Privacy Policy
This Data Privacy Policy informs you which personal data we process, how and for which purposes we process personal data (hereinafter “data”) in the context of our online offer and the related websites, functions, content, and external online presences, such as our social media profiles (collectively “online offer”). The terms “processing” or “controller” used herein are defined in Article 4 of the General Data Protection Regulation (GDPR).
Controller:
KRAL GmbH
Bildgasse 40
Industrie Nord
6890 Lustenau
Austria
Phone: 0043 / 5577 / 866 44 – 0
Email: kral@kral.at
Website: www.kral.at
Categories of processed data:
- Basic data (e.g. name, address)
- Contact details (e.g. email, phone numbers)
- Content data (e.g. text entries, photos, videos)
- User data (e.g. websites visited, interest in content, access times)
- Meta and communication data (e.g. device identifiers, IP addresses).
Categories of data subjects:
Visitors and users of the online offer (hereinafter collectively “users”).
Purposes for which we process personal data:
- To make available the online offer, its functions and content
- to answer contact requests and to communicate with users
- to implement security measures
- to measure audience reach/to carry out marketing measures
Definitions:
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This definition must be understood broadly and covers basically any handling of data.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Relevant legal bases:
Subject to Article 13 GDPR, we process data based on the following legal provisions. Where this data privacy policy does not disclose the legal basis for our processing operations, the following applies: Your consent is obtained on the basis of Article 6 (1) (a) and Article 7 GDPR, and we provide our services and implement contractual procedures and answer requests on the basis of Article (6) (1) (b) GDPR. We lawfully process data to comply with our legal obligations according to Article (6) (1) (c) GDPR and for the purposes of our legitimate interests according to Article (6) (1) (f) GDPR. Personal data may be lawfully processed in order to protect the vital interests of the data subject or of another natural person according to Article 6 (1) (d) GDPR.
Cooperation with processors and third parties:
Whenever we disclose, transfer or make data otherwise accessible to other persons or companies (processors or third parties) in the context of our processing operations, we do so on the basis of a legal authorisation (for example if it is necessary to transfer data to third parties, such as payment services providers, according to Article (6) (1) (b) GDPR for the performance of a contract), on the basis of your consent, to comply with a legal obligation or to pursue our legitimate interests (e.g. when we use contractors, web hosters, etc).
We will appoint third parties for the processing of data on the basis of a “data processing agreement” according to Article 28 GDPR.
Transfer of data to third countries:
Whenever we process data in a third country (i.e. in a state outside the European Union (EU) or the European Economic Area (EEA)) or where processing operations are carried out by third parties or data are disclosed or transferred to third parties, we do so only if this is necessary to comply with our (pre)contractual obligations on the basis of your consent, to comply with a legal obligation or to pursue our legitimate interests. Subject to legal or contractual authorisations, we process data or have data processed in a third country only if the conditions laid down in Articles 44 et seq GDPR are complied with. Data are therefore processed if appropriate safeguards have been provided, such as an officially recognised level of data protection consistent with EU requirements (e.g. the “Privacy Shield” for the United States) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
Rights of the data subject:
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to further information and to a copy of such data according to Article 15 GDPR.
According to Article 16 GDPR, you have the right to obtain the rectification of inaccurate personal data concerning you or to have incomplete personal data completed.
According to Article 17 GDPR, you have the right to obtain the erasure of the relevant data without undue delay or, alternatively, according to Article 18 GDPR, the right to restriction of processing.
According to Article 20 GDPR, you have the right to receive the data you have provided to us or to have those data transmitted to another controller.
Furthermore, according to Article 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
Right of withdrawal:
You have the right to withdraw your consent at any time according to Article 7 (3) GDPR.
Right to object:
You have the right to object at any time to processing of your personal data based on Article 21 GDPR. You may also object to processing of data for direct marketing purposes.
Cookies and right to object to processing for direct marketing purposes:
“Cookies” are tiny text files that are stored on your computer. Cookies can store different information. A cookie primarily helps store information on a user (or on the device on which the cookie is stored) during, and also after a user visits a website in the context of an online offer. Temporary cookies or “session cookies” or “transient cookies” are cookies that are deleted when a user leaves a website and closes his or her browser. Such a cookie can store the content of an online basket or a login status. “Permanent” or “persistent” cookies remain on your computer also after you close your browser and can therefore store the log-in status if you visit the website again. Such a cookie can also store a user’s preferences that are used to measure audience reach or for marketing purposes. “Third-party cookies” are cookies of providers other than the controller who operates the online offer (the controller’s cookies are called “first-party cookies”).
We can use temporary and permanent cookies and explain our cookie policy in this data privacy policy.
