1 Basic information on data processing and legal bases
(1) For the Livingroom GmbH, Bayerhammerstraße 18, A-5020 Salzburg, (in the following: "the company" or "those responsible") has a high priority data protection. The Company endeavors to comply with all principles for the processing of personal data. The use of the company's internet pages is therefore basically possible without any indication of personal data. However, if an affected person wishes to use the Company's services through their website or to contact the Company, personal data processing may be required.
(3) The company, as the person responsible for the processing of personal data, has taken appropriate technical and organizational measures to ensure a level of protection, appropriate to the processing risk, for the personal data processed by the company.
2 responsible persons
2.1 Name and address of the responsible persons:
(5) Responsible persons within the meaning of the DS-GVO as well as the other valid data protection laws, in particular the DSG in the valid version, is the:
Commercial register number of the regional court Salzburg: FN 457392K
Tel .: + 43 / (0) 699/177 88 880
2.2 Employees of the persons responsible (data secrecy)
(6) In accordance with § 6 DSG, the person responsible has contractually obligated their employees to transmit personal data from data processing only on the basis of orders and their employees are obliged to observe and maintain data secrecy even after termination of the employment relationship (employment relationship).
3 Website of the persons responsible
(8) Cookies are text files that are stored and stored on a computer system via the Internet browser used. Cookies contain a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string through which the website and the server can be assigned to the specific internet browser in which the cookie was stored. The stored cookie allows the visited websites and servers to distinguish the individual browser of the person concerned from other Internet browsers. A particular web browser can be recognized and identified by the unique cookie ID.
(9) The Responsible Website uses two types of cookies:
Ø Session Cookies: These are temporary cookies that remain in the cookie file of the person's browser until you leave our website and are automatically deleted after the visit.
Ø Persistent cookies: These cookies are permanently stored on the affected person's computer system to be recognized on the next visit to the website.
3.2 Disabling cookies
(11) The data subject can prevent the setting of cookies by the website of those responsible at any time by means of a corresponding setting of the Internet browser used and thus permanently disagree with the setting of cookies. Furthermore, already set cookies can be deleted at any time via the Internet browser or other third-party software programs. If the setting of cookies in the internet browser used is deactivated, however, not all functions of the website of the persons responsible may be fully usable.
3.3 Collection of general data and information
(12) The website of the persons responsible collects general data and information when called by a data subject or an automated system. The general data and information are stored in the log files of the servers of the persons responsible.
(13) The (i) browser types and versions used, (ii) the operating system used by the accessing system, (iii) the website from which an accessing system accesses the website (so-called referrers), (iv) the sub-web pages (a) the date and time of access to the website, (vi) an IP address, (vii) the accessing system's Internet service providers, and (viii) other similar data and information used in the case of attacks on information technology systems.
(14) When using this general data and information, the person responsible does not draw any conclusions about the data subject. Rather, this information is required in order to (i) correctly deliver the contents of the website, (ii) to optimize the content of the website and, if necessary, to promote it, (iii) to ensure the continued functioning of the information technology systems and the technology of the website, and (iv) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack. The anonymously collected data and information are therefore statistically and further evaluated by the responsible parties with the aim of increasing data protection and data security in the company in order to ultimately ensure an optimal level of protection for the processed personal data. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.
4 Obligation to provide personal data and consequences of non-provision of personal data or provision of false personal data
(15) The provision of personal data is in part required by law (such as tax regulations) or derives from contractual arrangements (such as information about the contractor). Sometimes it may be necessary for a contract to be concluded so that an affected person provides personal data to the responsible person, which must subsequently be processed by the person responsible. For example, the data subject is required to provide personal information when the person in charge contracts with him. Failure to provide the personal data would mean that the contract with the data subject could not be concluded or that the person responsible could not fulfill the contract.
(16) Prior to the provision of personal data by the data subject, the data subject may turn to the person responsible. The controller shall, on a case-by-case basis, inform the data subject as to whether the provision of the personal data is required by law, contract or conclusion, whether there is an obligation to provide the personal data and the consequences of failure to provide the personal data.
5 Processing of personal data
5.1 data types
(17) Those responsible shall endeavor, for the purposes of their processing, to process only personal data whose lawfulness is normalized for processing by Art. 6 DS-BER. Nevertheless, the processing of special categories of personal data within the meaning of Article 9 DS-GVO and § 4 (3) DSG is in some cases unavoidable for the purpose of achieving it. Only those personal data are collected that are necessary for the performance and processing of our legal services or that have been voluntarily provided to those responsible.
(18) The types of personal data processed by the controller include, inter alia:
Name (including title), address, date of birth, gender, company name (including company form and company register number), e-mail address, homepage, telephone and fax numbers, bank details, UID number, IP address, customer data, image and image tape data
(19) Should contrary to expectations, for whatever reason, personal data of special categories within the meaning of Art. 9 DS-GVO be processed by the person responsible, in particular only be stored on the server of the person in charge, then the person responsible is entitled to actual data To erase knowledge of the quality of the data.
