Privacy Policy according to Art 13 of the GDPR
Last update: 15. January 2025
Thank you for your interest in the information on our website!
With the help of this Privacy Policy we would like to inform the users of our website about the type, scope and purpose of the personal data processed. Personal data in this context are all information with which you can be personally identified as a user of our website, including your IP address and information that is stored in cookies.
In a general section of this Privacy Policy, we provide you with information on data protection, which generally applies to our processing of data, including data collection on our website. In particular, you as a data subject will be informed about the rights to which you are entitled.
The terms used in our Privacy Policy and our data protection practice are based on the provisions of the EU General Data Protection Regulation ("GDPR") and other relevant national legal provisions.
Controller according to the GDPR
Regionales Weinkomitee Weinviertel
Hofgartenstr. 28, GL02
2120 Wolkersdorf im Weinviertel
Austria
e: office@weinvierteldac.at
t: +43 2245 82 666
Data collection on our website
On the one hand, personal data is collected from you when you expressly communicate such data to us, on the other hand, data, especially technical data, is automatically collected when you visit our website. Some of this data is collected to ensure that our website functions without errors. Other data may be used for analysis. However, you can use our website without a need to provide personal information.
You can read more about this and about the technologies we use on our website here:
Technologies on our website
Brevo (formerly Newsletter2Go)
Provider: Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Deutschland.
Purpose: Newsletter
Category: Marketing
Recipients: EU
Data processed: User data, user behaviour
Data subjects: Users
Technology: Cookies
Legal basis: Consent, legitimate interest
Website: www.brevo.com
Further information: https://www.brevo.com/de/legal/privacypolicy
On our website we use Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany ("SendInBlue"). Brevo is a service that allows you to organise and analyse the delivery of newsletters. The information you enter to subscribe to the newsletter (e.g. e-mail address) is stored on Brevo's servers.
Our newsletters sent with Brevo enable us to analyse the behaviour of the newsletter recipients. Among other things, we can analyse how many recipients opened the newsletter message and how often which link in the newsletter was clicked. All links in the e-mail are so-called tracking links that can be used to count your clicks.
If you don't want Brevo to analyze your newsletter, you must unsubscribe. To do this, we provide a link in every newsletter message. Furthermore, you can also revoke your consent at any time with future effect by sending an e-mail to the address given in our imprint.
Cloudflare
Provider: Cloudflare Inc, 101 Townsend Street, San Francisco, California 94107, USA.
Purpose: Content Delivery Network
Category: Technically Required
Recipient: USA
Data processed: IP Address, Website Visit Details
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Legitimate interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnZKAA0&status=Active
Website: https://www.cloudflare.com/
Further information:
https://www.cloudflare.com/security-policy
https://www.cloudflare.com/application/privacypolicy/
On our website, the service Cloudflare is used as a so-called content delivery network (CDN) as well as a security service.
A CDN is a service that helps to deliver content from our website, especially large media files such as images, faster with the help of regional servers connected via the Internet. Delivering content through servers near you reduces the average loading time of a website.
Cloudflare offers both web optimization and security services. Cloudflare does this by blocking threats and limiting misuse of server resources and bandwidth. Our website is significantly more powerful and less vulnerable to spam or other attacks thanks to Cloudflare.
Cloudflare uses cookies and processes data of the users of our website.
If a user calls up our website, requests are routed via Cloudflare's server. In this process, statistical access data about the visit to our website is collected.
The access data include:
- IP address,
- the accessed internet page(s) of our website,
- type and version of the Internet browser used,
- the operating system used,
- the Internet page from which a user accessed our Internet presence (referrer URL),
- the length of time spent on our website and
- the frequency with which our internet pages are accessed.
This data helps Cloudflare in particular to detect new threats and to ensure a high security standard for the operation of our website.
The data is processed to maintain the security and functionality of the CDN and to optimize our loading times. The use of cookies by Cloudflare is done for security reasons to ensure the trustworthiness of an end device and is absolutely necessary for the security function.
Cloudflare keeps data logs only as long as necessary and this data is deleted within 24 hours in most cases. However, there is information that Cloudflare keeps indefinitely as part of its permanent logs in order to improve Cloudflare's overall performance. However, this data is not personal and is anonymized by Cloudflare.
