Privacy policy

It is important to us to protect personal data during its collection, processing and use on the occasion of a visit to our homepage and its use.

Use of personal data

The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the legal provisions (DSGVO, TKG 2003). In this data protection information, we inform you about the most important aspects of data processing within the framework of our website.

Detailed information on the DSG 2000 can be found on the homepage of the data protection authority (http://www.dsb.gv.at ) or at:
https://www.ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=10001597 .

Contact us

If you contact us by form on the website or by e-mail, the data you provide will be stored by us for six months for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent

Data storage / Webshop

We would like to point out that for the purpose of simplifying the shopping process and for the subsequent processing of the contract, the IP data of the connection owner will be stored by the webshop operator within the framework of cookies, as well as the name, address and credit card number […] of the buyer.

In addition, for the purpose of contract processing, the following data will also be stored by us: Name, address, telephone number, email. The data you provide is required for the fulfillment of the contract or for the implementation of pre-contractual measures. Without this data we cannot conclude the contract with you. No data is transferred to third parties, with the exception of the transfer of credit card data to the processing banking institutions/payment service providers for the purpose of debiting the purchase price, to the transport company/shipping company commissioned by us for the delivery of the goods and to our tax advisor for the fulfillment of our tax obligations.

After cancellation of the purchase process, the data stored by us will be deleted. In the event of the conclusion of a contract, all data from the contractual relationship will be stored until the expiry of the retention period under tax law (7 years). The data name, address, purchased goods and date of purchase will be stored beyond that until the expiry of product liability. The data processing is carried out on the basis of the legal provisions of § 96 para 3 TKG as well as Art 6 para 1 lit a (consent) and/or lit b (necessary for the performance of the contract) of the DSGVO.

Use of automatically generated data

If functionalities of our website are used that require the entry of personal data, the entry of the data constitutes consent that we may use this data electronically for the purpose for which it was entered.

Personal data is collected electronically by us when

  • you have filled out a form (mostly a contact form)
  • Content can be submitted, rated, or commented on,
  • possibly a user account is created,
  • with the share function friends can be informed and invited,
  • further optional information is provided to us.

Depending on which functionalities of our website are used and which data are disclosed, the following data are stored: first name, last name, address, e-mail, telephone number, forum form/registration date, user name, password, which friends were sent information messages when, which activities were set.

Automated data collection and processing by the browser

Every time you access our homepage and every time you retrieve files provided by our web server, certain technical data is stored. However, such storage only takes place in pseudonymous (indirectly personal) form, so that it is not possible for us to draw conclusions about someone as a person from this data.

As with any website, our server automatically and temporarily collects and stores the following information in the server log files, which are transmitted by the browser, unless this has been disabled by you:

  • IP address of the requesting computer
  • File request from the client
  • the http response code
  • the Internet page from which you are visiting us (Refferer URL),
  • the time of the server request
  • Browser type and version
  • Operating system used by the requesting computer

A personal analysis of the server log files does not take place. These data are for the provider at no time assignable to specific persons. This data is not merged with other data sources.

Plug-ins of social networks, data transmission from Facebook

Our portals may contain programs (plug-ins) from social networks. The following applies to these – exemplified by the example of Facebook:

At some points, our website offers the option of importing personal data directly from Facebook by clicking on the “Connect with Facebook” button, for which input fields are provided at the corresponding point. If this button is clicked, a data connection to Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA (hereinafter “Facebook”) is established and the data required for the intended data fields are automatically transferred from Facebook. If you are logged in to Facebook at this time, the data transfer is automatic; if you are logged out, you will be prompted to log in beforehand.
By clicking on the “Connect with Facebook” button, you give us consent to automatically fill the provided input fields with personal data by transmitting this data directly from Facebook to us.

The purpose and scope of data collection by Facebook, as well as the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, can be found in the currently valid privacy policy of Facebook (currently available at: http://de-de.facebook.com/privacy/explanation.php).

Data publication

In principle, data provided to us will not be published or made available to other users. However, the purpose of some functionalities of the Website is to publish certain data and make it available to other users. In such cases, however, you will be informed about this circumstance before clicking on the corresponding button, which will result in such publication of certain data.

NEWSLETTER: Consent to receive information messages

You have the possibility to subscribe to our newsletter via our website. For this we need your e-mail address and your declaration that you agree to receive the newsletter. The data entered will be processed for the purpose of sending information messages about our work to the respective e-mail address at regular intervals. However, we do not share data with third parties.

Once you have signed up for the newsletter, we will send you a confirmation email with a link to confirm your subscription.

