Privacy policy

Preamble

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).

The terms used are not gender-specific.

Status: December 19, 2024




Rechtstext von Dr. Schwenke - für weitere Informationen bitte anklicken.

Content overview

  • Preamble
  • Responsible
  • Overview of the processing operations
  • Relevant legal bases
  • Security measures
  • Transfer of personal data
  • International data transfers
  • General information on data storage and erasure
  • Rights of the data subjects
  • Business services
  • Use of online platforms for offer and sales purposes
  • Payment procedures
  • Provision of the online offering and web hosting
  • Use of cookies
  • Registration, login and user account
  • Contact and request management
  • Communication via messenger
  • Artificial intelligence (AI)
  • Video conferencing, online meetings, webinars and screen sharing
  • Cloud services
  • Newsletters and electronic notifications
  • Prize draws and competitions
  • Web analysis, monitoring and optimization
  • Online marketing
  • Customer reviews and evaluation procedures
  • Presence in social networks (social media)
  • Plug-ins and embedded functions and content
  • Modification and updating
  • Definitions of terms

Person responsible

FGS Leisure, Gastronomy, and Sports Facilities Rental Company m.b.H.
Heimstraße 15
3702 Stranzendorf

 

Email Address:  office@eurobison.com

Imprint:  https://eurobison.com/policies/legal-notice 

Overview of Processing Activities

The following overview summarizes the types of processed data and the purposes of their processing while also referencing the affected individuals.

Types of Processed Data

  • Inventory data
  • Payment data
  • Location data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta, communication, and procedural data
  • Image and/or video recordings
  • Audio recordings
  • Event data (Facebook)
  • Log data

Categories of Affected Individuals

  • Service recipients and clients
  • Interested parties
  • Communication partners
  • Users
  • Sweepstakes and competition participants
  • Business and contractual partners
  • Depicted individuals
  • Third parties

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations
  • Communication
  • Security measures
  • Direct marketing
  • Audience measurement
  • Tracking
  • Office and organizational procedures
  • Target group formation
  • Organizational and administrative procedures
  • Conducting sweepstakes and competitions
  • Feedback
  • Marketing
  • Profiles with user-related information
  • Provision of our online services and user-friendliness
  • Information technology infrastructure
  • Public relations
  • Business processes and economic procedures
  • Artificial intelligence (AI)

Relevant Legal Bases

Applicable Legal Bases under the GDPR: The following provides an overview of the legal bases under the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or business location. If more specific legal bases are applicable in individual cases, we will inform you about them in our Privacy Policy.

  • Consent (Art. 6(1) sentence 1 lit. a) GDPR) – The data subject has given their consent to the processing of their personal data for a specific purpose or multiple specified purposes.
  • Contract Performance and Pre-Contractual Inquiries (Art. 6(1) sentence 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures requested by the data subject.
  • Legal Obligation (Art. 6(1) sentence 1 lit. c) GDPR) – Processing is necessary to fulfill a legal obligation to which the controller is subject.
  • Legitimate Interests (Art. 6(1) sentence 1 lit. f) GDPR) – Processing is necessary to protect the legitimate interests of the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject that require the protection of personal data do not override these interests.

National Data Protection Regulations in Austria: In addition to the GDPR, national data protection regulations apply in Austria. This includes, in particular, the Federal Act on the Protection of Natural Persons with Regard to the Processing of Personal Data (Data Protection Act – DSG). The Data Protection Act contains specific provisions on the right to access, the right to rectification or deletion, the processing of special categories of personal data, processing for other purposes, data transfer, and automated individual decision-making.

Security Measures

In accordance with legal requirements and considering the state of the art, implementation costs, the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular:

  • Ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access, as well as access, input, transmission, availability, and separation of data.
  • Implementing procedures that enable the exercise of data subject rights, data deletion, and responses to data security threats.
  • Considering data protection principles when developing or selecting hardware, software, and processes, following the principles of privacy by design and privacy by default.

