privacy policy
Effective Date: 11/2024
I. Introduction
This privacy policy provides information about the type, scope, and purpose of processing personal data, as well as the rights of individuals affected by data processing. For further information or questions about data protection, please contact the data controller:
R & A Thalacker GmbH
Am Weißen Stein 19
5310 Mondsee
Phone: +43 (0)664 738 886 13
Email: office@thalacker.at
Website: www.thalacker.at
Legal Basis
Your personal data is protected to the greatest extent possible when visiting the website and using the services provided on it, in accordance with statutory provisions (GDPR, DSG, TKG 2021).
Internet Data Security and Links to Third-Party Websites
Internet-based data transmissions inherently involve security risks, and absolute protection cannot be guaranteed despite comprehensive efforts.
This website may contain links to third-party websites. The protection of your personal data on such websites lies outside our control. By clicking on these links, you will be directed to third-party websites, which may process personal data as part of their operations.
I. Contact Form, Email, and Telephone Contact
1. Processed Data
When using the contact form embedded on the website, the following information is processed: data entered in the input fields, date and time of the request, metadata, and any additional information you provide in the message text field.
When contacting us via email, the following data is processed: content of the email, sender and recipient addresses, date, and subject line. For telephone contact, the processed data may include phone numbers, personal data you provide, notes about the conversation, its date, time, and duration.
2. Purpose and Legal Basis for Data Processing
If the inquiry is related to an existing contract or aims at concluding a contract, data processing is carried out for communication and response purposes based on the execution of (pre-)contractual measures (Art. 6(1)(b) GDPR). Otherwise, processing is based on the legitimate interest of the data controller in responding to inquiries and initiating contractual relationships or cooperation (Art. 6(1)(f) GDPR).
3. Recipients of Personal Data
Recipients may include third parties necessary for electronic communication, error handling, troubleshooting, or maintenance (e.g., IT service providers, software providers, waste disposal services), as well as courts or authorities, if applicable. Personal data is generally processed within the EU. If processing in a third country is required, appropriate measures under Art. 44 et seq. GDPR are taken.
4. Data Retention Period
Data is retained until the purpose is fulfilled. All data will be deleted six months after correspondence ends unless longer retention is required, particularly for fulfilling a contract, meeting documentation obligations, or asserting, exercising, or defending legal claims.
5. Consequences of Not Providing Data
Failure to provide necessary data, such as contact details, will result in the inability to adequately respond to your inquiry.
6. Data Subject Rights
You have the right to access, rectify, delete, restrict processing, data portability, and object to processing your personal data. Additionally, you can withdraw consent for data processing at any time without affecting the lawfulness of processing conducted based on the consent before its withdrawal.
II. Website Visitors
1. Processed Data
When visiting the website, the following data is processed:
• IP address
• Date and time of access
• Time zone difference to Greenwich Mean Time (GMT)
• Specific pages requested
• Access status/HTTP status code
• Amount of data transferred
• Referring website
• Browser
• Operating system and interface
• Browser language and version
2. Purpose and Legal Basis for Data Processing
Processed data is used to:
• Deliver website content correctly
• Ensure the permanent functionality and security of systems and servers
• Provide law enforcement authorities with necessary information in case of a cyberattack and assert or defend legal claims
The legal basis is the legitimate interest of the data controller in achieving these purposes (Art. 6(1)(f) GDPR). For technical security and prevention of server attacks, processing is based on the obligation to ensure adequate security levels (Art. 32 GDPR in conjunction with Art. 6(1)(c) GDPR).
3. Recipients of Personal Data
Recipients may include IT service providers, software providers, waste disposal services, as well as courts or authorities, if necessary. Personal data is generally processed within the EU. For third-country processing, measures under Art. 44 et seq. GDPR are applied.
4. Data Retention Period
Data is retained until the purpose is fulfilled. Data processed for website display is deleted at the end of the session. Any further storage is anonymized after seven days unless needed for law enforcement purposes.
5. Consequences of Not Providing Data
Failure to provide required data will result in improper website display.
6. Data Subject Rights
You have the right to access, rectify, delete, restrict processing, data portability, and object to the processing of your personal data. Additionally, you can withdraw consent for data processing at any time.
III. Data Subject Rights in Detail
Data subjects have several rights under the GDPR, particularly from Art. 15 to 21 GDPR, including:
1. Right to Access
Under Art. 15 GDPR, you can request information about your processed personal data.
2. Right to Rectification
Under Art. 16 GDPR, you can request corrections to inaccurate or incomplete data.
3. Right to Deletion
Under Art. 17 GDPR, you may request the deletion of your personal data, provided the data is not needed to fulfill legal obligations.
4. Right to Restriction of Processing
Under Art. 18 GDPR, you can request restrictions on the processing of your data.
5. Right to Object
Under Art. 21 GDPR, you can object to data processing based on your specific circumstances.
6. Right Not to Be Subject to Automated Decision-Making
Currently, no automated decision-making, including profiling, is conducted under Art. 22 GDPR.
7. Right to Withdraw Consent
Under Art. 7(3) GDPR, you can withdraw consent at any time without affecting the lawfulness of prior processing.
Withdrawal can be communicated via email to office@thalacker.at or by written or oral notice to R & A Thalacker GmbH, Am Weißen Stein 19, 5310 Mondsee, Austria. Upon withdrawal, your data will be deleted unless legally required to retain it or justified by legitimate interests under Art. 6(1)(f) GDPR.
8. Right to Lodge Complaints
Violations of data protection laws or infringements of rights may be reported to the Austrian Data Protection Authority (Barichgasse 40-42, 1030 Vienna). Legal remedies are also available if you believe a violation has occurred.
©COPYRIGHT R & A Thalacker GmbH | imprint | privacy policy