You can cancel the subscription to the newsletter at any time in the newsletter or to our email address. Please send your cancellation to the following e-mail address: info@soleum.at. We will then immediately delete your data in connection with the newsletter dispatch.

We use MailChimp as our marketing automation platform. By clicking below to submit the registration form, you acknowledge that the information you provide will be shared with MailChimp for processing in accordance with their privacy policy and terms.

Revocation of consent

Consent to the processing of personal data and to the sending of information messages may be revoked at any time. For example, by clicking on the link at the end of an information message received, which results in unsubscribing from the information service (“unsubscribe”). The revocation can also be communicated in writing to the e-mail address given in the imprint, stating the first name, last name and e-mail address. In the event of revocation of consent to the processing of personal data or to the transmission of information messages, as well as in the event of deletion of a profile, all personal data shall be irrevocably deleted, unless there is a legal necessity to continue processing such data.

Cookies

Our website does not usually use cookies. However, we cannot exclude the possibility that various plug-ins use them. Our website may therefore use “cookies” to provide its functionalities. These are small data elements (files) that are stored by the respective browser on the end device that is used to access our site. The information that a cookie contains is set by the web server and then stored on the respective computer when our website is accessed. These cookies are assigned a lifetime by the web server, whereby the cookies are deleted again from the respective end device after this lifetime has expired. However, settings can also be made in the browser software so that cookies are always deleted even when the browser is closed.
Cookies are necessary in order to be able to clearly assign the calls to our websites, which is necessary for the provision of certain functionalities, such as the login function in particular. However, we do not use cookies to monitor surfing behavior or to display targeted advertising.
If no cookies are to be stored on the respective end device, this can be specified in the browser settings and storage can thus be prevented.

Google Analytics

This website uses Google Analytics. This is a web analytics service provided by Google Inc. (“Google”). This analysis service also uses “cookies”, i.e. small files that are stored on the computer and enable an analysis of the use of our website.
Information about the use of our website, which is collected using cookies, is used to evaluate the general use of the website, to enable us to compile reports about website activities and thus to be able to further optimize our website and to provide other services related to website and internet use.
The information generated by Google Analytics with the help of cookies about the use of the website – including the anonymized IP address to a server of Google Inc. transmitted to the USA. Anonymization is performed by removing the last eight bits of the IP address, which means that it is no longer possible to clearly assign the determined data to a specific IP address. This information is transmitted to authorities or third parties if this transmission is required by law or if third parties act as service providers on behalf of Google.
However, it is possible to prevent the storage of cookies by making the appropriate settings in the browser.

We have concluded a corresponding contract with the provider for order data processing.your IP address is recorded, but immediately pseudonymized [zB durch Löschung der letzten 8 Bit]. This means that only a rough localization is possible.

However, if consent to the storage of cookies is denied in the browser settings, certain functions of our website may no longer be available. By using our website, you agree to the use of Google Analytics.
Further information on Google Analytics can be found at: http://www.google.at/intl/de/analytics. Information on Google’s privacy policy can be found at http://www.google.de/policies/privacy. Here you can find a way to prevent the use of Google Analytics and the associated data transmission to Google https://tools.google.com/dlpage/gaoptout?hl=de.

Right to information, correction and deletion

Upon written request to the e-mail address given in the imprint, we will gladly inform you about the data we have stored about someone. However, in order to avoid misuse, we must ask that you provide us with suitable identification in this case, such as a copy of a valid photo ID. This is necessary to prevent unauthorized persons from gaining access to one’s own data by pretending to be someone else under the guise of the right to information.
If it is noticed that certain data is not stored correctly or is incorrect, we will correct it upon written request to the e-mail address given in the imprint, provided that the correction is necessary for further (correct) use of the website or the services provided by it.
If personal data is stored on the basis of consent and there is otherwise no legal reason and no legal obligation to store the data (e.g. in the context of legal proceedings), we will delete the data immediately after the consent is revoked.

Safety note

We make every effort to store personal data in such a way that it is not accessible to third parties by taking all technical and organizational possibilities. However, we cannot guarantee complete data security when communicating by e-mail, so we recommend using the postal service for confidential information.

Disclaimer

We continuously review and update all information provided on our website. Nevertheless, some information may have changed or become obsolete in the meantime. For these reasons, no liability or guarantee can be assumed for the topicality, correctness and completeness of the information provided. We cannot accept any responsibility for the content and presentation of other websites referred to by means of links, as this information and site content is not subject to our control.
However, if a link refers to a website that contains illegal or immoral content, please inform us immediately. We will immediately arrange for the removal of this link.

