GDPR information obligation and data protection declaration
GDPR Information Obligation
The following information is a concise, understandable and transparent summary of the information contained in the Privacy Policy about the data manager, the purpose and method of processing personal data, as well as your rights in connection with this processing in the form necessary to fulfill the information obligation of the GDPR. Details of the nature of the processing and the entities involved in this process can be found in the specified policy.
Who is the data controller?
The personal data administrator (hereinafter referred to as Administrator) is AVS Betriebsorganisation GesmbH, operating at the following address: Hebbelplatz 5, AT-1100 Vienna, with assigned VAT ID: ATU16146105 and assigned FN number: 30865s.
How can you contact the data controller?
The administrator can be contacted in one of the following ways
• Postal address - AVS Betriebsorganisation GesmbH, Hebbelplatz 5, 1100 Vienna
• Email address: austria@avs-europe.com
• Phone Number: +43 1 604 5858
Has the administrator appointed a personal data protection officer?
The administrator has appointed a data protection officer, Mr. Bernhard Blümel.
The data protection officer can be contacted by:
• by email to the email address: datenschutz@avs-europe.com
• by telephone on: +43 1 604 5858
• or in writing to the address Hebbelplatz 5, 1100 Vienna
The data protection officer can be contacted for all questions related to the processing of personal data.
Where do we get personal data from and what sources does it come from?
The data comes from the following sources:
• by the data subjects
To what extent do we process personal data?
The website processes ordinary personal data voluntarily provided by the individuals to whom it relates (e.g. first and last name, login, e-mail address, telephone number, IP address, etc.).
The detailed scope of the processed data can be found in the data protection declaration.
What are the purposes of our data processing?
The personal data voluntarily provided by the user will be processed for one of the following purposes:
• Implementation of electronic services:
• Administrator's communication with users on matters related to the website and privacy
• Ensuring the Administrator's legitimate interest
What are the legal bases for data processing?
The administrator collects and processes user data on the basis of:
• Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data, on the free movement of data and on the repeal of Directive 95/46/EC (General Data Protection Regulation)
o Article 6 sec. 1 lit. and
the data subject has consented to the processing of their personal data for one or more specific purposes
o Article 6 sec. 1 lit. b
The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures that are taken at the request of the data subject
o Article 6 sec. 1 lit. f
Processing is necessary to protect the legitimate interests of the Administrator or a third party
What legitimate interest does the administrator pursue?
• For the possible assertion, assertion or defense of claims, the legal basis for the processing is our legitimate interest (Art. 6 Para. 1 lit. f GDPR), which consists in the protection of our rights, among other things;
• To evaluate planned marketing campaigns
• For direct marketing purposes
For how long do we process personal data?
As a rule, the personal data provided are stored only for the period of providing the service within the framework of the website operated by the Administrator.
In exceptional circumstances, this period may be extended to protect the Administrator's legitimate interests. In such a case, the Administrator will store the provided data from the moment the User requests their removal, but no longer than for a period of 3 years in case of violation or suspected violation of the provisions of the Website Rules by the data subject .
Who is the recipient of personal data?
The only recipient of the data is usually the administrator.
However, data processing can be entrusted to other companies that provide the Administrator with services to maintain the operation of the website.
These companies include, among others:
• Hosting companies that provide hosting or related services to the Administrator
Will your personal data be transferred outside the European Union?
Personal data will not be transferred outside the European Union unless the publication is the result of an individual action by the user (e.g. entering a comment or entry), which makes the data accessible to every visitor to the website.
Will personal data be the basis for automated decision-making?
Personal data is not used for automated decision-making (profiling).
What rights do you have in connection with the processing of personal data?
• The right to access personal data.
Users have the right to access their personal data, which is implemented at the request of the Administrator
• The right to rectification of personal data.
Users have the right to request the Administrator to promptly correct incorrect personal data and/or supplement incomplete personal data, provided that this is done at the request of the Administrator
• The right to delete personal data.