If you want to block cookies, you should adjust the settings on your browser which allow you to disable cookies. You can adjust the settings on your browser to delete cookies. However, if you do this, you may not be able to benefit from the full functionality of this online offer.
You can generally block the use of cookies for online marketing purposes in a number of services, especially in the case of tracking via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. You can also block the storage of cookies by adjusting the settings on your browser. However, if you do this, you may not be able to benefit from the full functionality of this website.
Google DoubleClick Cookies:
This website uses Google DoubleClick (Floodlights) cookies. Doubleclick is a service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Cookies are small text files that are stored in the browser of a user. The cookies are used to analyze the usage of the website. The data collected will be used only for statistical purposes and in anonymous form. Your browser will be assigned a pseudonymous identification number (ID). All data is recorded anonymously so that no conclusion can be drawn about specific persons. Users can prevent the use of cookies by downloading and installing the browser plug-in available under this link. Alternatively, the user can disable the Doubleclick cookies on the Digital Advertising website under the following link.
Erasure of data:
Data we process will be erased or processing restricted subject to Articles 17 and 18 GDPR. Unless this data privacy policy explicitly states otherwise, we erase data we have processed as soon as they are no longer necessary for the purposes for which they were processed, and when the legal retention periods have expired. Where data are not erased because they are necessary for other and lawful purposes, processing will be restricted. Data will then be blocked and not processed for other purposes. This applies, for example, to data that we are required to keep on the grounds of commercial or tax laws.
According to legal requirements applicable in Austria, there is a 7-year retention period according to § 212 (1) of the Commercial Code (UGB) (books and records, inventories, opening balance sheets, financial statements and directors’ reports, etc.) and according to § 132 (1) Federal Tax Code (BAO) (accounting records, receipts/invoices, accounts, receipts, business records, statement of revenue and expenditure, etc.), a 22-year retention period in connection with land, and a 10-year retention period for documents relating to electronic services, telecommunications, radio and television services provided to non-entrepreneurs in EU Member States and for which the mini-one-stop-shop (MOSS) applies.
Business-related processing operations:
In addition, we process
- contract data (e.g. subject-matter of a contract, duration, customer category),
- payment data (e.g. bank details, payment history)
of our customers, prospects and business partners for the provision of services under a contract, for service and customer support, marketing, advertising, and market research.
Hosting:
We use hosting services in order to provide the following services: infrastructure and platform services, computing capacity, memory and database services, security services, and technical maintenance services which we use to run this online offer.
In doing so, we or our hosting provider process personal details, contact details, content data, contract data, usage data, meta and communication data of customers, prospects and visitors of this online offer on the basis of our legitimate interests which consist in making this online offer available in an efficient and safe manner according to Article 6 (1) (f) GDPR in conjunction with Article 28 GDPR (conclusion of data processing agreement).
Collection of access data and log files:
Based on our legitimate interests according to Article 6 (1) (f) GDPR, our hosting providers or we will collect data on every access to the server which hosts the services (so-called server log files). Access data include the name of the website visited, the name of the file that was retrieved, and the date and time when it was retrieved, the data volume transferred, status of successful transfer, type and version of browser, user's operating system, referrer URL (the site visited before), IP address and requesting provider.
Log file information is stored for a maximum period of 7 days for security reasons (e.g. to clear up cases involving abuse or fraud) and is then erased. Data that must be kept for evidence purposes will not be erased until the respective incident is finally resolved.
Provision of contractual services:
We process personal details (such as names and addresses and contact details of users), contract data (e.g. services used, names of contact points, payment information) in order to comply with our contractual obligations and to provide services according to Article 6 (1) (b) GDPR. Information that you are obliged to provide in online forms is necessary for the conclusion of a contract.
We erase data after the expiration of legal guarantee obligations or similar obligations; every three years, we assess whether it is still necessary to keep data; data are erased after the expiration of legal archiving obligations. Any information provided in a customer’s account is kept until the account is deleted.
Contact:
If a user contacts us (for example via contact form, email, phone or social media), we will process the user’s information to handle the contact request according to Article 6 (1) (b) GDPR. The user’s information can be stored in a customer relationship management system (“CRM system) or in a similar request organization.
We erase requests that are no longer necessary. We assess that necessity every two years; the legal archiving obligations apply.
Comments and posts:
Based on our legitimate interests according to Article 6 (1) (f) GDPR, we will store the IP addresses of users who post comments for 7 days. We do this for our own safety in case someone should post unlawful content (insults, banned political propaganda etc). In this case, we could be held liable for the comment or post and therefore want to know the author’s identity.
Newsletter:
The following chapter describes the content of our newsletters, how you can sign up for and receive newsletters, how we perform statistical analyses, and how you can exercise your right to object. If you subscribe to our newsletter, you are deemed to agree with receiving the newsletter and with the procedures described.
