Privacy policy

Data protection declaration of Interzero Circular Solutions Europe GmbH and Interzero Circular Consulting Austria Gmbh

As of: May 2, 2024

The protection and security of your data is an important concern for us, Interzero Circular Solutions Europe GmbH (hereinafter ” Interzero “), which we take into account in all our business processes. In this data protection declaration, we would like to give you an overview of the data protection-relevant aspects of our online offering. In the following we explain:

1. What personal data we collect when you use Interzero’s online offering.
2. For what purposes this data is processed by Interzero and any third-party companies.
3. What rights you have regarding the processing of your data.
4. How to contact us on the subject of data protection.

What are personal data?

Personal data (or simply ” data ” below) is all information that relates to an identified or identifiable natural person. On the one hand, this includes data such as names, dates of birth or addresses, but IP addresses are also data within the meaning of this definition.

When does this privacy policy apply?

This privacy policy applies to the online offerings of Interzero and Interzero Circular Consulting Austria Gmbh, a subsidiary of Interzero (hereinafter ” ICCA “), under the domains www.interzero.at , including the following web shops:

• Licensing.interzero.at
• aktenvernichtung.interzero.at
• machines.interzero.at

as well as the social media presences of Interzero and ICCA on Facebook , LinkedIn and YouTube (hereinafter collectively or individually “ social media presences ”).

legal basis

We process and protect your data based on the EU General Data Protection Regulation (hereinafter ” GDPR “). This requires a legal basis for the processing of personal information. Our legal basis depends on the purpose of the data processing. We base ourselves on:

1. Execution of a contract if we have concluded a contract with you or if pre-contractual measures are required at your request. This includes the processing of your personal data for the acceptance and execution of contracts and, if necessary, for payment processing (Article 6 (1) (b) GDPR).
2. Protection of legitimate interests if the processing is necessary to protect our legitimate interests or those of third parties (such as our customers) (Article 6 (1) (f) GDPR).
3. Your consent if we give you your consent to process personal data concerning you for specific purposes. You can withdraw your consent at any time and we will then no longer process your data for the respective specific purpose (Article 6 Paragraph 1 Letter a of GDPR).
4. Legal obligations , when we process your personal information to fulfill a legal obligation to which we are subject (Article 6 (1) (c) GDPR).

We have concluded a corresponding agreement on order processing with third parties who process personal data on our behalf. In the case of joint controllership, we have concluded agreements on joint processing.

 

1. responsibility and contact person

The controller within the meaning of the GDPR for data processing at Interzero is

Interzero Circular Solutions Europe GmbH
Vorgartenstraße 206c
1020 Vienna,
Austria

and for the ICCA the

Interzero Circular Consulting Austria Gmbh
Vorgartenstraße 206c
1020 Vienna,
Austria

You can contact Interzero and ICCA regarding data protection matters at office@interzero.at or by post to the Interzero address given above to the QM department with the addition “Attn: Data Protection Coordinator”.

 

2. data processing when visiting our websites

2.1. Automatically collected access data

You can visit our websites and webshops without providing any personal information. Only access data that is automatically transmitted to us by your browser will be recorded. This includes, for example, your online identifiers (e.g. IP address, session IDs, device IDs); details of the web browser and operating system used; where applicable, the website from which you accessed our websites and web stores (i.e. if you accessed one of our websites via a link); the names of the files requested (i.e. which texts, videos, images, etc.); the language settings of your browser; where applicable, error reports; and the times of individual accesses. you have viewed on our websites); the language settings of your browser, any error reports, and the times of the individual accesses.

The processing of this access data is necessary to enable you to visit and comfortably use our websites and webshops and to ensure their permanent functionality and security.

The access data is also stored in internal log files for a short period of time in order to compile statistical information about the use of our websites and webshops. This enables us to continuously optimize and further develop our websites with regard to the usage habits and technical equipment of our users and to eliminate malfunctions and security risks. The information stored in the log files does not allow any direct conclusions to be drawn about your person – in particular, we only store the IP addresses in shortened, anonymized form. The log files are stored for a maximum of 30 days and archived after subsequent anonymization.

The legal basis for this data processing is Article 6 paragraph 1 letter f GDPR.

