Privacy Policy

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation; "GDPR"), the controller must inform the data subject about the processing of personal data. With this document, we inform you about the personal data processed.

Definitions

For a better understanding of this privacy policy, you will find a brief explanation of the terms used below.

Personal data ("Data") refers to any information relating to an identified or identifiable natural person, such as name, address, email address, telephone number, date of birth, age, gender, social security number, video recordings, photos, etc. Data relating to legal entities is not subject to the provisions of the GDPR.

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

A controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party.

Our Contact Details

Should you have any further questions, as the controller for the data processing described herein, please do not hesitate to contact us using the following contact details:

EveLux e.U.

Owner: Simone Nemet

Attemsgasse 43, 1220 Vienna

+43 660 666 00 07

office@evelux-ei.com

Purposes and Legal Basis of Processing

Data may only be processed for a specific purpose and only if the processing can be based on an appropriate legal ground. Processing may be justified for the following reasons:

Legal Basis for Processing Legal Ground
Based on your voluntary consent for a specific purpose Art. 6 para. 1 lit. a
For the performance of a contract, provided you are a party to the contract, or for the initiation of a contract if the processing is based on your request Art. 6 para. 1 lit. b
Due to a legal obligation to which we are subject Art. 6 para. 1 lit. c
To protect your vital interests or to protect the vital interests of another person Art. 6 para. 1 lit. d
For the performance of a task carried out in the public interest or in the exercise of official authority vested in us Art. 6 para. 1 lit. e
On the basis of a balancing of interests between our interest or the interest of a third party in the processing on the one hand and your interests or fundamental rights and freedoms on the other Art. 6 para. 1 lit. f

We process your data for the following purposes based on the following legal grounds:

Categories of data collected Purpose of processing Legal basis
Applicant data (Name, date of birth, place of birth, address, email address, telephone number, other data from CVs) This data is necessary for the use of our services and for the initiation of a contract and is collected from you. Art. 6 para. 1 lit. a and b GDPR
Contact details (Name, address, email address, telephone number) This data is necessary for the use of our services or for the initiation of a contract and is collected from you when you contact us. Art. 6 para. 1 lit. a and b GDPR
Technical information (IP address, operating system) This data is required so that the website opened via your initiative can be displayed to you in the correct format. Art. 6 para. 1 lit. f GDPR

Recipients

Recipients assist us with complying with legal or statutory obligations, with contract initiation and fulfillment, with services that require your consent, or with processing activities that are in our legitimate interest. We may disclose or transmit data, in part, to the following recipients (processors or controllers):

Recipient Description
IT service providers Operation of our IT system, in particular email services, hosting services, etc.
Subcontractors If and to the extent that services are not provided by us and a legal basis for processing exists
Tax advisors, accountants Processing of data for tax or accounting reasons
Attorneys, courts, debt collection agencies If necessary for the enforcement or defense of legal claims

‍‍

We only transfer your data to other recipients if you have given your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR, if it is legally permissible and necessary for the fulfillment of a contractual relationship with you in accordance with Art. 6 para. 1 lit. b GDPR, or if we are legally obliged to do so in accordance with Art. 6 para. 1 lit. c GDPR, or if the disclosure is necessary for the protection of our legitimate interests and for the assertion, exercise, or defense of legal claims in accordance with Art. 6 para. 1 lit. f GDPR, and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data.

We intend to transfer the data to the following third countries: United States of America.

An adequacy decision from the European Commission exists for the United States of America. By decision of July 10, 2023, concerning C(2023) 4745 final, the European Commission has determined that the United States of America offers an adequate level of data protection within the meaning of Art. 45 GDPR, provided that our contractual partner is registered on the EU/US Data Privacy Framework List. Information on the registration of individual providers on this list can be found in the respective section of this privacy policy.An adequacy decision from the European Commission exists for the United States of America. By decision of July 10, 2023, concerning , the European Commission has determined that the United States of America offers an adequate level of data protection within the meaning of Art. 45 GDPR, provided that our contractual partner is registered on the . Information on the registration of individual providers on this list can be found in the respective section of this privacy policy.