Users have the right to request the Administrator to delete personal data immediately, provided that this is done upon request to the Administrator.
• The right to restrict the processing of personal data.
Users have the right to limit the processing of personal data in the cases specified in Art. 1. Art. 18 GDPR, e.g. questioning of the correctness of personal data, which is carried out at the request of the administrator
• The right to transfer personal data
Users have the right to receive from the Administrator personal data about the User in a structured, commonly used machine-readable format at the request of the Administrator
• The right to object to the processing of personal data.
Users have the right to object to the processing of their personal data in the cases specified in Art. 1. Art. 21 of the GDPR, takes place upon request from the administrator
• Right to complain:
Users have the right to lodge a complaint with the supervisory authority for personal data protection.
Privacy Policy
The following Privacy Policy establishes the rules for storing and accessing data on the devices of Users using the Website for the purpose of providing services electronically by the Administrator, as well as the rules for collecting and processing personal data of Users who they have personally and voluntarily provided the tools available on the website.
§1. definitions
• Website – AVS Betriebsorganisation GesmbH website at https://www.avs-europe.com
• External website – websites of partners, service providers or service recipients cooperating with the Administrator
• Website/data administrator - The website administrator and data administrator (hereinafter referred to as the administrator) is the company "AVS Betriebsorganisation GesmbH" with the address: Hebbelplatz 5, 1100 Vienna, with the assigned VAT ID: ATU16146105 and the assigned FN number: 30865s.
• User – a natural person to whom the Administrator provides Services electronically through the Website.
• Device – an electronic device with software through which the User gains access to the Website
• Cookies (Cookies) – text data collected in the form of files placed on the User's device
• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and on the repeal of Directive 95/46 / EC data (General Data Protection Regulation )
• Personal data – is information about an identified or identifiable natural person (“data subject”); An identifiable natural person is a person who can be identified, directly or indirectly, in particular by means of an identifier such as first and last name, identification number, location data, online identifier or one or more specific physical, physiological, genetic or psychological factors that affect the economic, cultural or social identity of a natural person
• Processing – means an operation or set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as: B. collecting, recording, organizing, filing, storing, adapting or modifying, downloading, displaying, using, disclosing by posting, distributing or otherwise such as sharing, matching or combining, restricting, deleting or destroying;
• Restriction of processing – means the marking of stored personal data with the aim of restricting their future processing
• Profiling is understood to mean any type of automated processing of personal data consisting in the use of such personal data to evaluate certain personal factors of a natural person, in particular aspects related to work, economic or health implications analyze or predict that natural person's personal preferences, interests, credibility, behavior, location or movement
• Consent – the data subject's consent is a voluntary, specific, conscious and unequivocal expression of will by which the data subject consents to the processing of personal data concerning them in the form of a statement or a clear affirmative action
• Personal Data Breach – means a breach of security resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed
• Pseudonymization means the processing of personal data in such a way that it can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and covered by technical and organizational measures that prevent assignment to an identified or identifiable natural person
• Anonymization – data anonymization is an irreversible data processing process that destroys/overwrites “personal data” and makes it impossible to identify a specific data set or to assign it to a specific user or person.
§2 Data Protection Officer
The administrator has appointed a data protection officer. The DPO can be contacted via the e-mail address datenschutz@avs-europe.com, by telephone on +43 1 604 5858 or in writing at the address Hebbelplatz 5, 1100 Vienna.
The data protection officer can be contacted for all questions related to the processing of personal data.
§3 Types of cookie files
• Internal cookies – files placed and read by the website's ICT system on the user's device
• External cookies – files placed and read on the User's device by ICT systems of external websites. Scripts from external websites, which may place cookies on the user's devices, have been deliberately placed on the website via scripts and services made available and installed on the website
• Session cookies – files placed and read by the website on the user's device during a session of a specific device. After the session ends, the files are deleted from the user's device.