2.2. Your news and messages

We collect all information and data that you provide to us through our website. For example, at various points on our website you have the option of sending us messages and sometimes files (e.g. PDF documents) using functions such as a ” contact form “. Any mandatory information required to use these functions is marked as such. This includes your name, email address and telephone number where we can reach you.

We will only use your information to process your request. We delete the resulting data after the storage is no longer necessary or restrict the processing if there are legal retention obligations.

We use our internal Microsoft Outlook environment to process incoming messages. Your messages are sent to office@interzero.at or to the specified email addresses and used to process your request.

On machines.interzero.at we also use the chat service provided by Tidio Sp. Z o.o., al. Wojska Polskiego 81, 70-481 Szczecin, Poland (hereinafter “ tidio ”). For this purpose, incoming messages are forwarded and stored via a ticket system. The forwarding takes place via the tidio system to our internal email address shop.austria@interzero.at , where it is processed by us. Further information on data processing by tidio, in particular on the question of which data is processed by tidio, can be found in tidio’s privacy policy at https://www.tidio.com/privacy-policy/

Your message will only be passed on to another company within the Interzero Group or to external third parties acting on our behalf if this is necessary to process your request (for example, we will forward your message to another company in the Interzero Group if that company is responsible for your request). If you do not want your message to be passed on to another company in the Interzero Group or to external third parties, you can tell us this directly in your message – of course also as a precautionary measure. We will then not forward your message.

The legal basis for this data processing is Article 6 paragraph 1 letter b GDPR.

2. 3. Newsletter

If you register for our newsletter via our website, we process personal data such as your name, your email address, the time of registration and your IP address. We also store which newsletters we have sent you, the time at which you opened them or blocked them or marked them as spam, whether the newsletters were delivered. We also process whether you subscribe to or unsubscribe from the newsletter and which links you click on in the newsletters.

The processing of this data is included in the consent given when registering for our newsletter.

The legal basis for this data processing is Article 6 paragraph 1 letter a GDPR.

2. 4. Cookies

We use our own and third-party cookies to improve the presentation and content of our websites. A cookie is a standardized text file that is stored by your browser for a specified period of time. Cookies enable the local storage of information such as e.g. language settings and temporary identifiers that can be queried by the server that set the cookie during subsequent website visits. In addition, the cookies allow us to statistically record and analyze general usage behavior when visiting our websites. In addition, we use the services of external service providers who process the access data generated by the use of our website in order to enable the playout of interest-based advertising, e.g., for the purpose of advertising campaigns. in the context of search queries.

Technical cookies are necessary for the performance of our website and are therefore “essential”. We use cookies to provide our services, for example to:

1. to recognize when you sign up to use our services;
2. Provide features, products and services that may be of interest to you, including but not limited to advertisements for our services, if offered in the Interzero Group;
3. prevent fraudulent activities;
4. improve safety;
5. Take into account your preferences, e.g. for currency and language.

We also use cookies to understand how you use our services so that we can make improvements. For example, we use cookies to perform research and diagnostics, to improve the content of our website, and to measure and analyze the performance of our services.

Marketing cookies: We also use cookies to deliver certain types of ads and to show certain ads that are relevant to you based on your interests.

We only use optional cookies and comparable technologies for marketing and analysis purposes if you have given your consent for data processing in accordance with Art. 6 Para. 1 lit. a GDPR and for data transfer to third countries in accordance with Art. 49 Para. 1 lit. a GDPR via our cookie banner. In section 3.4 we explain the risks associated with data transfer to third countries.

We use third-party cookies for web analysis and advertising purposes . You will receive more detailed information on this in the further course of this data protection declaration.

You can revoke your consent at any time or adjust the selection of cookies by selecting the link to the Cookie Policy in the cookie banner and selecting your consent by ticking the appropriate boxes. The storage time of the individual cookies is also displayed transparently here.

If you delete your cookies, we will ask for your consent again when you visit the site later.

We delete the processed data after storage is no longer necessary or restrict processing if statutory retention periods apply.