Securing Online Connections with TLS/SSL Encryption Technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt information exchanged between a website or app and a user’s browser (or between two servers), ensuring that data remains protected from unauthorized access. TLS, as the advanced and more secure version of SSL, guarantees that all data transfers meet the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by the HTTPS prefix in the URL. This serves as a visible indicator for users that their data is being securely and encryptedly transmitted.

Transmission of Personal Data

As part of our processing of personal data, it may occur that such data is transmitted to other entities, companies, legally independent organizational units, or individuals, or disclosed to them. Recipients of this data may include service providers responsible for IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.

International Data Transfers

Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing occurs through the use of third-party services or disclosure/transfer of data to other individuals, entities, or companies, this is only carried out in compliance with legal requirements. If the adequacy of the data protection level in the third country has been recognized by an adequacy decision (Article 45 GDPR), this serves as the legal basis for the data transfer. Otherwise, data transfers only take place if the data protection level is otherwise secured, particularly through standard contractual clauses (Article 46(2)(c) GDPR), explicit consent, or contractual or legally required transfers (Article 49(1) GDPR). We inform you about the legal basis for third-country transfers for specific providers from these countries, prioritizing adequacy decisions when applicable. Information regarding third-country transfers and existing adequacy decisions can be found on the European Commission’s website: EU Commission – International Dimension of Data Protection. Within the framework of the "Data Privacy Framework" (DPF), the European Commission has also recognized the data protection level for certain U.S. companies as secure under the adequacy decision of July 10, 2023. The list of certified companies and additional information on the DPF can be found on the U.S. Department of Commerce website: Data Privacy Framework. We provide information in our privacy notices regarding which service providers we use that are certified under the Data Privacy Framework.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal provisions as soon as the underlying consent is withdrawn, or there are no further legal bases for processing. This applies in cases where the original purpose of processing no longer exists or when the data is no longer needed. Exceptions apply if legal obligations or specific interests require a longer retention or archiving of data.

Data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal proceedings or to protect the rights of other individuals or legal entities, will be archived accordingly.

Our privacy notices include additional details on the retention and deletion of data related to specific processing operations.

If multiple retention periods or deletion deadlines exist for specific data, the longest retention period applies.

If a retention period does not explicitly start on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships where data is stored, the triggering event is the effective termination or any other end of the legal relationship.

Data that is no longer needed for its originally intended purpose but is retained due to legal requirements or other justifications is processed exclusively for the purposes that justify its retention.

Further Information on Processing Procedures, Methods, and Services

Data Retention and Deletion

The following general retention periods apply under Austrian law for data retention and archiving:

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balances, accounting records, and invoices, as well as all required work instructions and other organizational documents (Federal Fiscal Code (BAO §132), Commercial Code (UGB §§190-212)).
  • 6 years – Other business records: Received commercial or business letters, copies of sent commercial or business letters, and other documents relevant for taxation. This includes hourly wage records, cost calculation documents, pricing documents, and payroll records, unless they are already accounting records or cash register receipts (BAO §132, UGB §§190-212).
  • 3 years – Data necessary to consider potential warranty and compensation claims or similar contractual claims and rights, as well as related inquiries, are stored for the regular statutory limitation period of three years (§§ 1478, 1480 Austrian Civil Code (ABGB)).

Rights of Data Subjects

Under the GDPR, as a data subject, you have various rights, particularly under Articles 15 to 21 GDPR:

  • Right to Object – You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6(1) lit. e or f GDPR, including profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object to such processing at any time.
  • Right to Withdraw Consent – If you have given your consent for data processing, you can withdraw it at any time.
  • Right to Access – You have the right to request confirmation as to whether data concerning you is being processed and to obtain access to this data, including additional information and a copy of the data, as per legal requirements.
  • Right to Rectification – You have the right to request the completion or correction of your personal data if it is incomplete or incorrect.
  • Right to Deletion and Restriction of Processing – You have the right to request the immediate deletion of your data or, alternatively, the restriction of its processing under the legal provisions.
  • Right to Data Portability – You have the right to receive your personal data in a structured, commonly used, and machine-readable format or to have it transferred to another controller.
  • Right to Lodge a Complaint with a Supervisory Authority – You have the right to file a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.