Content: We send newsletters, emails and other electronic mail containing advertising (hereinafter “Newsletter) only with the recipient’s consent or based on a legal permission. If the content of a Newsletter is explicitly described when you sign up for it, such content is relevant for the user’s consent. Furthermore, our Newsletters provide information on our services and our business.
Double-opt-in and logging: There is a double-opt-in process if you want to sign up for our Newsletter. After you have filled out the signup form, you will receive an email and are asked to verify your registration. This ensures that others cannot use your email address to sign up. Newsletter registrations are logged in order to document the sign-up process in line with legal requirements. This includes storage of sign-up and verification time, and of the IP address. Also changes of your data stored with the shipping provider will be logged.
Sign-up data: If you want to sign up for the Newsletter, we simply need your email address. We also ask you to give us a name, so we can address you personally in the Newsletter.
The sign-up process is logged on the basis of our legitimate interests according to Article 6 (1) (f) GDPR, which consist in providing a user-friendly and safe Newsletter system that serves our business interests and meets the expectations of users and allows us to prove that we have obtained consents.
Cancellation/withdrawal - You may cancel our Newsletter or withdraw your consent at any time. If you want to cancel the Newsletter, click a link which is provided at the bottom of each Newsletter. We may keep email addresses of users who cancelled our Newsletter for up to three years on the basis of our legitimate interests before we erase them; this allows us to prove that we had sent you the Newsletter based on your consent. Such data are processed only to defend potential claims. You may send us a cancellation request at any time, provided that you can confirm that you had previously given your consent.
Piwik:
This website works with Piwik, an open-source-software for statistical analysis of website visitors. Piwik uses cookies. Cookies are small text files that are stored in the browser of a user. The cookies are used to analyze the usage of the website. The cookie data is collected, processed and stored on servers in Germany in order to create pseudonymous user profiles. The data includes the name of the visited website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (previously visited website), IP address and the requesting internet service provider. The IP address is personally identifiable information. After being processed in order to detect the company name behind the IP address, the IP address is pseudonymized (masking) by deleting the last number block and not further merged with other cookies or data. Users can prevent the use of cookies in their browser settings or by clicking the following opt-out link.
Google Analytics:
Based on our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our online offer according to Article 6 (1) (f) GDPR) we use Google Analytics, a web analytics service provided by Google LLC (“Google“). Google uses cookies. Information generated by the cookies on the use of this website is regularly transmitted to and stored by a Google server in the United States.
Google is certified according to the EU-US Privacy Shield and therefore guarantees to compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
On our behalf, Google will use this information for the purpose of evaluating your use of our online offer, for compiling synthesis reports on website activity for website operators, and providing us with other services relating to website activity and internet usage. In this context, pseudonym user profiles can be created on the basis of the processed data.
We use Google Analytics only with activated IP anonymisation. This means that your IP address will be truncated by Google in a Member State of the European Union or in another contracting state of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there.
The IP address transmitted by your browser will not be matched with other data of Google. Furthermore, you may adjust the settings of your browser to block cookies; furthermore, you can download and install the browser plugin provided below to prevent the collection of data relating to your use of this online offer generated by the cookie to Google and the processing of such data by Google. http://tools.google.com/dlpage/gaoptout?hl=en.
If you want to learn more about how Google uses data, how to adjust your settings and how to object, go to the following Google websites: https://policies.google.com/technologies/partner-sites?hl=en ("How Google uses information from sites or apps that use our services“), https://policies.google.com/technologies/ads?hl=en (“How Google uses data in advertising”), https://adssettings.google.de/anonymous?sig=ACi0TCg70AiACphn6rLyDmG3m4MAR-cU_gBgo_BOTpXHGzGy8RsJJJmgIMrjBnIlYDzG-zV8AXHemNkg4oobH2kVtmcTGpmS6i6AHRSCnOysjJDKBp6J0xg&hl=en (“Control the information Google uses to show you ads”).
Online presence in social media:
We are active on social media and platforms in order to communicate with and inform customers, prospects and users on these platforms about our services. When you visit these media and platforms, the terms and conditions and data processing policies of the respective operators apply.
Unless our data privacy policy provides otherwise, we process the data of users if they communicate with us via social media and on platforms via posts on our online presence or via messages sent.
Integration of services and content provided by third parties:
We provide content or services offered by third parties in the context of our online offer based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer according to Article 6 (1) (f) GDPR) in order to integrate their content and services such as videos or fonts (hereinafter collectively “content”).
