Data Privacy Statement
Information pursuant to article 13 GDPR
Your data privacy for us, Vita 34 Gesellschaft für Zelltransplantat m.b.H., Hartäckerstraße 28, 1190 Vienna, Austria (“Vita34”, “we”, “us”), is of special concern. We process your personal data exclusively on the basis of statutory provisions as specified in particular in the General Data Protection Regulation (“GDPR”), the applicable Data Protection Act 2018 (“DSG”), and the Broadcast Media Act (“TKG”). In the following, you will learn what kind of information we collect, process, and use, when you contact us.
2. Data collection, purpose, and legal basis
We collect and process your personal data only, when you provide them of your own accord by e-mail, via the online form, by mail, or by telephone. We will process such information that is communicated in the course of establishing contact, including in particular name and communicated contact details (e.g. address, telephone number, and e-mail address), date and reason of approach. We will use your collected personal data only to the purpose of providing you with the requested products or services and to communicate with you. The processing therefore has the purpose of fulfilling the contract and/or of performing measures before the contract is concluded.
You are not obligated to provide the above given personal data. The data given may be required to conclude a contract, though. Without providing the data, communication, conclusion of a contract, or processing of the contract may be impossible.
3. Collection of personal data on our website
1. Our website
1.1 When you use the website for information purposes only, i.e. you do not register or submit information otherwise, we collect only those personal data that your browser transmits to our server. When you want to view our website, we collect data that are technically necessary for us to show you the website and to ensure its stability and safety. The data are also stored in the system log files. Such data will not be stored together with other personal user data. Such data include the IP address, date and time of inquiry, time zone difference to Greenwich Mean Time (GMT), content of inquiry (specific page), access status/http status code, respectively transmitted data amount, website of inquiry, browser, operating system and its surface and language as well as version of browser software.
1.2 The legal basis of storing the data and log files temporarily is article 6, section 1, clause f) GDPR.
1.3 The system needs to store the IP address temporarily to enable the delivery of the website to your browser. For this purpose, your IP address must remain stored until the end of the session. It is stored in log files to ensure that the website operates correctly. Furthermore, the data serve to optimize the website and to ensure the safety of our IT systems. These aims constitute our legitimate interest in data processing pursuant to article 6, section 1, clause f) GDPR. The data will not be analyzed for marketing purposes in this connection.
1.4 The data will be deleted, when they are not necessary anymore to fulfil the purpose of their collection. In the case of collecting the data to provide the website, this is when the respective session has ended. Log files will be deleted within seven days after you accessed the website.
1.5 Collecting data when you visit the website and storing the data in log files is compulsory to operate the website. You have therefore no right to object whatsoever.
Among other data, the following will be collected: name of website, file, date, amount of data, web browser, and version of web browser, operating system, domain name of your internet provider, the so-called referrer URL (the site from which you accessed our website), and the IP address.
Without these data, it would be technically impossible to some extent to provide and represent the website contents. Therefore, collecting data is compulsory. Furthermore, we use the anonymous information for statistical purposes. They help us to optimize our offer and our technology. In addition, we reserve the right to check the log files retroactively, if we suspect that our offer was used unlawfully.
2.1 When you use our website, cookies will be stored on your computer system. Cookies are text files stored on the internet browser or by the internet browser on your computer system. When you access a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters, allowing for distinct identification of the browser when you access the website again.
This website uses the following types of cookies, the scope and function of which will be explained in the following:
- Transient cookies (temporary use)
- Persistent cookies (unlimited use)
- Third-party cookies (by third-party providers according to separate information).
2.3 Transient cookies will be deleted automatically, when you close the browser. They are usually session cookies, which store a so-called session ID in order to assign different inquiries from your browser to the joint session. Thereby, your computer can be recognized, when you return to our website. Session cookies will be deleted, when you log off or exit the browser. The legal basis of processing personal data applying transient cookies is article 6, section 1, clause f) GDPR. The purpose of applying cookies is to make using the website easier for you. Some of the website functions cannot be provided without applying cookies. They require recognition of the browser after you switched pages. These aims constitute our legitimate interest in processing personal data pursuant to article 6, section 1, clause f) GDPR.
2.4 We use persistent cookies exclusively in connection with the web analysis services we apply and only as long as the purpose requires; their lifetime is two years maximum. You can delete the cookies at any time in the safety settings of your browser. In that case, functions and user-friendliness of the website may be limited. The legal basis of processing personal data applying persistent cookies is article 6, section 1, clause f) GDPR. Analysis cookies are used to improve the quality of our website and its contents. Analysis cookies provide us with information on how the website is used and thus help us in optimizing our offer. These aims constitute our legitimate interest in processing personal data pursuant to article 6, section 1, clause f) GDPR.
