Privacy

This data privacy policy is intended to clarify the nature, extent and purpose of how personally identifiable information (hereinafter referred to as “data”) is processed within the scope of our online offer as well as related websites, functions and content, as well as within the framework of external online presences such as our social media profile etc. (hereinafter collectively referred to as “online offer”). With respect to other commonly used terms such as “processing” or “controller”, we refer you to definitions laid out within Art. 4 of the General Data Protection Regulation (GDPR).

Controller

Wien Nord Now GmbH
Loquaiplatz 9/5a
1060 Vienna
Austria
CEO: Thomas Mang, MA MA
E-Mail: office@now.at

Imprint

Types of data processed:

- basic data (e.g. name, addresses).
- contact data (e.g. email, telephone numbers).
- content data (e.g. text entries, photographs, video).
- usage data (e.g. websites visited, content interests, session times).
- meta-/communication data (e.g. hardware information, IP addresses).

Purpose of processing

- provide access to the online offer, its functions and content.
- respond to contact requests and communication from users.
- security measures.
- assessment of outreach/marketing

Definition of Terminology

“Personal Data” refers to all information pertaining to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is deemed identifiable if they may be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” refers to any operation or set of operations that may be performed in connection with personal data either with or without automated means. This term has wide-ranging application and encompasses practically any kind of data processing.

The “Controller” is the natural or legal person, public authority, agency or other body which, either alone or in collaboration with others, determines the purposes for, and means by which the personal data is processed.

Applicable Legal Basis

As required by Art. 13 GDPR, we are providing you with the legal basis for our processing of data. Insofar as the legal basis is not explicitly cited within this data privacy policy, the following shall apply: The legal basis for solicitation of consent is Art. 6 par. 1 lit. a and Art. 7 GDPR; for the processing of data in order to fulfill our services and contractual obligations as well as respond to inquiries, Art. 6 par. 1 lit. b GDPR; and for the processing of data in order to protect our vital interests, Art. 6 par. 1 lit. f GDPR. In the event that the vital interests of the person in question or of another natural person make it necessary to process personal data, Art. 6 par. 1 lit. d GDPR will serve as the legal basis.

Security Matters

We ask you to regularly consult the content of our data privacy declaration. We adapt this data privacy declaration as soon as changes to our data processing procedures make this necessary. We will inform you as soon as any changes require any active cooperation on your part (e.g. consent) or if any other form of personal notification is necessary.

Cooperation with data processors and third-parties

Insofar as our processing of data requires us to reveal, transmit or provide access to data to other persons and/or businesses (data processors and third-parties), this occurs only on the basis of legal consent (e.g. if transmission of data to third parties, such as a payment providers, is necessary according to Art. 6 par. 1 lit. b GDPR for the performance of the contract), if you have expressed your consent, there is a binding legal obligation to do so, or on the basis of our legitimate interests (e.g. in order to engage the services of agents, web hosts, etc.).

Insofar as we enter into a contract with a third-party in order to process data, we do so on the basis of Art. 28 GDPR.

Transmission of Data to Foreign Countries

Insofar as we process data in a foreign country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)), or this occurs in order to take advantage of third-party services or in order to provide or transmit data to third-parties, this happens only if it is necessary in order to fulfill our (pre-) contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permission, we only process data or have data processed in a foreign country if all of the special provisions are met according to Art. 44 ff. GDPR. That is to say, data is processed e.g. subject to special guarantees, such as an officially sanctioned level of data privacy protection equivalent to that of the EU (e.g. the “Privacy Shield” in the USA) or in compliance with officially accepted special contractual obligations (so-called “standard contractual clauses”.

Rights of the Affected Persons

You have the right to demand a confirmation as to whether or not data pertaining to you is being processed, to be provided with information about said data, about pertinent additional information as well as copies of said data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to have incomplete data completed or to demand that inaccurate data pertaining to you be corrected.

As stipulated under Art. 17 GDPR, you have the right to demand that applicable data be deleted without delay and/or alternatively demand that the processing of data be restricted as required by Art. 18 GDPR.

In accordance with Art. 20 GDPR, you have the right to receive any data pertaining to you which you had previously provided as well as to transfer said data to other controllers.

