Declaration on the duty to inform
The protection of your personal data is of particular concern to us. Accordingly, we have taken technical and organisational measures to ensure we process your data exclusively on the basis of the statutory provisions (GDPR, TKG 2003). In order to protect your data from unauthorised access and misuse, we have taken extensive technical and operational security measures in accordance with Austrian law.
In the following data protection information you will find the most important aspects of data processing at GPK.
The legislator requires that personal data be processed in a lawful manner, in good faith and in a manner understandable to the data subject. In order to guarantee this, we would like to explain the individual legal definitions of terms which are also used in this data protection declaration:
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as ‚data subject‘); a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or one or more specific characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, is regarded as identifiable.
“Processing” means any operation or set of operations which is carried out in relation to personal data, whether or not by automatic means, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
Limitation of processing
“Limitation of processing” means the marking of stored personal data with the aim of limiting their future processing.
“Profiling” means any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements of that natural person.
“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data cannot be attributed to an identified or identifiable natural person.
“Filing system” means any structured collection of personal data accessible according to specific criteria, whether centralised, decentralised or organised on a functional or geographical basis.
“Controller” means a natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of the processing of personal data; where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the Controller or the specific criteria for the designation may be laid down by Union law or by the law of the Member States.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the course of a specific investigation task under Union law or the law of the Member States shall not be considered as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules and in accordance with the purposes of the processing.
“Third party” means a natural or legal person, public authority, agency or any other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
The data subject’s “consent” shall mean any voluntary, informed and unambiguous expression of his or her will in the particular case, in the form of a statement or other unambiguous affirmative act, by which the data subject indicates his or her consent to the processing of his or her personal data.
Lawfulness of processing
The processing of personal data is only lawful if there is a legal basis for the processing. The legal basis for the processing may, in accordance with Article 6(1), lit. a – f GDPR be in particular as follows:
1. The data subject has given his/her consent to the processing of his/her personal data for one or more specific purposes;
2. The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject;
3. The processing is necessary to fulfil a legal obligation to which the controller is subject;
4. The processing is necessary to protect the vital interests of the data subject or of another natural person;
5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
6. Processing is necessary to safeguard the legitimate interests of the controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail, in particular where the data subject is a child.
Information about the collection of personal data
Contact with us
If you contact us by e-mail or if we voluntarily receive your personal data (e.g. company, contact person, areas, title, first name, surname, address, telephone numbers, website, fax and e-mail address) from you, this data will be processed by us. Grounds for processing (in addition to the lawfulness of the processing, see above) are:
• Upright customer relationship
• Processing of the contractual relationship
• In the event of follow-up questions
• E-mail/newsletter information about our products and services
• Information relevant to your business by e-mail or post
The data provided by you is necessary for the fulfilment of the contract or for the implementation of pre-contractual measures. Without this data, we cannot conclude the contract with you. This data will not be passed on by us.
Collection of personal data when you visit our website
If you only use the website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you and to guarantee its stability and security (legal basis is Art. 6 Para. 1 p. 1 lit. f GDPR):
• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Contents of the request (concrete page)
• Access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request originates
• Operating system and its interface
• Language and version of the browser software.
Storage and retention periods
We store your data in accordance with the tax retention obligation according to §132 Abs 1 BAO (Austrian Federal Fiscal Code), i.e. for 7 years starting from the last contact. In addition, it will be stored for as long as it is relevant to the tax authority in a pending case.
Registrations for events
If we offer a registration form for events on the GPK website or on subpages thereof, we hereby guarantee that this personal data (company, title, first name, surname, address, telephone numbers, fax and e-mail address) as well as particular registration for the event (e.g. programme selection, bus shuttle, hotel) will only be stored and used directly by GPK for the purpose of processing the event and will be deleted at the end of the event, at the latest however 10 days after the event.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
This website uses the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies (in addition a.)
– Persistent cookies (in addition b.).
1. Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.
2. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
3. You can configure your browser settings according to your wishes and refuse to accept third party cookies or any cookies. So-called „Third Party Cookies“ are cookies that are set by a third party, therefore not by the actual website you are currently on. We would like to point out that by deactivating cookies you may not be able to use all the functions of this website.
Web Analysis – Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. („Google“). Google Analytics uses „cookies“, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is enabled on this website, Google will previously truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
(4) This website uses Google Analytics with the extension „_anonymizeIp()“. This means that IP addresses are further processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you is related to a person, this will be excluded and the personal data deleted immediately.
(5) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained will enable us to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Para. 1 p. 1 lit. f GDPR.
(6) Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your use in your customer account under „My data“, „Personal data“.
If you have accessed our websites via a Google ad, an affiliate ad or an e-mail, Google AdWords, Metalyzer or Teradata will store a cookie on your computer. This cookie loses its validity after 30 days. A conclusion about your person is not possible. The information collected with the help of the conversion cookie is used by us to compile statistics about our conversion rate. If you do not want to participate in the tracking process, you can disable cookies for conversion tracking by setting your browser to block cookies in your browser settings.
Social Media plug-ins
(1) We currently use the following social media plug-ins: [Facebook, Google+, Twitter, Xing, T3N, LinkedIn, Flattr]. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the mark on the box above its initial letter or the logo. You can communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online service. In addition, the data mentioned under § 3 of this policy is transmitted. In the case of Facebook and Xing, the IP address is made anonymous immediately after collection (according to information provided by the respective providers in Germany). By activating the plug-in, your personal data is transferred to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.
(2) We have no influence on the data collected and data processing operations. We are neither aware of the full scope of data collection, the purposes of processing, nor the storage periods. We also receive no information on the deletion of the data collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such evaluation is carried out in particular (also for users who are not logged in) in order to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins, we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 Para. 1 p. 1 lit. f GPDR.
(4) Data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be directly assigned to your existing account with the plug-in provider. If you press the activated button and (for example) link the page, the plug-in provider also stores this information in your user account and communicates it publicly to your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this prevents you being assigned to your profile by the plug-in provider.
(5) Further information on the purpose and scope of data collection as well as processing by the plug-in provider can be found in the following privacy policies of these providers. You will also find further information on your rights and setting options to protect your privacy.
(6) Addresses of the respective plug-in providers and URLs with their data protection information:
1. Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is now subject to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
2. Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google is now subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
3. Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter is now subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
4. Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; http://www.xing.com/privacy.
5. T3N, yeebase media GmbH, Kriegerstr. 40, 30161 Hannover, Germany; https://t3n.de/store/page/datenschutz.
6. LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn is now subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
7. Flattr Network Ltd. 2nd Floor, White bear yard 114A, Clerkenwell Road, London, Middlesex, England, EC1R 5DF, UK; https://flattr.com/privacy.]
Integration of Google Maps
(1) On this website we use the services of Google Maps. This enables us to display interactive maps directly on the website and enables you to use the map function conveniently.
(2) By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this policy will be transmitted. This occurs regardless of whether Google provides a user account that you are logged into or whether there is no user account. When you are logged into Google, your information will be directly associated with your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purpose of advertising, market research and/or the design of its website in line with requirements. Such evaluation is carried out in particular (even for users who are not logged in) in order to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. You must contact Google to exercise this right.
(3) Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the provider’s data protection policies. You will also find further information on your rights and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the United States and is now subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
We make use of external service providers (contract processors), e.g. for the dispatch of products and services, newsletters or payment processing. Separate order data processing has been agreed with the service providers in order to ensure the protection of your personal data.
You have a basic entitlement to information, correction, deletion, restriction, data transferability, revocation and objection. The deletion of your data or a revocation results in the fact that we no longer process your data from this point in time for the above-mentioned purposes.
If you believe that the processing of your data violates the data protection law or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, this is the Austrian Data Protection Authority (https://www.data-protection-authority.gv.at/).