Privacy Statement
for the group of companies of 4a technology GmbH (as of July 2020)

Name and address of the person responsible

The person responsible for www.4a.co.at and www.4a.at within the meaning of the General Data Protection Regulation (iF “GDPR”) and other national data protection laws of the member states as well as other data protection regulations is:

Name and address of the person responsible:

Tanja Hafellner

4a technology GmbH
Industriepark 1
A – 8772 Traboch

Tel.: (+43) 03842 / 45 106 – 600
Fax: (+43) 03842 / 45 106 – 780

DSGVO-Requests to: privacy@4a.at

Website: www.4a.at

General information on data processing

Scope of processing of personal data

We only collect and use our users’ personal data insofar as this is necessary to provide a functional website as well as our content and services. The personal data of our users is collected and used regularly only with the user’s consent. An exception applies in cases where prior consent is not possible for actual reasons and the processing of the data is permitted by statutory provisions or the processing is necessary for the performance of a contract of which a user is a contracting party or for the implementation of pre-contractual measures, which take place at the request of the user.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art 6 (1) lit a EU General Data Protection Regulation (GDPR) serves as the legal basis. In the case of the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art 6 (1) lit b GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures. Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art 6 (1) lit c GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the party concerned do not outweigh the former interests, Art 6 (1) lit f GDPR serves as the legal basis for the processing.

Data erasure and storage time

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is no longer necessary. Storage may also take place if this is intended by the European or national legislator in EU regulations, laws or other regulations to which the data controller is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion of a contract or a fulfilment of the contract.

Provision of the website and creation of log files

Description and scope of data processing

Each time our website www.4a.at or www.4a.co.at is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

  • information about the browser type and version used
  • internal resolution of the browser window
  • browser language
  • the user’s operating system
  • screen resolution
  • color depth
  • the user’s internet service provider
  • the user’s IP address
  • Javascript activation
  • Java On /Off
  • cookies On / Off
  • date and time of access
  • websites from which the user’s system enters our website
  • websites accessed by the user’s system via our website

The data is also stored in the log files of our system. This does not affect the IP addresses of the user or any other data enabling an allocation of the data to a user. A storage of this data, together with any other personal data of the user, does not take place.

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art 6 (1) lit f GDPR.

Purpose of data processing

The temporary storage of the IP address by the system is necessary in order to enable the delivery of the website to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. In these purposes lies also our legitimate interest in data processing in accordance with Art 6 (1) lit f GDPR. Furthermore, the collected data is intended to prevent misuse of our services.

Transmission of data

This personal data will be transmitted to the following recipients for the above purposes:

Recipients of the transfer

Function

Hetzner Online GmbH, Industriestraße 25,

91710 Gunzenhausen, Germany

our IT service provider

  

Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is terminated. In the case of the storage of the data in log files, this is the case after seven days at the latest. Additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

Possibility of opposition

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

 

Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or via the internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is re-accessed. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies:

  • language setting
  • Log-in information

We also use cookies on our website that enable an analysis of users’ browsing behaviour. In this way, the following data can be transmitted:

  • entered search terms
  • frequency of page views
  • use of website functions

The user’s data collected in this way are pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users. When accessing our website, the user is informed about the use of cookies for analysis purposes and his consent is obtained to the processing of the personal data used in this context. In this context, a reference is also made to this privacy statement. Your web browser transmits the mentioned data to us when you visit our website.

Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art 6 (1) lit f GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art 6 (1) lit a GDPR, if the prior consent of the user has been obtained.

Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. We require cookies for the following applications:

  • transfer of language settings
  • remembering of form contents

The user data collected by technically necessary cookies will not be used to create user profiles. The use of analysis cookies is for the purpose of improving the quality of our website and its contents. With the help of analysis cookies, we learn how the website is used and can thus continuously optimize our offer. Within these purposes lies our legitimate interest in the processing of personal data in accordance with Art 6 (1) lit f GDPR.

Transmission of data

This personal data will be transmitted to the following recipients for the above purposes:

Recipients of the transfer

Function

Hetzner Online GmbH, Industriestraße 25,

91710 Gunzenhausen, Germany

our IT service provider

  

Duration of storage, possibility of appeal and disposal

Cookies are stored on the user’s computer and transmitted from the user to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, all functions of the website may no longer be fully utilized.