Furthermore, in accordance with Art. 77 GDPR, you have the right to submit a complaint with the competent supervisory authority.

Withdrawal Right

In accordance with Art. 7 par. 3 GDPR, you have the right to withdraw your consent with future effect.

Right to Object

You have the right to object at any time to the future processing of data pertaining to you consistent with Art. 21 GDPR. In particular, this objection may pertain to the processing of data for the purposes of direct advertising.

Cookies and the Right to Object to Direct Advertising

The term “cookies” refers to small files that are stored on the user’s computers. These cookies can be used to store a variety of data. A cookie is primarily used to store information about a user (and/or the equipment upon which the cookie has been stored) during or after the user’s visit to a particular online offer. Temporary cookies, known as “session cookies” or “transient cookies”, are those cookies which are deleted once the user has left an online offer and has closed their browser. Such a cookie may include, for example, the content of a shopping basket for an online shop or their login status. “Permanent” or “persistent” cookies are those cookies that remain stored even after the browser has been closed. For example, the login status may be stored for the eventuality that the user returns after several days. Similarly, such a cookie may store the interests of the user, which may in turn be used to assess audience reach or for other marketing purposes. “Third-party cookies” are those cookies supplied by providers other than the controller who operates the online offer (in the latter instance, the cookies are referred to as” first-party cookies”).

We may make use of temporary as well as permanent cookies, clarifying the use thereof within the scope of our data privacy declaration.

If users do not wish cookies to be stored on their computer, they are requested to deactivate the corresponding option within the system settings of their browser. Cookies which have previously been stored on a computer may be deleted by means of the browser’s system settings. By blocking cookies, the user may potentially restrict the functionality of this online offer.

An across-the-board objection to the use of cookies for the purposes of online marketing, especially for tracking purposes, may be expressed by means of the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, you can prevent cookies being stored on your computer by changing the appropriate browser settings. Please note that, should you choose to do so, you might not be able to take advantage of the full functionality of this online offer.

Deletion of Data

The data which we process is deleted or the processing thereof restricted in accordance with Art. 17 and 18 GDPR. Insofar as not expressly addressed within the framework of this data privacy declaration, the data we have stored will be deleted as soon as it is no longer required for its intended purpose and as soon as this data is no longer subject to statutory retention requirements. Insofar as data is not deleted because it is required for other legally permissible purposes, the processing thereof will be restricted. This means that the data will be blocked and not used for any other purposes. This applies, for example, to data which must be retained in order to comply with commercial or taxation statutes.

In accordance with the German legal code, data is retained for 10 years in compliance with §§ 147 par. 1 AO, 257 par. 1 Nos. 1 and 4, par. 4 HGB (books, records, summaries, accounting records, trading books, taxation-related documentation, etc.) and 6 years in compliance with § 257 par. 1 Nos. 2 and 3, par. 4 HGB (commercial correspondence).

In accordance with the Austrian legal code, data is retained for 7 years in compliance with § 132 par. 1 BAO (accounting records, receipts/invoices, accounts, records, commercial documents, income and expense statements, etc.), 22 years if pertaining to real estate and for 10 years if pertaining to electronic, telecommunication, radio and television services provided to noncommercial entities in EU member states within the scope of the Mini-One-Stop-Shop (MOSS).

Hosting

The hosting services used by us serve to provide the following benefits: infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical support to facilitate our online offer.

In doing so, we and/or our hosting providers process basic data, contact data, content data, contractual data, usage data, meta- and communication data of customers, of interested persons as well as visitors to this online offer on the basis of our legitimate interest in providing an efficient and secure online offer in accordance with Art. 6 par. 1 lit. f GDPR with particular reference to Art. 28 GDPR (contract for the provision of processing services).

Collection of Access Data and Log Files

We and/or our hosting providers pursuant to our legitimate interests consistent with Art. 6 par. 1 lit. f. GDPR collect data about every access to the server on which this service is located (so-called server log files). Access data includes the name of the webpage accessed, the date and time of day of access, the volume of data transferred, notification of successful request, browser type and version, the user’s operating system, referrer URL (the website which had been visited immediately prior), the IP address as well as the requesting provider.

