PRIVACY POLICY
Responsible for content:
Name: OstLicht GmbH
Address: Absberggasse 27,
1100, Vienna
Company reg. no.: 361800i
Director: Peter Coeln
Telefon: +43 1 996 20 66
E-mail: info@ostlicht-auction.com
19.10.2018
1. Basic Information about Data Processing and Legal Grounds
1.1. This privacy notice informs you how we collect and use your personal data in the framework of our online presence and the websites, functions, and contents connected with it (hereinafter »online presence« or »website«) as well as the scope and the reasons why we intend to do so. Our privacy policy is effective independent of the domains, systems, platforms, or devices (e.g., desktop or mobile) used to access our online presence.
1.2. The terms used in this notice—e.g., »personal data« or their »processing«—refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
1.3. Users’ personal data used in the framework of our online presence include basic data (e.g., a client’s name and address), contract data (e.g., services used, names of administrators, payment information), usage data (e.g., websites visited in our online presence, interest in our products), and content data (e.g., entries in the contact form).
1.4. The term »user« comprises all categories of persons to which the processing of data applies. They include business partners, clients, interested persons, and other visitors of our online presence. The terms used in this notice, such as »user«, are to be read as gender-neutral.
1.5. We process users’ personal data exclusively in compliance with the pertinent privacy policy terms and conditions. This means that the users’ data are only used with legal permission, i.e., especially when data processing is necessary or required by law for the provision of our contractual services (e.g., processing of commissions) and online services, the users have given their consent, or there are legitimate interests on our part (i.e., interests in analysis, optimization, and business operations and security of our online presence in accordance with Article 6(1) (f) GDPR), especially in range measurement, profile creation for advertising and marketing purposes, and the collection of access data as well as the use of services by third party providers.
1.6. We inform you that the legal basis of user consent is Article 6 (1) (a) and Art. 7 GDPR, the legal basis for the processing for the performance of our services and the execution of contractual measures is Article 6 (1) (b) GDPR, the legal basis for processing in order to fulfill our legal obligations is Article 6 (1) (c) GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) (f) GDPR.
2. Safety measures
2.1. We take state-of-the-art organizational, contractual, and technical security measures to ensure that all privacy protection regulations are followed and to protect the data we process against accidental or deliberate manipulation, loss, destruction, or access from unauthorized individuals.
2.2. These security measures include especially the encrypted transfer of data between your browser and our server.
3. Transfer of Data to Third Parties or Third Party Providers
3.1. Data will only be transferred to third parties in strict compliance with the legal requirements. We will transfer data to third parties only when it is, e.g., required by Article 6 (1) (b) GDPR to fulfill a contract or on the basis of legitimate interests pursuant to Article 6 (1) (f) GDPR, in the economic or effective operations of our business activities.
3.2. In the event that we employ subcontractors to perform our services, we make the appropriate legal arrangements and take the relevant technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal requirements.
3.3. In the event that contents, tools, and other means are used by other providers (referred to hereinafter as »third party providers«) and their listed location is in a third country, it is to be assumed that data will be transferred into the country in which the third party provider is headquartered. Third countries are countries in which the GDPR is not directly enforceable law, i.e., countries outside the European Union or the European Economic Area). Data is transferred to third countries only if there is either an adequate data protection system in place, or we have the user’s consent, or on the basis of some other legal permission.
4. Provision of Contractual Services
4.1. We process basic data (e.g., names and addresses as well as user contact data), contract data (e.g., services used, names of contact persons, payment information) for the performance of our contractual duties and the rendering of our services in accordance with Article 6 (1) (b) GDPR.
4.2. Users may opt to create a user account in which they can especially review their orders. During registration, the minimum information required to create the account will be clearly marked. The user accounts are not public and cannot be indexed by search engines. As soon as users cancel their user account, their user account data will be deleted, except when their storage is necessary for reasons relating to commercial or tax laws in accordance with Article 6 (1) (c) GDPR. It shall be the responsibility of the users to save their data after canceling the account before contract termination. We are authorized to permanently delete any and all data of the user saved during the contract period.
4.3. During registration and reapplication as well as during the use of our online services, we will store the IP address and the time and duration of each user activity. Storing this data is in accordance with our legitimate interests and in the interest of the users in order to protect them from malfeasance and other unauthorized use. Data will generally not be transferred to third parties, except when it is necessary in order to pursue our claims or there is a legal obligation to do so pursuant to Article 6 (1) (c) GDPR.