Cookies and Local Storage
We use cookies to make our website as user-friendly and functional as possible for you. Some of these cookies are stored on the device you use to access the site.
Cookies are small packages of data that are exchanged between your browser and our web server whenever you visit our website. They do not cause any damage and are used solely to recognise website visitors. Cookies can only store information provided by your browser, e.g. information that you have entered into your browser or that is available on the website. Cookies cannot execute code and cannot be used to access your terminal device.
The next time you access our website using the same device, the information stored in the cookies can then either be sent back to us (“first-party cookie”) or to a web application of third party to whom the cookie belongs (“third-party cookie”). The information that is stored and sent back allows each web application to recognise that you have already accessed and visited the website using the browser on your device.
Cookies contain the following information:
- Cookie name
- Name of the server from which the cookie originates
- Cookie ID number
- An expiry date, after which the cookie will be automatically deleted
We classify cookies in the following categories depending on their purpose and function:
- Technically necessary cookies, to ensure the technical operation and basic functions of our website. These types of cookies are used, for example, to maintain your settings while you navigate our website; or they can ensure that important information is retained throughout the session (e.g. login, shopping cart).
- Statistics cookies, to understand how visitors interact with our website by collecting and analysing information on an anonymous basis only. In this way we gain valuable insights to optimize both the website and our products and services.
- Marketing cookies, to provide targeted promotional and marketing activities for users on our website.
- Unclassified cookies are cookies that we are trying to classify together with individual cookie providers.
Depending on the storage period, we also divide cookies into session and persistent cookies. Session cookies store information that is used during your current browser session. These cookies are automatically deleted when the browser is closed. No information remains on your device. Persistent cookies store information between two visits to the website. Based on this information, you will be recognized as a returning visitor on your next visit and the website will react accordingly. The lifespan of a persistent cookie is determined by the provider of the cookie.
The legal basis for using technically necessary cookies is our legitimate interest in the technically fault-free operation and smooth functionality of our website. The use of statistics and marketing cookies is subject to your consent. You can withdraw your consent for the future use of cookies at any time. Your consent is voluntary. If consent is not given, no disadvantages arise. For more information about the cookies we actually use (specifically, their purpose and lifespan), refer to this Privacy Policy and to the information in our cookie banner about the cookies we use.
You can also set your web browser so that it does not store any cookies in general on your device or so that you will be asked each time you visit the site whether you accept the use of cookies. Cookies that have already been stored can be deleted at any time. Refer to the Help section of your browser to learn how to do this.
Please note that a general deactivation of cookies may lead to functional restrictions on our website.
On our website, we also use so-called local storage functions (also called "local data"). This means that data is stored locally in the cache of your browser, which continues to exist and can be read even after you close the browser - as long as you do not delete the cache or data is stored within the session storage.
Third parties cannot access the data stored in the local storage. If special plug-ins or tools use the local storage functions, you are informed within the description of the respective plug-in or tool.
If you do not wish plug-ins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.
Font Awesome
Provider: Fonticons, Inc, 307 S. Main St., Suite 202 Bentonville, AR 72712, USA.
Purpose: Integration of Fonts and Icons, Performance Measurement
Category: Statistics
Recipient: USA
Processed data: IP address, User Data
Data subjects: Users
Technology: JavaScript call
Legal basis: Consent
Website: https://www.fontawesome.com/
Further information: https://fontawesome.com/help https://fontawesome.com/privacy
ATTENTION! Within the scope of this service, data transfer to the U.S. takes place or cannot be excluded. We would like to point out that as of July 10, 2023, the European Commission has issued an adequacy decision pursuant to Art 45 paragraph 1 GDPR on the EU-US data privacy framework (Data Privacy Framework). Accordingly, organizations or companies (as data importers) in the U.S. that are registered in a public list under the self-certification option of the Data Privacy Framework provide an adequate level of protection for data transfers. Whether the specific provider of this service is already certified can be found here: https://www.dataprivacyframework.gov/s/participant-search
On our website, we use so-called web fonts for the uniform display of fonts or icons, which are provided by Fonticons via the Font Awesome Content Delivery Network (CDN). This ensures that texts, fonts and icons are displayed optimally on every user's terminal device.
