privacy policy
Declaration on information to be provided – Privacy Policy
The protection of your personal data is important to us. We want you to be informed about what types of personal data we collect and how we process them. We process your data only in compliance with applicable data protection laws and regulations (GDPR, Data Protection Amendment Bill, Telecommunications Act 2003). This Privacy Policy contains the most important aspects of data processing.
In the course of further developing our websites and the implementation of new technologies, changes to this Privacy Policy may occur. Thus, we advise you to periodically reread this Privacy Policy.
Contacting us
If you contact us via the form on this website, e-mail or telephone, we store your personal data for a period of two years for the purpose of processing your request and for the event that follow-up-communication is necessary. We do not transmit this data to third parties without your consent.
We collect personal data for the following purposes:
- Legal basis of performance of a contract: The data provided by you is necessary for the performance of a contract or the implementation of pre-contractual measures. Without this data, we cannot conclude a contract with you. Examples of purposes: Processing requests, preparing offers & invoices
- Legal basis of legitimate interests: We process your personal data on the basis of our legitimate interest (e.g. CRM-system for the efficient and timely processing of user requests, Google Analytics for analyses, optimized and efficient operation of our online offer).
- Legal basis of consent: You have freely provided us with your personal data and we process this data on the basis of your consent. Examples of purposes: Consent to receiving the newsletter or registration for an event. You can withdraw your consent at any time. Upon such notice of withdrawal, we will stop processing your personal data for the aforementioned purposes. To withdraw your consent, please contact: dsgvo@kthe.at
Period for which the data will be stored/Time limits for erasure
The collected personal data is erased when the user has withdrawn his consent to its storage or when the storage of the data is no longer necessary for the intended purposes.
Furthermore, the period for which your data is stored depends on the applicable laws and regulations and the specific application:
- Contact details in consequence of offers and invoices: 7 years
- Contact details in consequence of requests: 2 years
- Job applications: 6 months
- Google Analytics (up to 2 years, depending on the type of cookies (Details))
- Contact details in consequence of our newsletter and invitations to events: unlimited, because recipients can unsubscribe at any time
Processor
We hire processors for our data processing (e.g. e-mail & web hosts, CRM-system, e-mail newsletter service, website statistics, tax consultant). These processors are strictly obligated to protect your personal data and are not authorized to process your personal data for any other purpose than the provision of our services.
Security measures
We take state-of-the-art organisational, contractual and technical security measures to ensure that the provisions of the data protection law are complied with and to protect the data processed by us from accidental or deliberate manipulation, loss, destruction or access by unauthorised persons.
Cookies
Cookies are small text files sent from our web server to your browser when you visit our websites and stored on your device.
We set the following cookies on our website:
Google Analytics: You can find more details below
ShareThis: Records “click-stream” activities, only contains personal data when you possess a ShareThis account and are actively logged in.
If you wish to refuse the storing of cookies on your device, we kindly ask you to deactivate the corresponding option in your browser settings. You can delete stored cookies via your browser settings. However, if you deactivate cookies, certain features of our online services may not work properly.
Web analytics
This website uses:
- Website statistics
Automatically provided by our web host. The access statistics do not contain any personal data, since the IP-addresses of our website’s users are anonymised. - Google Analytics
On the basis of our legitimate interest (i.e. interest in the analysis, optimization and efficient operation of our online offer based on Art. 6 para 1 lit f GDPR) we use Google Analytics and Google Search Console, web analytics services of Google LLC („Google“). We have contracted Google as data processor.
Google uses cookies to collect information about the use of our online offer by our site’s visitors. This information is then usually transmitted to and stored on a Google server in the USA. Google stores cookies for the following time periods: _utma two years from the date of access, _utmb 30 minutes from the time of access, _utmc until the end of the session, _utmt 10 minutes from the time of access, _utmz 12 hours from the time of access.
For more information on the processing of user data by Google Analytics, please consult Google’s Privacy Policy: support.google.com
If you wish to refuse the storing of data collected by Google through the use of cookies in connection with your use of the website, you can download and install the following browser plug-in: tools.google.com
Alternatively, you can refuse the collection of your data by Google Analytics by clicking on the following link, setting an opt-out cookie that prevents the collection of your data when you visit this website in the future: Deactivate Google Analytics
Google is certified under the Privacy Shield Framework and has made a commitment to comply with European Data Protection Law – www.privacyshield.gov
- Web host IP-address
Our web host is processing the following personal data in a server log file for the purpose of monitoring the technical function and raising the operational safety of the web server, on the basis of the legitimate interest of the controller (technical security measures):
Accessed website, date and time of server inquiry, type of browser/browser version, used operating system, transferred data volume, notice of successful access, referrer URL, IP-address, host name. We ourselves do not have access to the log files.
