We have prepared this Privacy Policy (version 22.05.2023) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, what personal data (hereinafter "data") we process as the controller – and the processors we commission (e.g. providers) – and what lawful options you have. All terms used are to be understood in a gender-neutral way.
In brief: We inform you comprehensively about the data we process about you.
Privacy policies usually sound very technical and use legal terminology. This Privacy Policy, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. Where transparency is helpful, technical terms are explained in a reader-friendly manner, links to further information are provided and graphics are used. We therefore communicate in clear and plain language that we only process personal data in the context of our business activities when there is an appropriate legal basis. This is certainly not possible if one gives the briefest, most obscure and techno-legal explanations, as is often the standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative and perhaps there is one or two pieces of information you did not already know.
If you still have questions, we would like to ask you to contact the responsible party listed below or in the Legal Notice, follow the existing links and view further information on third-party sites. Our contact details can of course also be found in the Legal Notice.
This Privacy Policy applies to all personal data processed by us within the company and to all personal data processed by companies commissioned by us (processors). By personal data we mean information within the meaning of Art. 4 No. 1 GDPR such as the name, email address and postal address of a person. The processing of personal data ensures that we can offer and charge for our services and products, whether online or offline. The scope of this Privacy Policy includes:
In brief: The Privacy Policy applies to all areas in which personal data is processed in a structured manner within the company through the channels mentioned. If we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.
In the following Privacy Policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, that allow us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course read this EU General Data Protection Regulation online on EUR-Lex, the access to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.
We only process your data when at least one of the following conditions applies:
Other conditions such as the perception of recordings in the public interest and the exercise of public authority as well as the protection of vital interests do not generally apply to us. Where such a legal basis should nonetheless be relevant, it will be indicated at the appropriate point.
In addition to the EU regulation, national laws also apply:
If other regional or national laws apply, we will inform you in the following sections.
If you have questions about data protection or the processing of personal data, you will find the contact details of the responsible person or body below:
Ing. Mag. Patrick Eiler
Mažuranićevo šetalište 35,
21000 Split
OIB: 10132796428
Authorised representative: Ing. Mag. Patrick Eiler
E-Mail: office@aetasaurea-hr.com
Phone: +43 660 513 32 22
The fact that we only store personal data for as long as is absolutely necessary for the provision of our services and products applies as a general criterion for us. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases, we are legally obliged to store certain data even after the original purpose has ceased, for example for accounting purposes.
If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible and insofar as there is no obligation to store it.
We will inform you further below about the specific duration of the respective data processing, provided we have further information on this.
In accordance with Articles 13 and 14 GDPR, we inform you of the following rights to which you are entitled so that data is processed fairly and transparently:
In brief: You have rights – do not hesitate to contact the responsible party listed above!
If you believe that the processing of your data violates data protection law or that your data protection rights have been infringed in any other way, you can lodge a complaint with the supervisory authority. For Austria this is the Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, each federal state has a data protection officer. For further information you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:
Director: Mag. Dr. Andrea Jelinek
Address:
Barichgasse 40-42, 1030 Vienna
Phone:
+43 1 52 152-0
Email:
dsb@dsb.gv.at
Website:
https://www.dsb.gv.at/
We only transfer or process data in countries outside the EU (third countries) if you consent to this processing, if it is required by law or contractually necessary, and in any case only to the extent that it is generally permitted. Your consent is in most cases the most important reason why we have data processed in third countries. The processing of personal data in third countries such as the USA, where many software manufacturers offer services and have their server locations, can mean that personal data is processed and stored in unexpected ways.
We expressly point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. The processing of data by US services (such as Google Analytics) can result in data not being processed and stored anonymously in certain cases. Furthermore, US government authorities may in some cases be able to access individual pieces of data. In addition, it may happen that data collected is linked to data from other services of the same provider, provided you have a corresponding user account. Where possible, we try to use server locations within the EU, provided this is offered.
We will inform you in more detail at the appropriate points in this Privacy Policy about data transfers to third countries, where applicable.
|
Cookies Summary
👥 Affected: website visitors 🤝 Purpose: depends on the respective cookie. More details can be found below or at the manufacturer of the software that sets the cookie. 📓 Data processed: depends on the cookie used. More details can be found below or at the manufacturer of the software that sets the cookie. 📅 Storage duration: depends on the respective cookie, can range from hours to years ⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests) |
Our website uses HTTP cookies to store user-specific data.