When a page is called up, a user's browser loads the required web fonts into the browser cache in order to display texts, fonts and icons correctly. For this purpose, the browser used must connect to Fonticons' servers. In this way, Fonticons obtains knowledge that our website has been accessed via the IP address of a user. At the same time, Fonticons receives information about the popularity of individual fonts and icons.
If a browser does not support web fonts, a standard font is used by the respective end device.
Google Analytics
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA).
Purpose: Web Analytics, Performance Measurement, Conversion Tracking, Collection of Statistical Data
Category: Statistics
Recipients: EU, USA
Data processed: IP Address, Website Visit details, User Data.
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/locations/
On our website, we use the functions of the web analysis service Google Analytics to analyze user behavior and to optimize our website. The reports provided by Google are used to analyze the performance of our website and to measure the success of possible campaigns via our website.
Google Analytics uses cookies that enable an analysis of the use of our website.
Information about the use of the website such as browser type/version, operating system used, the previously visited page, host name of the accessing computer (IP address), time of server request are usually transmitted to a Google server and stored there. We have concluded a contract with Google for this purpose.
On our behalf, Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. According to Google, the IP address transmitted by your browser is not merged with other data from Google.
We only use Google Analytics with IP anonymization activated by default. This means that the IP address of a user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by a user's browser within the scope of Google Analytics is not linked to other Google data.
During the website visit, the user behaviour is recorded in the form of so-called events. These can represent the following:
- Page views, the click path of a user.
- first visit to our website
- visited websites
- start of a session
- interaction with our website
- user behavior (for example, clicks, scrolls, dwell time, bounce rates)
- file downloads
- ads seen / clicked
- interaction with videos
- internal search queries
furthermore, the following is recorded:
- approximate location (region)
- date and time of visit
- IP address (in shortened form)
- technical information about the browser or the end devices used (e.g. language setting, screen resolution)
- Internet service provider
- Referrer URL (via which website/advertising medium a user came to our website).
The processing of this data is essentially done by Google for its own purposes such as profiling (without our ability to influence).
The data about the use of our website is deleted immediately after the end of the retention period set by us in each case. Google Analytics gives us a default of 2 months for the retention period of user and event data, with a maximum retention period of 14 months. This retention period also applies to conversion data. For all other event data, the following options are available: 2 months, 14 months, 26 months (Google Analytics 360 only), 38 months (Google Analytics 360 only), 50 months (Google Analytics 360 only). We will choose the shortest storage period that corresponds to our intended use. You can ask us at any time for the retention period currently set by us.
The deletion of data whose retention period has been reached takes place automatically once a month.
Google Fonts
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA), https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Purpose: Integration of fonts
Category: Statistics
Recipients: EU, USA (possible)
Data processed: IP address, language settings, screen resolution, version and name of browser.
Data subjects: website visitors
Technology: JavaScript call
Legal basis: Consent, Data Privacy Framework
Website: www.google.com
Further information: https://developers.google.com/fonts/faq https://policies.google.com/privacy https://www.google.com/about/datacenters/inside/locations/
To display fonts consistently, our website uses Web Fonts which are provided by Google.
To display web fonts, the web browser you use must connect with a Google server. This informs Google that our website is being accessed via your IP address. The IP address from the browser of the device you are using to access our site is also stored by Google. If your browser does not support Web Fonts, your device will display the site using a standard font type. With each Google Font request, your IP address is automatically transferred to a Google server along with information such as your language preferences, display resolution, version and name of your browser. The usage data collected by Google enables them to determine the popularity of specific font types. Google publishes these findings on internal analytics sites (e.g. Google Analytics).
Google Fonts enables us to use fonts on our own website without uploading them to our server. Google Fonts is an important building block for maintaining the high quality of our website. All Google fonts are automatically optimized for the web. This reduces the data volume and is particularly advantageous for use on mobile devices. When you visit our site, the low file size allows for quicker loading times. Furthermore, Google Fonts are secure Web Fonts that support all major browsers.
Google stores requests for CSS assets for one day on its servers. This enables us to use the fonts with the support of a Google style sheet. The font files are stored by Google for one year. To delete data prematurely, you must contact Google Support ( https://support.google.com ).
