Data protection
We have this Privacy Policy (version
19.12.2022-122365776) to you in accordance with the specifications of
General Data Protection Regulation (EU) 2016/679 and applicable national laws
to explain which personal data (in short data) we as
responsible
- and the processors commissioned by us (e.g. providers) -
process, will process in the future and what lawful options
They have. The terms used are to be understood as gender-neutral.
In short: We inform you comprehensively about data that
we process about you.
Privacy statements usually sound very technical
and use legal terminology. This privacy policy is intended to give you
the most important things as simply and transparently as possible
describe. As far as it is conducive to transparency, technical
Terms explained in a reader-friendly way, links to further information
offered and graphics used. We are providing information in a clear and
simple language that we use in our business operations only
process personal data if a corresponding statutory
basis is given. This is certainly not possible if you use the most concise,
makes unclear and legal-technical statements, such as those on the Internet
are often standard when it comes to data protection. I hope you find them
following explanations interesting and informative and perhaps the one
or other information that you did not know.
If you still have questions, we would like to ask you
to contact the responsible office named below or in the imprint
to follow existing links and get more information on third-party sites
to watch. Our contact details can of course also be found in the imprint.
scope of application
This privacy policy applies to all of us in the
companies processed personal data and for everyone
Personal data that companies commissioned by us (contract processors)
process. By personal data we mean information within the meaning of
Art. 4 No. 1 GDPR such as name, e-mail address and postal address
address of a person. The processing of personal data ensures
that we can offer and bill our services and products,
be it online or offline. The scope of this privacy policy
includes:
All online presences (websites, online shops) that we
operate
Social media appearances and email communication
mobile apps for smartphones and other devices
In short: the privacy policy applies to everyone
Areas in which personal data in the company beyond the mentioned
Channels are processed in a structured way. Should we use outside of these channels
enter into legal relationships with you, we will contact you separately if necessary
inform.
legal bases
In the following data protection declaration we give you
transparent information on the legal principles and regulations,
i.e. the legal basis of the General Data Protection Regulation, which enables us
to process personal data.
As far as EU law is concerned, we refer to the
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL of 27.
April 2016. This EU General Data Protection Regulation allows you to
of course online on EUR-Lex, the gateway to EU law
https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679
read.
We only process your data if at least one of the
the following conditions apply:
Consent (Article 6 Paragraph 1 lit. a GDPR): You have
you have given us your consent to process data for a specific purpose.
An example would be storing your entered data
contact form.
Contract (Article 6 Paragraph 1 lit. b GDPR): To a contract
or to fulfill pre-contractual obligations with you, we process
Your data. For example, if we enter into a purchase agreement with you,
we need personal information in advance.
Legal obligation (Article 6 Paragraph 1 lit. c GDPR):
If we are subject to a legal obligation, we process yours
Data. For example, we are required by law to provide invoices for the
cancel accounting. These usually contain personal data.
Legitimate interests (Article 6 paragraph 1 lit. f GDPR): Im
Case of legitimate interests that do not limit your fundamental rights,
we reserve the right to process personal data. We have to go
For example, we process certain data to make our website safe and efficient
to operate efficiently. This processing is therefore legitimate
Interest.
Other conditions such as the perception of recordings in the
public interest and exercise of official authority as well as protection
more vital
As a rule, interests do not arise with us. As far as such
Should the legal basis be relevant, it will be attached to the corresponding
Position designated.
In addition to the EU regulation, national regulations also apply
Laws:
In Austria, this is the federal law for protection
natural persons in the processing of personal data
(Data Protection Act), DSG for short.
In Germany, the Federal Data Protection Act, BDSG for short, applies.
If other regional or national laws on
apply, we will inform you about this in the following sections.
Contact details of the person responsible
If you have any questions about data protection or processing
personal data, you will find the contact details of the below
Responsible person or body:
Celesteau eU
Alexander Nemeth
office@celesteau.at
storage duration
That we only store personal data for as long as
it is essential for the provision of our services and products
necessary is a general criterion for us. That means we
delete personal data as soon as the reason for data processing
is no longer available. In some cases we are legally required to do so
obliged to provide certain data even after the original purpose has ceased to exist
store, for example for accounting purposes.
If you wish your data to be deleted or
Revoked consent to data processing, the data will be deleted as soon as possible
possible and as far as there is no obligation to save, deleted.
About the specific duration of the respective data processing
we will inform you below if we have further information on this.
Rights under the General Data Protection Regulation
According to Article 13, 14 GDPR we inform you about the
the following rights to which you are entitled in order to ensure fair and
transparent processing of data comes:
According to Article 15 GDPR, you have a right to information about
whether we process data from you. If that's the case, you're right
to receive a copy of the data and the following information
experience:
for what purpose we carry out the processing;
the categories, i.e. the types of data that are processed
become;
who receives this data and if the data is sent to third countries
communicated how security can be guaranteed;
how long the data is stored;
the existence of the right to rectification, erasure or
Restriction of processing and the right to object to the
Processing;
that you can complain to a supervisory authority
(See below for links to these authorities);
the origin of the data if we did not collect it from you
have;
whether profiling is carried out, i.e. whether data is automatic
be evaluated in order to get a personal profile of you.