If no adequacy decision exists, we may only transfer data based on appropriate safeguards, such as standard contractual clauses, binding corporate rules, approved codes of conduct, approved certification mechanisms, etc. Under the conditions of Art. 49 GDPR, a transfer may still be permissible. A copy of these safeguards for your specific case can be provided upon request.If no adequacy decision exists, we may only transfer data based on appropriate safeguards, such as standard contractual clauses, binding corporate rules, approved codes of conduct, approved certification mechanisms, etc. Under the conditions of Art. 49 GDPR, a transfer may still be permissible. A copy of these safeguards for your specific case can be provided upon request.

There is no intention to transfer the data to an international organization.

‍‍

Storage Duration

Data is generally stored only for as long as required by statutory retention obligations. Furthermore, data may be stored if necessary for the enforcement or defense of third-party claims. Important storage periods are listed below:

‍‍

Obligation to Retain Data Expected Storage Duration
Corporate law retention obligation pursuant to §§ 190, 212 UGB (Austrian Commercial Code) 7 years
VAT law retention obligation for invoices pursuant to § 11 para. 2 sub-para. 3 UStG (Austrian Value Added Tax Act) 7 years
VAT law retention obligations for export documents pursuant to § 7 para. 7 UStG (Austrian Value Added Tax Act) 7 years
Warranty pursuant to § 933 ABGB (Austrian General Civil Code) 2 years
Claims for purchase prices for movable assets pursuant to § 1062 in conjunction with § 1486 ABGB (Austrian General Civil Code) 3 years
Claims arising from a contract for work and services pursuant to § 1486 ABGB (if the service was provided within the scope of a commercial or other business operation) 3 years
General damages pursuant to § 1489 ABGB (actions for compensation) 3 years/30 years
Liability claims pursuant to § 13 PHG (Austrian Product Liability Act) 10 years

‍‍

Oja.at

We use the web hosting provider oja.at for our website. The service provider is the Austrian company oja.at GmbH, Rosentaler Straße 148, 9020 Klagenfurt, Austria.

You can find more information about the data processed through the use of oja.at in the privacy policy at https://oja.at/datenschutzerklaerung/.You can find more information about the data processed through the use of oja.at in the privacy policy at .

‍‍

Webflow

We use Webflow as the provider for hosting our website. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter: Webflow).

Type of data: IP address, date and time of access, browser type, operating system, and device data.

Purpose: Provision and error-free delivery of the website, and ensuring its security.

Legal basis: Our legitimate interest in the technically flawless presentation and security of our website (Art. 6 para. 1 lit. f GDPR).

Data Transfer: Webflow is certified under the EU-U.S. Data Privacy Framework. In addition, Standard Contractual Clauses have been concluded to ensure the level of data protection.

https://webflow.com/legal/privacyMore info: https://webflow.com/legal/privacy

‍‍

TidyCal

For providing an online appointment booking function, we use the services of the provider TidyCal, AppSumo, 1305 E. 6th St. Suite 3
, Austin, TX 78702, USA.

For the transfer of data to the USA, we have concluded Standard Contractual Clauses of the European Commission with the provider, which ensure compliance with the European data protection level.

Further information on TidyCal and data protection at TidyCal can be found here: https://tidycal.com/privacy‒policy. Further information on TidyCal and data protection at TidyCal can be found here: .