Google Maps
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Integration of Map Services
Category: Statistics
Recipients: EU, USA
Data processed: IP Address, Website Visit Details, User Data
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/
On our website, the service Google Maps is integrated in order to better display geographical information about locations for users.
Google Maps is an online map service with which geographic information can be made more legible via a terminal device. Among other things, directions are displayed or map sections of a location can be integrated into a website.
When Google Maps is called up, the browser establishes a connection to Google's servers. This enables Google to know that our website has been accessed via the user's IP address. The use of Google Maps enables Google to collect and process data about the use of the service.
For the provision of this service, Google Maps processes, among other things, entered search terms as well as latitude and longitude coordinates on the basis of the IP address. If the route planner function of Google Maps is used, the entered starting address is also stored. This data processing is carried out exclusively by Google and is not within our sphere of influence.
We would like to point out that a cookie called "NID" is set by Google when running this service. Google Maps does not currently offer us the option to run this service in a mode without this cookie. The NID cookie contains information about your user behavior, which Google uses to optimize its own services and to provide individual, personalized advertising for you.
Google anonymizes data in server logs by deleting a portion of the IP address and cookie information after 9 and 18 months, respectively.
Location and activity data is stored for either 3 or 18 months and then deleted. Users can also manually clear history at any time via a Google account. To completely prevent location tracking, a user must turn off the "Web and App Activity" section in their Google account.
Google reCAPTCHA
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA),
Purpose: Protection against Misuse, Spam Prevention
Category: Technically Required
Recipients: EU, USA
Data processed: IP Address, Website Visit Details
Data subjects: User
Technology: JavaScript Call, Cookies, Local Storage
Legal basis: Legitimate Interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy https://developers.google.com/recaptcha/
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/locations/
On our website, the Google reCAPTCHA service is used to protect against abuse by non-human visitors (bots) and to prevent spam.
When reCAPTCHA is started, the browser establishes a connection to Google's servers. This enables Google to know that our website has been accessed via a user's IP address.
The purpose of reCAPTCHA is to verify whether the data entry on our website is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the user's behavior based on various characteristics. This analysis begins automatically as soon as the user starts our website. For the analysis, reCAPTCHA evaluates various information.
According to our information, the following data is processed by Google:
- the address of the page from which the visitor comes
- IP address
- Information about the operating system
- Cookies
- Mouse and keyboard behavior
- Date and language settings
- All Java-Script Objects
- Screen resolution
The data collected during the analysis is forwarded to and used by Google. The reCAPTCHA analyses run entirely in the background.
Cookies are used for the processing of the service. These cookies require a unique identifier for tracking purposes. According to Google, the IP address is not merged with other data from other Google services, unless a user is logged into his Google account while using the reCAPTCHA plug-in. Furthermore, reCAPTCHA also uses the local storage on the user's device to store data.
Google Tag Manager
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA)
Purpose: Launching Tools and Plugins
Category: Technically Required
Recipients: EU, USA (possible)
Data processed: IP Address
Data subjects: User
Technology: JavaScript Call
Legal basis: legitimate interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/locations/
The Google Tag Manager service is used on our website.
The Tag Manager is a service that allows us to manage website tags via an interface. This allows us to include code snippets such as tracking codes or conversion pixels on websites without interfering with the source code. In doing so, the data is only forwarded by the Tag Manager, but neither collected nor stored. The Tag Manager itself is a cookie-less domain and does not process any personal data, as it serves purely to manage other services in our online offering.
When the Google Tag Manager is started, the browser establishes a connection to Google's servers. These are mainly located in the U.S. Through this, Google obtains knowledge that our website was called up via the IP address of a user.
The Tag Manager ensures the resolution of other tags, which in turn may collect data. However, the Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags that are implemented with the Tag Manager.
Hosting
In the process of hosting our website, we store all data related to the operation of our website. This is necessary for enabling operation of our website. Therefore, we process this data on the legal grounds of our legitimate interest in optimising our website. To provide access to our website, we use the services of web hosting providers, to whom we supply the aforementioned data within the context of contractual processing.