Approved third parties may also set cookies when you interact with us. These third-party providers include search engines, measurement and analytics providers, social media networks, and advertising companies. Third-party vendors use cookies when providing advertising content, particularly ads that are relevant to you based on your interests, to measure the effectiveness of their ads, and to provide services to you.

To see which approved third-party cookies we use and to adjust cookie settings, please click on the Cookie Policy link in the cookie banner in the bottom left corner.

More information about cookies:

Technical cookies remain in your browser for 13 months after your last visit to us. Except for cookies that record your personal information settings (such as, for example, advertising settings), which may remain in your browser for up to 5 years. Other cookies remain in your browser for 13 months after you have given us your consent to use them.

We will apply your cookie settings, with which you made your selection, and any other browser you are logged into. If you are not logged in, we may have to ask for your selection again.

Alternatively, you can go to your browser settings to learn how to prevent your browser from accepting new cookies, how to set your browser to notify you when you receive a new cookie, how to disable and remove cookies, and when cookies expire.

Thanks to the operational cookies, you can use some of the essential functions of us. If you block or otherwise refuse technical cookies through your browser settings, some features and services may stop working.

The legal basis for data processing concerning technically necessary cookies is Art. 6 (1) (f) GDPR. In addition, the legal basis for data processing is your consent in accordance with Art. 6 (1) (a) GDPR.

2.5 Applications of tag managers, cookies and plug-ins

2.5.1. Google Tag Manager

Our website uses Google Tag Manager, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “ Google ”). The Tag Manager is used for more efficient management of so-called website tags. A web page tag is a placeholder that is stored in the source code of our website, for example to record the inclusion of frequently used web page elements (e.g. code for the web analytics service). The Google Tag Manager does not require the use of cookies. In some cases, data is processed on a Google server in the USA. In section 3.4, we explain the risks associated with the transfer of data to third countries.

In section 3.4, we explain the risks associated with the transfer of data to third countries.

The legal basis is Art 6 para 1 lit a GDPR. You can also find more information in Google’s tag manager information.

You can adjust your consent at any time by activating the marketing cookies in the cookie banner by setting the check mark or deactivating them by removing the check mark.

2.5.2. Google Analytics

Our websites use the web analysis service Google Analytics, which is offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “ Google ”).

In the cookie banner you can agree to the transfer to and processing by Google Analytics or reject the transfer to and processing.

Insofar as you have consented to the processing and disclosure in the cookie banner, the data will be transferred to Google. You can revoke this consent by deactivating the necessary marketing cookies by removing the check mark. If you have not consented to the processing, no data will be transferred to Google. This may result in not all services of our website being available to you.

Google Analytics uses cookies to collect your access data when you visit our website. The access data is compiled by Google on our behalf into pseudonymous usage profiles and transmitted to a Google server in the USA. Before that, your IP address is anonymized. We are therefore unable to determine which usage profiles belong to a particular user. Based on the data collected by Google, we can therefore neither identify you nor determine how you use our website. By clicking on “I accept” in the cookie banner, you also consent to your data being processed in the USA in accordance with Art. 49 Paragraph 1 Clause 1 Letter a of GDPR. The European Court of Justice considers the USA to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data could be processed by US authorities for control and monitoring purposes, possibly without any legal recourse. If you click on “Accept essential cookies only”, the transmission described above will not take place.

Google will use the information obtained from the cookies on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. You can also find more information on this in the Google Analytics privacy policy.

You can object to the creation and evaluation of pseudonymous usage profiles by Google described above at any time. You have several options for this:

(1) You can set your browser to block cookies from Google Analytics.

(2) You can adjust your Google Ads settings on Google.

(3) You can install the deactivation plug-in provided by Google https://tools.google.com/dlpage/gaoptout?hl=de in your Firefox, Edge or Chrome browsers (this variant does not work on mobile devices).

In the event that personal data is transferred to the USA, we must conclude the EU standard contractual clauses with the respective providers and check a statement from the provider as to whether these clauses and any additional measures taken by the provider correspond to the EU data protection level.

In section 3.4, we explain the risks associated with the transfer of data to third countries.

The legal basis for this data processing is Art 6 Para 1 lit a GDPR.