5.2 Processing purposes
5.2.1 Business Transaction, Advertising and Communication
(20) The person responsible provides services in the field of communication | Marketing | Graphic Design | Pressure | Webdesign | Advertising | Events. The person responsible processes personal data primarily for the purpose of processing and fulfilling contracts concluded with clients of the responsible parties (customer orders) including accounting, for carrying out pre-contractual measures (such as, in particular, tendering), creating a customer file and asserting, exercising or defending legal claims. The purpose of the transaction is considered by the person responsible to be fulfilled if all claims from a contract or in connection with a contract are fulfilled and it is established that there is no further business relationship between the person concerned and the person in charge.
(21) In addition, the person responsible processes personal data for the purpose of communication with the data subject and clients of the persons responsible, in particular for handling inquiries. The processing is further for the purpose of direct mail.
5.2.2 Legal obligations
(22) Persons responsible also process personal data in the context of and to fulfill statutory inspection, reporting, recording and retention obligations.
5.2.3 Prevention of misuse of the services of those responsible
(23) The storage of the data, in particular the IP address of the data subject, is done for the purpose of preventing the misuse of the services of the persons responsible. If necessary, the data can also be used to investigate past crimes.
5.3 Legal basis of processing
(24) The lawfulness of the processing of personal data by the controller is based essentially on Articles 6 and 9 DS-BER and on § 4 DSG. The principles for the processing of personal data within the meaning of Article 5 DS-BER are complied with.
5.3.1 Consent (Art. 6 (1) (a) DS-BER))
(25) The person responsible processes personal data if the data subject's consent to the processing of the personal data concerning him or her is available (Art. 6 (1) (a) of the GDPR and Art. 9 (2) lit. a) DS-GMO). An explicit consent of the data subject in the processing also exists in particular if the data subject independently and voluntarily transmits or makes available personal data of the persons responsible - in whatever way.
5.3.2 fulfillment of the contract (Art 6 para 1 lit. b) DS-GVO)
(26) If the data are necessary for the performance of a contract of which the data subject is a party (such as processing for performance of an order), the lawfulness of the processing of personal data is based on Article 6 (1) lit. b) DS-GMO. The same applies to processing operations that are necessary to carry out pre-contractual measures that are carried out at the request of the data subject (examples include inquiries by the data subject about products offered or services provided by the company).
5.3.3 Legal obligations (Article 6 (1) (c) DS-GVO)
(27) The company of those responsible is subject to numerous legal obligations. If these legal obligations require the processing of personal data of the data subject, such as the fulfillment of tax reporting, recording and retention requirements, the lawfulness of the processing is based on Art. 6 (1) lit. c) DS-GMO.
5.3.4 Legitimate interests (Article 6 (1) (f) of the GDPR)
(28) Processing operations which are not covered by any of the abovementioned legal bases are ultimately based on the lawfulness of the legitimate interests of the persons responsible or of a third party pursuant to Article 6 (1) lit. f) DS-GMO. The processing of the data subject's personal data by the controller is then necessary to safeguard the legitimate interests of the controller or a third party, and the interests, fundamental rights and freedoms of the data subject do not prevail over him or her if the data subject is the client or the controller Services (ErwGr 47 DS-GVO).
(29) In particular, the person responsible relies on this legitimate interest resulting from the contractual relationship with clients of the persons in charge and the legitimate interest in carrying out their business for the benefit of all their employees and their clients.
5.3.5 Assertion of legal claims (Art 9 para 2 lit. f) DS-GVO)
(30) In the event that the processing of personal data is required to assert, exercise or defend legal claims or actions of the courts in the context of their judicial activity, the processing is based on the legitimate interest thereby created or on Article 9 (2) lit. , f) DS-GMO.
5.4 Transfer of personal data
(31) The person responsible may disclose the personal data of the data subject to specific persons and companies. In particular, these are the following categories of persons and companies established in the European Union:
Ø Customers and clients of those responsible
Ø Suppliers of the responsible persons
Ø delivery services
Ø Tax Advisor
(32) The person responsible uses at most one or more processors in order to fulfill their purpose. Art. 28 DS-GVO, eg a delivery service provider (such as Swiss Post). The contracts concluded by the controller with the processors will empower the processor to use the personal data only for the purposes set out by the controller in this privacy statement.
5.4.3 Other third parties
(33) A transfer or transfer of personal data to third parties - with the exception of point 5.4.1 and point 5.4.2 - as well as to a third country or to an international organization does not take place unless the data subject has given his consent or a legal obligation is for distribution or the disclosure of the law enforcement serves.
5.5 Automated decision-making
(34) As a responsible company, the person in charge waives automatic decision-making or profiling.
6 rights of the person concerned
(35) Pursuant to Articles 15 to 22 DS-GVO, the data subject has the rights set out in points 6.1 to 6.10 of this privacy statement. The person responsible will provide the data subject with relevant information within one month of receiving the request. This period may be extended by the controller for a further two months, if necessary, taking into account the complexity and the number of applications. In any case, the person responsible shall inform the data subject within one month of receipt of the request for a possible extension of the time limit, together with the reasons for the delay. If the data subject submits the application electronically, then if possible, he must be informed by electronic means.