‍‍

Fonts

On our website, we use Google Fonts and other fonts for the visually appealing presentation of our content. These fonts are hosted locally on our server (provided via Webflow). This avoids a direct connection to Google's servers or other external providers, and no transmission of your IP address or other data to these providers takes place. The use of these locally hosted fonts serves our legitimate interest in an appealing and user-friendly website design (Art. 6 para. 1 lit. f GDPR).On our website, we use and other fonts for the visually appealing presentation of our content. These fonts are hosted locally on our server (provided via Webflow). This avoids a direct connection to Google's servers or other external providers, and no transmission of your IP address or other data to these providers takes place. The use of these locally hosted fonts serves our legitimate interest in an appealing and user-friendly website design (Art. 6 para. 1 lit. f GDPR).

‍‍

Google Services

General

The provider of the following services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. Google's privacy policy can be found here  https://policies.google.com/privacy?hl=deThe provider of the following services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. Google's privacy policy can be found here  

However, some services (such as Google Search or Google Maps) are provided by or transferred to the following company: Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043-1351, USA. Google LLC is based in a third country. Google LLC is listed, meaning that data transfer to the USA is compliant with data protection regulations under Art 45 GDPR. Further information on the certification of Google LLC can be found here https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=ActiveHowever, some services (such as Google Search or Google Maps) are provided by or transferred to the following company: Google LLC, 1600 Amphitheatre Pkwy, Mountain View, California 94043-1351, USA. Google LLC is based in a third country. Google LLC is listed, meaning that data transfer to the USA is compliant with data protection regulations under Art 45 GDPR. Further information on the certification of Google LLC can be found here  

An overview of the cookies used, their purpose, and storage duration can be found in the Cookie section of this Privacy Policy. Before processing, your consent for the use of Google services and the setting of necessary cookies is obtained in accordance with Art 6 para 1 lit a GDPR and § 165 para 3 TKG, respectively. Your consent can be revoked at any time.Some Google services use cookies. An overview of the cookies used, their purpose, and storage duration can be found in the Cookie section of this Privacy Policy. Before processing, your consent for the use of Google services and the setting of necessary cookies is obtained in accordance with Art 6 para 1 lit a GDPR and § 165 para 3 TKG, respectively. Your consent can be revoked at any time.

Prior consent for cookies is not obtained only if their sole purpose is the transmission of a message, or if it is strictly necessary for us to provide you with a service you have explicitly requested.

‍‍

Google Ads

We use Google Ads (formerly Google AdWords) as an online marketing measure to promote our products and services.

Google Ads is used to better analyze user actions. If you click on one of our Google Ads, the "Conversion" cookie from a Google domain is stored on your device.

We also use Google Ad Remarketing for our website.

he most important cookies used in this context are:The most important cookies used in this context are:

‍‍

Name Duration Description
Conversion 3 months This cookie stores every conversion you make on our website after reaching us via a Google Ad.
_gac 3 months This cookie is used to record various actions on our website.

‍‍

Google Tag Manager

We use Google Tag Manager as an organizational tool to centrally manage website tags via a user interface. With the help of tags, for example, your activities on our website are recorded. The tags mostly originate from Google products such as Google Ads or Google Analytics.

Google Tag Manager does not set cookies or store any data. Rather, it acts as an administrator for the tags implemented in the system. The tags of the web analysis tools collect the data. In this sense, the data is passed through to the individual tracking tools and not stored.

‍‍

Meta Services

‍‍

Meta Business Tools

Within our online offering, we use Meta Business Tools, which are operated and provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").

The following processing operations are carried out exclusively based on your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.

‍‍

Meta Pixel

Meta Pixel is a code that loads a collection of functions with which Meta can track your user actions on our website. The Meta Pixel can store your actions on our website in one or more cookies. Further information on Meta Pixel can be found under Link. We also use Custom Audiences. Further information on this can be found here.Meta Pixel is a code that loads a collection of functions with which Meta can track your user actions on our website. The Meta Pixel can store your actions on our website in one or more cookies. Further information on Meta Pixel can be found under . We also use Custom Audiences. Further information on this can be found .

The pixel collects information such as your IP address and user ID and compares it with the data from your Facebook account.The pixel collects information such as your IP address and user ID and compares it with the data from your Facebook account.