2.5.3 Integration of YouTube videos

We have embedded YouTube videos in parts of our website. YouTube is a video platform operated by the Google company YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter ” YouTube “).

The embedded YouTube videos can be played directly on our website. These are embedded in “extended data protection mode”, which means that no data about you as a user is transferred to YouTube if you do not play the videos. Data is only transferred to YouTube when you play the videos. We have no influence on this data transfer. This is your decision. Please consider whether you want the data to be transferred to the USA or not.

When you play a video, YouTube and Google receive the access data generated as well as the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether or not you are logged into YouTube or Google.

If you are logged in to Google, your data will be assigned directly to your Google account as soon as the video is played. If you do not want the association with your profile on YouTube, you must log out before playing a video.

YouTube and Google may use your access data to create usage profiles for the purposes of advertising, market research, and demand-oriented design of their own websites. You have the right to object to the creation of these user profiles, whereby the objection must be addressed directly to YouTube or Google. You can also find more information in Google’s privacy policy applicable to YouTube.

In section 3.4 we explain the risks associated with the transfer of data to third countries.

The legal basis for the data processing described above, insofar as we are responsible for it, is Art 6 Para 1 lit a GDPR.

2.5.4. Google Maps

Our website uses the Google Maps map service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “ Google ”). In order for the Google map material we use to be integrated and displayed in your web browser, your web browser must establish a connection to a Google server, which may also be located in the USA, when you call up the contact page.

In section 3.4, we explain the risks associated with the transfer of data to third countries.

In addition, if you call up the Google map service on our website while you are logged into your Google profile, Google may link this event to your Google profile. If you do not wish to be assigned to your Google profile, you must log out of Google before accessing our contact page . Google stores your data and uses it for purposes of advertising, market research and personalized presentation of Google Maps. You can object to this data collection vis-à-vis Google.

Further information can be found in Google’s privacy policy at policies.google.com/privacy and the additional terms of use for Google Maps at www.google.com/intl/de_US/help/terms_maps.html .

You can opt out of the service at Opt-Out: adssettings.google.com/authenticated .

The legal basis for this data processing is Art 6 Para 1 lit a GDPR.

2.5.5. Google reCAPTCHA

To protect our website from automatic, computer-controlled entries, we use the “reCAPTCHA” service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter ” reCAPTCHA “). By using this service, it is possible to distinguish whether the corresponding input is of human origin or has been misused by automated machine processing.

To our knowledge, the referrer URL, the IP address, the behavior of website visitors, information about the operating system, browser and dwell time, cookies, display instructions and scripts, the user’s input behavior and mouse movements in the area of the “reCAPTCHA” checkbox are transmitted to “Google”.

The IP address transmitted as part of “reCAPTCHA” is not merged with other data from Google, unless you are logged into your Google account at the time of using the “reCAPTCHA” plug-in. If you want to prevent “Google” from transmitting and storing data about you and your behavior on our website, you must log out of “Google” before visiting our site or using the reCAPTCHA plug-in.

The use of the service “reCAPTCHA” obtained information is in accordance with the Google Terms of Use: https://www.google.com/intl/de/policies/privacy/.

If you do not wish data to be transferred to the USA, you can unsubscribe at any time at https://adssettings.google.com/authenticated.

In section 3.4, we explain the risks associated with the transfer of data to third countries.

The legal basis for the described data processing is Art 6 para 1 lit a GDPR.

2.5.6. Facebook

Some of our websites contain functions of the social network Facebook (so-called plug-ins). These plug-ins are operated by Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter ” Facebook “). Facebook and we are joint controllers in accordance with the GDPR.

When you visit a website that contains a plug-in that you have activated, your browser establishes a direct connection to the Facebook servers, whereby the content of the plug-in (e.g. “Like” or share button) is transmitted to your browser and integrated into our websites. Through this, the information that you have visited our websites is forwarded to Facebook. If you are logged in to Facebook via your personal user account while visiting our websites, Facebook can assign the website visit to this account.

By interacting with plug-ins, e.g. by clicking the “Like” button or leaving a comment, the corresponding information is collected directly by Facebook and stored there. If you want to prevent this, you must log out of your Facebook account before activating plug-ins .

