Privacy Statement

The following privacy statement is valid for the usage of our online offer (hereinafter referred to as “website”).

We attach immense importance to the protection of data. The collection and processing of your personal data are subject to existing data protection regulations, especially the General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer the portal mentioned above. This statement describes how and for what reason your data is recorded and used, and which choices you have concerning your personal data.

1. Responsible

Responsible for collecting, processing, and using your personal data within the meaning of Article 4, point (7) GDPR is:

C PLUS M Consulting PLUS Management Österreich GmbH
Berchdesgadner Str. 3
5020 Salzburg

We revise this privacy statement on an ad hoc basis, e.g. when making adjustments to this website. You can find the date of the most recent version at the end of this privacy statement.

You can save and print this privacy statement at any time.

2. General Usage of the Website

2.1 Hosting

We use the hosting services of our hosting provider internet GmbH to supply the following services: infrastructure and platform services, computing capacity, storage, database and security services as well as technical maintenance services that we use for the operation of the website.

The utilization of these hosting services is in our legitimate interest to provide an efficient and safe online offer within the meaning of Article 6(1), sentence 1 f) GDPR in conjunction with Article 28 GDPR.

2.2 Access Data

We automatically record information on your user behavior and your interaction with us and we register data about your computer or mobile device. We collect, store, and use data on each usage of our online offer (so-called server log files).
Part of this access data are:

- Name and URL of the retrieved file
- Date and time of the retrieval
- The volume of data transferred
- HTTP response code
- Browser type and browser version
- Operating system
- IP address and requesting provider

We use this protocol data without attributing it to your person or for another form of profile creation, mainly for statistical evaluations for the purposes of operation, security, and the optimization of our online offer. We also use it in order to anonymously record the number of visitors (traffic) on our website as well as the scope and nature of the utilization of our website and services. Based on this information, we can analyze the movement of data, identify mistakes, and improve our services.

In this lies our legitimate interest within the meaning of Article 6(1), sentence 1 f) GDPR.

We reserve the right to verify the protocol data retroactively in case solid evidence raises the reasonable suspicion of an illegal utilization.

2.3 Cookies

We exclusively use so-called session cookies to make our website more user-friendly, effective, and safer. A session cookie is a small text file which is sent at the visit of a website by the respective server and is being stored intermediately on your hard disk. This data file contains a so-called session ID through which the different requests of your browser during the joint session can be related. Thereby, your computer can be recognized when you return to our website. These cookies are deleted once you close your browser. They can be used to temporarily save the screen resolution in order to provide an optimal display of the website.

In this also lies our legitimate interest within the meaning of Article 6(1), sentence 1 f) GDPR.

By means of the session ID, the following data and information is being saved temporarily during one browser session:

- Login information
- Screen resolution
- Language settings

When activating the cookie, it receives an identification number. There is no attribution of your personal data to this identification number. Your name, IP address or similar data which would enable an attribution of the cookie to you are not saved by the cookie.

We inform you of this type of cookie usage in a pop-up window once you reach the website. However, you can modify your browser’s settings so that you are informed about the usage of cookies beforehand and can decide on a case-by-case basis whether you rule out the use of cookies in particular cases or generally or whether the use of cookies should be prevented completely. This can impede the functionality of the website.

2.4 Email Contact

From the website, you can get in touch with us via email. To make this possible, we have integrated several links into our website which access your standard email program in case you actively use this option (pop-up). The personal data you provide us in an email is being saved outside of the website in order to contact you and process your request.

In this context, we pass on the submitted data to our Group companies in Germany and Liechtenstein if the contact with you takes place from there within the logic of our regional concept.

In this also lies our legitimate interest within the meaning of Article 6(1), sentence 1 f) GDPR.

2.5 Documents/Downloads

In order to facilitate the comprehensibility of our approach or of individual aspects, we make documents available to you on our website in the form of PDF files. The access and the download of these documents takes place just like the access of a webpage where access data is recorded as per paragraph 2.2. No further personal data is recorded.

In this also lies our legitimate interest within the meaning of Article 6(1), sentence 1 f) GDPR.