In the following we explain what cookies are and why they are used, so that you can better understand the following Privacy Policy.
Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.
One thing is undeniable: cookies are really useful little helpers. Almost all websites use cookies. More precisely, they are HTTP cookies, as there are also other cookies for other areas of application. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, the "brain" of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.
Cookies store certain user data, such as language or personal page settings. When you return to our site, your browser transmits the "user-related" information back to our site. Thanks to cookies, our website knows who you are and offers you the setting you are used to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.
There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site; third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans or other "malicious software". Cookies cannot access information on your PC.
Cookie data can look like this, for example:
Name: _ga
Value: GA1.2.1326744211.152
Purpose: Differentiating website visitors
Expiry date: after 2 years
A browser should be able to support at least these minimum sizes:
The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the Privacy Policy. Here we would like to briefly address the different types of HTTP cookies.
There are 4 types of cookies:
Essential cookies
These cookies are necessary to ensure the basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues browsing other pages and later proceeds to the checkout. These cookies ensure that the shopping cart is not deleted even if the user closes their browser window.
Functional cookies
These cookies collect information about user behaviour and whether the user receives any error messages. In addition, these cookies are also used to measure the loading time and behaviour of the website in different browsers.
Purpose-oriented cookies
These cookies provide better user-friendliness. For example, entered locations, font sizes or form data are stored.
Advertising cookies
These cookies are also called targeting cookies. They are used to deliver individually tailored advertising to the user. This can be very convenient, but also very annoying.
When you first visit a website, you are usually asked which of these types of cookies you would like to allow. And of course, this decision is also stored in a cookie.
If you would like to know more about cookies and do not shy away from technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) entitled "HTTP State Management Mechanism".
The purpose ultimately depends on the respective cookie. More details can be found below or at the manufacturer of the software that sets the cookie.
Cookies are small helpers for many different tasks. Unfortunately, we cannot generalise what data is stored in cookies, but we will inform you in the following Privacy Policy about the data processed or stored.
The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour; others can remain stored on a computer for several years.
You also have control over the storage duration yourself. You can manually delete all cookies at any time via your browser (see also "Right to object" below). Furthermore, cookies that are based on consent will be deleted at the latest after you revoke your consent, whereby the lawfulness of storage up to that point remains unaffected.
You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option to delete, deactivate or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.
If you want to find out which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:
Chrome: Delete, enable, and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete cookies in Microsoft Edge
If you generally do not want any cookies, you can set up your browser so that it always informs you when a cookie is about to be set. This way you can decide whether to allow or disallow each individual cookie. The procedure varies depending on the browser. The best approach is to search Google for instructions such as "delete cookies Chrome" or "disable cookies Chrome" if you use the Chrome browser.
Since 2009, the so-called "Cookie Guidelines" have existed. These stipulate that the storage of cookies requires your consent (Article 6(1)(a) GDPR). Within EU countries, however, there are still very different reactions to these guidelines. In Austria, this directive was implemented in Section 96(3) of the Telecommunications Act (TKG). In Germany, the Cookie Guidelines were not implemented as national law. Instead, this directive was largely implemented in Section 15(3) of the Telemedia Act (TMG).
For strictly necessary cookies, even without consent, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide website visitors with a pleasant user experience and for this certain cookies are often absolutely necessary.
Where non-essential cookies are used, this only happens with your consent. The legal basis in this regard is Art. 6(1)(a) GDPR.
In the following sections you will be informed in more detail about the use of cookies, provided the software used makes use of cookies.
|
Web Hosting Summary
👥 Affected: website visitors 🤝 Purpose: professional hosting of the website and securing operations 📓 Data processed: IP address, time of website visit, browser used and further data. More details can be found below or at the respective web hosting provider. 📅 Storage duration: depends on the respective provider, but typically 2 weeks ⚖️ Legal bases: Art. 6(1)(f) GDPR (legitimate interests) |
When you visit websites today, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By "website" we mean the entirety of all web pages on a domain, i.e. everything from the homepage to the very last subpage. By "domain" we mean, for example, example.de or sampleexample.com.
If you want to view a website on a computer, tablet or smartphone, you use a programme called a web browser. You probably know some browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari.
To display the website, the browser must connect to another computer where the code of the website is stored: the web server. Operating a web server is a complicated and demanding task, which is why this is usually handled by professional providers, the hosting companies. These offer web hosting and thus ensure reliable and error-free storage of website data.