For the purpose and scope of data collection by Facebook, as well as the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook’s privacy policy(http://de-de.facebook.com/privacy/explanation.php).

In section 3.4 we explain the risks associated with the transfer of data to third countries.

The legal basis for the data processing described above, insofar as we are responsible for it, is Art. 6 Para. 1 lit a GDPR.

2.6. Data processing for social media presences

2.6.1. Facebook fan page

We operate a Facebook fan page (hereinafter ” fan page “) on the social network of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (hereinafter ” Facebook “) in joint responsibility with Facebook in order to communicate with users and followers (such as our customers and interested parties) and to provide information about our products and services.

In doing so, we may receive statistics from Facebook regarding the use of our Fan Page by Facebook/Fan Page users and, for example, information about interactions, likes, comments, or aggregate information and statistics (e.g., regarding the age or origin of users and our followers) that help us learn about interactions with our page. For more information on the nature and scope of these statistics, please see the Facebook Page Statistics Notice. Further information on the respective responsibilities can be found in the Facebook Page Insights Addendum. ( https://www.facebook.com/legal/terms/page_controller_addendum

We have no influence on data that is processed by Facebook on its own responsibility in accordance with Facebook’s terms of use. However, we would like to point out that when you visit the Fanpage, data about your usage behavior is transferred from Facebook and the Fanpage to Facebook. Facebook itself processes the aforementioned information to create more detailed statistics and to use it for its own market research and advertising purposes, over which we have no influence. You can find more information about this in Facebook’s privacy policy.

Insofar as we receive your personal data during the operation of the Fanpage, you are entitled to the rights set out in section 7 of this data protection declaration. If you also want to assert your rights against Facebook, the easiest way to do so is to contact Facebook directly. Facebook knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing and can implement appropriate measures upon request if you exercise your rights. We will be happy to support you in asserting your rights as far as we are able and will forward your requests to Facebook.

You can find Facebook’s privacy information on Page Insights data here. https://de-de.facebook.com/legal/terms/information_about_page_insights_data

We receive the following categories of data from Facebook in anonymized form:

Information about people:

• People who “like” our fan page: gender, age, place of residence and language,
• People reached: People for whom our post was published in the last 28 days,
• Interacting People: People who have liked, commented, shared, or otherwise interacted with our posts in the last 28 days.

Information about likes:

• Total number of likes for the fan page,
• number of new likes,
• Breakdown of likes by origin (country, city, location), gender, age and language.

Reach:

• Post reach: Number of people our post was delivered to, broken down by paid and organic reach,
• Positive interactions: likes, comments, shares and recommendations,
• Negative interactions: Hidden posts, reported as spam, “Unliked”,
• number of fan page subscribers,
• Total reach: Number of people who saw an action on our site.

Information about visits:

• Page and tab views: Information on how often each tab and button (e.g. website, telephone number, “Plan route” button) of our fan page was displayed or clicked,
• Visitor behavior: Information about whether the visitor hovers over the name or profile picture of the fan page to see a preview of the page content and information about whether the fan page visitor is logged in on a computer or mobile device,
• External links: Information on how often people accessed our fan page via a link from a website outside of Facebook.

Information about contributions:

• Online behavior of our “fans”: Information about when the people who “like” our page are on Facebook,
• Post types: Information about the success of each post type based on average reach and interaction,
• Most popular posts from Pages we keep track of: See interactions on posts from Pages we keep track of.

Information about videos:

• Video views: Information on how often the videos on our fan page were viewed for more than three seconds,
• 30-second views: Information on how often our fan page videos have been viewed for more than 30 seconds. If our video is shorter than 30 seconds, the people who have viewed the video 95% of the time are counted.
• Top videos: Information about the videos most viewed for at least three seconds on our fan page.

In section 3.4, we explain the risks associated with the transfer of data to third countries.

The legal basis for this data processing is Art 6 Para 1 lit a GDPR.

2.6.2. Other social media presences

Interzero is represented in the following social networks with its own social media presences and can be reached by you:

1. Facebook: https://www.facebook.com/immobilienoptimierer
2. LinkedIn: https://www.linkedin.com/company/interzero-austria
3. Youtube: https://www.youtube.com/@interzero-austria

We also have a fan page on the social media platform LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; hereinafter “ LinkedIn ”). We will inform you there about news and activities of Interzero and we like to use the possibilities of social networks to communicate directly with their members. The data processed includes, in particular, data on user behavior, information on the device used and IP addresses.