3. Other functions and offers of our website
3.1 In addition to the merely informational use of our website, we offer various services you can use, if you want to. For this purpose, you usually have to enter further personal data, which we use to provide the respective service and to which the principles of data processing as given above apply.
3.2 To some extent, we resort to third-party service providers to process your data. We chose and assigned them carefully, they are bound by our instructions and will be inspected regularly.
3.3 We may furthermore pass your personal data onto third parties, when we offer the participation in sales campaigns, competitions, conclusions of contracts, or similar services in collaboration with partners. You will be provided with further information in this regard, when you indicate your personal data or below in the description of the respective service.
3.4 If our service providers or partners are officially registered in a country outside the European Economic Area (EEA), we will inform you about the consequences of this fact in the description of the respective service.
4. Use of contact forms
4.1 We will collect further personal data only, if you provide them of your own accord in our contact forms. In that case, we will collect the information provided in the course of establishing contact. These are in particular names and submitted contact details, date and occasion of contacting. We will use your collected personal data only to the purpose of providing you with the requested products or services (legal basis article 6, section 1 b) GDPR) or to other purposes, to which you gave your consent (legal basis article 6, section 1 a) GDPR) and which are described in the present data privacy statement. You may give your consent, e.g. to set cookies by third parties or to web tracking by those, in the corresponding technical browser settings. You have the possibility to withdraw your consent to the processing of personal data at any time.
4.2 The data will be deleted, when they are not necessary anymore to fulfil the purpose of their collection. With regard to the personal data from the input mask of the contact form, this is the case, when the respective conversation with you has ended. The conversation has ended, when we can assume from the circumstances that the concerned issue has been settled finally. If the provided data are subject to obligations to retain data under tax or commercial law, they will be stored for the defined time of retention of ten years and deleted afterwards, unless you agreed to storage exceeding such time.
5. Integration of social media plug-ins
5.1 At present, we integrate the following social media plug-ins: Facebook, Xing, LinkedIn. The social networks are operated exclusively by third parties, some of whom are officially registered outside the EU or the EEA – the data privacy level pursuant to§§ 4b, 4c BDSG may therefore possibly be inadequate. The browser plug-ins and links are identified by means of icons or other references on our website. When you visit websites containing such browser plug-ins, a connection between your device (browser) and the servers of the respective social network is established automatically, thus passing the information that you visited our website onto the social network. The visit to our website will then, if you are logged into your personal user account in the social network or log in during your visit to our website, be assigned to your account. Interacting with browser plug-ins or links, e.g. by pressing a “Like” button or leaving a comment, transmits the information to the respective social network, where they are saved. You can prevent the assignment of data to your account on the one hand by logging out of your account (in the respective social network) before you visit our website. On the other hand, you can prevent the respective plug-ins from being loaded at all by applying a browser add-on, e.g. by implementing the script blocker “NoScript” (http://noscript.net/).
5.2 For the purpose and scope of data collection by social networks as well as the further processing and use of such data and your rights in this regards as well as setting options to protect your privacy, please refer to the respective data privacy statements of the providers:
Facebook Inc., 1601 Willow Road, Nelo Park, CA 94025, USA
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
5.3 On our website, we also use the “visitor action pixel” by
1601 S. California Ave,
Palo Alto, CA 94304, USA
This way, the user behavior is tracked, when users were forwarded to the website of the provider after clicking a Facebook ad. This method serves to analyze the effectiveness of Facebook ads for statistical and marketing purposes and may help to optimize future advertisement campaigns.
The data collected are anonymous to us and do not provide us with any reference to the user identity. However, the data are stored and processed by Facebook, so that the association to the respective user profile is possible and Facebook can use the data for its own marketing purposes in accordance with the Facebook data usage policy. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.
Consent to the implementation of the visitor action pixel may be declared only by users older than 13 years. If you are younger, please ask your parents or legal guardian for permission. Click here to withdraw your consent.
6. Integration of Google Maps
6.1 On our website, we use Google Maps, a service offered by Google LLC. Thus, we are able to show you interactive maps directly on the website and allow you to conveniently use the map feature. The legal basis of using Google Maps is article 6, section 1, clause f) GDPR.
