Table of Contents

1. Controller and Data Protection Officer
2. Purposes of Processing and Legal Basis for the Website
   2.1  Logging of Activities on Our Website (Logfiles)
3. General Data Sharing and Recipients
4. General Data Retention Period
5. Profiling and Automated Decision-Making
6. Cookies
   6.1 Cookies
   6.2 Google Analytics
   6.3 Google Tag Manager
7. Your Rights to Protect Your Personal Data
8. Right to Lodge a Complaint

The protection of your privacy is important to us. We strictly adhere to the legal provisions of the EU General Data Protection Regulation (GDPR), the Data Protection Act, and other applicable legal regulations concerning the protection, lawful handling, and confidentiality of personal data.

Below, we would like to inform you about the processing of your personal data. If you have any questions, please contact us using the provided contact details.

1. Controller and Data Protection Officer

1.1 Name and Address of the Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:

PRINZHORN HOLDING GmbH
Lemböckgasse 21-25
1230 Vienna
Austria
Phone: +43 (0)50118 10140
Fax: +43 (0)50118 10111
Email: office@prinzhorn-holding.com

Contact for the Data Protection Officer:
Email: dataprotection@prinzhorn-holding.com

2. Purposes of Processing and Legal Basis for the Website

2.1 Logging of Activities on Our Website (Logfiles)

When you visit our website, we collect and store access data in log files (so-called logfiles or access logs) in order to ensure the permanent functionality of the website. In this context, we process the following data:

• IP address
• Date and time of access
• Websites from which you arrived on our site (referrer URL)
• Operating system
• Name of the Internet Service Provider
• Product and version information of the browser used
• Data volume transmitted and loading time

The legal basis for the data processing is our legitimate interest pursuant to Article 6(1)(f) of the GDPR. This legitimate interest lies in ensuring the functionality, security, and accessibility of the website for all visitors, as well as for the collection, defense, and assertion of legal claims if necessary.

You have the right to object to this data processing (the right to object to data processing based on legitimate interests in accordance with Article 21, paragraph 1 of the GDPR). In such cases, we will only process your data if there are compelling legitimate reasons on our part for further processing.

A direct inference to your identity based on the information is not possible. The data will be automatically deleted once the aforementioned purposes have been achieved.

Data transfers: As a general rule, we only transfer the data collected based on your use of our website to the extent necessary to fulfill the stated purposes (e.g., operation and maintenance of the website via external service providers). However, we may also be legally or administratively obligated to disclose data to third parties (e.g., data transfer to law enforcement authorities).

Storage duration: We retain log file data for a period of 6 months after your visit to the website.

3. General Data Sharing and Recipients

We only share personal data to the extent necessary to fulfill the stated purposes. For all data transfers, we ensure that only the absolutely necessary information is transmitted, and we comply with data protection regulations for data sharing (e.g., strict instructions for data processors through Article 28 contracts, obligation to confidentiality, and obligation to fully comply with adequate protection standards in the processing of personal data).

We may also be legally or administratively required to disclose data to third parties (e.g., data transfer to law enforcement authorities and courts).

Details on data transfers and recipients can be found in the explanations regarding the processing purposes.

4. General Data Retention Period

Your data will only be stored for as long as is technically and organizationally necessary to achieve the stated purposes, as well as to fulfill our legal obligations. If applicable, we may also retain your personal data on the legal basis of legitimate interest (e.g., collection, assertion, and defense of legal claims) for certain periods of time. When determining these periods, we ensure that your rights and freedoms are not violated. When data retention is no longer necessary, we will delete your data promptly.

Detailed information on the specified retention periods can be found under the respective processing purpose.

5. Profiling and Automated Decision-Making

We do not carry out profiling measures (evaluation of certain personal aspects relating to a natural person, particularly to analyze or predict aspects such as job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements), nor do we make decisions based on such information.

6. Cookies

We use cookies on our website to enhance its functionality and performance. Cookies are small files that are stored in your browser’s memory (session cookies) or on your hard drive (persistent cookies). They help us recognize you on your next visit and tailor content to your preferences more quickly.

The legal basis for the use of cookies is your consent (Article 6(1)(a) GDPR), which is obtained via the cookie banner when you visit our website. You can adjust your cookie preferences at any time via the cookie banner. Please note that technically necessary cookies, which are essential for the website’s functionality, are not subject to this consent and are processed on the basis of our legitimate interest (Article 6(1)(f) GDPR).