Contact
We offer various ways to get in touch with us on our website. Whenever you contact us, your information is used to process and handle your contact request in the course of fulfilling pre-contractual rights and obligations. To handle and answer your request it is necessary for us to process your data; otherwise we are unable to answer your request or only able to partially answer it. Your information can be stored in a database of customers and leads on the grounds of our legitimate interest in direct marketing.
We delete your request and contact information when your request has been definitively answered and there is no legally required time limit for storing this data prior to deletion (e.g. pursuant to a subsequent contractual relationship). This is usually the case when there is no further contact with you for three years in a row.
Meta-Pixel
Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent Company: Meta Platforms, Inc (USA).
Purpose: Web Analysis, Tracking (Conversion)
Category: Marketing
Recipients: EU, USA
Data processed: IP Address, User Data, Website Visit Details
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active
Website: www.facebook.com
Further information: https://en-gb.facebook.com/privacy/policy https://en-gb.facebook.com/business/help/742478679120153
On our website, the service Meta-Pixel of the social network Facebook is used for the analysis, optimization and economic operation of our online offer.
With the help of Meta-Pixel, it is possible for Meta, on the one hand, to determine the visitors to our website as a target group for the display of personalized ads. Accordingly, we use Meta-Pixel to display the ads placed by us only to users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Meta (so-called "Custom Audiences"). With the help of Meta-Pixel, we also want to ensure that our Meta Ads correspond to the potential interest of users and do not have a harassing effect. With the help of Meta-Pixel, we can, on the other hand, track the effectiveness of Meta Ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta Ad (so-called "conversion").
Your actions are stored in one or more cookies in the process. These cookies allow Meta to match your user data (such as IP address, user ID) with your Facebook account data. The collected data is anonymous and not visible to us and can only be used in the context of advertisements. You can prevent the linking with your Facebook account by logging out before you take any action.
To set which types of ads are displayed to you within Facebook, you can visit the page set up by Meta and follow the instructions there for the settings of usage-based advertising: https://www.facebook.com/settings?tab=ads
The settings are done in a platform-independent manner, which means that they are applied to all devices, such as desktop computers or mobile devices.
Newsletter
On our website we offer the possibility to register for a newsletter. Our newsletter contains information about our products or services as well as accompanying information, offers or promotions.
The consent to our newsletter is given in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with a foreign e-mail address. The registrations for the newsletter are logged in accordance with Art 6 paragraph 1 lit. f GDPR on the basis of our legitimate interest in verifiability. This includes the storage of the time of registration and confirmation as well as the IP address. Changes to your stored data are also logged.
The newsletter is sent on the basis of your consent in accordance with Art. 6 paragraph 1 lit. a GDPR or, if consent is not required, on the basis of our legitimate interest in direct marketing for similar products and services in accordance with Art. 6 paragraph 1 lit. f GDPR. In the context of sending the newsletter, we also process your reaction behaviour on the basis of our legitimate interest in accordance with Art. 6 paragraph 1 lit. f GDPR. A newsletter will only be sent without your consent if we have already received your email address in connection with another order, the newsletter relates to similar products or services of ours and you had the opportunity at the time of collection of your contact details to prohibit their use for marketing purposes and did not object to this.
You can unsubscribe from receiving our newsletter at any time by withdrawing your consent with effect for the future in accordance with Art. 7 paragraph 3 GDPR or by submitting an objection to the processing. You will find a relevant option in the respective newsletter itself or simply contact us by email. In the event of revocation or objection, we may store your e-mail address for up to three years on the basis of our legitimate interests in accordance with Art. 6 paragraph 1 lit. f GDPR before we delete it in order to be able to prove that you have previously given your consent.
Newsletter Tracking
We would like to point out that we evaluate your user behavior when the newsletter is sent. For this evaluation, the emails sent contain so-called web beacons or tracking pixels, which we store. For the evaluations we link the mentioned data and the web beacons with your email address. Links received in the newsletter also contain these tracking IDs. The legal basis is Art. 6 paragraph 1 lit. f GDPR.
The information is stored for as long as you have subscribed to the newsletter. After unsubscribing, we only save the data purely statistically and anonymously.