For security reasons (e.g. to provide evidence of attempted abuse or fraud), log file information is stored for a maximum of 7 days after which it is deleted. Data which needs to be stored longer for evidentiary purposes will not be subject to deletion until such point as the case to which it pertains has been resolved completely.

Agency Services

We process our customers’ data within the framework of our contractual services which include conceptional and strategic consultation, campaign planning, software- and design development/consultation or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consultation services and training services.

Within this context, we process core information (such as customer contact information, names and postal addresses, email addresses, telephone numbers), content data (e.g. text entries, photographs, videos), contractual data (e.g. object and term of the contract), payment data (e.g. banking information, payment history), usage- and metadata (e.g. in order to analyze and evaluate the success of marketing measures). There are special categories of personally identifiable data that we fundamentally do not process, other than if they are components of a specifically contracted processing request. This pertains to our customers, interested persons as well as their customers, users, website visitors or employees as well as third-parties. The purpose for which data is processed is to provide contractual services, conduct billing and offer customer service. The legal basis for data processing is derived from Art. 6 par. 1 lit. b GDPR (contractual services), Art. 6 par. 1 lit. f GDPR (analysis, statistics, optimization, security measures). We process data that is necessary in order to justify and fulfill contractual services, simultaneously indicating why such data is required. Data is only shared with third-parties if this is necessary within the scope of the contract. When processing data which has been entrusted to us within the framework of a contract, we handle such data in accordance with the directives of the client as well as our contractual obligations in accordance with Art. 28 GDPR, not processing data for anything other than contractually relevant purposes.

We delete data as soon as statutory warranty- and similar obligations have expired. The necessity of retaining data is reviewed every three years; in the case of statutory archiving obligations, data is deleted subsequent to the expiration thereof (6 years per § 257 par. 1 HGB, 10 years per § 147 par. 1 AO). With respect to data which the client had provided to us within the framework of a contract, we will delete such data as required by said contract and, in general, upon completion thereof.

Administration, Accounting, Clerical Organization, Contact Administration

We process data within the framework of the administrative duties and organizational requirements of our business in order to conduct financial accounting as well as fulfill our legal obligations including archiving. In this context, we process the same data as we do in order to provide our contracted services. Data is processed in accordance with Art. 6 par. 1 lit. c. GDPR, Art. 6 par. 1 lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing of data. The purpose and our interest in the processing of data is rooted in the administration, accounting, clerical organization and archiving of data, that is to say in those tasks which serve the upkeep of our business activities, awareness of our obligations as well as provision of our services. Deletion of data pertaining to contractual services and contractual communications is consistent with aforementioned processing activities.

In this context, we share or transmit data to financial administrators, consultants – such as tax consultants and auditors – as well as other billing centers and payment services.

Furthermore, on the basis of our commercial interests, we store information pertaining to suppliers, event organizers and miscellaneous business partners, e.g. for the purpose of maintaining and establishing contact in future. Such data, which primarily pertains to our own business, is generally stored on a permanent basis.

Data privacy policy with respect to application processes

We only process applicant data for the purposes and within the framework of the application process and consistent with legal requirements. The processing of applicant data is done in order to meet our (pre-) contractual obligations within the scope of the application process in accordance with Art. 6 par. 1 lit. b. GDPR and Art. 6 par. 1 lit. f. GDPR insofar as we are required to do so, for example within the framework of legal procedures (in Germany, this is additionally subject to § 26 BDSG).

The application process requires the applicant to provide us with applicant data. The required applicant data, insofar as we provide an online form, is clearly indicated, otherwise deriving from the job specifications in question. This will fundamentally include personal specifics, postal and contact addresses as well as documentation in support of the application such as a cover letter, curriculum vitae, grade sheets, certificates etc. In addition, applicants may voluntarily provide us with additional information.

By transmitting their application to us, applicants are expressly declaring their consent to their data being processed pertinent to the application process consistent with the nature and scope of such processing as detailed within this privacy policy.

Insofar as special categories of personally identifiable data are shared within the framework of the application process consistent with Art. 9 par. 1 GDPR, said data will also be processed consistent with Art. 9 par. 2 lit. b GDPR (e.g. health data, such as degree of severe disability, or ethnic heritage). Insofar as special categories of personally identifiable data are requested of applicants consistent with Art. 9 par. 1 GDPR, such data will also be processed according to Art. 9 par. 2 lit. a GDPR (e.g. health data, should this be pertinent to performance of the job in question).