(36) A data subject may, at any time, turn to the person responsible for exercising these rights.
6.1 Right to confirmation
(37) Each data subject has the right, in accordance with Article 15 (1) of the GDPR, to ask the controller for confirmation of the processing of personal data concerning him or her.
6.2 Right to information
(38) Each data subject has the right, in accordance with Art. 15 DS-BER, at any time to obtain free information from the persons responsible about the personal data stored about them as well as details of their processing. Art 15 para 1 lit. a) to lit. h) DS-GMO and a copy of this information. For all other copies requested by the data subject, the controller may request an appropriate fee based on the administrative costs.
(39) In addition, the data subject has the right to know what appropriate safeguards under Art. 46 DS-BER exist in the transfer of personal data to a third country or to an international organization.
6.3 Right to rectification
(40) Each data subject has the right, in accordance with Article 16 of the GDPR, to require the perpetrator to correct the incorrect personal data concerning him immediately. Furthermore, taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
6.4 Right to cancellation (right to be forgotten)
(41) Each data subject has the right, in accordance with Art. 17 DS-BER, to demand from the persons responsible that personal data concerning them be deleted without delay, if one of the persons listed in Art. 17 para 1 lit. a) to lit. f) of the reasons stated in the DS-GVO and if the processing is not in accordance with Art. 17 (3) lit. a) to lit. e) DS-GMO is required.
6.5 Right to restriction of processing
(42) Each data subject has the right under Art. 18 of the GDPR to demand that the person responsible for the processing be restricted if one of the conditions laid down in iSd. Art. 18 para 1 lit. a) to lit. d) DS-GMO is given.
6.6 Data transferability
(43) Each data subject has the right, in accordance with Article 20 of the GDPR, to receive the personal data relating to him / her provided to a controller in a structured, common and machine-readable format. It also has the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided the processing is carried out on the basis of the consent pursuant to Art. 6 para 1 lit. a) DS-GVO or Art. 9 para 2 lit. a) DS-GVO or on a contract pursuant to Art. 6 para 1 lit. b) DS-GMO is based and the processing has been carried out using automated procedures.
(44) This right does not apply to processing which is necessary for the performance of a task which is in the public interest or in the exercise of official authority which has been entrusted to the controller.
(45) In addition, the data subject has the right, in exercising his right to data portability under Article 20 (2) of the GDPR, to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not affect the rights and freedoms of others.
6.7 Right to object
(46) In accordance with Article 21 of the DS-BER, each data subject has the right, at any time and for reasons related to his or her particular situation, to prevent the processing of personal data relating to him or her based on Article 6 (1) lit. e) or lit. f) DS-GMO takes an objection. This also applies to profiling based on these provisions.
(47) If the personal data are processed in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data concerning him or her for the purposes of such advertising. This also applies to the profiling, as far as it is associated with such direct mail.
(48) Furthermore, the data subject has the right, for reasons arising out of his particular situation, against the processing of personal data relating to him for scientific or historical research purposes or for statistical purposes under Article 89 (1) of the GDPR, Objection, unless such processing is necessary to fulfill a public interest task.
(49) A successful opposition leads to a claim of the data subject for restriction and cancellation.
6.8 Automated decisions in individual cases including profiling
(50) Each data subject has the right, under Article 22 of the DSBER Regulation, not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect or similarly appreciably affects its performance. This does not apply in Art. 22 para 2 lit. a) to lit. c) in accordance with para. 3 and para. 4 DS-GVO.
6.9 Right to revoke a data protection consent
(51) Pursuant to Article 7 (3) of the GDPR, each data subject has the right, at any time, to revoke consent to the processing of personal data. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
6.10 Right to complain to the supervisory authority
(52) Without prejudice to any other administrative or judicial remedy, each data subject has the right to complain to a supervisory authority, in particular in the Member State of her habitual residence, place of work or place of alleged infringement, under Article 77 DS-BER The view is that the processing of personal data concerning them infringes the GDPR.
(53) The supervisory authority established in Austria is the
Ø Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna.
7 Duration for which personal data is stored
(54) The controller processes personal data of the data subject until such time as it has become clear to the person responsible that no further contact or business relationship will be established with the person concerned or the respective business partner of the person responsible in the future. This time is usually reached for those responsible after the expiration of three years after the last contact with the person concerned, but in any case only after the expiration of statutory retention requirements. The personal data will be deleted two months after the expiration of this period.
In the event of a contract with the person in charge, personal data will be deleted two months after the date on which it is established that all claims under a contract or in connection with a contract have been fulfilled, unless long-term statutory retention requirements exist. This is in the case of complete contract execution, unless there are longer statutory retention requirements, two months after expiry of the applicable warranty, warranty, limitation period. If claims are asserted against the person responsible or in connection with a legal transaction concluded with the person responsible, the data will be deleted two months after final clarification of the asserted claims, unless there are longer statutory retention obligations; this is in the case of pending proceedings after the legal validity and fulfillment of all claims resulting from these proceedings.