The MEGABOARD GmbH is aware of its great responsibility when processing personal data and therefore undertakes, as part of its corporate responsibility, to fully comply with data protection laws. Safeguarding each individual’s personal rights and privacy is our top priority when handling personal data. In doing so, we act in accordance with the principles of lawfulness, transparency, purpose limitation, storage minimisation and data security. This Privacy Policy is intended to inform our customers, prospective customers and newsletter subscribers about all aspects of the processing of their personal data (transparency) and to facilitate their access to their rights and options under data protection regulations. It also describes the measures we have taken to protect the security and confidentiality of the data. We process personal data exclusively for the purposes that were defined before the data was collected. We only process the personal data that is needed in order to provide our services and for the administration of customers, prospective customers and newsletter subscribers, and only for as long as the service is used or we are obliged to do so by statutory provisions. All processing of personal data is carried out in strict compliance with the applicable data protection regulations. We neither publish personal data nor pass it on to third parties without authorisation. Data processing takes place exclusively within the EU. This Privacy Policy applies to our website https://www.megaboard.at. Individual pages may contain links to other providers within and outside the MEGABOARD GmbH website to which this Privacy Policy does not extend. We do not assume any liability for such content.
Legal basis of our data processing
We process data of customers as well as prospective customers and information recipients who have provided us with their personal data on the basis of their enquiry. The data processing is based on the following legal grounds: The processing of customer data is necessary for the performance of a contract to which they are party, or in order to take steps prior to entering into a contract at their request. Personal data that has been provided by the data subjects themselves, for the processing of which they have expressly given their consent for the respective purpose. This consent can be revoked at any time.
Processors
Processing on behalf of a controller (commissioned data processing) occurs when a processor is tasked with processing personal data without being given responsibility for the related business process. In such cases we conclude a data processing agreement with the external processor. We retain full responsibility for ensuring that the data is processed in accordance with data protection law. The processor may only process personal data in accordance with the controller’s instructions. We only work with processors (such as printing companies or mailing agencies) that provide sufficient guarantees that appropriate technical and organisational measures are implemented during processing in accordance with the requirements of the GDPR and that the protection of personal data is ensured. Processing by a processor is carried out solely on the basis of a contract with us, which precisely defines the duration, nature and purpose of the processing. All processors that process personal data regularly check whether data protection regulations are being complied with.
Types of data and purpose of processing
Personal data of our customers, prospective customers as well as newsletter subscribers is collected and processed by us for the purposes of providing services and information. Personal data is stored for the duration of the service or information being provided and for as long as claims may arise from it or statutory provisions require processing.
Duration of data storage
We store personal data only for as long as it is required for the purpose of the processing and for as long as legal claims may exist, or for as long as statutory provisions require us to do so. Afterwards, it is irreversibly deleted. For example, due to statutory obligations (retention requirements) under the Austrian Commercial Code (Unternehmensgesetzbuch, § 212 UGB) and the Federal Fiscal Code (Bundesabgabenordnung, § 132 BAO), the relevant personal data relating to invoices and financial data must be stored for 7 years.
Collection and processing of personal data when visiting our website
When you visit our website, our web servers temporarily store every access in a log file. The following data is collected and stored for 6 months:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved data
- Volume of data transferred
- Notification whether the request was successful
- Identification data of the browser and operating system used
- Website from which the access is made
- Name of your internet service provider
The processing of this data is carried out for the purpose of enabling the use of the website (establishing a connection), system security, the technical administration of the network infrastructure as well as to optimise the online offering. The IP address is only evaluated in the event of attacks on our network infrastructure.
Cookies
Further information can be found here.
Eyepin Newsletter
We use the newsletter tool provided by eyepin. The newsletters of eyepin GmbH, Billrothstraße 52, 1190 Vienna, contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails sent in HTML format, enabling log file recording and log file analysis. This allows statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, eyepin GmbH can determine whether and when an email has been opened by a data subject. Furthermore, newsletter tracking records which links contained in the email have been clicked by the data subject. Personal data collected via the tracking pixels and newsletter tracking contained in the newsletters is stored and evaluated by the controller in order to optimise newsletter distribution and to better adapt the content of future newsletters to the interests of the data subject. This personal data is not passed on to third parties. Data subjects are entitled at any time to revoke the separate consent declaration given via the double opt-in procedure regarding the receipt of the newsletter. After a revocation, no further data will be collected and the address will be placed on a blocklist in order to document the unsubscription and prevent further mailings.