Overview of cookies used:

6.1 Cookies

Technically Necessary Cookies

• Name: cookie_optin
• Purpose: Managing users' consent to cookies
• Retention Period: 1 year

Analytics and Optimization

• Name: _ga, _ga_SY11SZNB1M (Google Analytics)
• Purpose: Traffic analysis, user behavior tracking, technical data, marketing, and conversion tracking
• Retention Period: 1 year

6.2 Google Analytics

This website uses Google Analytics, a web analytics service of Google LLC. As a company based in the European Union, we cooperate with Google’s subsidiary, Google Ireland Limited (hereinafter referred to as “Google”).

The information generated by the cookie about the use of the website is transmitted to Google’s servers and stored there.

On our behalf, Google uses this information to evaluate your use of our website, compile reports on website activity, and provide other services related to website and internet usage to the website operator. User profiles of the visitors to our website may be created from the transmitted data.

Please note that we cannot exclude the possibility that your personal data may be transferred to the USA. In this context, the “Adequacy decision for the EU-US Data Privacy Framework” applies.

The evaluation of your user behavior on the website is based on your consent in accordance with Article 6(1)(a) GDPR. For more information regarding Google Analytics’ terms of use and data protection, please refer to:

www.google.com/analytics/terms/de.html or policies.google.com/privacy.

You can withdraw your voluntary consent at any time with future effect. To do this, you can open the cookie settings on the homepage and disable Google Analytics there.

6.3 Google Tag Manager

We use the “Google Tag Manager” service as a central tool for collecting, capturing, and forwarding personal data associated with website visits (a service provided by Google LLC – as a company based in the EU, we cooperate with its subsidiary, Google Ireland Limited, hereinafter referred to as “Google”).

The Google Tag Manager service consolidates the applications we use into a central management interface, making it easier for us to administer website applications. The use of Google Tag Manager requires the placement of a Google cookie and the forwarding of data to Google (the information generated by the cookie about the use of the website is transmitted to Google’s servers and stored there).

Please note that we cannot exclude the possibility that your personal data may be transferred to the USA. In this context, the “Adequacy decision for the EU-US Data Privacy Framework” applies.

Our legal basis for using Google Tag Manager is your voluntary data protection consent provided via the selection in the cookie banner in accordance with Article 6(1)(a) GDPR.

For information on how Google handles user data, please refer to Google’s privacy policy:
policies.google.com/privacy.

7. Your Rights to Protect Your Personal Data

In relation to your personal data processed by us, you have several rights. You can exercise all of these rights free of charge and without formalities (via email, phone, or postal mail), after providing proof of your identity if necessary, by contacting us at the address provided below. Your rights in detail:

Right of access: You can request information about the data we process about you at any time without formalities. In this case, we will inform you in writing which data we have stored about you, the purposes for which we use it, the categories of recipients to whom we disclose it, and how long we intend to store it. We will respond to your request for information without delay, but no later than within one month.

Right to erasure: You have the right to request the erasure of your data processed by us at any time without formalities. We will comply with this request if your data is no longer necessary for the purpose for which it was collected, if you withdraw any consent you may have given, in the case of unlawful data processing, or if deletion is necessary to fulfill a legal obligation.

Right to rectification: If we mistakenly process inaccurate or incomplete data about you, we will correct it without hesitation. A simple informal communication to us is sufficient.

Right to restrict processing: If the deletion of your data is not possible, or if you do not want it to be deleted, but you do not agree with further processing of the data beyond mere storage, we are obliged, upon your notification, to restrict the further processing of your personal data.

Right to data portability: Upon your informal request, we will provide you with the data we have stored about you, which we have obtained based on a contract or your consent, free of charge in a common file format. You can use this data for your own purposes and transfer it to future contract partners. If you wish and if it is technically feasible, we will also directly transfer your data to a recipient you have specified. In this case, we will inform you once the transfer has been completed. We will comply with your request without delay, but no later than within one month.

Right to withdraw consent: You can withdraw your consent to data processing at any time with future effect. In this case, we will cease processing your data. The lawfulness of the data processing carried out up to that point is not affected by the withdrawal of consent.

Right to object: If we process your data based on our legitimate interest, you have the right to object to further processing of your data under the General Data Protection Regulation. If you exercise this right, we will no longer process your data for the purpose you have objected to, unless there are compelling legitimate grounds for further processing on our part that outweigh your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims.

To exercise these rights, please contact us at the contact details provided above.

8. Right to Lodge a Complaint

The EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) guarantee you the rights mentioned above. If you believe that any of these rights have been violated by us, you have the right to file a complaint with a data protection supervisory authority.

The data protection authority responsible for us is:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna
Tel: 01/52 152-0
Email: dsb@dsb.gv.at

Last updated: 05/08/2024