Insofar as provided, applicants may send us their applications by means of an online form on our website. Utilizing the latest technology, data will be encoded and then transmitted to us.
Furthermore, applicants can transmit their applications to us by email. In this regard, however, we point out that emails are not generally encoded and that, therefore, applicants are themselves responsible for ensuring that the email is appropriately encoded. We can assume no responsibility for the transmission path of the application from the time it is sent by the applicant until it lands on our server, which is why we recommend using the online form or sending the application using available postal services: Instead of submitting the application by means of the online form or email, applicants always have the option of sending their applications by post.

In the event that the application is successful, data provided to us by applicants may be further processed by us within the scope of the employment relationship. Otherwise, insofar as the application for a particular job is unsuccessful, the applicant data will be deleted. Applicant data will likewise be deleted if the application is withdrawn, which applicants are entitled to do at any time.

The deletion will occur, subject to a justified objection on the part of the applicant, upon expiration of a period of six months, allowing us to respond to potential follow-up questions pertaining to the application as well as to meet our disclosure requirements pertaining to equal opportunity laws. Bills for potential reimbursement of travel expenses are archived in accordance with the applicable tax code.

Talent Pool

Within the framework of the application process, we offer applicants the opportunity to be added to our “Talent Pool” for a period of two years pursuant to the applicant’s consent in accordance with Art. 6 par. 1 lit. b. and Art. 7 GDPR.

The application materials for members of the Talent Pool are processed solely within the framework of future job openings and employee searches, and will be deleted by no later than the conclusion of the aforementioned time period. Applicants are instructed that their consent to inclusion in the Talent Pool is voluntary, has no influence on their current application process, and that they can revoke their consent at any time with future effect or express their objection in accordance with Art. 21 GDPR.

Contact Procedures and Policies

Upon establishing contact with us (e.g. by means of contact form, email, telephone or social media), the information provided by the user will be used in order to process the contact request in accordance with Art. 6 par. 1 lit. b) GDPR. The information provided by the user may be stored in a Customer Relationship Management System (“CRM System”) or in a comparable inquiry management system.

We delete inquiries insofar as these are no longer required. We review the necessity of storing such inquiries every two years; Furthermore, this policy is subject to statutory archiving obligations.

Google Universal Analytics

Pursuant to our legitimate interests (such as our interest in analyzing, optimizing and commercially operating our online offer within the scope of Art. 6 par. 1 lit. f. GDPR), we utilize Google Analytics, a web analysis service provided by Google LLC (“Google”). Google uses cookies. In general, the information generated by the cookie about use of our online offer is transmitted to a Google server in the USA, where it is also stored.

Google is certified under the Privacy Shield agreement, thus guaranteeing it will adhere to European data privacy legislation ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information at our request in order to evaluate use of our online offer by users, in order to compile reports about activities within the scope of our online offer, and in order to provide us with other services pertaining to use of our online offer as well as of the Internet in general. In the process, the data which is processed may be used to create a pseudonymous profile of the user.

We utilize Google Analytics in its manifestation as “Universal Analytics”. “Universal Analytics” pertains to a process employed by Google Analytics, by means of which user analysis is conducted using a pseudonymous user ID, thus generating a pseudonymous profile of the user based on information gathered from use of various devices (so-called “cross-device tracking”).

We only utilize Google Analytics with activated IP anonymization. This means that, within member states of the European Union as well as within other states that are signatories to the charter establishing the European Economic Area, the IP addresses of users are truncated by Google. Only in exceptional cases is the full IP address transmitted to a Google server in the USA, where it is then truncated.

The IP address transmitted by the user’s browser is not linked to other data gathered by Google. Users may prevent cookies being stored on their devices by changing the applicable settings of their browser software; furthermore, users may prevent the collection of any data generated by the cookie pertaining to their use of our online offer as well as any further processing thereof by Google, simply by clicking on the following link, then downloading and installing the browser plug-in which is available:  http://tools.google.com/dlpage/gaoptout?hl=de.