Such tracking is not possible if you have deactivated the display of images by default in your email program. In this case, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, the above-mentioned tracking takes place.
Server Log Files
For technical reasons, particularly to ensure a functioning and secure website, we process the technically necessary data about accesses to our website in so-called server log files which your browser automatically sends to us.
The access data we process includes:
- The name of the website you are accessing
- The browser type (including version) you use
- The operating system you use
- The site you visited before accessing our site (referrer URL)
- The time of your server request
- The amount of data transferred
- The host name of computer (IP address) you are using to access the site
This data cannot be traced back to any natural person and is used solely to perform statistical analyses and to operate and improve our website while also optimising our site and keeping it secure. This data is sent exclusively to our website operator. The data is neither connected nor aggregated with other data sources. In case of suspicion of unlawful use of our website, we reserve the right to examine the data retroactively. This data processing takes place on the legal grounds of our legitimate interest in maintaining a technically fault-free and optimal website.
The access data is deleted within a short period of time after serving its purpose (usually within a few days) unless further storage is required for evidence purposes. In such cases, the data is stored until the incident is definitively resolved.
Webcare
Provider: DataReporter GmbH, Zeileisstraße 6, 4600 Wels, Austria.
Purpose: Consent Management
Category: technically required
Recipient: EU, AT
Data processed: IP Address, Consent Data
Data subjects: Users
Technology: JavaScript call, Cookies, Swarmcrawler
Legal basis: Legitimate interest, consent (swarmcrawler to evaluate search results)
Website: https://www.datareporter.eu/
Further information: https://www.datareporter.eu/company/info
On our website, we use the Webcare tool for consent management. Webcare records and stores the decision of each user of our website. Our Consent Banner ensures that statistical and marketing technologies such as cookies or external tools are only set or started if the user has expressly consented to their use.
We store information on the extent to which the user has confirmed the use of cookies. The user's decision can be revoked at any time by accessing the cookie setting and managing the declaration of consent. Existing cookies are deleted after revocation of consent. For the storage of information about the status of the consent of the user, a cookie is also set, which is referred to in the cookie details. Furthermore, the IP address of the respective user(s) is transmitted to DataReporter's servers when this service is called up. The IP address is neither stored nor associated with any other data of the user, it is only used for the correct execution of the service.
With the help of Webcare, our website is regularly checked for technologies relevant to data protection. This investigation is only carried out for those users who have expressly given their consent (for statistical or marketing purposes). The search results of the users are evaluated by Webcare in an anonymous form and only in relation to technologies and used for the fulfillment of our information obligations. To start the Swarmcrawler technology, a request is sent to our servers and the IP address of the user is transmitted for the purpose of data transfer. Servers are selected which are geographically close to the respective location of the user. It can be assumed that for users within the EU, a server with a location within the EU will also be selected. The IP address of the user is not stored and is removed immediately after the end of the communication.
EVENT CALENDAR
For the purpose of advertising and information, we process event and contact data in our event calendar from publicly available sources, including photos and videos published by the Lower Austria Event Calendar veranstaltungen.niederoesterreich.at. This processing is carried out for the duration of the respective event and for the purpose of exercising the legitimate interests of the responsible party, Niederösterreich Werbung GmbH, as well as third parties (clubs and institutions) who have published in the event in the Lower Austria Event Calendar.
General information on data protection
The following provisions in its principles apply not only to the data collection on our website, but also in general to other processing of personal data.
Personal data
Personal data is information that can be assigned to you individually. Examples include your address, name, postal address, email address or telephone number. Information such as the number of users who visit a website is not personal data because it is not assigned to a person.
Legal basis for the processing of personal data
Unless more specific information is provided in this Privacy Policy (e.g. in the case of the technologies used), we may process personal data from you on the basis of the following legal principles:
- consent in accordance with Art. 6 paragraph 1 lit. a of the GDPR - The data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.
- Fulfillment of a contract and pre-contractual measures pursuant to Art. 6 paragraph 1 lit. b of the GDPR - Processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of pre-contractual measures.
- Legal obligation pursuant to Art. 6 paragraph 1 lit. c of the GDPR - Processing is necessary for the performance of a legal obligation.