Brand names

All brand names mentioned are the property of their respective owners. The absence of a trademark does not mean that the trademark is not protected.

Your rights

You are generally entitled to the rights of information, correction, deletion, restriction, data portability, revocation and objection. If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in some way, you can complain to the supervisory authority. In Austria, this is the data protection authority.

You can reach us at the following contact details:

SOLEUM GmbH

Gutauerstrasse 42
4230 Pregarten
Tel: +43 7236-26200

Linz Regional Court, FN 362383t
Management: Ing. Thomas Kiesenebner MBA

General information on data protection in Austria

As of May 25, 2018, the General Data Protection Regulation (GDPR) will apply in the European Union. The GDPR specifies how personal data may be processed and how it must be protected. In this document you will find a summary of the basic information.

What is the GDPR?

The GDPR is a regulation of the European Union. It is directly applicable in every member state, i.e. also in Austria. Any person whose data is processed can directly invoke the GDPR.

What does the GDPR regulate?

The GDPR contains rules on the processing of your personal data. Whether it’s your name, your phone number or your payments – the GDPR protects all of that. The principles laid down therein regulate how your personal data may be stored and processed.

Why is there still an Austrian Data Protection Act (DSG 2018)?

The European Union has not only enacted the GDPR, but a whole “data protection package”. Part of this was also a new data protection policy. How does a directive differ from a regulation? Unlike a regulation, a directive must first be implemented in national law. In addition, the GDPR leaves room for the member states to regulate individual aspects in more detail than in the GDPR itself.

Both happened in Austria through the Data Protection Amendment Act 2018, or DSG or DSG 2018. Where relevant to you and your relationship with us, we will of course always take the DPA 2018 into account.

Why is the protection of my data so important?

Data protection is a fundamental right. Just like your right to liberty or security, your right to data protection is enshrined in the Charter of Fundamental Rights of the European Union. This EU Charter of Fundamental Rights applies in the relationship between you and state institutions.

However, it is recognized by law that even in the private and commercial sector, there must be a balanced relationship of interests between data processors and the so-called “data subjects” – for example, between you and your leasing company. These rules can be found in the GDPR and the DPA 2018.

(All links as of May 2018)

You can find the text of the GDPR here:
https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.DEU

Basic terms for data protection

In order for us to talk about data protection, it is important to clarify some basic terms. We have also listed the respective article designations of the GDPR so that you can read the definitions if you are interested. Please note that these are only summaries, i.e. abbreviated presentations. You can find the full text of the GDPR and the respective articles here:
https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.DEU

What is personal data?

Personal data means any information relating to an identifiable natural person (“data subject”). An identifiable natural person is one who can be identified directly or indirectly, for example, by association with a name or identification number, such as an IBAN or account number.

This can be found in Article 4(1) of the GDPR.

What all falls under the processing of data?

The term “processing” means any operation performed with or without the aid of automated procedures in connection with personal data. This includes, for example, collecting, recording, organizing, arranging, storing, adapting or modifying, reading, retrieving, using, disclosing (by transmitting, distributing or otherwise making available), matching or linking, restricting, erasing or destroying.

This can be found in Article 4(2) of the GDPR.

What does “responsible person” mean?

The term “controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. For example, we as a leasing company.

To be read in Article 4 number 7 DSGVO.


What does “processor” mean?

The term “processor” means a natural or legal person, public authority, agency or other body that processes personal data on behalf of controllers.

To be read in Art 4 number 8 DSGVO.

(All links as of May 2018)

What rights do I have?

The GDPR grants the following rights for your personal data. You have the right to:

  • Information, according to Article 15 DSGVO
  • Rectification, according to Article 16 DSGVO
  • Deletion, according to Article 17 DSGVO
  • Restriction of processing, according to Article 18 DSGVO
  • Data portability, according to Article 20 DSGVO
  • Objection, according to Article 21 DSGVO
  • Decisions not based exclusively on automated processing – including profiling, pursuant to Article 22 GDPR

What does the right to information mean?

You have the right to request confirmation of whether we have Process your personal data. If this is the case, you also have the right to access this personal data and the following information:

  • Processing purposes
  • Categories of personal data that are processed
  • Recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
  • If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
  • The existence of the right to rectify or erase the personal data concerning them; restriction or opposition to such processing
  • Right of complaint to a supervisory authority
  • All available information about the origin of the personal data, if the data are not collected from the data subject
  • Whether automated decision-making, including profiling, exists, in accordance with Article 22(1) and (4) of the GDPR, and – at least in these cases – meaningful information about the logic, scope and effects of such processing for the data subject.