The Privacy Policy of eyepin GmbH can be found at https://support.eyepin.com/hc/de/articles/360001151006-Datenschutz-bei-eyepin
We use the conversion tracking technology and retargeting function of LinkedIn Corporation on our website. With the help of this technology, personalised advertisements can be shown to visitors of this website on LinkedIn. Furthermore, it enables the creation of anonymous reports on the performance of advertisements and information on website interaction. For this purpose, the LinkedIn Insight Tag is integrated into this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time. In LinkedIn’s Privacy Policy at https://www.linkedin.com/legal/privacy-policy you will find further information about data collection and data use as well as the options and rights to protect your privacy. If you do not want LinkedIn to associate your visit to our pages with your LinkedIn user account, please log out of your LinkedIn user account.
Google Analytics
If you consent, we use Google Analytics to analyse website usage. The data obtained is used to optimise our website and our advertising measures. Google Analytics is a web analytics service operated and provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the confidentiality of the processed data. During your website visit, the following data is recorded, among other things: Pages viewed, Orders including revenue and ordered products, Achievement of “website goals” (e.g. contact requests and newsletter sign-ups), Your behaviour on the pages (for example dwell time, clicks, scroll behaviour), Your approximate location (country and city), Your IP address (in shortened form, so that no unique assignment is possible), Technical information such as browser, internet provider, device and screen resolution, Source of origin of your visit (i.e. via which website or which advertising medium you came to us). This data is transferred to Google servers in the USA. We point out that in the USA the same level of data protection as within the EU is not guaranteed. Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognise you on future website visits. The recorded data is stored together with the randomly generated user ID, which makes it possible to evaluate pseudonymous user profiles. These user-related data are automatically deleted after 14 months. Other data remain stored in aggregated form indefinitely.
If you do not agree to this data collection, you can deactivate it by rejecting cookies via our cookie settings dialog.
Data security measures
The personal data processed by us is stored and secured with special care on both a technical and organisational level. It is protected against accidental or unlawful destruction and against loss, and we ensure that it is used properly and that the data is not accessible to unauthorised persons.
All our processors are contractually obliged to implement all technical and organisational measures for secure processing. This is regularly reviewed by one of our responsible persons.
Data Protection Officer
The Data Protection Officer works closely with the highest management level and is the primary contact person for issues relating to data protection and data security. They meet at regular intervals to deal with matters of data security and data protection. Where necessary, the Data Protection Officer cooperates with the supervisory authority and acts as a contact point for the supervisory authority on issues related to the processing of personal data, including prior consultation. Data subjects may consult the Data Protection Officer on all matters related to the processing of their personal data and the exercise of their rights. We ensure that the Data Protection Officer does not receive any instructions when performing their duties. The contact details of our Data Protection Officer can be found in the contact information at the end of this Privacy Policy.
Notification obligation
In the event of a personal data breach, we are obliged to notify the data protection authority of this breach without undue delay. If it is to be assumed that such a breach is likely to result in a risk to the privacy of individuals or to the personal data itself, the data protection authority may – after considering the likely adverse effects of the breach – request us to notify the affected persons.
Information on data subject rights
As a data subject, you have the right to obtain information about the personal data stored about you, the right to rectification of incorrect data, the right to restriction of processing, the right to object to processing and the right to erasure. To exercise these rights, you must provide appropriate proof of your identity. Our response will list the data processed, information on their origin, any recipients or categories of recipients of transmissions, the purpose of data use as well as the legal basis for this in a generally understandable form. Upon your request, the names and addresses of processors must also be disclosed. As an applicant for information, you must cooperate in the information procedure to a reasonable extent in order to avoid unjustified and disproportionate effort on the part of the controller of the data processing. Within one month of receipt of your request, we will provide the information or explain in writing why the information cannot be provided or cannot be provided in full. For information about your personal data and their rectification or erasure, or if you have further questions about the use of your personal data provided to us, you can contact us by email at office@megaboard.at.
The Data Protection Authority (DSB)
In the event of a perceived insufficiency in the protection of personal data, data subjects have the option of lodging a complaint with the Austrian Data Protection Authority (https://www.dsb.gv.at).
Changes to this Privacy Policy
As these notices are subject to the applicable legal situation at any given time and our services are continuously further developed, we reserve the right to amend this Privacy Policy accordingly in the future. We recommend that you read this Privacy Policy regularly in order to stay informed about the protection of the personal data we collect.
Controller / Contact
The controller is MEGABOARD GmbH, address: ORBI-Tower, Thomas-Klestil-Platz 13, 1030 Vienna, email: office@megaboard.at
Contact address of the Data Protection Officer: datenschutzbeauftragter@gewista.at