- Protection of vital interests pursuant to Art. 6 paragraph 1 lit. d of the GDPR - Processing is necessary to protect the vital interests of the data subject or of another natural person.
- Reasonable interests pursuant to Art. 6 paragraph 1 lit. f of the GDPR - The processing is necessary to protect the legitimate interests of the controller or of a third party unless the interests or fundamental rights and freedoms of the data subject prevail.
Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our home country.
Transfer of personal data
Your personal data will not be transferred to third parties for purposes other than those listed in this Privacy Policy.
We will only transfer your personal data to third parties if:
- you have given your express consent in accordance with Art. 6 paragraph 1 lit. a of the GDPR,
- the transfer pursuant to Art. 6 paragraph 1 lit. f of the GDPR is necessary to safeguard reasonable interests, as well as to assert, exercise or defend legal claims and there is no reason to assume that you have a prevailing interest worthy of protection by not disclosing your data,
- there is a legal obligation to transfer the data in accordance with Art. 6 paragraph 1 lit. c of the GDPR, as well as this is legally permissible and / or
- it is required according to Art. 6 paragraph 1 lit. b of the GDPR for the processing of contractual relationships with you.
Cooperation with processors
We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of a data processing agreement, this is done in accordance with Art. 28 of the GDPR.
Transfer to third countries
If we process data to a third country or if this is done in the context of using the services of third parties or disclosure or transfer of data to other persons or companies, this is only done for the reasons described above for the transfer of data.
Subject to express consent or contractual necessity, we process or allow data to be processed only in third countries with a recognized level of data protection or on the basis of special guarantees, such as contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding corporate rules in accordance with Art. 44 - 49 of the GDPR.
Data transfer to the US / Discontinuation of the Privacy Shield
We would like to expressly point out that as of July 16, 2020, due to a legal dispute between a private individual and the Irish supervisory authority, the so-called "Privacy-Shield", an adequacy decision of the EU Commission according to Art 45 GDPR, which confirmed an adequate level of data protection for the US under certain circumstances, is no longer valid with immediate effect.
The Privacy Shield therefore no longer constitutes a valid legal basis for the transfer of personal data to the United States!
If a transfer of data by us to the US takes place at all or if a service provider based in the US is used by us, we refer to this explicitly in this Privacy Policy (see in particular the description of the technologies used on our website).
What can the transfer of personal data to the US mean for you as a user and what risks are involved?
Risks for you as a user are at any rate the powers of the US secret services and the legal situation in the US, which, in the opinion of the European Court of Justice, no longer ensure an adequate level of data protection. Among other things, this concerns the following points:
- Section 702 of the Foreign Intelligence Surveillance Act (FISA) does not provide for any restrictions on the surveillance measures of the secret services or guarantees for non-US citizens.
- Presidential Policy Directive 28 (PPD-28) does not provide effective remedies for those affected against actions by U.S. authorities and does not provide barriers to ensuring proportionate measures.
- The ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive; he cannot issue binding orders to the U.S. secret services.
- Legally compliant transfer of data to the US on the basis of standard contractual clauses?
The standard contractual clauses adopted by the Commission in 2010 (2010/87/EU of 05.02.2010), Art. 46 paragraph 2 lit. c DGDPR, are still valid, but a level of protection for personal data must be ensured which is equivalent to the level in the European Union. Therefore, not only the contractual relationships with our service providers are relevant, but also the possibility of access to the data by U.S. authorities and the legal system of the U.S. (legislation and jurisdiction, administrative practice of authorities).
The standard contractual clauses cannot bind authorities in the US and therefore do not yet provide adequate protection in cases in which the authorities are authorized under the law in the US to intervene in the rights of the data subjects without additional measures by us and our service provider.
Legally compliant transfer of data to the US on the basis of your consent?
It is currently controversial whether informed consent and thus a deliberate and knowingly restriction of parts of your basic right to data protection is legally possible at all.
What measures do we take to ensure that a data transfer to the US complies with the law?
Insofar as US providers offer the option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and cannot be accessed by US authorities.
Furthermore, we carefully examine European alternatives to US tools used. However, this is a process that does not happen overnight, as it also involves technical and economic consequences for us. Only if the use of European tools and / or the immediate switch off of the US tools is impossible for us for technical and / or economic reasons, US service providers are currently still used.