6.2 By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in section III. 1. of this statement will be transmitted. This happens irrespective of whether you have a Google user account, to which you are logged in, or not. When you are logged into Google, your data will be allocated directly to your account. If you do not wish to be associated with your Google profile, you have to log out before activating the button. Google stores your data in usage profiles and uses them for purposes of advertising, market research and/or tailor-made design of its website. Such analysis will be carried out in particular (even for users who are not logged in) to provide tailored advertising and to inform other users about your activities on our website. You have the right to object to the formation of such user profiles. To exercise this right, you have to contact Google.
7. Use of our online shop
7.1 If you want to order from our online shop, it is necessary for the conclusion of the contract that you enter the personal data required to process your order. Compulsory data required to process the order are marked specifically; other data are optional. The legal basis of processing such personal data is article 6, section 1, sentence 1, clause b) GDPR.
7.2 Optionally, you can set up a customer account, which we use to store your data for other future purchases. When you create an account after clicking “Register”, the data you enter will be stored. Such storage may be revoked. The legal basis of processing such personal data is article 6, section 1, sentence 1, clause b) GDPR.
7.3 Your address, payment, and order data will be stored for ten years after the contract was processed subject to obligations to retain data under tax or commercial law and deleted afterwards, unless you agreed to storage exceeding such time or further data processing is required to assert, exercise, or defend legal claims. The legal basis for the processing of personal data to the purpose of complying with the archiving and retention obligations provided by law is article 6, section 1, sentence 1, clause c) GDPR.
7.4 We will process the data you entered in order to handle your order. For this purpose, we possibly forward your data to our main bank as well as to logistics companies and the provider of payment services you chose. We are entitled to forwarding such personal data pursuant to article 6, section 1, sentence 1, clause b) GDPR. Our service providers may process and use your data only for the purpose, the fulfilment of which the data were forwarded to them for. You can access the data at any time. As far as data are passed onto external service providers, we make sure that the data privacy regulations are complied with through technical and organizational measures.
7.5 You are not obligated to provide the above given personal data. The data given are required to conclude a contract. Without providing the data, communication, conclusion of a contract, or processing of the contract may be impossible.
8.1 By giving your consent, you may subscribe to our newsletter to inform you about our latest interesting offers. The advertised goods and services will be specified in the declaration of consent.
8.2 The registration for our newsletter follows the so-called double-opt-in procedure. That means, after the registration, we will send you an e-mail to the given e-mail address, asking you to confirm your subscription to the newsletter. If we do not receive the confirmation within 24 hours, we will block your information and delete it after one month. Furthermore, we store the IP addresses you used, the time of registration, and the time of the confirmation. The purpose of this procedure is to prove your registration and, if necessary, to be able to resolve the possible misuse of your personal data. The legal basis is article 6, sections 1 a) and c), article 7, section 1 GDPR.
8.3 The only compulsory indication we need for the delivery of the newsletter is your e-mail address. Other, separately marked data are optional and used to be able to address you personally. After your confirmation, we store your e-mail address with the purpose of sending you the newsletter. The legal basis is article 6, section 1, clause a) GDPR. The data will be deleted, when they are not necessary anymore to fulfil the purpose of their collection. Accordingly, the e-mail address of the user will be stored as long as the subscription to the newsletter is active.
8.4 You can revoke your consent to the delivery of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking the link provided in each newsletter e-mail or by sending a message to the contact details stated in the imprint.
The newsletter service provider may use the recipients’ data in pseudonymous form, i.e. without assignment to users, to optimize or improve its own services, e.g. for technical optimization of the delivery and representation of newsletters, or for statistical purposes. The newsletter service provider, however, shall not use the data of our newsletter recipients to contact them or forward the data to third parties.
9. Use of Google Analytics
9.1 On our website, we use Google Analytics, a web analytics service provided by Google Inc. (”Google“). Google Analytics uses so-called “cookies”, text files saved on your computer and allowing for the analysis of your website usage. The information generated by the cookie about your usage of the website will be transmitted to and stored by Google on servers in the United States. If the IP anonymizer is active on this website, your IP address will shortened beforehand by Google in the member states of the European Union and in other contracting states of the EEA Agreement. Only in exceptional cases will the full IP address be transferred to Google servers in the USA and shortened there. By order of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
9.2 Within the scope of Google Analytics, Google will not associate your IP address submitted by your browser with any other data held by Google.
9.3 You may prevent the storage of cookies by selecting the appropriate settings in your browser software, however, please note that, when you do this you may not be able to use the full functionality of this website. You can furthermore prevent the collection of the data generated by cookies and related to your website usage (including your IP address) and them being sent to and processed by Google by downloading and installing the following browser plug-in: http://tools.google.com/dlpage/gaoptout?hl=de.