4.4. We process user data (e.g., websites visited in our online presence, interest in our products) and content data (e.g., entries in our contact form or user profile) for advertisement purposes in a user profile to provide users with product information on the basis of their previously used services.
5. Contact
5.1. When a person contacts us (via the contact form or e-mail), the information provided by the user will be used to process the inquiry or its response pursuant to Article 6 (1) (b) GDPR.
5.2. The information provided by the user may be stored in our Customer Relationship Management System (CRM System) or a comparable query organization system.
6. Comments and Input
6.1. When users post comments or other input, their IP addresses are stored for 7 days on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR.
6.2. This is done for our safety, in the event that a user leaves unlawful messages in the comments sections or in other input (insults, illegal political propaganda, etc.). In this case we could be subject to prosecution for this comment or input and are therefore interested in the author’s identity.
7. Collection of Access Data and Log Files
7.1. On the basis of our legitimate interests pursuant to Article 6 (1) (f) GDPR, we collect data on each access to the server on which this service is located (so-called server log files). Access data include the name of the retrieved web page, file, date, and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the web page visited prior to our website), IP address and the requesting provider.
7.2. Log file information is stored for security reasons (e.g., to investigate any abusive or fraudulent activities) and deleted after the appropriate period. Data required to be retained for a longer period of time for evidentiary purposes is exempt from deletion until the incident in question has been resolved.
8. Cookies & Range Measurement
8.1. Cookies are information transferred from our webserver or the webserver of third parties to the user’s web browser and stored there for later access. Cookies may be small files or any other form of information storage.
8.2. We use »session cookies«, which are stored in our online presence for the duration of a user’s visit (e.g., the user’s login status or shopping cart content can be stored in such a cookie, which therefore makes the use of our online services possible in the first place). A session cookie stores a randomly generated unique identification number, a so-called session ID. Furthermore, a cookie contains information about its origin and the data-retention period. These cookies cannot store any other data. Session cookies are deleted as soon as the user has stopped using our online services and has, e.g., logged out or closed the browser.
8.3. Users will be informed about the use of cookies for pseudonymous range measurements pursuant to this privacy policy.
8.4. If users do not want cookies stored on their computer, they will be asked to disable the corresponding option in their browser settings. Stored cookies can be deleted in the browser settings. Disabling cookies may lead to functional restrictions of the online services.
8.5. A general objection to the use of cookies used for range measurement and online marketing purposes can be declared via the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/), via the US website http://www.aboutads.info/choices/, or the EU website http://www.youronlinechoices.com/.
9. Google Analytics
9.1. We use Google Analytics, a web analysis service of Google LLC (»Google«) on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online services pursuant to Article 6 (1) (f) GDPR). Google uses cookies. The information generated by the cookie about the use of the online service by the user is generally transmitted to a Google server in the US and stored there.
9.2. Google is certified under the Privacy Shield Agreement and therefore guarantees its compliance to European data privacy laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3. Google will use this information on our behalf by analyzing the use of our online services by the user, by compiling reports on the activities within these online services, and by providing additional services relating to the use of our online services and the internet. Pseudonymous usage profiles may be created from the processed data.
9.4. We use Google Analytics only with activated IP anonymization. This means that the user’s IP address is shortened by Google within member states of the European Union or European Economic Area states. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there.
9.5. The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; users may also prevent Google from collecting data generated by the cookie relating to the use of the online services as well as the processing of these data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
9.6. For more information about Google’s data usage, settings, and objection possibilities, please see the Google websites: https://www.policies.google.com/technologies/partner-sites?hl=en (How Google Uses Information from Sites or Apps that Use Our Services), https://www.policies.google.com/technologies/ads?hl=en (Advertising), http://www.addsettings.google.com/authenticated?hl=en (Ad Personalization).
10. Newsletter
10.1. This section informs you about the content of our newsletters and describes subscription, dissemination and statistical evaluation processes as well as the user’s rights of objection. By subscribing to our newsletter, users agree to receiving the newsletter and to the processes described.
10.2. Newsletter contents: We send newsletters, e-mails, and other electronic notifications with advertising material (referred to hereinafter as “newsletter”) only with the consent of the recipients or legal permission. If specific content of the newsletter is altered during the registration process, this content is essential for the consent of the users. Furthermore, our newsletters contain information about our products, offers, special offers, and our company.
10.3. Double opt-in and recording process: Subscription to our newsletter involves the so-called double-opt-in process. This means that after subscribing, users receive an e-mail in which they are asked to confirm their registration. This confirmation is necessary so that nobody can subscribe with others’ e-mail addresses. Subscriptions to our newsletter are logged to verify that the registration has taken place in accordance with the legal requirements. This includes the storage of the time of registration and confirmation as well as the IP address. Changes to data stored with the mailing service are also logged.