When your browser on your computer (desktop, laptop, tablet or smartphone) connects and during data transfer to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must also store data for a period of time to ensure proper operation.
The purposes of data processing are:
Even as you visit our website right now, our web server – the computer on which this website is stored – typically automatically stores data such as:
As a rule, the data mentioned above is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot exclude the possibility that it may be viewed by authorities in the event of unlawful behaviour.
In brief: Your visit is logged by our provider (the company that runs our website on special computers/servers), but we do not pass on your data without your consent!
The lawfulness of the processing of personal data in the context of web hosting derives from Art. 6(1)(f) GDPR (legitimate interests), since the use of professional hosting with a provider is necessary to present the company on the internet in a safe and user-friendly manner and to pursue attacks and claims arising from them if necessary.
As a rule, a contract for order processing in accordance with Art. 28 et seq. GDPR exists between us and the hosting provider, which ensures compliance with data protection and guarantees data security.
|
Web Analytics Summary
👥 Affected: website visitors 🤝 Purpose: evaluation of visitor information to optimise the web offering 📓 Data processed: access statistics containing data such as locations of accesses, device data, access duration and time, navigation behaviour, click behaviour and IP addresses. More details can be found at the respective web analytics tool used. 📅 Storage duration: depends on the web analytics tool used ⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests) |
We use software on our website to analyse the behaviour of website visitors, referred to in brief as web analytics. Data is collected which the respective analytics tool provider (also called tracking tool) stores, manages and processes. With the help of this data, analyses of user behaviour on our website are created and made available to us as website operators. In addition, most tools offer various testing options. For example, we can test which offers or content is most popular with our visitors. For this purpose, we show you two different offers for a limited period. After the test (so-called A/B test), we know which product or content our website visitors find more interesting.
With our website we have a clear goal: we want to provide the best web offering in our industry. To achieve this goal, we want to offer the best and most interesting content on the one hand, and on the other hand ensure that you feel completely comfortable on our website. With the help of web analytics tools, we can take a closer look at the behaviour of our website visitors and then improve our web offering for you and us accordingly.
The use of web analytics requires your consent, which we have obtained with our cookie popup. This consent represents the legal basis pursuant to Art. 6(1)(a) GDPR (consent) for the processing of personal data, as may occur when data is collected by web analytics tools.
In addition to consent, we have a legitimate interest in analysing the behaviour of website visitors in order to improve our offering technically and economically. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interests). However, we only use the tools insofar as you have given consent.
|
Online Map Services Summary
👥 Affected: website visitors 🤝 Purpose: improving the user experience 📓 Data processed: which data is processed depends heavily on the services used. Usually this includes IP address, location data, search terms and/or technical data. More details can be found at the respective tools used. 📅 Storage duration: depends on the tools used ⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests) |
As an extended service on our website, we also use online map services. Google Maps is probably the service you are most familiar with, but there are also other providers that specialise in creating digital maps. Such services make it possible to display locations, route plans or other geographic information directly via our website. Through an integrated map service, you no longer need to leave our website to, for example, view the route to a location. For the online map in our website to function, map sections are embedded using HTML code. The services can then display road maps, the earth's surface or aerial/satellite images. When you use the built-in map offering, data is also transmitted to the tool used and stored there.
Generally speaking, our aim is to provide you with a pleasant experience on our website. And this experience is only pleasant if you can easily find your way around our website and find all the information you need quickly and easily. We therefore thought that an online map system could be a significant optimisation of our service on the website. Without leaving our website, you can use the map system to view directions, locations or even sights without any problems. It is also very practical that you can see at a glance where our company is located so that you can find us quickly and safely. As you can see, there are simply many advantages and we clearly regard online map services on our website as part of our customer service.
If you have consented to the use of an online map service, the legal basis for the corresponding data processing is this consent. This consent represents, pursuant to Art. 6(1)(a) GDPR (consent), the legal basis for the processing of personal data as may occur when data is collected by an online map service.
We also have a legitimate interest in using an online map service to optimise our service on our website. The corresponding legal basis is Art. 6(1)(f) GDPR (legitimate interests). However, we only use an online map service if you have given consent.
|
Google Maps Privacy Policy Summary
👥 Affected: website visitors 🤝 Purpose: optimising our service 📓 Data processed: data such as search terms entered, your IP address and also latitude/longitude coordinates. More details can be found further below in this Privacy Policy. 📅 Storage duration: depends on data stored ⚖️ Legal bases: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests) |
We use Google Maps from Google Inc. on our website. For the European area, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Maps we can show you locations better and thus adapt our service to your needs. By using Google Maps, data is transmitted to Google and stored on Google's servers.