Sie können die Erfassung durch Google Analytics verhindern, indem Sie auf folgenden Link klicken. Es wird ein Opt-Out-Cookie gesetzt, das die zukünftige Erfassung Ihrer Daten beim Besuch dieser Website verhindert: Google Analytics deaktivieren
9.4 This website uses Google Analytics with the extension “_anonymizeIp()”.As a result, IP addresses will be further processed in shortened form, thus excluding reference to persons. If the data collected about you have a personal reference, this will be excluded promptly and the personal data deleted immediately.
9.5 5 We use Google Analytics to analyze the usage of our website and be able to improve it on a regular basis. We can improve our offer and make it more interesting for users by means of the obtained statistics. Regarding the exceptional cases, in which personal data are transmitted to the USA, Google has submitted to the EU-US Privacy Shield EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis of using Google Analytics is article 6, section 1, clause f) GDPR.
9.7 The website uses Google Analytics furthermore to carry out cross-device analysis of visitor traffic via the user ID. You can disable the cross-device analysis of your usage in your customer account in “My data”, “Personal data”.
4. Collection of personal data in case of contact by e-mail, mail, and by telephone
1. Collection of personal data of customers, prospective customers, and suppliers
1.1 We collect your personal data as a customer, prospective customer, or supplier only, if you provide them of your own accord by e-mail, mail, or telephone. In that case, we will collect the information provided in the course of establishing contact. These are in particular names and submitted contact details, date and occasion of contacting. We will use your collected personal data only to the purpose of providing you with the requested products or services (legal basis article 6, section 1 b) GDPR) or to other purposes, to which you gave your consent (legal basis article 6, section 1 a) GDPR) and which are described in the present data privacy statement. You have the possibility to withdraw your consent to the processing of personal data at any time.
1.2 You are not obligated to provide the personal data given above. The data given are required to conclude a contract. Without providing the data, communication, conclusion of a contract, or processing of the contract may be impossible.
1.3 The data relevant to the individual case will be passed on in line with the provisions of the law or an agreement to public authorities, in the event that other legal provisions prevail, to external service providers or other sub-contractors, if you gave your express consent to such or the transmission is permitted for predominantly legitimate interests. We do not intend to pass your data onto a recipient in a third country (non-member state of EU/EEA) or an international organization.
1.4 The data will be deleted, when they are not necessary anymore to fulfil the purpose of their collection. With regard to the personal data provided, this is the case, when the respective conversation with you has ended. The conversation has ended, when we can assume from the circumstances that the concerned issue has been settled finally. If the provided data are subject to obligations to retain data under tax or commercial law, they will be stored for the defined time of retention of ten years and deleted afterwards, unless you agreed to storage exceeding such time or further data processing is required to assert, exercise, or defend legal claims. The legal basis of the processing of personal data to the purpose of complying with the archiving and retention obligations provided by law is article 6, section 1, sentence 1, clause c) GDPR.
2. Collection of personal data of applicants
2.1 We collect your personal data as an applicant only, if you provide them of your own accord by e-mail, mail, or telephone. This applies to applications for job advertisements and to unsolicited applications. We will collect the data provided within the scope of the application, in particular including name, date of birth, contact details, interests, qualification details as well as details of education and career. The personal data collected will be used only to the purpose of handling the application procedure (legal basis article 6, section 1, clauses a), b), and f) GDPR, § 26 BDSG).
2.2 You are not obligated to provide the personal data given above. The data given may be required to conclude a contract after the application procedure has ended. Without providing the data, communication, handling of the application procedure or the conclusion of a contract may be impossible.
2.3 The data relevant to the individual case will be passed on in line with the provisions of the law or an agreement. The data will be passed onto employees of the human resources department, employees of the management, and the respective head of department. Your personal data will not be passed onto third parties. We do not intend to pass your data onto a recipient in a third country (non-member state of EU/EEA) or an international organization.
2.4 The data will be deleted, when they are not necessary anymore to fulfil the purpose of their collection. Therefore, we will store the data after the application procedure has ended, if you were rejected for six months after you were notified of the rejection. If you agreed to storage for a longer time, the data will be stored for two years. Then, we will either delete your data or obtain your consent to storage again. You have the possibility to withdraw your consent to the processing of personal data at any time.
5. Online conferences, meetings, and webinars
We use platforms and applications of other providers (hereinafter referred to as “third-party providers”) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. When selecting third-party providers and their services, we comply with the legal requirements.
