I. Name and address of Controller
The Controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states and other provisions of data protection law:
SYSBIOTECH GmbH
Graben 19,
1010 Vienna
Austria
Tel. +43 660 925 79 79
Email: office@sysbiotech.at
Website: www.sysbiotech.at
II. General information concerning data processing
1. Scope of processing of personal data
We collect and use personal data of our users only to the extent that this is necessary in order to provide a functional website and our content and services. Personal data of our users is generally collected and used only with the user’s consent. An exception applies in cases where it is not possible to obtain prior consent for factual reasons and where statutory provisions permit the processing of the data.
2. Legal basis for processing personal data
Where we obtain a data subject’s consent for the processing of personal data, the legal basis is Art. 6 (1) letter a EU General Data Protection Regulation.
Where personal data which is required for the performance of a contract to which the data subject is a party is processed, Art. 6 (1) letter b GDPR serves as the legal basis. This also applies to processing operations which are required in order to implement precontractual measures.
Where personal data must be processed in order to meet a legal obligation to which our Company is subject, Art. 6 (1) letter c GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our Company or a third party and if the interests, basic rights and fundamental freedoms of the data subject do not override the first named interest, the legal basis used for the processing is Art. 6 (1) letter f GDPR.
3. Erasure of data and duration of storage
The personal data of the data subject shall be erased or blocked as soon as the purpose of the storage no longer applies. It may be stored beyond said date if this has been stipulated by the European or national legislator in EU regulations, laws or other provisions to which the Controller is subject. The data shall also be blocked or erased if a storage period specified in the said laws expires, unless there is a need to continue to store the data for the purpose of entering into or performing a contract.
4. SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests, which you send us as operator of the site.
You will recognise an encrypted connection from the fact that the browser’s address line changes from “http://” to “https://” and from the padlock symbol in your browser line.
If the SSL encryption is activated the data which you send us will not be read by third parties.
III. Provision of website and creation of logfiles
1. Description and scope of data processing
Whenever our website is visited our system automatically records data and information from the computer system of the visiting computer.
The following data is collected in this process:
1. Name of site visited
2. Date and time of access
3. Data volumes transferred
4. Status report of successful access
5. Operating system
6. Browser type, version and language
7. Websites from which the user’s system accesses our website
8. IP address of the user or the host name of the access provider assigned to this IP address
The data shall also be stored in the log files of our system. This data shall not be stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 (1) letter f GDPR.
3. Purpose of data processing
The IP address must be temporarily stored by the system to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Storage is done in log files to ensure the functionality of the website. The data is also used to optimize the website and to ensure that our IT systems are secure. No analysis of the data is performed for marketing purposes in this connection.
These purposes also form the basis of our legitimate interest in the data processing pursuant to Art. 6 (1) letter f GDPR.
4. Duration of storage
The data is erased as soon as it is no longer required to achieve the purpose of collecting it. Where the data is recorded for the purpose of providing the website, this shall be the case when the relevant session has ended.
For security reasons (such as investigating misuse and fraud) log file information shall be stored for a period of one month and then deleted. Data whose continued retention is required for evidentiary purposes shall be exempt from deletion pending final clarification of the incident in question. It may be possible to store it for longer. In this case the IP addresses of the users shall be erased or changed to prevent them from being assigned to the visiting customer.
5. Objection and rectification option
Capturing the data for the purpose of making the website available and storing the data in log files is an absolute requirement for operating the website. The user cannot consequently object to this.
IV. Use of cookies
a) Description and scope of data processing
Our website uses cookies. Cookies are text files which are stored in the internet browser or by the internet browser on the user’s computer system. When a user visits a website a cookie can be stored on the user’s operating system. This cookie contains a characteristic character string which enables the browser to be clearly identified the next time the website is visited.
We use cookies to make our website more user-friendly. Some elements of our website require the visiting browser to also be identified after a page change.
This website uses the following types of cookies, whose scope and functionality is explained below:
– Transient cookies
– Persistent cookies
Transient cookies are automatically deleted when you close the browser. These specifically include the session cookies. These store what is known as a session ID which allows different queries from your browser to be assigned to the joint session, enabling your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified time, which can vary depending on the cookie. You can delete the cookies in your browser’s security settings at any time.
You can configure your browser setting as you wish and e.g. refuse to accept third-party cookies or any cookies at all. We should point out that you might as a result not be able to use all the functions of this website.
The cookies used on our website include not only an internal session cookie but also the cookies used by the plugin Geo Redirect (see also VI). It redirects users to the English or German version of the website according to their IP-address.
