Privacy and Data Protection Policy
Types of processed data
- Inventory data (e.g., names, addresses).
- contact information (e.g., e-mail, phone numbers).
- content data (e.g., text input, photographs, videos).
- usage data (e.g., websites visited, interest in content, access times).
- Meta / communication data (e.g., device information, IP addresses).
Categories of affected persons
Visitors and users of the online service (hereinafter we refer to the affected persons as "users").
Purpose of processing
- Provision of the online service, its functions and contents.
- Answering contact requests and communicating with users.
- Audience measurement / Marketing
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter the "data subject"); a natural person is considered as directly or indirectly identifiable, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more special features, that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
"Processing" means any process performed with or without the aid of automated procedures or any such process steps associated with personal data. The term is far reaching and includes virtually every handling of data.
"Responsible person" means the natural or legal person, public authority, body or organization that decides, alone or in concert with others, on the purposes and means of processing personal data.
Relevant legal bases
In accordance with Art. 13 GDPR we inform you about the legal basis of our data processing.
Unless the legal basis in the data protection declaration is mentioned, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) lit. b GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f GDPR. In such a case as vital interests of the data subject or another natural person require the processing of personal data, Art. 6 paragraph 1 lit. d GDPR is the legal basis.
Collaboration with contractor data processors and third parties
If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to such or otherwise grant access to the data, such disclosure or transmission is done exclusively on the basis of a legal permission (e.g. if a transmission of the data to third parties is required by payment service providers to fulfill the contract, pursuant to Art. 6 (1) (b) GDPR), because you have consented to the disclosure, because of a legal obligation or based on our legitimate interests (e.g. the use of agents, web hosters, etc.).
If we commission third parties to process data on the basis of a so-called "contract processing contract", this is done on the basis of Art. 28 GDPR.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this is done in the context of the use of third party services or disclosure or transmission of data to third parties, such processing or disclosure will only be done to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.
We process or have the data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR or subject to legal or contractual permissions. This means the processing is done, e.g., on the basis of specific guarantees, such as the officially recognized level of data protection (e.g. in case of the US via the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of data subjects
In accordance with Art. 15 GDPR you have the right to ask for a confirmation as to whether the relevant data is being processed as well as the right to information on this data and to further information and a copy of the data.
In accordance with Art. 16 GDPR you have the right to demand the completion of data concerning you or the correction of incorrect data concerning you.
In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted without delay, or, alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.
You have the right to demand that the data which you have provided to us and which is relating to you, be made available to you in accordance with Art. 20 GDPR and also request their transmission to other persons responsible.
In accordance with Art. 77 GDPR you have the right to file a complaint with the competent supervising authority.
In accordance with. Art. 7 para. 3 GDPR you have the right to revoke granted consent with effect for the future.
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may be made in particular to data processing for direct marketing purposes.
Cookies and right to object to direct mailing
"Cookies" are small files that are stored on users computers. Various information can be stored within the cookies. A cookie serves primarily to store the information about a user (or the device on which the cookie is stored) during or after his visit to an online service.
Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online service and closes his browser. In such a cookie, e.g. the contents of a shopping cart are stored in an online store or a login status.
The term "permanent" or "persistent" refers to cookies that remain stored after the browser has been closed. In such cookies, e.g. the login status stays saved if users visit the site after several days. The interests of the users can also be stored in such cookies, and they can be used for range measurement or marketing purposes.
A "third-party cookie" refers to cookies that are used by providers other than the person responsible for managing the online service (Cookies used by the online service itself are called "first-party cookies").
If users do not want cookies to be stored on their computer, they are asked to disable the relevant option in their browser's system settings. Cookies already saved can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional restrictions of this online service.
Deletion of data
According to legal regulations in Austria relevant data is stored specifically for 7 years according to § 132 paragraph 1 BAO (accounting documents, receipts / invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate and for 10 years in the case of documents related to electronically supplied services, telecommunications, broadcasting and television services provided to non-EU companies in EU Member States to which the Mini-One-Stop-Shop (MOSS) is applied.
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage and database services, collateral and technical maintenance services, all of which we use to operate this online service.