Contact by e-mail

Description and scope of data processing

On our website you will find our e-mail address in the “Contact Us” section, which can be used for electronic contact. The following data will be transmitted to us and stored:

  • name
  • e-mail address
  • text of e-mail

By sending your e-mail, you agree to our privacy policy and agree that we will store your personal data for further processing.

Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art 6 (1) lit f GDPR. If the e-mail contact aims to conclude a contract, the additional legal basis for the processing is Art 6 (1) lit b GDPR.

Purpose of data processing

The processing of personal data from the e-mail serves only for the establishment of contact. This also imply the necessary legitimate interest in the processing of the data in the case of contact by e-mail.

Transmission of data

This personal data will be transmitted to the following recipients for the above purposes:

Recipients of the transfer

Function

Hetzner Online GmbH, Industriestraße 25,

91710 Gunzenhausen, Germany

our IT service provider

Microsoft Privacy, Microsoft Corporation,

One Microsoft Way, Redmond, Washington 98052, USA

our IT service provider

Microsoft Ireland Operations Limited, One Microsoft Place

South County Business Park, Leopardstown, Dublin 18, Ireland

our IT service provider

 

Duration of storage

The personal data that have been sent to us by e-mail will only be deleted when the respective conversation with the user has ended and the purpose of their collection is no longer necessary. The conversation ends when it is clear from the circumstances that the facts in question have been finally clarified.

Possibility of opposition and disposal

The user has the possibility to revoke his/her consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. The revocation is possible by e-mail or letter to us.

Using Google Maps

Description and scope of data processing

On our website we use Google Maps for the visual representation of interactive maps and for the creation of directions. Google Maps is a map service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of our website, including your IP address and the (start) address entered as part of the route planner function, can be transmitted to Google in USA. If you visit an internet page of our website that contains Google Maps, your browser establishes a direct connection to the servers of Google. The map content is transmitted by Google directly to your browser and integrated from your browser into the website. Therefore, we have no influence on the amount of data collected by Google in this way. The following data will be transmitted:

  • date and time of the visit on the relevant website
  • internet address or URL of the website accessed
  • IP address, (start) address entered as part of route planning.

The stated data are not collected without your consent but are usually collected within the scope of your personal settings on Google Maps. The data can be processed in the United States.

Legal basis for data processing

Within our online presence, we rely on our legitimate interests in optimization and economic efficiency within the meaning of Art 6 (1) lit f GDPR and include the content or service offerings of Google Maps. By using our website, you consent to the processing of the data collected about you by Google Maps Route Planner in the manner and for the purposes described above.

Purpose of data processing

The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights and configuration options for the protection of your privacy can be found in the privacy policy of Google Maps https://policies.google.com/privacy?hl=de.

Transmission of data

This personal data will be transmitted to the following recipients for the above purposes:

Recipients of the transfer

Function

Google LLC, 1600 Amphitheatre Parkway,

Mountain View, CA 94043, USA

Provider of the Google Analytics service

  

Duration of storage

We have no influence on the further processing and use of the data by Google and therefore cannot assume any responsibility for this. If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you will not be able to use the map display.

Possibility of opposition and disposal

The possibilities of the removal of your personal data as well as information on the right of objection can be found in the privacy policy of Google Maps https://policies.google.com/privacy?hl=de.

Using Google Fonts

Description and scope of data processing

Google web fonts are used to visually improve the appearance of various information on our website. Google Fonts is a service of the Google Group, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The web fonts are transferred to the browser’s cache when the page is called up in order to be able to use them for display. If the browser does not support the Google web fonts or prevents access, the text is displayed in a standard font. The following data will be transmitted:

  • the anonymized IP address of the user
  • name of the browser used
  • version of the browser
  • web page from which the request was triggered
  • user’s operating system
  • user’s screen resolution
  • user’s IP address
  • language settings of the browser or operating system that the user uses

The integration of these web fonts is done by a server call, usually a google server in the USA.

Legal basis for data processing

We refer to the legal basis of Art 6 (1) lit f GDPR for the balancing of interests, based on our interest in offering a website that can be read as well and quickly as possible.

Purpose of data processing

For a fast and data-minimizing as well as visually improved display of various texts on our website we use Google Webfonts http://www.google.com/webfonts.

Transmission of data

Recipients of the transfer

Function

Google LLC, 1600 Amphitheatre Parkway,

Mountain View, CA 94043, USA

Provider of the Google Analytics service

  

Duration of storage

We have no influence on the further processing and use of the data by Google and therefore cannot assume any responsibility for this. If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you will not be able to use the map display.