2.6 Storage Period

Generally, we only store personal data as long as this is necessary for the purposes pursued. In particular
- personal access data in the context of server functionality is stored according to legal requirements;
- personal data in the session cookies is only stored during the browser session;
- personal data provided to us by email will be stored as long as it serves the aforementioned purpose of processing.

3 Data Security

While keeping in mind technical and organizational possibilities, we make the maximum effort to preserve the security of your data in the context of the current data protection legislation.

To secure your data we maintain technical and organizational safeguard measures within the meaning of Art. 32 GDPR which we constantly adapt to the state-of-the-art.

In particular, your personal data is transmitted by us in an encrypted way. This concerns emails and the login. We use the coding system SSL (Secure Socket Layer), however want to point out that the transmission of data on the internet (e.g. when communicating per email) may exhibit security gaps. A complete protection of data from the access by third parties is not possible.

The servers used by us are carefully secured on a regular basis. However, we do not guarantee that our offer is available at particular times; technical faults, disruptions or malfunctions cannot be excluded.

4 Transfer of personal data

As described above, we employ a provider for the operation of our website ( internet GmbH in Wals-Siezenheim, Österreich). Here it is possible that the provider gain knowledge of personal data. We choose our service providers carefully – especially in regard to data protection and security – and take all measures as required by data-protection law to guarantee the lawful data processing. In this context, we contractually oblige our service provider as the processor to only use personal data in accordance with data protection legislation and to ensure the rights of the persons concerned.

Furthermore, no personal data that we record to ensure the functioning of the website is transferred to third parties, also not to our Group companies in Germany and Liechtenstein.

It can happen that we transfer data which you have provided us via email to our Group companies in Germany and Liechtenstein (see above). In this regard, also our Group companies are contractually obliged to only use personal data in accordance with data protection legislation and to ensure the rights of the persons concerned. In particular, our Group company in Liechtenstein (third country) naturally subjects itself to the European Union’s legal provisions.

A further transfer of personal data by us or our Group company, especially for advertising purposes, does not take place in any event and is not planned.

5 Your Rights as the Data Subject

According to legal provisions, you have several rights regarding your personal data. If you want to exercise these rights, please address your request per email or per mail with explicit identification of your person to the address stated in paragraph 1.

In the following, you find an overview of your rights.

5.1 Right to Confirmation and of Access

At any time, you have the right to receive a confirmation from us whether or not we process your personal data. If this is the case, you have the right to obtain information about this data as well as a copy free of charge.

Should personal data be transferred to a third country or international organization, you have the right to be informed about appropriate safeguards regarding the transfer within the meaning of Art. 46 GDPR.

5.2 Right to Rectification

You have the right to demand the rectification of inaccurate personal data that concerns you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

5.3 Right to Erasure (“Right to be Forgotten”)

Within the meaning of Art. 17(1) GDPR you have the right to demand from us the erasure of your personal data without undue delay.

If we are obliged to erase your personal data within the meaning of Art. 17(1) GDPR, while taking account of available technology and the cost of implementation, we take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you have requested the erasure of any links to, or copy or replication of, those personal data.

5.4 Right to Restriction of Processing

You have the right to obtain from us the restriction of the processing where one of the following applies:

1. the accuracy of the personal data is contested by you, for a period that enables us to verify its accuracy;
2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
3. we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims;
4. you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of our company override yours.

5.5 Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where:

1. the processing is based on consent pursuant to point (a) of Art. 6(1) or point (a) of Art. 9(2) or on a contract pursuant to point (b) of Art. 6(1) GDPR; and
2. the processing is carried out by automated means.

In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where this is technically feasible.

5.6 Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6(1) GDPR. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise or defense of legal claims.

5.7 Automated Decision-Making, Including Profiling

We do not practice decision-making based solely on the personal data collected by us.

5.8 Right of Withdrawal from Consent

You have the right to withdraw your consent regarding the processing of your personal data at any time.

5.9 Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with the appropriate supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes legal provisions.

C PLUS M Consulting PLUS Management Österreich GmbH - Juni 2018

SP=1-CCBot/2.0 (