Whenever our website is visited, users are informed through an information banner about the fact that cookies are used for analytical purposes, and reference is made to this Privacy Statement.
b) Legal basis for data processing
The legal basis for the processing of personal data using cookies for technical requirements is Art. 6 (1) letter f GDPR.
The legal basis for the processing of personal data using cooking for analytical purposes when the user’s consent has been obtained for this purpose is Art. 6 (1) letter a GDPR.
c) Purpose of data processing
The purpose of using technically necessary cookies is to make it easier for users to use websites. Some functions of our website cannot be offered without the use of cookies. For those functions the browser has to be recognised again even after a page change.
The user data collected using technically necessary cookies shall not be used to create user profiles.
The purpose of analytical cookies is to improve the quality of our website and its content. Analytical cookies allow us to learn how the website is used so that we can continually optimise our offer.
These purposes also form the basis of our legitimate interest in the processing of the personal data pursuant to Art. 6 (1) letter f GDPR.
d) Duration of storage, objection and rectification option
Cookies are stored on the user’s computer and transmitted from the computer to our site. You as user therefore also have complete control over the use of cookies. By adjusting the settings in your internet browser you can deactivate or restrict the transfer of cookies. Cookies which are already stored may be deleted at any time. This can be done automatically. If cookies are deactivated for our website not all the functions of the website might be able to be fully used any more.
V. Service form and email contact
1. Description and scope of data processing
There is an order form (“Request for quotation”) below every product on the product page and a contact form (“Send us a message”) in the bottom of these two pages: http://en.sysbiotech.at/company/ and http://www.sysbiotech.at/company/ on our website for our customers which can be used if you wish to contact us electronically. If a user makes use of this option, the data that is entered in the input screen is transmitted to us and stored. This data is:
1. Name
2. Telephone number
3. E-mail
4. Question
For the data to be processed your consent is obtained in the course of the dispatching process, and reference is made to this privacy statement. Contact may also be made using the email address provided. The user’s personal data sent with the email will be stored in this case. The data shall not be disclosed to third parties in this connection. The data shall be used exclusively for the purpose of processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of the data where the user’s consent has been obtained is Art. 6 (1) letter a GDPR.
The legal basis for the processing of the data which is transmitted in an email is Art. 6 (1) letter f GDPR. If the email contact aims to enter into a contract, an additional legal basis for the processing is Art. 6 (1) letter b GDPR.
3. Purpose of data processing
The sole purpose of processing the personal data from the input screen is to process the service notification.
Where email contact is made, the transmitted data shall be used exclusively for the purpose of processing the request.
The other personal data processed during the dispatch process serves to prevent misuse of the service form and to ensure the security of our IT systems.
4. Duration of storage
The data is erased as soon as it is no longer required to achieve the purpose of collecting it. For the personal data which has been sent by email, this is the case when the relevant conversation with the user is terminated. The conversation is terminated when it is clear from the circumstances that the facts in question have been definitively clarified.
5. Objection and rectification option
The user has the option at any time of revoking his consent to the processing of the personal data. If the user contacts us by email he can object to the storage of his personal data at any time. The conversation and/or the processing of the service request cannot be continued in such a case.
All you need to do to object to the processing of the personal data is send us an informal email message. The lawfulness of the data processing which has been performed up until the revocation shall remain unaffected by the revocation.
All personal data which has been stored in the course of processing the service request is erased in this case.
VI. Plugins and tools
1. Geo Redirect
We use a WordPress plugin Geo Redirect. It redirects users to the English or German version of the website according to their IP-address. Cookies are small text files which are stored by the internet browser on the user’s mobile device. These cookies contain no information enabling a user to be identified.
The data is processed pursuant to Art. 6 (1) letter f (legitimate interest) of the EU General Data Protection Regulation (EU GDPR). Our legitimate interest is in optimising our online offer and our website.
VII. Rights of the data subject
If personal data about you is processed you are the data subject within the meaning of GDPR and you have rights in relation to the Controller.
Under the applicable statutory provisions, you have the right at any time to be provided with information free of charge about your stored personal data, its origin and recipients and the purpose of the data processing and, where necessary, a right to have said data rectified, blocked or erased, and a right to have the data provided to him or transferred to another party.
You have the right pursuant to Art. 7 (3) GDPR to withdraw consents granted with future effect. In addition, you may object at any time to the future processing of the data concerning you pursuant to Art. 21 GDPR.
In the event of infringements of the data protection law the data subject has the right to object to the competent supervisory authority. The competent supervisory authority in data protection matters is the federal data protection officer of the federal state in which your company has its registered office. A list of the data protection officers and their contact data can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
If you wish further information in this regard and have further questions on the subject of personal data, you can reach us at any time at office@sysbiotech.at.