However, please note that we have no influence on the data processing of the social networks. Therefore, please check carefully what personal information and messages you share with us via social networks and, if in doubt, use other contact options offered by us. We can therefore accept no liability for the behavior of the operators of the social networks and their other members. Please note that if you click on a social media plug-in, data may also be collected by the operator of the social media presence, even if you are not logged in to this social media presence. LinkedIn’s privacy policy can be found here: https://de.linkedin.com/legal/privacy-policy

If you communicate with us via our social media presences, we process the information made available to us for this purpose by the respective social network (e.g. your name, your profile page and the content of your messages addressed to us) in accordance with the purpose of your communication (e.g. service requests, suggestions and criticism).

We delete the resulting data after the storage is no longer necessary or restrict the processing if there are legal retention obligations. In the case of public posts on our social media presences, we decide on a case-by-case basis, taking into account your and our interests, whether and, if so, when we will delete them there.

You can inform yourself about the data protection of these providers on the respective pages. To facilitate your future visits, we store your consent in our cookies documentation. You can revoke this consent at any time at office@interzero.at.

In section 3.4, we explain the risks associated with the transfer of data to third countries.

The legal basis for the data processing described above depends on the purpose of your communication. If the purpose is to use our customer service or to request services from Interzero, the legal basis is Art. 6 (1) (b) GDPR. Otherwise, the legal basis is Art. 6 (1) (f) GDPR. If you have consented to the processing of the above-mentioned data, the legal basis is Art. 6 (1) (a) GDPR.

3. Weitergabe von Daten

3.1. Principle

As a matter of principle, we only pass on your data if:

1. you have given your express consent in accordance with Art 6 para 1 lit a GDPR, or
2. the transfer is necessary in accordance with Art 6 Para 1 lit f GDPR to assert, exercise or defend legal claims of an Interzero company and there is no reason to assume that you have an overriding legitimate interest in not having your data transferred, or
3. we are legally obliged to disclose the information in accordance with Art 6 para 1 lit c GDPR or
4. the transfer is legally permissible and is necessary according to Art. 6 Para. 1 lit b GDPR for the execution of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request.

3 .2. Data transfer within the Interzero Group

Your message will only be forwarded to another company within the Interzero Group if this is necessary to process your request (for example, we will forward your message to another company within the Interzero Group if this company is responsible for your request).

If you do not want your message to possibly be passed on to another company of the Interzero Groups, you can – of course also as a precaution – inform us of this directly in your message. We will then not forward your message.

The legal basis for this data processing is Art. 6 (1) (b) GDPR, provided that a contractual relationship exists; if there is a legitimate interest, Art. 6 (1) (f) GDPR.

3.3. Transfer to external service providers of Interzero (contract processors)

Some of the data processing described in this privacy policy may be carried out by external service providers on our behalf. In addition to the service providers named in this privacy policy, these may include data centers that store our website and databases, IT service providers that maintain our systems, and consulting firms (such as tax consultants).

If we pass on data to our service providers, they may only use the data to perform their tasks. The service providers were carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organizational measures in place to protect the rights of the data subjects, and are regularly monitored by us.

If we transfer your data beyond the scope of this privacy policy to a service provider located in a country outside the European Economic Area (EEA), we may inform you separately about this circumstance and on which specific guarantees the data transfer is based. If you would like to receive copies of guarantees proving an adequate level of data protection, please contact our data protection contact (see section 1 above).

3.4 Data transfer to third countries

As explained in this privacy policy, we use various services, some of whose providers are located in so-called “non-secure” third countries (such as the USA), i.e. countries whose data protection level does not correspond to that of the European Union in the opinion of the European Commission. To the extent that this is the case and the European Commission has not issued an adequacy decision for these countries (Article 45 GDPR), we have taken precautions to ensure an appropriate level of data protection for any data transfers. This includes, among other things, the use of standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the data transfer on exceptions of Art. 49 DSGVO, in particular your explicit consent or the necessity of the transfer for the performance of the contract.