• Persistent cookies – files placed on the user's device by the website and read until manually deleted. The files are not automatically deleted after the end of the device session, unless the user's device is configured to delete cookies after the end of the device session mode.
§4 Security of data storage
• Mechanisms for storing and reading cookies – Mechanisms for storing, reading and exchanging data between cookies stored on the user's device and the website are implemented by built-in mechanisms of web browsers and do not allow downloading other data from the user's device or data from other websites visited by the user, including personal or confidential information. It is also practically impossible for viruses, Trojans and other worms to be transmitted to the user's device.
• Internal Cookies - Cookies used by the Administrator are secure for users' devices and do not contain scripts, content or information that could compromise the security of personal data or the security of the device used by the user.
• External cookies – the administrator takes all possible measures to check and select website partners within the framework of user security. For cooperation, the administrator selects well-known, large partners with global social trust. However, it does not have a complete
• Control over the content of cookies from external partners.
The administrator is not responsible for the security of cookie files, their content and license-compliant use by scripts installed on the website that come from external websites, to the extent permitted by law. The list of partners can be found in the further part of the data protection declaration.
• Cookie Control
o The user can independently change the settings for saving, deleting and accessing the data of saved cookies on each website at any time
o Information on how to disable cookies in the most common computer browsers can be found on the website of the respective provider.
o The user can at any time delete all previously saved cookie files using the tools of the user's device through which the user uses the services of the website.
• Threats from the user – the administrator uses all possible technical measures to ensure the security of the data stored in cookie files. However, it should be noted that ensuring the security of this data depends on both parties, including the activity of the user. The administrator is not responsible for intercepting such data, spoofing the user's session or removing it due to user's conscious or unconscious activity, viruses, trojans and other spyware that may have infected the user's device. To protect themselves from these threats, users should follow the rules of using the network.
• Storage of personal data – the Administrator ensures that he makes every effort to ensure that the processed personal data voluntarily entered by users is safe, access to it is limited and implemented in accordance with its purpose and the purposes of processing. The administrator also ensures that he makes every effort to protect the stored data from loss using appropriate physical and organizational security measures.
§5 Purposes for which cookies are used
• Optimizing and facilitating access to the site
• Personalization of the website for users
• Keeping statistics (users, number of visits, device types, connection, etc.)
§6 Purposes of processing personal data
The personal data voluntarily provided by the user will be processed for one of the following purposes:
• Implementation of electronic services:
• Administrator's communication with users on matters related to the website and privacy
• Ensuring the Administrator's legitimate interest
Data collected anonymously and automatically about users is processed for one of the following purposes:
• Keep statistics
• Ensuring the Administrator's legitimate interest
§7 Types of data collected
The website collects data about users. Part of the data is collected automatically and anonymously, and part of the data is personal data that the user voluntarily provides when subscribing to individual services offered on the site.
Automatically collected anonymous data:
• IP address
• Browser type
• Screen resolution
• Approximate location
• Opened subpages of the website
• Length of stay on the relevant subpage of the website
• The type of operating system
• The address of the previous subpage
• Referrer address
• Browser language
• Internet connection speed
• Internet Provider
Data collected during registration:
• First name Last Name
• E-mail address
• Phone Numbers
Part of the data (excluding identification data) can be stored in cookies. Part of the data (excluding identification data) may be communicated to the provider of statistical services.
§8 Access to personal data by third parties
The only recipient of personal data provided by users is usually the administrator. The data collected as part of the services provided will not be passed on or resold to third parties.
Access to data (usually on the basis of a data processing agreement) can be granted to entities responsible for maintaining the infrastructure and services necessary for the operation of the website, i.e. H.:
• Hosting companies that provide hosting or related services to the Administrator
Hosting services entrusted with the processing of personal data:
To operate the Website, the Administrator uses the services of an external hosting provider: home.pl Spółka Akcyjna with its registered office at ul. Zbożowa 4, 70-653 Szczecin, Poland.