In this context, data of the communication participants are processed and stored on the servers of third-party providers, as far as they are part of communication processes with us. Such data may include, in particular, registration and contact data, visual and vocal contributions, as well as entries in chats and shared screen content.
- Purposes of the processing: Contractual and other services, contact requests and communication, office and organizational procedures
- Legal foundation: Consent (art. 6 sec. 1 clause 1 (a) GDPR), performance of the contract and precontractual requests (art. 6 sec. 1 clause 1 (b) GDPR), legitimate interests (art. 6 sec. 1 clause 1 (f) GDPR)
Services and service providers used:
- Cisco WebEx: Konferenz-Software; Dienstanbieter: Webex Communications Deutschland GmbH, Hansaallee 249, c/o Cisco Systems GmbH, 40549 Düsseldorf, Mutterunternehmen: Cisco Systems, Inc. 170 West Tasman Dr., San Jose, CA 95134, USA; Website: https://www.webex.com/de; Datenschutzerklärung: https://www.cisco.com/c/de_de/about/legal/privacy-full.html (Gewährleistung Datenschutzniveau bei Verarbeitung von Daten in den USA):
6. Recipient and categories of recipients of personal data, forwarding to third countries
We submit your personal data to the necessary extent in particular to external contractors or service providers:
- to IT service providers and/or providers of data hosting or data processing or similar services;
- to other service providers, providers of tools and software solutions that support us in performing our services and act on our authority (including providers of marketing tools, marketing agencies, communication service providers, and call centers);
- to our affiliated companies;
- to possible third parties involved in meeting our obligations to you (e.g. parcel service providers, payment services providers, banks to handle payments);
- to other external third parties to the necessary extent (e.g. auditors, insurance companies in case of claims, legal representatives when needed, etc.);
- to authorities and other public institutions to the extent as required by law (e.g. financial authorities, etc.).
We do not intend to pass your data onto a recipient in a third country (non-member state of EU/EEA) or an international organization.
7. Storage time
We will delete your personal data, when they are not needed anymore for the intended purposes. The personal data communicated within the scope of establishing contact will be stored for six months after the respective conversation with you has ended in order to be able to respond to possible follow-up questions. The conversation has ended, when we can assume from the circumstances that the concerned issue has been settled finally.
If the provided data are subject to obligations to retain data under tax or commercial law, they will be stored for the defined time of retention of seven years and deleted afterwards, unless you agreed to storage exceeding such time or further data processing is required to assert, exercise, or defend legal claims (statutory period of limitation von of three or up to thirty years).
8. Data security
We take suitable technical and organizational safety measures to protect your data from accidental or unauthorized deletion, manipulation and against loss, theft, or unauthorized inspection, forwarding, reproduction, use, change and access by third parties. Furthermore, we and our employees are obligated to observe the data confidentiality and to maintain secrecy. Our contractors and authorized agents, who need to access your personal data in order to perform their professional tasks, are subject to the same obligations of observing the data confidentiality and maintaining secrecy.
9. Your rights
On principle, you have the rights of information, rectification, erasure, restriction, data portability, withdrawal, and objection. If you believe that the processing of your data violates the data privacy laws or your claims under data privacy law were infringed otherwise, you can lodge a complaint with a supervisory authority. For us, this is the Österreichische Datenschutzbehörde (Austrian Data Protection Authority), Wickenburggasse 8, 1080 Vienna, Austria.
Before you lodge a complaint with the data protection authority or if you have any questions regarding the assertion of your rights or other issues, please contact us:
Vita 34 Gesellschaft für Zelltransplantat m.b.H
1190 Vienna, Austria
You can contact our data protection officer by sending an e-mail to firstname.lastname@example.org or by writing to our address, adding “Der Datenschutzbeauftragte” (FOA The Data Protection Officer).
For us to be able to process your inquiry regarding your rights as given above and to make sure that personal data are not passed onto unauthorized third parties, please identify yourself clearly with the inquiry and briefly describe the scope of exertion of your rights of the data subject as given above.
10. Right of objection
You have the right to object to the processing of your personal data for direct marketing purposes without giving reasons at any time. If your personal data are processed on the basis of legitimate interests pursuant to article 6, section 1, clause f) GDPR, you have the right to enter an objection against the processing of your personal data pursuant to article 21 GDPR, insofar as grounds are available that relate to your particular situation.
11. Further information
For further information on the processing of your data, please refer to our Data Privacy Statement on our website at https://www.vita34.at/datenschutz to be retrieved and printed at any time.
As at: April 2020