Integration of the services and contents of third parties
Within our online offer, we integrate content or services provided by third parties, like videos or text fonts (hereinafter referred to as “contents”), on the basis of our legitimate interest (i.e. interest in the analysis, optimization and efficient operation of our online offer based on Art. 6 para 1 lit f GDPR). This always requires the third parties providing these contents to have access to the users’ IP-addresses, because without IP-address they cannot send contents to the users’ browsers. Thus, the IP-address is necessary for the display of these contents. We make an effort to exclusively use contents of providers who use these IP-addresses only for the provision of their contents.
The following list gives you an overview of third party providers and their contents as well as links to their privacy policies containing more information on the processing of data and possibilities of withdrawal or refusal (so-called opt-out), as partly mentioned before:
Webfonts
For the coherent presentation of text fonts, this site uses so-called Web Fonts provided by Monotype Imaging Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA. When accessing a site, your browser loads the needed Web Fonts in your browser cache to correctly display texts and text fonts.
For this purpose, the server you are using has to contact the servers of fonts.com. This way, fonts.com is informed that our website has been accessed via your IP-address. We use fonts.com Web Fonts for the purpose of a coherent and appealing presentation of our online offers. This presents a legitimate interest based on Art. 6 para 1 lit f DSGVO.
If your browser does not support Web Fonts, your computer uses a standard text font instead.
For more information about Web Fonts, please consult https://www.fonts.com/info/legal and Fonts.com’s privacy policy: https://www.fonts.com/info/legal/privacy/ as well as this privacy policy: https://www.monotype.com/legal/privacy-policy/
Instagram
We have integrated features of Instagram’s services in our online offer. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. When logged-in to you Instagram account, you can link our site’s contents to your Instagram profile by clicking on the Instagram button. This way, Instagram can attribute the access to our site to your user account. Please note that as provider of the sites we receive no information about the content of the transmitted data or their use by Instagram.
Privacy policy: http://instagram.com/about/legal/privacy/
Online presence in social media
We maintain online presences in social networks and platforms to communicate with our customers, prospective customers and users there active and inform them about our services. When accessing any of these networks and platforms, the terms and conditions and policies on data processing of the respective operators apply. Unless stated otherwise in our Privacy Policy, we process user data if they communicate with us via social networks or platforms, e.g. write posts in connection with our online presence or send us messages.
Privacy Policies of the platforms:
Facebook: https://www.facebook.com/business/gdpr
Twitter: https://gdpr.twitter.com/en/faq.html
Google+: https://policies.google.com/privacy?hl=de
LinkedIn: https://www.linkedin.com/help/linkedin/answer/87080
Instagram: https://help.instagram.com/519522125107875?helpref=page_content
YouTube: https://policies.google.com/privacy?hl=de&gl=de
Hubspot CRM
We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141USA (hereinafter Hubspot CRM). Hubspot CRM enables us, among other things, to manage existing and potential customers and customer contacts. With the help of Hubspot CRM, we are able to record, sort and analyse customer interactions via email, social media or telephone across various channels. The personal data collected in this way can be analysed and used for communication with potential customers or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyse the user behaviour of our contacts on our website. The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG (German Telecommunications-Telemedia Data Protection Act, abbreviated in German to TTDSG), insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Details can be found in Hubspot’s privacy policy:
https://legal.hubspot.com/privacy-policy
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://legal.hubspot.com/dp-eu-data-transfers
The company is certified in accordance with the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards.
Further information on this can be obtained from the provider at the following link:
https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt0000000TN8pAAG&status=Active
Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Your rights
In general, you have a right to request from the controller access to and rectification or erasure of personal data or restriction of processing or the right to object to processing or withdraw consent as well as the right to data portability. If you believe that the processing of your personal data infringes applicable data protection law or that your data protections rights are infringed in any other way, you can lodge a complaint with the competent supervisory authority. In Austria, the competent supervisory authority is:
Austrian Data Protection Authority
Wickenburggasse 8-10
1080 Wien
Telephone: +43 1 531 15-202525
eMail: dsb@dsb.gv.at
Homepage: https://www.dsb.gv.at/
You can contact KTHE Team Farner Werbe GmbH via the following contact details:
KTHE Team Farner Werbe GmbH
Lehargasse 7/1/7
A-1060 Wien
Telephone: +43 1 5225550
eMail: office@kthe.at
Homepage: http://www.kthe.at
You can contact our data protection officer
Klaudia Winkler
Telephone: +43 1 5225550
eMail: dsgvo@kobzamedia.com