In the course of this we, respectively our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in an efficient and secure provision of this online service according to Art. 6 para. 1 lit. f GDPR i.V.m. Art. 28 GDPR (conclusion of contract processing contract).
Collection of access data and logfiles
We, respectively our hosting provider, collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the page previously visited), IP address and the requesting provider.
Logfile information is stored for security reasons (e.g. to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data the which of further retention is required for evidence purposes is excluded from the deletion until final clarification of the respective incident.
Users can optionally create a user account. Within the registration process, the mandatory necessary information is communicated to the users. The data entered during registration will be used for the purpose of using the website services.
Users may be informed by e-mail about service or registration-related information, such as changes in the scope of the service or technical circumstances. If users have terminated their user account, their data will be deleted with regard to the user account, unless their retention is necessary for commercial or tax law reasons according to Art. 6 para. 1 lit. c GDPR.
It is the responsibility of the users to save their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period.
In the context of the use of our registration and login functions as well as the use of user accounts, we store the IP address and the time of the respective user action.
This storage is on the basis of our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation for this in accordance with. Art. 6 para. 1 lit. c GDPR. The IP addresses are anonymized or deleted after 7 days at the latest.
When contacting us (for example, by contact form, e-mail, telephone or via social media) the information of the user to process the contact request and its management is processed acc. to Art. 6 para. 1 lit. b) GDPR. The user information can be stored in a Customer Relationship Management System ("CRM System") or a comparable request management system.
We delete the requests once they are no longer required. We check this requirement every two years. Furthermore, the legal obligations for archiving apply.
In the following section, we inform you about the content of our newsletter as well as the registration, shipping and statistical evaluation procedures for it as well as your right of objection.
By subscribing to our newsletter, you consent to the receipt and the procedures described.
Content of the newsletter:
We will send newsletters, e-mails and other electronic notifications with promotional information (thereafter "newsletter") only with the consent of the recipient or a legal permission to do so.
Insofar as the contents of a newsletter are concretely described, they are relevant for the consent of the users. Apart from this our newsletters contain information about our services and us.
Double opt-in and logging of the registration:
Registration for our newsletter takes place in a so-called double-opt-in procedure. I.e. you will receive an e-mail asking you to confirm your registration after registration. This confirmation is necessary so that nobody can register with external e-mail addresses.
The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address.
In case this applies any changes of your data stored with the shipping service provider are also logged.
In order to register for the newsletter, it is sufficient for you to enter your e-mail address. We optionally ask you a name for the purpose of personally addressing the newsletter as applicable.
The dispatch of the newsletter and the related performance measurement is based on a consent of the recipients acc. Art. 6 para. 1 lit. a, Art. 7 GDPR and the relevant articles of Austrian telecommunication law.
The logging of the registration process is based on our legitimate interests in accordance with. Art. 6 para. 1 lit. f GDPR. Our interest lies in the use of a user-friendly and secure newsletter system, which serves our business interests as well as the expectations of the users and also allows us to provide proof of consent.
Termination / Withdrawal:
You may terminate the receipt of our newsletter at any time by revoking your consent. A link to cancel the newsletter can be found at the end of each newsletter.
We may save the submitted email addresses for up to three years based on our legitimate interests in order to provide evidence of prior consent before deleting them for the purpose of sending out newsletters. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for cancellation is possible at any time, provided that the former existence of a consent is confirmed at the same time.
Newsletter - Success measurement
The newsletter may contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the server when opening the newsletter from our server, or if we use a shipping service provider. This retrieval will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval.
This information is used to improve the technical performance of the services based on their specifications or of the audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. The statistical surveys also determine if the newsletters are opened, when they are opened and which links in them are clicked. For technical reasons this information can be assigned to the individual newsletter recipients.
However, it is neither our goal nor, if one is used, that of the shipping service provider to observe individual users. The evaluations rather serve us to recognize the reading habits of our users and to adapt our content to them or to deliver different content according to the interests of our users.
Online presence in Social Media
We maintain an online presence within social networks and platforms to be able to interact and communicate with the active customers, interested parties and users and to inform them about our services.
