Data Protection Statement
1 Name and address of responsible party
The responsible party in the sense of the General Data Protection Regulation and other na-tional data protection laws as well as other statutory data protection provisions is:
3 Processing of personal data of interested parties, customers, suppliers and business partners
We store the data that interested parties, customers, suppliers or business partners provide to us themselves, for example as part of an enquiry by e-mail or to conclude a contract or business relationship. This can include their gender, first name and surname, address and e-mail address, telephone number, bank details, contract details.
We only forward personal data to third parties if this is necessary for the purpose of contract fulfilment or due to legal regulations or - in addition - only on the basis of the consent of the data subject. We have concluded data processor contracts in conformity with the law with all third parties.
We erase the data as soon as storage is no longer required, or when legal obligations to preserve records, such as pertaining to turnover tax law, have expired. If the basis of the processing is consent, we erase the data if the consent is withdrawn - unless it goes against legal obligations.
Legal bases of data processing are
- contract initiation and fulfilment in accordance with Art. 6 par.1 line b GDPR, to be able to process your enquiries to your full satisfaction.
- legal obligations in accordance with Art. 6 par. 1 line c GDPR, which we must meet, such as legally prescribed preserving of records or documentation duties.
- legitimate interests of our company in line with Art. 6 par. 1 line f GDPR,
- Art. 6 par. 1 line a GDPR when securing consents.
4 Collection of personal data when visiting our website
4.1 Making contact
When you make contact with us by e-mail, the data you have provided is stored by us in order to answer your questions. We erase the data gathered in this context after storage is no longer required, or we restrict the processing if there are legal obligations to preserve records. If you have allowed us via our form to contact you then we store your data that is required to make contact. This includes your name, your e-mail address and your postcode. We delete the data as soon as storage is no longer required or if you object to the processing.
Legal basis: Art. 6 para. 1 lit. a GDPR
6 Server logfiles
To optimise this website in relation to its system performance, user friendliness and the provision of useful information about our services, the provider of the website automatically collects and stores information in so-called server logfiles that your browser automatically transmits to us. This comprises the Internet Protocol address (IP address) of the accessing computer (including mobile devices), browser and language setting, operating system, referrer URL, your Internet service provider and the date/time.
This data is not merged with personal data sources. We reserve the right to check this data retrospectively if concrete indications of illegitimate use come to our knowledge and to pass on the data – if there has been a hacker attack – to law enforcement authorities. There is no passing on to third parties beyond this.
Legal basis: Art. 6 par. 1 line f GDPR
7 Data usage for Google services
We have concluded a contract with Google Ireland Limited (“Google”), a company registered and operated according to Irish law (register number: 368047) with its head office at Gordon House, Barrow Street, Dublin 4, Ireland. It can happen even so that data from Europe is transmitted to the USA, which we as a company cannot influence.
For the USA there is currently no resolution by the EU commission in accordance with Article 45 par. 1, 3 General Data Protection Regulation (GDPR). This means that the EU commission has not yet established whether the country-specific data protection standard of this country corresponds to that of the European Union in line with the GDPR (Article 46 suitable guarantees).
The GDPR sets out so-called suitable guarantees for data transmission to a third country or to an international organisation, Art. 46 par. 2, 3 GDPR. These are not given for the aforementioned destination country.
Potential risks that cannot currently be excluded for you as a data subject in relation to the aforementioned information are in particular:
- Your personal data could possibly be passed on by Google USA to other third parties (e.g. American authorities) beyond the actual purpose of order fulfilment.
- You may not be able to exert your right to access to information from Google USA.
- There may be a higher likelihood that incorrect data processing can occur, as the technical and organisational measures for protecting personal data do not correspond quantitatively and qualitatively to the full extent to the GDPR requirements.
With your consent to the processing of (advertising and marketing) cookies, you are explicitly agreeing to data transmission to the USA. You can withdraw this extent at any time by e-mail. The data processing that took place before the withdrawal of your consent is not affected by the revocation and is therefore in conformity with the law.