However, this always requires the third-party providers of such content to recognise the IP address of a user, because they could not send content to a user’s browser without the IP address. The IP address is therefore necessary to display such content. We endeavour to use only content of providers who use the IP address only to deliver such content. Furthermore, third-party providers can also use pixel tags (transparent graphic images also referred to as “web beacons”) for purposes of statistics or marketing. Pixel tags are used to analyse information such as user traffic on the pages of this website. Pseudonymous data can also be stored in cookies on the user’s computer and contain, among other things, technical information on the browser and operating system, referring websites, time of visit, and other information on the use of our online offer, and can be matched with such information from other sources.
Youtube:
We embed videos of "YouTube", a platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Google Maps:
We embed maps of "Google Maps", a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Google Fonts:
We embed the fonts ("Google Fonts") provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Google ReCaptcha:
We embed a function for the detection of bots, for example when information is entered in online forms ("ReCaptcha"), provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
Use of Facebook Social Plugins:
Based on our legitimate interests (i.e. interest in the analysis, optimisation, and economic operation of our website according to Article 6 (1) (f) GDPR) we use Social Plugins ("plugins") of the social network facebook.com operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). Plugins may represent interaction elements or content (e.g. videos, graphic images, or comments) and are marked with a Facebook logo (white “f” in a blue box, the word "like", or a "thumbs up" sign) or are designated as "Facebook Social Plugin". For a list and images of the icons of the Facebook Social Plugins, go to: .https://developers.facebook.com/docs/plugins/
Facebook is certified under the EU-U.S. Privacy Shield Framework and thus guarantees that it will comply with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If a user accesses a function of this website that contains such a plugin, the user's browser will establish a direct connection to the Facebook servers. Facebook transmits the content of the plugin directly to the user's device, where it is integrated into the website. The data processed can be used to create usage profiles of the respective users. We thus have no influence on the scope of data Facebook will collect via this plugin, and we therefore inform the user to the best of our knowledge.
As a result of the plugin integration, Facebook is informed that the user has visited the corresponding page of the website. If the user is logged in on Facebook, Facebook can assign the user's visit to the user's Facebook account if the user interacts with the plugins, for example by using the "Like" button or by leaving a comment, your device transmits the corresponding information directly to Facebook where it is stored. If the user is not a member of Facebook, Facebook can still collect and store the user's IP address. According to Facebook, only anonymised IP addresses are stored in Austria.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and settings available to users to protect their privacy are described in the Facebook privacy policies: https://www.facebook.com/about/privacy/.
If the user is a member of Facebook and does not want Facebook to collect data in the manner described above and match it with the user's membership data stored on Facebook, the user must log out of his/her Facebook account before he or she visits our website and delete his/her cookies. Further settings and objections to the use of data for advertising purposes are possible in the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the United States page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. These are cross-platform settings, that is, once made, they will apply to all devices such as desktop computers or mobile devices.
Twitter:
Our website may embed functions and content of Twitter, a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Such content may include images, videos, or texts and buttons which allow users to express if they like the content, to contact the authors of content, or to subscribe to our publications. If users are members of the Twitter platform, Twitter can allocate any access to the above content and functions to the user profiles stored there. Twitter is certified under the EU-U.S. Privacy Shield Framework and thus guarantees that it will comply with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy policy of Twitter: https://twitter.com/en/privacy, Opt-out: https://twitter.com/personalization.
Instagram:
Our website may embed functions and content of Instagram, a service provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Such content may include images, videos or texts and buttons which allow the user to express how he or she likes the content, to contact the authors of content or to subscribe to our publications. If users are members of the Instagram platform, Instagram can allocate access to the above content and functions to the user profiles stored there. Privacy policy of Instagram: http://instagram.com/about/legal/privacy/.
Pinterest:
Our website may embed functions and content of Pinterest, a service provided by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. Such content may include images, videos or texts and buttons which allow users to express if they like the content, to contact the authors of content or to subscribe to our publications. If users are members of the Pinterest platform, Pinterest can allocate the access to the above content and functions to the user profiles stored there. Privacy policy of Pinterest: https://policy.pinterest.com/en-gb/privacy-policy
Xing:
Our website may embed functions and content of Xing, a service provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Such content may include images, videos or texts and buttons, which allow users to express if they like the content, to contact the author of content or to subscribe to our publications. If users are members of the Xing platform, Xing can allocate the access to the above-mentioned content and functions to the user profiles stored there. Privacy policy of Xing: https://www.xing.com/app/share?op=data_protection.
LinkedIn:
Our website may embed functions and content LinkedIn, a service provided by LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Such content may include images, videos or texts and buttons which allow users to express if they like the content, to contact the authors of content or to subscribe to our publications. If users are members of the LinkedIn platform, LinkedIn can allocate the access to the above content and functions to the user profiles stored there. LinkedIn is certified under the EU-U.S. Privacy Shield Framework and thus guarantees that it will comply with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy of Linkedin: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.