Meta uses different cookies depending on interaction and user behavior. For example, the following cookies are used:

‍‍

Name Dauer Beschreibung
_fbp 3 Monate Dieses Cookie wird zur Anzeige von Werbeprodukten verwendet.
fr 3 Monate Dieses Cookie gewährleistet die Funktionsfähigkeit von Meta Pixel.
Comment_author_50ae8267e2bdf1253ec1a5769f48e062138118815-3 12 Monate Dieses Cookie speichert den Text und den Namen eines Users beispielsweise beim Hinterlassen eines Kommentars.
Comment_author_url_50ae8267e2bdf1253ec1a5769f48e062 12 Monate Dieses Cookie speichert die URL der Webseite, die der User in einem Textfeld auf unserer Webseite eingibt.

‍‍

Cookies

Cookies are text files that are stored on your device to recognise it. Cookies may contain information about the use of our offers and services. Due to the Planet49 GmbH ruling, consent is obtained for cookies even if they are not personal data.Cookies are text files that are stored on your device to recognise it. Cookies may contain information about the use of our offers and services. Due to the , consent is obtained for cookies even if they are not personal data.

Some of the cookies used are only stored until you close our offer again (session cookies), whereas certain cookies are stored for a longer period and can recognise you (persistent cookies). Some cookies are absolutely necessary for the website's function (essential cookies), others record visits and the visitor's origin and measure this data without the cookies being able to establish a connection to your person (performance cookies). Certain cookies are used for marketing purposes (marketing cookies).Some of the cookies used are only stored until you close our offer again (session cookies), whereas certain cookies are stored for a longer period and can recognise you (persistent cookies). Some cookies are absolutely necessary for the website's function (essential cookies), others record visits and the visitor's origin and measure this data without the cookies being able to establish a connection to your person (performance cookies). Certain cookies are used for marketing purposes (marketing cookies).

If personal data is also processed by individual cookies used by us, the processing takes place in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of granted consent, or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the user experience.

Via the cookie declaration when you first visit the website, you can select which cookies you wish to allow. Your consent is required for marketing cookies. If you wish to withdraw your consent or change your cookie settings, you can do so directly in your browser.

‍‍

Legal notice

‍‍

Right of access

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed; and, where that is the case, access to the personal data. This includes the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; any available information as to their source; the existence of automated decision-making, including profiling.

‍‍

Right to rectification

You have the right to request from the controller the rectification of inaccurate personal data and the completion of incomplete personal data.

‍‍

Right to erasure

You have the right to request from the controller the immediate erasure of personal data concerning you where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. You withdraw consent on which the processing is based and where there is no other legal ground for the processing. You object to the processing (Art 21(1) GDPR) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art 21(2) GDPR. The personal data have been unlawfully processed. The personal data have to be erased for compliance with a legal obligation. The personal data have been collected in relation to the offer of information society services referred to in Article 8(1). The right to erasure shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation, for the performance of a task carried out in the public interest; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes for the establishment, exercise or defence of legal claims.

‍‍

Right to restriction of processing

You have the right to request the restriction of processing if one of the following conditions applies: the accuracy of the personal data is contested, for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of their use; the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override yours.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

‍‍

Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or on a contract and the processing is carried out by automated means.

When exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

‍‍

Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.

‍‍

Right to Withdraw Consent

You have the right to withdraw consent based on Article 6(1)(a) or Article 9(2)(a) at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

‍‍

Right to Lodge a Complaint

You have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, T.: 00431521522569, E.: dsb@gsb.gv.at, if you believe that the processing violates applicable data protection law.

‍‍

Other Information

The provision of personal data is partly required by law or necessary for the conclusion of a contract. You are generally not obliged to provide the data. If you do not provide the data, it will not be possible to conclude a contract.

There is no automated decision-making, including profiling, in accordance with Article 22(1) and (4).