10.4. Registration data: In order to subscribe to our newsletter, it is sufficient to provide your e-mail address. If you choose to provide us with your first names, this enables us to personalize our e-mail.
10.5. Statistical survey and analyses: Our newsletters contain a »web beacon«, i.e., a pixel-size file retrieved from the mailing service’s server when the newsletter is opened. This retrieval initially involves the collection of technical data such as information on the browser and your system as well as your IP address and the time of retrieval. This information is used to make technical improvements to services based on technical data or target audiences and their reading behavior based on their retrieval locations (ascertainable with the IP address) or access times. The statistical survey also involves determining whether the newsletter is opened, when it is opened, and which links are clicked. This information may be assigned to individual newsletter recipients for technical reasons. However, it is neither our intention nor that of the mailing service to monitor individual users. The evaluations instead help us to recognize the reading habits of our users and to adapt our content to them or to send different content based on our users’ interests.
10.6. Statistical data is surveyed and analyzed, and subscription processes are logged, on the basis of our legitimate interests pursuant to Article 6 (1) (f) GDPR. Our interests are geared toward the use of a user-friendly and secure newsletter system that serves both our business interests and user expectations.
10.7. Termination/revocation: Users may opt out of receiving our newsletter at any time, i.e., withdraw their consent. This means they also no longer consent to receiving the newsletter via the mailing service as well as to the statistical analyses. It is not possible to cancel the distribution via the mailing service or the statistical evaluation separately. If the user has subscribed to our newsletter only and has then canceled this subscription, his or her personal data will be deleted.
11. Involvement of Third-party Services and Contents
11.1. In the framework of our online presence, we use contents and services of third parties based on our legitimate interests (i.e., interests in analysis, optimization, and business operations of our online presence pursuant to Article 6 (1) (f) GDPR), incorporating their contents and services such as videos or fonts (referred to hereinafter as »contents«). This presupposes that third party providers of these contents perceive the users’ IP addresses, as they would otherwise not be able to send contents to their browsers. Therefore, the IP address is a requisite for the representation of these contents. We endeavor to use only contents whose providers use IP addresses solely for the delivery of such contents. Furthermore, third party providers may use »pixel tags« (invisible graphics, also called »web beacons«) for statistical or marketing purposes. These pixel tags may be used to evaluate information such as visitor traffic on these websites. Pseudonymous information may be stored in cookies on the user’s devices and may contain, amongst other things, technical information about the browser and operating system, referring websites, visiting durations, and other information about the use of our online services. It may also be linked with such information from other sources.
11.2. The list below provides an overview of third party providers and their contents as well as links to their privacy policies, which contain further information about the processing of data and opt-out rights in part already mentioned above.
- In the event that our clients use the payment services of third parties (e.g., PayPal or instant bank transfer), the terms and conditions of these third parties, accessible on their websites or online transaction processing applications, apply.
- External fonts of Google, LLC, https://fonts.google.com/ (Google Fonts). Google fonts are loaded by request to a Google server (usually in the US). Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
- We use maps provided by the third party Google, LLC (Google Maps) Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
- External code by JavaScript framework jQuery, provided by the third party jQuery Foundation, https://jquery.org.
12. Rights of Users
12.1. Upon request users have the right to obtain information, free of charge, about their personal data that are stored by us.
12.2. Additionally, users have the right to the rectification of incorrect data, to demand that a restriction be placed on the processing or that personal data be deleted, if applicable. They may assert their right to data portability and file a complaint with the responsible authorities upon suspicion of unlawful data processing.
12.2. Users also have the right to terminate agreements, generally with effect for the future.
13. Deletion of Data
13.1. The data stored on our server are deleted as soon as they are no longer required for their purpose and deletion does not conflict with any statutory storage requirements. Unless the data are deleted because they are required for other and legally permitted purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for reasons pertaining to commercial or tax laws.
14. Right to Object
Users may object to the future processing of their personal data at any time in accordance to the legal requirements. The objection may in particular be made against processing for direct marketing purposes.
15. Changes to the Privacy Policy
15.1. We reserve the right to change our privacy policy to adapt to changes in the legal situation or changes in the service or data processing. However, this only applies to declarations pertaining to data processing. If the users’ consent is required or parts of the privacy policy contain regulations in terms of the contractual relationship with the users, changes can only be made with the user’s consent.
15.2. Users are asked to read the content of the privacy notice with regularity.