Incorporation of services and content of third-parties
We rely on content or service offers from third party providers for our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in the sense of Art. 6 para. 1 lit. f GDRP) such as the inclusion of videos or fonts (collectively referred to as "content" in the following). This always includes that the third-party providers of such content perceive the IP address of the users accessing the content, as this cannot be sent to their browser without their IP address. The IP address is therefore required for the presentation of this content. We endeavour to use only content whose respective providers use the IP address solely for the delivery of the content.
Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of the respective website.
The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit time, and other information about using our online offer.
This website uses Matomo, an open source, self-hosted software to collect anonymous usage data for this website.
Visitor behavior data is collected to identify any issues such as pages not found, search engine problems, or unpopular pages. As soon as the data (number of visitors who see error pages or only one page, etc.) is processed, Matomo generates reports for the website operators so that they can react to them. (Layout changes, new content, etc.)
Matomo processes the following data:
- Anonymized IP addresses by removing the last 2 bytes (i.e. 220.127.116.11 instead of 198.51.100.54)
- Pseudo-anonymized location (based on the anonymized IP address)
- Date and Time
- Title of the accessed page
- URL of the page accessed
- URL of the previous page (if this allows it)
- Screen resolution
- Local time
- Files clicked and downloaded
- External links
- Duration of page loading
- Country, Region, City (with low accuracy due to IP address)
- Main browser language
- Browser user agent
- Interactions with forms (but not their content)
We may embed videos from the "YouTube" platform of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
We embed maps of the Google Maps service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
We use the feature to detect bots, e.g. when entering info into online forms ("ReCaptcha") of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Using Facebook Social Plugins
We may make use of Social Plugins ("Plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland ("Facebook") for our legitimate interests (i.e. interest in the analysis , optimization and economical operation of our online offer within the meaning of Art. 6 Abs. 1 lit. f. GDPR).
The plugins can present interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white "f" on blue tile, the terms "Like"or a "thumbs up" sign ) or are marked with the addition "Facebook Social Plugin". The list and appearance of the Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user invokes a feature of this online service that contains such a plugin, the users device will establish a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the device of the user and incorporated by him into the online offer. In the process, user profiles can be created from the processed data.
We therefore have no influence on the extent of the data collected by Facebook with the help of this plugin and therefore inform users according to our level of knowledge.
Through the integration of the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, e.g. by clicking the “Like” button or leaving a comment, the information is transmitted from the users device directly to Facebook and stored there.
If a user is not a member of Facebook, there is still the possibility that Facebook will detect and save their IP address. According to Facebook, only an anonymous IP address is stored in Germany.
If a user is a Facebook member and does not want Facebook to collect data about him through the TissueGnostics online offer and associate it with his member data stored on Facebook, he must first log out on Facebook and delete his cookies before using our online offer.
Other settings and objections regarding the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US-American site http://www.aboutads.info/choices or the EU page http://www.youronlinechoices.com/.
The settings are platform independent, i. e. they are used on all devices, such as desktop computers or mobile devices.
Within our online offering features and content of the Twitter service offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA may be embedded.
These may be, e.g. content such as images, videos, or text and buttons that users use to promote their content, subscribe to content creators, or subscribe to our posts.
If the users are members of the platform Twitter, Twitter can assign call such content and functions to the Twitter profiles of the users.
Twitter is under certified the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
In our online offering, features and content of the LinkedIn service may be incorporated, offered by LinkedIn AG, Dammtorstr. 29-32 , 20354 Hamburg, Germany.
These may be, e.g. content such as images, videos, or text and buttons that users use to promote their content, subscribe to content creators, or subscribe to our posts.
If the users are members of the platform LinkedIn, LinkedIn can assign such contents and functions to the profiles of the users there.
LinkedIn privacy statement: https://www.linkedin.com/legal/privacy-policy.
LinkedIn is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https: //www.privacyshield. gov / participant? id = a2zt0000000L0UZAA0 & status = Active).
In our online offering, features and content of the XING service may be embedded, offered by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
Created with Privacy-Generator.de by lawyer Dr. Thomas Schwenke (output in German!)f