Possibility of opposition and disposal

The possibilities of the removal of your personal data as well as information on the right of objection can be found in the privacy policy of Google Maps https://policies.google.com/privacy?hl=de.

Use of Google Analytics

Description and scope of data processing

To increase efficiency, we use the services of Google Analytics, a web analytics service of the Google Group, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (iF “Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including your [anonymised] IP address) is transmitted to a Google server in the USA and stored there. In order to safeguard the interests of users in the protection of their personal data, this is done by anonymising the data. Your IP address is thus already transmitted anonymously to Google. The following data is processed:

  • the anonymized IP address of the user
  • date and time of access
  • frequency of page views
  • use of website functions
  • the user’s operating system
  • the user’s internet service provider
  • websites from which the user’s system enters our website
  • websites accessed by the user’s system via our website
  • used operating systems of end devices

Your web browser transmits the mentioned data to us when you visit our website.

Legal basis for data processing

The legal basis for the processing of the data is our legitimate interest in increasing efficiency as well as in the financing of the website within the meaning of Art 6 (1) lit f GDPR.

Purpose of data processing

The processing of the personal data of the users enables us to analyze the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. The anonymisation of the IP address takes sufficient account of the interest of users in protecting their personal data.

Transmission of data

This personal data will be transmitted to the following recipients for the above purposes:

Recipients of the transfer

Function

Google LLC, 1600 Amphitheatre Parkway,

Mountain View, CA 94043, USA

Provider of the Google Analytics service

  

Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection.

Possibility of opposition and disposal

Cookies are stored on the user’s computer and are transmitted from there to our site. As a user you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it might be that not all functions of the website can be used to the full extent. You can prevent the storage of cookies by setting your Browser software appropriately. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by transmission to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout.

Use of Hotjar

Description and scope of data processing

In order to better understand the user experience of our customers and thus improve it in the future, we use the services of Hotjar. We can see how much time users spend on which pages, which links they click on, etc. Hotjar uses cookies and other technologies to collect information about the behavior of our users and their devices (in particular, IP address of the device (only recorded and stored in anonymised form), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language of our website. Hotjar stores this information in a pseudonymized user profile. The information is not used by Hotjar or us to identify individual users and is not merged with other data about individual users. For more information, see the Hotjar Privacy Policy. These can be found at https://www.hotjar.com/legal/policies/privacy

Summary of the data submitted to Hotjar

  • anonymized IP address of the user
  • date and time of access
  • frequency of page views
  • use of website functions
  • the user’s operating system
  • the user’s internet service provider
  • websites from which the user’s system enters our website
  • websites accessed by the user’s system via our website
  • used operating systems of end devices

Your web browser transmits the mentioned data to us when you visit our website.

Legal basis for data processing

The legal basis for the processing of the data is our legitimate interest in increasing efficiency as well as financing our website within the meaning of Art 6 (1) lit f GDPR.

Purpose of data processing

The processing of the personal data of the users enables us to analyze the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. The anonymisation of the IP address takes sufficient account of the interest of users in protecting their personal data.

Transmission of data

This personal data will be transmitted to the following recipients for the above purposes:

Recipients of the transfer

Function

Hotjar Ltd, Level 2 – St Julians Business Centre 3,

Elia Zammit Street -St Julians STJ 1000, Malta, Europe

Provider of the Hotjar service

  

Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection.

Possibility of opposition and disposal

Cookies are stored on the user’s computer and transmitted from the user to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that all functions of the website can no longer be used to the full extent. You can prevent the storage of cookies by changing the settings of your browser. You can prevent storage of a user profile and information about your visit to our website by Hotjar as well as the setting of Hotjar Tracking Cookies on other websites by using this link https://www.hotjar.com/legal/compliance/opt-out

Rights of data subject

If we process your personal data, you are a data subject within the meaning of GDPR and you have the following rights towards us, the data controller.

Rights

You may request confirmation from the data controller if personal data concerning you is processed by us. If such processing is available, you can request information from the data controller about the following:

  • the purposes for which the personal data are processed;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed;
  • the planned duration of the storage of the personal data concerning you or, if specific information is not possible, the criteria for determining the storage period;
  • the existence of a right to rectification or erasure of personal data concerning you, a right to restrict processing by the controller or a right to prevent such processing;
  • the existence of a right of appeal to a supervisory authority;
  • all available information about the origin of the data if the personal data are not collected from the data subject;
  • the existence of automated decision-making, including profiling in accordance with Art 22 (1) and (4) GDPR and, at least in this cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.

