Dated: 18 May 2018
1. Data processing and legal basis
2. Security measures
2.1. We take organisational, contractual and technical security measures corresponding to the state of the art in order to ensure that the regulations of the data protection legislation are complied with and in order to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. 2.2. Said security measures include but are not limited to the encrypted transfer of data between your browser and our server.
3. Disclosure of data to third parties and third-party providers
4. Provision of contractual services
4.1. We process data about the user (for example IP addresses) and contractual data upon registration (for example services used, names of contact people and payment information) for the purpose of fulfilling our contractual obligations and providing our services pursuant to Art. 6(1)(b) GDPR. 4.2. Users can register for re.comm. Information that is mandatory for registration will be marked as such. Registration is not public and user data cannot be indexed by search engines. Users can request the erasure of their data in writing at any time. User data shall be deleted on request, unless retention is necessary on commercial or tax law grounds in accordance with Art. 6(1)(c) GDPR. We are entitled permanently to delete all user data that have been stored during the term of the contract. 4.3. When a user registers, logs on or uses our online services, we save the IP address and the time of the user action. The legal basis for storage is our legitimate interest and the legitimate interest of users in protection from misuse and other unauthorised use. Such data will not be disclosed to third parties unless this is necessary for the exercise of our rights or we have a legal obligation to do so pursuant to Art. 6(1)(c) GDPR. 4.4. We process usage data (for example pages of our website visited and interest in our events) and content data (for example information provided during registration) for advertising purposes in a user profile in order, for example, to provide the user with event information based on the services they have used so far.
5.1. When a user contacts us (by e-mail or using the contact form), the user's details are processed to allow us to process the enquiry pursuant to Art. 6(1)(b) GDPR. 5.2. The user's details are only stored internally and are not disclosed to third parties unless we have a legal obligation to do so pursuant to Art. 6(1)(c) GDPR. 6. Collection of access data and log files 6.1. Based on our legitimate interests within the meaning of Art. 6(1)(f) GDPR, we collect data about each instance of access to the server on which this service is located ("server log files"). Access information includes the name of the website accessed, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user's operating system, the referrer URL (the site visited before), the IP address and the requesting provider. 6.2. Log file information is stored for security reasons (for example to investigate misuse or fraud) for a maximum of seven days and then deleted. Data for which further storage is required for evidence purposes are exempt from erasure until the respective occurrence is finally clarified.
7. Cookies & reach measurement
8. Google Analytics
9. Facebook Social Plugins
11. Integration of third-party services and content
12. Rights of the user
12.1. Users have the right to access, on request and free of charge, the personal data we have stored concerning them. 12.2. Users also have the right to have inaccurate data rectified, to the restriction of processing and to the erasure of their personal data, if applicable, to exercise their rights to data portability and, in the event of suspected unlawful data processing, to lodge a complaint with the competent supervisory authority. 12.3. Users are also entitled to withdraw their consent with effect for the future.
13. Erasure of data
13.1. The data stored with us shall be deleted as soon as they are no longer required for their intended purpose and their erasure does not contravene any statutory duties of retention. In the event that user data are not deleted because they are required for other and legally admissible purposes, their processing shall be restricted i.e. the data shall be made unavailable and not processed for other purposes. This applies, for example, to user data that is required to be retained for commercial or tax law reasons. 13.2. Under statutory requirements, retention is for seven years pursuant to Section 212 par. 1 of the Austria Commercial Code [UGB] (accounts, inventories, opening balance sheets, annual financial statements, business letters, accounting records, etc.) and pursuant to Section 190 and following UGB.
14. Right to object
User have the right to object at any time to future processing of their personal data in accordance with statutory provisions. They have in particular the right to object to processing for the purposes of direct marketing.
16. Any other questions?
If you have any questions regarding the collection, processing or use of your personal data, you can contact our external data protection officer directly. The independent data protection officer monitors statutory compliance:
epmedia Werbeagentur GmbH
Tel.: 0043 1 512 16 16 – 0