Google Maps is an internet map service from Google. With Google Maps you can search online via a PC, tablet or app for exact locations of cities, sights, accommodation or businesses. When companies are represented on Google My Business, further information about the company is displayed in addition to the location. To display the directions, map sections of a location can be embedded in a website using HTML code. Google Maps shows the earth's surface as a road map or as an aerial/satellite image.
All our efforts on this page pursue the goal of providing you with a useful and meaningful experience on our website. By integrating Google Maps we can provide you with the most important information on various locations. You can see at a glance where our company is located. The directions always show you the best and fastest route to us. You can retrieve directions for routes by car, public transport, on foot or by bicycle. For us, providing Google Maps is part of our customer service.
In order for Google Maps to be able to offer its service in full, the company must record and store data from you. This includes, among other things, the search terms entered, your IP address and also the latitude and longitude coordinates. If you use the route planner function, the start address entered is also stored. This data storage takes place on the Google Maps websites. We can only inform you about this, but have no influence over it. Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. This cookie stores data about your user behaviour. Google uses this data primarily to optimise its own services and to provide you with individualised, personalised advertising.
Google's servers are located in data centres around the world. Most servers are located in America, which means your data is stored primarily in the USA. Google also distributes data across various storage media, making the data faster to access and better protected against manipulation attempts.
Google stores some data for a set period of time. For other data, Google only offers the option of deleting it manually. Furthermore, the company anonymises information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months.
With the automatic deletion function for location and activity data introduced in 2019, information about location determination and web/app activity is stored for either 3 or 18 months – depending on your decision – and then deleted. You can also manually delete this data from the history via your Google account at any time. If you want to completely prevent your location from being recorded, you must pause the "Web & App Activity" section in your Google account.
In your browser you can also deactivate, delete or manage individual cookies. Depending on which browser you use, this always works slightly differently. In the "Cookies" section you will also find links to the instructions for the most popular browsers.
If you have consented to Google Maps being used, the legal basis for the corresponding data processing is this consent. This consent represents, pursuant to Art. 6(1)(a) GDPR (consent), the legal basis for the processing of personal data as may occur when data is collected by Google Maps.
We also have a legitimate interest in using Google Maps to optimise our online service. The corresponding legal basis is Art. 6(1)(f) GDPR (legitimate interests). However, we only use Google Maps insofar as you have given consent.
Google processes data from you, among other places, in the USA. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the lawfulness and security of data processing.
As a basis for data processing at recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway – in particular in the USA) or for data transfer to these, Google uses Standard Contractual Clauses (Art. 46(2) and (3) GDPR). These are template agreements provided by the EU Commission and are intended to ensure that your data also complies with European data protection standards when transferred to and stored in third countries (such as the USA). If you would like to learn more about Google's data processing, we recommend reading Google's own privacy policy at https://policies.google.com/privacy.
We always strive to write our Privacy Policy as clearly and comprehensibly as possible. However, this is not always straightforward, especially with technical and legal topics. It often makes sense to use legal terms (such as personal data) or certain technical terms (such as cookies, IP address). We do not want to use these without explanation. Below you will find an alphabetical list of important terms used that we may not have addressed sufficiently in the previous Privacy Policy.
Definition pursuant to Article 4 of the GDPR
For the purposes of this Regulation, the term means:
"processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Explanation: As a company and website owner, we are responsible for all data that we process from you. In addition to controllers, there may also be so-called processors. These include every company or person that processes personal data on our behalf. In addition to service providers such as tax advisors, processors can also include hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.
Definition pursuant to Article 4 of the GDPR
For the purposes of this Regulation, the term means:
"consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Explanation: As a rule, such consent is given on websites via a cookie consent tool. You are probably familiar with this. Whenever you visit a website for the first time, you are usually asked via a banner whether you agree to or consent to the data processing. You can usually also make individual settings and decide which data processing you allow and which you do not. If you do not consent, no personal data about you may be processed. In principle, consent can of course also be given in writing, i.e. not via a tool.
Definition pursuant to Article 4 of the GDPR
For the purposes of this Regulation, the term means:
"personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Explanation: Personal data is therefore all data that can identify you as a person. These are typically data such as:
In brief: Personal data is all data that can identify you personally.