With one click, you can also prevent tracking by Google Analytics (=opt-out): click here

Current setting:


Further information about data usage by Google as well as your settings and blocking options, can be found in Google’s own data privacy policy ( https://policies.google.com/technologies/ads) as well as in Google’s ad settings (https://adssettings.google.com/authenticated).

Personally identifiable data about users is either deleted or anonymized after 14 months.

Facebook Pixels, Custom Audiences and Facebook Conversion

Based upon our legitimate interest in analyzing, optimizing and commercially operating our online offer and for such purposes, we utilize within our online presence so-called “Facebook Pixels” provided by social network Facebook operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are a resident of the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 (“Facebook”).

Facebook is certified under the Privacy Shield agreement, thus guaranteeing that it will comply with European data privacy laws ( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

With the help of Facebook Pixels, it is possible for Facebook to establish visitors to our online offer as a target group for the display of advertising (so-called “Facebook Ads”). Consistent with this, we utilize Facebook Pixels in order to ensure that we only display Facebook Ads to those Facebook users who have shown an interest in our online offer or specific elements thereof (e.g. interest in specific themes or products that can be determined by dint of websites which have been visited), which we then transmit to Facebook (so-called “Custom Audiences”). With the help of Facebook Pixels, we also try to ensure that our Facebook Ads correspond with the potential interests of users and are not annoying. Furthermore, with the help of Facebook Pixels we can determine the effectiveness of Facebook advertising for statistical and market research purposes in that we are able to see whether users, having clicked on a Facebook Ad, were indeed redirected to our website (so-called “conversion”).

The processing of data by Facebook is consistent with Facebook’s own data usage guidelines. Within this context, general information about the display of Facebook Ads can be read in Facebook’s own data usage guidelines here:  https://www.facebook.com/policy.php. Special information and details about Facebook Pixels and their functionality can be found in the “Help” area of Facebook: https://www.facebook.com/business/help/651294705016616.

You may block collection of data by Facebook Pixels and the usage of your data for the purposes of displaying Facebook Ads. In order to adjust the settings to determine what types of advertising are displayed to you on Facebook, you can go to the webpage provided by Facebook for that purpose and follow the instructions:  https://www.facebook.com/settings?tab=ads. The settings apply regardless of the platform you happen to be using, meaning that the new settings will carry over to all of your equipment including desktop computers as well as mobile devices.

Furthermore, you may prevent the installation of cookies which are used both to determine the audiences reached as well as for other advertising purposes by going to the deactivation page provided by Network Advertising Initiative ( http://optout.networkadvertising.org/) by going to the US website ( http://www.aboutads.info/choices) or by visiting the European website ( ( http://www.youronlinechoices.com/uk/your-ad-choices/)

With just one click, you can prevent Facebook from tracking your usage (=opt-out): click here

Current setting:

Online Presence in Social Media

We maintain an online presence within social networks and platforms in order to communicate with customers, interested persons and users who are active there, and to provide them with information about our services. When you visit the various networks and platforms, the respective terms of business and data processing policies of the operator in question will apply.

Unless otherwise stipulated within the framework of our data privacy policy, we process the data of users to the extent that they choose to communicate with us within social networks and platforms, e.g. by writing comments on our online platforms or sending us messages.

Integration of Third-Party Services and Content

On the basis of our legitimate interests (that is to say, in order to analyze, optimize and commercially operate our online offer pursuant to Art. 6 par. 1 lit. f. GDPR), we utilize the content and/or services of third-party providers in order to integrate said content and services, including videos and/or fonts (hereinafter uniformly referred to as “content”).

This always assumes that the third-party provider of such content is aware of the user’s IP address since, without the IP address, the content cannot be sent to your browser. That said, the IP address is required in order to display such content. We make every effort to only use content whose providers use the IP address solely for the delivery of content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical and marketing purposes. These pixel tags make it possible to analyze information, such as visitor traffic on the pages of this website. Pseudonymous information may also be stored on the user’s device in the form of cookies, containing technical information such as the type of browser and operating system, linking websites, session times as well as other information pertaining to use of our online offer. Such data may also be linked with other data sources.

Youtube

We integrate videos from the Internet platform “YouTube” operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

Google Fonts

We utilize fonts (“Google Fonts”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.