Please note that the German version of this Privacy Policy is the original and is authoritative in case of any interpretation issues. Translations are provided for informational purposes only and are not legally binding.

Privacy Policy

The protection of your personal data is very important to us. We would therefore like to list all the information about the processing and storage of your data when you visit our website and in our companies.

To be able to use all the functions and services of our website, it is necessary to collect your personal data. However, the processing and storage only takes place in accordance with the legal guidelines and requirements of the General Data Protection Regulation (GDPR), the Data Protection Act (DSG) and the Telecommunications Act (TKG 2021).

CONTROLLER

creonect GmbH
Dietachstraße 13
4493 Wolfern
Austria

Further information can be found in the imprint.

DATA PROTECTION OFFICER

Data Protection Officer: Mag.a iur. Elisa Drescher

E-mail: office@scaleline-ltd.com (please refer to creonect when contacting us)

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE

Note: To protect your data as comprehensively as possible from unwanted access, we take so-called technical and organisational measures and use an encryption process on our website. Your data is transmitted over the Internet from your computer to our computer and vice versa using what is known as TLS encryption. TLS stands for „Transport Layer Security“ and is an encryption protocol for data transmission on the internet. You can usually recognise „TLS“ by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.

1. COLLECTION OF ACCESS AND LOG DATA

This website automatically collects and stores server log file information that your browser transmits to us.

These are:

• IP address of the user
• Date and time of access
• Type of enquiry
• Customer information such as type and version
• Operating system of the user (device, OS version of the device),
• Referrer information (i.e. the source of the access)

The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in being able to identify indications of unlawful use of our website (e.g. defence against hacker attacks) and to ensure a smooth connection setup.

We have concluded an order processing contract with the provider of this website, World4You GmbH, based in Linz, in accordance with Art. 28 GDPR. This is a contract prescribed by data protection law, which ensures that World4You GmbH processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

The data collected is stored in server log files, which your browser automatically transmits to us in encrypted form, for seven days. We only store the server log files in the event of attacks on our server infrastructure or other legal violations. This longer storage period is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR and serves only to preserve evidence.

2. ENQUIRIES VIA THE CONTACT FORM , E-MAIL AND TELEPHONE

Any personal data that you provide to us on a voluntary basis will of course be treated confidentially. We use the personal data you provide exclusively to process and respond to your enquiry. The legal basis for data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. This arises from our interest in responding to enquiries from our customers, business partners and interested parties and in promoting and maintaining customer satisfaction. Another legal basis for natural persons is the initiation or fulfilment of a contract in accordance with Art. 6 para. 1 lit. b) GDPR.

All personal data that you send to us with your enquiry will be deleted or anonymised by us no later than 2 years after the final response to you, unless a contract is concluded. The retention period of 2 years is due to the fact that you may occasionally contact us again about the same matter after a reply and refer to the previous correspondence. In our experience, we have found that after 2 years there are no more queries in response to our replies.

3. USE OF WEB ANALYSIS TOOLS AND COOKIES

We use cookies to facilitate and improve the use of our website. Cookies are small pieces of text information that can be stored on your computer or smartphone (end device) via the browser when you visit a website. Cookies can also provide us with information about how you use our website so that we can continuously improve the design of the website.

Cookies themselves do not contain any personal data about users. They are only used to uniquely identify what our customers find interesting and useful on our website.

The data processed by necessary cookies is required for the purposes listed below to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR and § 96 para. 3 TKG.

Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your express and active consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can use our „Cookie Consent Tool“ to set which cookie categories you wish to consent to when you visit our website. You can also revoke or change your consent at any time.

Once cookies have been saved, you can also delete them at any time via the settings of your web browser. You can also adjust the settings of your web browser so that no cookies are stored. In this case, not all functions of our website may be available.

We use cookies for the following purposes:

• Technically necessary: These are cookies and similar methods without which you cannot use our services, for example to display our website correctly or to use functions you have requested.
• Statistics: These techniques enable us to compile anonymous statistics on the use of our services. This allows us to determine, for example, how we can better customise our website to the habits of our users.

Link to the cookie settings: [cookie_settings]

Technically necessary

Statistics

Matomo

We may use specialised service providers from the online marketing sector in the context of data processing (with the help of cookies and similar techniques for processing usage data). These process your data on our behalf as processors and are carefully selected and contractually bound in accordance with Article 28 GDPR. All of the above providers work for us as processors.

Consent management via „COOKIEBOT“

To obtain consent under data protection law, we use the cookie consent technology of „Cookiebot“ from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

It is used to obtain the legally required consent for the use of cookies and other data processing requiring consent.

The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR and the fulfilment of legal obligations pursuant to Art. 6 para. 1 lit. c) GDPR. The legitimate interest is based on the legally compliant documentation and verifiability of consents to fulfil accountability obligations. No personal data is stored.

MATOMO

By granting your consent in accordance with Art. 6 para. 1 lit. a) GDPR, we use the web tracking service „Matomo“ (www.matomo.org) to analyse the surfing behaviour of users such as information on the use of the individual components of the website.

The hosting itself is carried out by our processor, Piwik PRO GmbH, based in Germany. The data is not passed on to third parties beyond this.

After you have given your consent, the „Matomo“ software places cookies (text file) on your computer. This allows your browser to be recognised. By anonymising the IP address, we take account of the user’s interest in the protection of personal data.

The following personal data may be stored:

– the IP address of the user, shortened by the last two bytes (anonymised)

– The accessed subpage and time of access

– The page from which the user reached our website (referrer)

– which browser with which plugins, which operating system and which screen resolution is used.

– The time spent on the website

– The pages that are accessed from the accessed subpage

We further protect personal data by anonymising IP addresses. The data is not used to personally identify the user of the website and is not merged with other data or sold to third parties.