For the further use of US tools we take the following measures:
As far as possible, your consent will be asked for before using a US tool and you will be informed in advance in a transparent manner about the functioning of a service. The risks involved in transferring data to the USA can be found in this section.
We make every effort to conclude standard contract clauses with US service providers and to demand additional guarantees. In particular, we require the use of technologies that do not allow access to data, e.g. the use of encryption that cannot be broken even by US services or
anonymization or pseudonymization of data, where only the service provider can make the assignment to a person. At the same time, we require additional information from the service provider if data is actually accessed by third parties or the service provider exhausts all legal remedies until access to data is granted at all.
Storage period
If no explicit storage period is specified during the collection of data (e.g. in the context of a declaration of consent), we are obliged to delete personal data in accordance with Art. 5 paragraph 1 lit. e of the GDPR as soon as the purpose for processing has been fulfilled. In this context, we would like to point out that legal storage obligations represent a legitimate purpose for the processing of personal data.
Personal data will be stored and retained by us in principle until the termination of a business relationship or until the expiry of any applicable guarantee, warranty or limitation periods, in addition, until the end of any legal disputes in which the data is required as evidence, or in any event until the expiry of the third year following the last contact with a business partner.
Rights of data subjects
Data subject have the right:
- in accordance with Art. 15 of the GDPR, to request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned duration of storage, the existence of a right of rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, where applicable, meaningful information on the details thereof;
- in accordance with Art. 16 of the GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us;
- in accordance with Art. 17 of the GDPR, to demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- in accordance with Art. 18 of the GDPR, to demand the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defense of legal claims or you have lodged an objection to the processing in accordance with Art. 21 of the GDPR;
- in accordance with Art. 20 of the GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
- in accordance with Art. 21 of the GDPR, if your personal data are processed on the basis of our legitimate interest, to object to the processing of your personal data for reasons arising from your specific situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without indicating a specific situation.
- in accordance with Art. 7 paragraph 3 of the GDPR, you may at any time revoke your consent to us. As a result, we may no longer continue the data processing based on this consent in the future. Among other things, you have the option of revoking your consent to the use of cookies on our website with effect for the future by calling up our Cookie Settings.
- in accordance with Art. 77 of the GDPR to complain to a data protection authority regarding the illegal processing of your data by us. As a rule, you can contact the data protetion authority at your usual place of residence or workplace or at the headquarters of our company.
The responsible data protection authority for Regionales Weinkomitee Weinviertel is:
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Österreich
Tel.: +43 1 52 152-0, dsb@dsb.gv.at
Assertion of rights of data subjects
You yourself decide on the use of your personal data. Should you therefore wish to exercise one of your above-mentioned rights towards us, you are welcome to contact us by email at office@weinvierteldac.at or by post, as well as by telephone.
Together with your application, please send us a copy of an official photo ID for clear identification and support us in concretizing your request by answering questions from our responsible employees regarding the processing of your personal data. In your request, please state in which role (employee, applicant, visitor, supplier, customer, etc.) and in which period of time you have been in contact with us. This enables us to process your request promptly.
Security of personal data
The security of your personal data is of particular concern to us. Therefore, in accordance with Art. 32 of the GDPR and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
These measures shall include, but not be limited to, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, safeguarding of availability and segregation of data relating to them. Furthermore, we have established procedures to ensure that data subjects' rights are exercised, data is deleted, and we respond to data threats. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware and software, in accordance with the principle of privacy by design and through data protection-friendly pre-settings in accordance with Art. 25 of the GDPR.
Our understanding of security is also applied to those processors we use.
Actuality of this Privacy Policy
Due to further developments or changes in legal requirements, it may become necessary to adapt this Privacy Policy from time to time. The current Privacy Policy can be found and printed out by you at any time here on this website.
For questions regarding data privacy, you can reach us at office@weinvierteldac.at or at the other contact details stated in this Privacy Policy.
Wolkersdorf im Weinviertel, on 15. January 2025
Declaration of consent data privacy
DECLARATION OF CONSENT DATA PRIVACY (THIRD PARTIES)