If a third country transfer is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g., intelligence services) may gain access to the transferred data in order to collect and analyze it. In addition, it may not be possible to guarantee the enforceability of your data subject rights.

If your consent is obtained via the cookie banner, you can also be informed about this via the privacy policy.

 

4. data processing when using our career portal

You can apply for open positions with us via our career portal. The purpose of data collection is to select applicants for the possible establishment of an employment relationship. We work here with the service provider TalentLyft, Stubička ul. 50B, 10000, Zagreb, Croatia (hereinafter ” Talentlyft “), whereby we concluded a contract with TalentLyft for application processing, in which it was agreed that TalentLyft may only process the data in accordance with our instructions, that it is stored securely separately from other customer data and that the data protection level of the GDPR is adhered to.

Further information on data processing by TalentLyft can be found in the privacy policy at https://help.talentlyft.com/en/articles/21992-privacy-policyvacy Policy | TalentLyf Help Center (talentlyft.com ) . For a direct application to karriere@interzero.at, we require and process the following data in particular: first and last name, email address, telephone number, address, application documents (e.g. certificates, CV), date of earliest possible start of the job and salary expectations.

The legal basis for the processing of your application documents is Art 6 Para 1 lit b GDPR.

5. storage period

Unless otherwise stated in this privacy policy, we will only store and use your data for as long as is necessary to fulfill our contractual or legal obligations or the purposes for which the data was collected.

We will then delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidentiary purposes for civil law claims or due to statutory retention periods; this is up to 30 years.

For tax reasons, we store documents and personal data relating to contractual relationships for a period of 10 years.

Data from applicants who are not hired will be deleted seven months after the application process has been completed, unless consent has been given for records to be kept. Our internal data protection information for employees applies, which can be requested during the application process.

The legal basis for this data processing for the purposes of fulfilling statutory documentation and retention obligations is Art. 6 (1) (c) GDPR.

6. your rights

In order to assert your statutory rights as a data subject described below, you can contact our contact regarding data protection issues at any time (see section 1):

1. You have the right to keep your personal data confidential if there is a legitimate interest in doing so.
2. You have the right to request information about our processing of your personal data at any time. As part of the information provision, we will explain the data processing to you and provide you with an overview of the data processed about you.
3. If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected or completed .
4. You can also request the deletion (or possibly a restriction of processing ) of your data, in particular if the data is no longer required, consent is revoked and there is no other legal basis for processing, the processing was unlawful or deletion is necessary to fulfill a legal obligation. The right to deletion is restricted under the GDPR if the data is used to defend legal claims or if processing is necessary to fulfill a legal obligation.
5. You can also restrict the processing of your data; this serves to limit the use of data without deleting it.
6. You have the right to data portability , which means that we can provide you with a digital copy of the personal data you have provided to us upon request. This means the right to receive data in a structured, common and machine-readable format and to pass this data on to another controller for processing. This right only exists if the processing is based on consent or a contract and the processing is carried out using automated procedures.
7. Insofar as we process your data on the basis of legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to object to the processing of your data in accordance with Art. 21 GDPR, provided there are reasons for doing so that arise from your particular situation. In the case of direct advertising, you have a general right of objection, which we will implement even without giving reasons.

You also have the right to complain to a data protection supervisory authority. The data protection authority responsible for Austria is the

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna

 

7. Revocation of consent

If you wish to exercise your right of withdrawal, an informal message to the contact details provided under point 1 above is sufficient.

In accordance with Article 7 (2) DSGVO, you have the right to withdraw your consent at any time. As a result, we will no longer continue the data processing that was based on this consent for the future. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

8. data security

We maintain appropriate technical and organizational measures for our online offerings to ensure data security, in particular to protect your data from risks during data transmission and from unauthorized access by third parties. These are adapted to the current state of the art in each case. To secure the personal information you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you enter.

9. changes to this privacy policy

We may occasionally update this privacy statement, for example, if we make changes to our website or if legal or regulatory requirements change. We publish the current version at [ https://interzero.at/datenschutzerklaerung/ ]