Our website uses Google Fonts, which we have stored locally on our server, for standardised display. This means that no data is transferred to Google Inc. servers in the USA.

Data processing of business partners and customers

1. Fulfilment of contractual obligations (Art. 6 para. 1 lit. b) GDPR)

The purposes of data processing arise from the implementation of pre-contractual measures and the fulfilment of obligations arising from the concluded contract. To process the contract with you, we process master data such as your first and last name, your billing address and your billing and payment data. We use your e-mail address for communication purposes.

COMMUNICATION VIA DIRECT MESSAGES IN WHATSAPP 

We offer a chat via WhatsApp Business for direct and uncomplicated contact. Data processing in this context is based on the legal basis of contract fulfilment or contract initiation in accordance with Art. 6 para. 1 lit. b) GDPR. The chat via WhatsApp is not intended for you to exchange sensitive data such as health data, data on religious affiliation or data on ethical origin with us.

In the context of the use of WhatsApp, WhatsApp Ireland Limited is the recipient of your data and processor in accordance with Art. 28 GDPR. WhatsApp is a product of Meta-Companies (formerly Facebook Inc.). In the context of Messenger, data is also transmitted to third countries outside the European Union for which no adequacy decision exists. WhatsApp LLC, based in Menlo Park, USA, is certified in accordance with the Data Privacy Framework. You can view the certification according to the Data Privacy Framework here.

Your data will be stored for the duration of the contract initiation and the ongoing contract and will then be deleted from WhatsApp.

2. For the fulfilment of legal obligations (Art. 6 para. 1 lit. c) GDPR)

The purposes of data processing arise in individual cases from legal requirements. These legal obligations include, for example, the fulfilment of retention and identification obligations, e.g. in the context of requirements for tax control and reporting obligations and data processing in the context of enquiries from authorities. In this context, data may also be transferred to our authorised tax consultant.

3. For the fulfilment of our legitimate interests (Art. 6 para. 1 lit. f GDPR)

We process the contact details of contact persons at customers, interested parties, suppliers and other business partners for communication by email, telephone and post. The legal basis for data processing is the legitimate interest pursuant to Art. 6 para. 1 f) GDPR. The legitimate interest arises from the interest in conducting or initiating the business relationship with customers, interested parties, suppliers and other business partners as well as personal contact with contact persons.

As a matter of principle, we do not pass on data to third parties.

Personal data is stored for the purpose of conducting business relationships for as long as there is a legitimate interest in doing so. It may be necessary to process the personal data provided by you beyond the actual fulfilment of the contract with business partners. The legitimate interests here are, in particular, the selection of suitable business partners, the fulfilment of compliance measures, the assertion of legal claims, defence against liability claims, the prevention of criminal offences and the settlement of claims resulting from the business relationship.

4. Who receives the personal data you provide?

As part of the contractual relationship, we may also commission processors or service providers who may have access to your personal data. Compliance with data protection regulations is ensured by contract.

5. Storage period

The personal data will be stored for as long as is necessary to fulfil the above-mentioned purposes.

6. Data processing to document compliance with the GDPR

Insofar as your data is processed on the basis of consent in accordance with Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR, we process your data exclusively for a specific purpose and after separate information in order to be able to prove that you have consented to the data processing in question within the framework of the accountability obligation incumbent on us in accordance with Art. 5 para. 2 GDPR.

If you assert data subject rights against us under the GDPR, we will also process and store your data in order to be able to prove that we have complied with the GDPR when processing your enquiry as part of our accountability obligations pursuant to Art. 5 (2) GDPR.

If you assert your rights against us in accordance with the GDPR, your data may be transferred to our external data protection officer (SCALELINE Datenschutz).

Data processing in the context of application procedures  

You can send us your application documents by e-mail for the purpose of receiving and managing the application and thus for the purpose of (possibly) establishing an employment relationship. You can also send us your application documents via job advertisements on career platforms. Where necessary, data protection agreements are in place with the providers of the platforms regarding the handling of personal data.

As part of the application process, we only collect the data from you that is necessary to establish the employment relationship with us. The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR.

Within our company, only those persons who are involved in the decision-making process have access to your personal data.

If your application is successful, your personal data will be stored for the duration of your employment relationship. In addition, your tax-relevant data will be archived in accordance with the statutory retention periods after termination of the employment relationship. In the event of an unsuccessful application, your personal data will be deleted 7 months after the rejection.

Rights of data subjects

In accordance with Art. 15 para. 1 GDPR, you have the right to receive information about the personal data stored about you free of charge upon request. Furthermore, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data. If you have provided the processed data yourself, you have the right to data portability in accordance with Art. 20 GDPR.

If the data processing is based on Art. 6 para. 1 e) or f) GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will not take place in future unless the controller can demonstrate compelling legitimate grounds for further processing which override the interests of the data subject in objecting.

You also have the right to lodge a complaint with a data protection supervisory authority. The complaint can be lodged in particular with a supervisory authority in the EU Member State of your place of residence, your place of work or the place of the alleged infringement.

Contact details of the competent data protection authority:

Austrian Data Protection Authority (In German: Datenschutzbehörde Österreich)
Barichgasse 40-42
1030 Vienna

E-mail: dsb@dsb.gv.at

No automated decision-making.

We do not carry out automated decision-making or profiling.

Provision

Unless otherwise stated in the previous sections, the provision of personal data is not required by law or contract or necessary for the conclusion of a contract.  Failure to provide your personal data may mean that we are unable to respond to your enquiries, for example.

This data protection information was created in cooperation with the consulting firm SCALELINE Datenschutz. The legal texts are subject to copyright.