According to Article 16 GDPR, you have the right to rectification
of the data, which means we need to get data straight if you
Find mistakes.
According to Article 17 GDPR, you have the right to erasure
(“Right to be forgotten”), which specifically means that you request deletion
may request your data.
According to Article 18 GDPR, you have the right to restriction
of processing, which means that we are only allowed to store the data
but do not continue to use it.
According to Article 20 GDPR, you have the right to
Data portability, which means that we can send your data to you upon request
make it available in a common format.
According to Article 21 GDPR, you have a right of objection,
which, once enforced, will result in a change in processing.
If the processing of your data is based on Article 6 Para. 1 lit.
e (public interest, exercise of official authority) or Article 6 paragraph 1
lit. f (legitimate interest), you can object to the processing
file an objection. We will then check as soon as possible whether we can
be able to legally comply with the objection.
If data is used to operate direct mail,
you can object to this type of data processing at any time. We
may no longer use your data for direct marketing thereafter.
If data is used to conduct profiling,
You can object to this type of data processing at any time. We may
No longer use your data for profiling after that.
According to Article 22 GDPR, you may have the right
not one based solely on automated processing (e.g
profiling) based decision to be subjected.
According to Article 77 GDPR, you have the right to lodge a complaint.
This means that you can complain to the data protection authority at any time,
if you think that the data processing of personal
data violates the GDPR.
In short: you have rights - don't hesitate, the above
listed responsible body to contact us!
If you believe that the processing of your data is against
violates data protection law or your data protection claims in
otherwise have been injured in any way, you can contact the
complain to the supervisory authority. This is the data protection authority for Austria,
whose website can be found at https://www.dsb.gv.at/. In Germany there are
a data protection officer for each federal state. For more information
you can contact the Federal Commissioner for Data Protection and the
Freedom of Information (BfDI). For our company is the following
local data protection authority responsible:
Explanation of terms used
We always strive to make our privacy policy as clear
and make it as understandable as possible. Especially with technical and
However, this is not always easy when it comes to legal issues. It often does
Sense legal terms (such as personal data) or specific
to use technical expressions (e.g. cookies, IP address). we want
but do not use them without explanation. Below you will find one
alphabetical list of important terms used in the
previous data protection declaration may not have been sufficiently addressed
are. If these terms were taken from the GDPR and it is
When it comes to definitions of terms, we will also cite the GDPR texts here and
add your own explanations if necessary.
consent
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term means:
"Consent" of the data subject each voluntarily for
the specific case, given in an informed manner and unequivocally
Expression of will in the form of a declaration or another clear one
affirmative action by which the data subject indicates that
them with the processing of their personal data
agrees;
Explanation: This is usually done for websites
Consent via a cookie consent tool. I'm sure you know that. Always when
When you visit a website for the first time, a banner will usually ask you
whether you agree or consent to the data processing. Most of the time you can too
Make individual settings and decide for yourself which ones
Data processing you allow and which not. If you do not consent
no personal data from you may be processed.
In principle, consent can of course also be in writing, i.e. not
via a tool.
Personal Data
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term means:
“Personal Data” any information relating to
an identified or identifiable natural person (hereinafter
“data subject”; a natural person becomes identifiable
viewed directly or indirectly, in particular by means of assignment to a
identifier such as a name, to an identification number, to location data, to a
Online identifier or one or more special characteristics that expression
the physical, physiological, genetic, psychological, economic,
cultural or social identity of this natural person,
can be identified;
Explanation: Personal data is therefore all those
Data that can identify you as an individual. This is usually data
such as:
Surname
address
E-mail address
postal address
phone number
birth date
Identification numbers such as social security number,
Tax identification number, identity card number or matriculation number
Bank details such as account number, credit information, account balances
and much more
According to the European Court of Justice (ECJ), yours counts too
IP address to the personal data. IT professionals can use your
IP address at least the approximate location of your device and subsequently
identify you as the subscriber. Therefore, saving also requires a
IP address has a legal basis within the meaning of the GDPR. There are also
so-called
"special categories" of personal data, which are also special
are worth protecting. These include:
racial and ethnic origin
political opinions
religious or ideological beliefs
union membership
genetic data such as data derived from blood
or saliva samples are taken
Biometric data (this is information about psychological,
physical or behavioral characteristics that identify an individual
can).
health data
Data related to sexual orientation or sex life
profiling
Definition according to Article 4 of the GDPR
For the purposes of this Regulation, the term means:
"Profiling" any type of automated processing
personal data, which consists in that this personal data
used to describe certain personal aspects that relate to a
natural person relate, to evaluate, in particular to aspects regarding
work performance, economic situation, health, personal preferences,
Interests, reliability, behavior, whereabouts or relocation of these
analyze or predict a natural person;
Explanation: When profiling, different
Gathers information about a person to learn more about them
person to experience. On the web, profiling is often used for advertising purposes or
also used for credit checks. Collect web and/or advertising analysis programs
for example data about your behavior and your interests on a website.
This results in a special user profile with the help of which advertising is targeted
can be played out to a target group.