privacy policy

Effective Date: 11/2024

I. Introduction

This privacy policy provides information about the type, scope, and purpose of processing personal data, as well as the rights of individuals affected by data processing. For further information or questions about data protection, please contact the data controller:

R & A Thalacker GmbH

Am Weißen Stein 19

5310 Mondsee

Phone: +43 (0)664 738 886 13

Email: office@thalacker.at

Website: www.thalacker.at

Legal Basis

Your personal data is protected to the greatest extent possible when visiting the website and using the services provided on it, in accordance with statutory provisions (GDPR, DSG, TKG 2021).

Internet Data Security and Links to Third-Party Websites

Internet-based data transmissions inherently involve security risks, and absolute protection cannot be guaranteed despite comprehensive efforts.

This website may contain links to third-party websites. The protection of your personal data on such websites lies outside our control. By clicking on these links, you will be directed to third-party websites, which may process personal data as part of their operations.

I. Contact Form, Email, and Telephone Contact

1. Processed Data

When using the contact form embedded on the website, the following information is processed: data entered in the input fields, date and time of the request, metadata, and any additional information you provide in the message text field.

When contacting us via email, the following data is processed: content of the email, sender and recipient addresses, date, and subject line. For telephone contact, the processed data may include phone numbers, personal data you provide, notes about the conversation, its date, time, and duration.

2. Purpose and Legal Basis for Data Processing

If the inquiry is related to an existing contract or aims at concluding a contract, data processing is carried out for communication and response purposes based on the execution of (pre-)contractual measures (Art. 6(1)(b) GDPR). Otherwise, processing is based on the legitimate interest of the data controller in responding to inquiries and initiating contractual relationships or cooperation (Art. 6(1)(f) GDPR).

3. Recipients of Personal Data

Recipients may include third parties necessary for electronic communication, error handling, troubleshooting, or maintenance (e.g., IT service providers, software providers, waste disposal services), as well as courts or authorities, if applicable. Personal data is generally processed within the EU. If processing in a third country is required, appropriate measures under Art. 44 et seq. GDPR are taken.

4. Data Retention Period

Data is retained until the purpose is fulfilled. All data will be deleted six months after correspondence ends unless longer retention is required, particularly for fulfilling a contract, meeting documentation obligations, or asserting, exercising, or defending legal claims.

5. Consequences of Not Providing Data

Failure to provide necessary data, such as contact details, will result in the inability to adequately respond to your inquiry.

6. Data Subject Rights

You have the right to access, rectify, delete, restrict processing, data portability, and object to processing your personal data. Additionally, you can withdraw consent for data processing at any time without affecting the lawfulness of processing conducted based on the consent before its withdrawal.

II. Website Visitors

1. Processed Data

When visiting the website, the following data is processed:

• IP address

• Date and time of access

• Time zone difference to Greenwich Mean Time (GMT)

• Specific pages requested

• Access status/HTTP status code

• Amount of data transferred

• Referring website

• Browser

• Operating system and interface

• Browser language and version

2. Purpose and Legal Basis for Data Processing

Processed data is used to:

• Deliver website content correctly

• Ensure the permanent functionality and security of systems and servers

• Provide law enforcement authorities with necessary information in case of a cyberattack and assert or defend legal claims

The legal basis is the legitimate interest of the data controller in achieving these purposes (Art. 6(1)(f) GDPR). For technical security and prevention of server attacks, processing is based on the obligation to ensure adequate security levels (Art. 32 GDPR in conjunction with Art. 6(1)(c) GDPR).

3. Recipients of Personal Data

Recipients may include IT service providers, software providers, waste disposal services, as well as courts or authorities, if necessary. Personal data is generally processed within the EU. For third-country processing, measures under Art. 44 et seq. GDPR are applied.

4. Data Retention Period

Data is retained until the purpose is fulfilled. Data processed for website display is deleted at the end of the session. Any further storage is anonymized after seven days unless needed for law enforcement purposes.

5. Consequences of Not Providing Data

Failure to provide required data will result in improper website display.

6. Data Subject Rights

You have the right to access, rectify, delete, restrict processing, data portability, and object to the processing of your personal data. Additionally, you can withdraw consent for data processing at any time.

III. Data Subject Rights in Detail

Data subjects have several rights under the GDPR, particularly from Art. 15 to 21 GDPR, including:

1. Right to Access

Under Art. 15 GDPR, you can request information about your processed personal data.

2. Right to Rectification

Under Art. 16 GDPR, you can request corrections to inaccurate or incomplete data.

3. Right to Deletion

Under Art. 17 GDPR, you may request the deletion of your personal data, provided the data is not needed to fulfill legal obligations.

4. Right to Restriction of Processing

Under Art. 18 GDPR, you can request restrictions on the processing of your data.

5. Right to Object

Under Art. 21 GDPR, you can object to data processing based on your specific circumstances.

6. Right Not to Be Subject to Automated Decision-Making

Currently, no automated decision-making, including profiling, is conducted under Art. 22 GDPR.

7. Right to Withdraw Consent

Under Art. 7(3) GDPR, you can withdraw consent at any time without affecting the lawfulness of prior processing.

Withdrawal can be communicated via email to office@thalacker.at or by written or oral notice to R & A Thalacker GmbH, Am Weißen Stein 19, 5310 Mondsee, Austria. Upon withdrawal, your data will be deleted unless legally required to retain it or justified by legitimate interests under Art. 6(1)(f) GDPR.

8. Right to Lodge Complaints

Violations of data protection laws or infringements of rights may be reported to the Austrian Data Protection Authority (Barichgasse 40-42, 1030 Vienna). Legal remedies are also available if you believe a violation has occurred.

©COPYRIGHT R & A Thalacker GmbH | imprint | privacy policy