Legal basis: Art. 6 par. 1 line a GDPR
7.1 Google Analytics
This website uses the function “Activation of IP anonymisation” (i.e. that Google Analytics has been extended by the code “gat._anonymizeIp();”, in order to ensure an anonymised collection of IP addresses, so-called IP masking) This means that your IP address will be stored by Google in shortened form within Member States of the European Union or in other states that are contracting parties to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and shortened there in exceptional cases.
According to Google, Google will use the gained information to evaluate your use of the website, to compile reports about website activity and to provide further services to us relating to website usage and Internet usage. The IP address transmitted from your browser as part of Google Analytics is not merged with other Google data. Google may, however, transmit this information to third parties, insofar as this is legally mandatory or third parties are processing this data on behalf of Google. You can disable cookies using the relevant settings in your browser. We would like to point out, however, that in this case you may not be able to use all the functions of the websites to the full extent. Furthermore, you can prevent the collection of the data generated by the cookie relating to your website use (incl. your anonymised IP address), as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link (https://tools.google.com/dlpage/gaoptout?hl=de).
You can find further information about usage conditions and data privacy under https://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de.
7.2 Use of Google Fonts
We use Google Fonts. The use of Google Fonts is without authentication and no cookies are sent to the Google Fonts API: If you have a Google account, none of your Google account details are transmitted to Google during the use of Google Fonts. Google only establishes the use of CSS and the used fonts and stores this data securely. You can find out more about these and other questions on https://developers.google.com/fonts/faq.
You can read which data is collected by Google and what this data is used for on https://www.google.com/intl/de/policies/privacy/.
7.3 Google Tag Manager
To identify your user behaviour, we use the so-called Google Tag Manager. The Google Tag Manager is a solution with which the marketer can manage website tags through an interface. The tool itself (that implements the tags) is a domain without cookies and does not collect any personal data. The tool triggers other tags, which may in certain circumstances collect data. Google Tag Manager does not access this data. If there has been a deactivation on a domain or cookie level, this remains in place for all tracking tags that were implemented with the Google Tag Manager.
Further information is available here: https://www.google.com/intl/de/tagmanager/faq.html.
There is currently no adequacy finding for the USA by the EU Commission within the meaning of Article 45 (1), 3 of the Basic Data Protection Regulation (DSGVO). This means that the EU Commission has so far not positively determined that the country-specific level of data protection in this country corresponds to that of the European Union on the basis of the DSGVO (Article 46 suitable guarantees).
The DSGVO requires so-called suitable guarantees for a data transfer to a third country or to an international organization, Art. 46 (2), (3) DSGVO. There are no such guarantees for the above-mentioned country of destination.
Possible risks that cannot be excluded for you as a data subject in connection with the above-mentioned information are in particular.
Your personal data could possibly be disclosed by Adobe to other third parties (e.g.: US authorities) beyond the actual purpose of fulfilling the order.
You may not be able to assert or enforce your rights to information against Adobe on a sustained basis.
There may be a higher probability that data processing will not be correct, since the technical organizational measures for the protection of personal data do not fully comply with the requirements of the DSGVO in terms of quantity and quality.
With your consent to the processing of cookies, you explicitly consent to the transfer of data to the USA. You can revoke this consent at any time informally by e-mail. The data processing that took place prior to the revocation of your consent is not affected by the revocation and is therefore legally compliant.
Legal basis: Art. 6 par. 1 lit. a GDPR
8 Your rights
You have the following rights with respect to the personal data concerning you:
- Right to access, rectification and erasure
- Right to restriction of the processing
- Right to objection to the processing
- Right to data portability
Please direct your enquiries and concerns by e-mail to firstname.lastname@example.org or use the given contact details.
If you believe that we are contravening Austrian or European data protection law during the processing of data and have therefore infringed your rights, please contact us to clarify any questions.
You also have the right to complain to a supervisory authority, for example the Hessian data protection authority responsible for us:
The Hessian Commissioner for Data Protection and Freedom of Information, P.O. Box 3163, 65021 Wiesbaden, Phone: +49 611 1408 - 0, Fax: +49 611 1408 - 900 / 901,
10 Disclaimer of liability
Redux GmbH assumes no responsibility for content on external websites referred to through links. Only the operators of linked external websites are responsible for their content.