Authorities and other public entities in the extent legally necessary (e.g. financial authorities).
If we process your data in a third country outside the European Union (EU), or respectively the European Economic Area (EEA) or this happens within the scope of using services of third parties, this only occurs, if necessary for the fulfilment of our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. We have implemented suitable and appropriate guarantees to develop a way of transmission of your data to the respective third country compliant with data protection (e.g. for the US through the "Privacy Shield" or the conclusion of so called "Standard Data Protection Clauses"). Upon your enquiry we can transmit a copy of those suitable guarantees to you, provided that we process or let your data be processed in third countries.
4. HOW LONG DO WE STORE YOUR PERSONAL DATA?
We store your personal data just as long as necessary for the purposes for which they are processed. Beyond that, we are potentially obligated to store your data for longer in accordance to legal retention periods.
Specifically, we store your data in connection with the establishment of contact with us in accordance with legal retention periods for a time period of usually seven years.
Usage data and log files are stored for a maximum time period of 500 days and are erased subsequently. We store data about your user behaviour for a time period of usually three years, or respectively at the latest until the withdrawal of your consent.
Provided that you have only registered for our newsletter and are, apart from that, no client of us, we store your data until the withdrawal of your consent and beyond that for a maximum of three years.
We store data in connection with your registration and your user account until the end of your client relationship with us, or respectively beyond that until the expiry of the respective legal retention periods (usually for a time period of seven years).
Apart from that, we also store your personal data after an incident beyond the above mentioned time periods as long as legal claims out of the relationship between you and us can be enforced, or respectively until the definitive clarification of an incident or legal dispute. This longer storage occurs for the ensuring of our overriding legitimate interests to the enforcement, clarification and defence of our legal claims.
5. RIGHTS OF DATA SUBJECTS
You have the right to access your personal data that is being processed by us (Art 15 GDPR). Apart from that, you have the right to rectification of inaccurate or incomplete data and – under certain circumstances – the right to erasure (Art 16 and Art 17 GDPR). Additionally, you have the right to restriction of processing (Art 18 GDPR) as well as the right to data portability concerning the data you have provided us with (Art 20 GDPR).
Moreover, you have the right to object on grounds relating to your particular situation (Art 21 GDPR). Such an objection can in particular occur relating to processing of data for the purposes of direct marketing.
Additionally, you have the right to withdraw your consent at any time with effect for the future.
Finally, you have the right to lodge a complaint with the responsible supervisory authority (Art 77 GDPR). The responsible supervisory authority for Austria is the Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, Austria.
If you have questions relating to this or any other questions, you can contact us at: firstname.lastname@example.org
6. NO OBLIGATION TO PROVIDE US YOUR PERSONAL DATA
You are not obliged to provide us with your personal data. However, some personal details are required in order to enter into a contract with us (especially your name and e-mail address). In case you do not provide us with these data, we are not able to enter into a contract with you.
7. NO AUTOMATED DECISION-MAKING
You will not be subject to an automated decision-making when using our Online Services.
8. DATA SECURITY
We comply with appropriate technical and organisational security measures pursuant to Art 32 GDPR to, considering the risks, guarantee an appropriate data protection level, especially to protect your personal data against accidental or unlawful destruction, alteration or against loss and against unauthorised disclosure or unauthorised access.