You have the right to request information if personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate guarantees under Art 46 GDPR relating to the transmission.

Right to correction

You have the right of correction and/or completion towards the controller if the personal data processed concerning you is inaccurate or incomplete. The data controller must make the correction without delay.

Right to restrict processing

You can request the restriction of the processing of your personal data under the following conditions:

  • if you dispute the accuracy of the personal data concerning you for a period that allows the data controller to verify the accuracy of the personal data;
  • if the processing is unlawful and you refuse to delete the personal data and request the restriction of the use of the personal data instead;
  • if the data controller no longer needs the personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims, or
  • if you have objected to the processing in accordance with Art 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data may be processed only with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the university or a Member State, without their storage. If the restriction of processing has been restricted according to the above conditions, you will be informed by the data controller before the restriction is released.

Right to erase – obligation to delete

You may require the controller to immediately delete the personal data concerning you, and the data controller is obliged to delete such data immediately if one of the following reasons applies:

  • The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You revoke your consent, on which the processing was based in accordance with Art 6 (1) lit a or Art 9 (2) lit a GDPR, and there is no other legal basis for the processing.
  • You object to the processing in accordance with Art 21 (1) GDPR and there are no primary legitimate reasons for the processing, or you object to the processing in accordance with Art 21 (2) GDPR.
  • The personal data concerning you has been processed unlawfully.
  • The erasure of personal data concerning you is necessary to fulfil a legal obligation under Union law or under law of the Member States to which the controller is subject to.
  • The personal data concerning you has been collected in relation to information society services offered in accordance with Art 8 (1) GDPR.

Information to third parties

If the data controller has made personal data concerning you public and is in accordance with Art 17 (1) GDPR responsible to delete it, he shall take appropriate measures, taking into account the available technology and the cost of implementation, including technical measures, to inform data controllers, who process the personal data, that you, as a data subject, have requested from the data controller the deletion of all links to such personal data or copies or replicas of this personal data.

Exceptions

The right to erasure does not exist if the processing is necessary

  • to exercise the right to freedom of expression and information;
  • to fulfil a legal obligation requiring processing under the law of the Union or the Member States to which the controller is subject to, or to carry out a task which is in the public interest or in the exercise of official authority delegated to the controller;
  • public health interests in accordance with Art 9 (2) lit h and i and Art 9 (3) GDPR;
  • for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Art 89 (1) GDPR, insofar as the law referred to in section 10.4.1 is likely to make the achievement of the objectives of such processing impossible or seriously impairs the achievement of the objectives of such processing, or
  • for the assertion, exercise or defence of legal claims.

Right to information

If you have asserted the right to rectification, erasure or restriction of the processing against the data controller, the data controller is obliged to notify all recipients, to whom the personal data has been disclosed, about this rectification or deletion of the data or restriction of the processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.

Right to data portability

You have the right to receive personal data concerning you, which you have provided to the data controller, in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance by the controller to whom the personal data was provided, if:

  • the processing is based on a consent in accordance with Art 6 (1) lit a GDPR or Art 9 (2) lit a GDPR or on a contract pursuant to Art 6 (1) lit b GDPR and
  • processing is carried out using automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you are transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons shall not be adversely affected. The right of data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of public authority delegated to the controller.

Right to object

Pursuant to Art 6 (1) lit e or f GDPR you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you. The controller no longer processes the personal data concerning you, unless he can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. You have the option of exercising your right to object in connection with the use of information company services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Automated decision-making on a case-by-case basis, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect towards you or similarly significantly affects you. This does not apply if the decision

  • is necessary for the conclusion or performance of a contract between you and the responsible party,
  • is permitted by Union or Member State legislation to which the person responsible is subject to and if that legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
  • is with your express consent.

However, these decisions must not be based on specific categories of personal data under Art 9 (1) GDPR, unless Art 9 (2) lit a or g GDPR applies and measures have been taken to protect rights and freedoms and your legitimate interests. With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to the intervention of a person on the part of the controller, to express his or her point of view and to challenge the decision.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to appeal to a supervisory authority, in particular in the Member State of your place of residence, place of work or place of alleged infringement, if you consider that the processing of personal data concerning you is in breach of the provisions of the GDPR. The supervisory authority to which the complaint was lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art 78 GDPR.