What does the right to rectification mean?

It is important to us that your data is always correct and complete. If you suspect that it is incorrect or incomplete, you may request that the data be corrected or completed.

What do the “right to erasure” and the “right to be forgotten” mean?

We attach great importance to the fact that your data is only processed within the framework of the DSGVO and DSG 2018. Should you nevertheless reasonably believe that this is not the case, you can request the deletion of your personal data. The reasons for this may be:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

Example: Your personal data must be deleted if it was collected exclusively for the processing of a purchase (= sole purpose) and you have not consented to this data being processed for other purposes. In this case, it is no longer necessary to further process the data after the purchase has been completed and the retention period has expired.

  • You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) DSGVO or Article 9(2)(a) DSGVO and there is no other legal basis for the processing.

Example: You have consented that your personal data may be processed for individual product offers of a third party provider (= sole purpose). As soon as you revoke this consent, the personal data must be deleted again. Exceptions: Other purposes or justifications for the processing exist and you also have a customer relationship with the third-party provider, for example.

  • You object to the processing, pursuant to Article 21(1) DSGVO, and there are no overriding legitimate grounds for processing.

Example: You can file an objection if, for example, someone processes your personal data without your consent simply because it believes it has a legitimate interest in doing so (and there is no other justification). If you object to this and there was in fact no legitimate interest, the personal data must be deleted. The appeal was successful.

  • The personal data have been processed unlawfully.

Unlawfully (“groundlessly”) processed personal data must be deleted.

  • The deletion of the personal data is subject to a legal obligation under EU law or the law of the Member States of the responsible parties.

This refers to laws or other legal provisions that require the deletion of personal data.

  • The personal data was collected in relation to information society services offered pursuant to Article 8(1) DSGVO.

This is a special protection rule in favor of minors who use online services.

That was the right to erasure in a nutshell. This is not to be confused with the “right to be forgotten”.

The “right to be forgotten” refers to personal data that has been made public. It states the following: If the person who originally published the data must delete this data (because one of the above-mentioned reasons for deletion applies), then he must also notify those persons who received the data as a result of the publication. In detail, this rule is quite complicated. The GDPR refers in particular to Internet search engines.

What does the right to restriction of processing mean?

We attach great importance to the fact that we always process your data within the framework conditions of the DSGVO and the DSG 2018. If you nevertheless believe that this is not the case, you have the right to request the restriction of the processing of your personal data. However, this is possible only under the following legitimate reasons:

  • You dispute the accuracy of your personal data. For the period of time that allows the data controller to verify the accuracy of the personal data, you may request that the processing be restricted.

People do not always agree. However, so that the disputed personal data does not have to be deleted or changed immediately, further processing can be restricted for the duration of the matter. Maybe it will turn out that the data was correct after all.

  • The processing of personal data is unlawful. Instead of deletion, however, you would like “only” the use of the personal data to be restricted.

The GDPR therefore gives you a right of choice: If you do not want unlawfully processed data to be deleted right away, then you can request that it continues to be stored but is no longer used.

  • Responsible no longer need your personal data for processing. However, you need the data to assert, exercise or defend legal claims.

If your personal data should actually be deleted, but you need them for your own defense or law enforcement, they may continue to be processed for these purposes.

  • You have objected to the processing pursuant to Article 21(1) DSGVO. As long as it has not yet been determined whether the legitimate grounds of the controller outweigh your interests, you may request the restriction of processing.

So that disputed personal data does not have to be deleted immediately, further processing can be restricted for the duration of the matter. Maybe it will turn out that the processing was justified after all.

What does the right to data portability mean?

Your personal data belongs to you. You therefore have the right to receive this data in a structured, common and machine-readable format. This concerns data that you have provided to us and that is processed automatically on the basis of your consent or on the basis of the performance of a contract. You may also request that we immediately transfer this personal data directly to another responsible party.


In what form do I receive the data?

We provide you with the data as an XML file.

What does the right to object mean?

Your data may be processed if there is a legitimate interest in doing so.

If such a legitimate interest is claimed, you must be informed about it. If you then believe that the legitimate interest does not exist, you can object to it. This applies in particular if your personal data is used for direct marketing. Unless responsible parties can demonstrate legitimate grounds for further processing, your personal data may not be further processed after the objection. Except for processing for direct marketing purposes: here your objection has absolute effect.