This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
pub:legal:privacy_policy [2018-08-14 18:46] jscheiber |
pub:legal:privacy_policy [2018-08-14 23:02] jscheiber |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Privacy Policy ====== | + | ====== Privacy Policy |
- | <wrap lo>// | + | Privacy Policy statement for using our websites and web services. |
+ | <wrap lo>// | ||
===== Your privacy is important to us ===== | ===== Your privacy is important to us ===== | ||
- | Therefore, we have developed | + | Therefore, we have implemented |
- | Should you provide | + | This document describes which personal |
GEPARD may change this policy from time to time by updating this page. If changed in a material way, a notice will be posted along with the updated document. | GEPARD may change this policy from time to time by updating this page. If changed in a material way, a notice will be posted along with the updated document. | ||
- | |||
Line 19: | Line 19: | ||
Data collection is different for | Data collection is different for | ||
- | * anonymous users who simply browse | + | * [[#Data from anonymous users|anonymous users]] |
- | * registered users who get access to restricted business and product information | + | * [[#Data from registered users|registered users]] who get access to restricted business and product information |
- | If you should be asked for any information by email or on our websites that you feel should | + | We keep data collection at the necessary minimum. Your data will only be used in order to provide you with a user-friendly, |
+ | |||
+ | If you should be asked for any information by email or on our websites that you deem inappropriate or not necessary, this may result from a third part attack. Please | ||
==== Data from anonymous users ==== | ==== Data from anonymous users ==== | ||
Line 31: | Line 33: | ||
* Identification information about the computer and browser you use for accessing the web content: | * Identification information about the computer and browser you use for accessing the web content: | ||
- | * IP address | + | * IP address |
* Browser type and details | * Browser type and details | ||
* Operating system type | * Operating system type | ||
* Language | * Language | ||
- | * Internet service provider (ISP) | ||
* We may also collect information regarding your activities on our website, like | * We may also collect information regarding your activities on our website, like | ||
Line 53: | Line 54: | ||
== How we use these data == | == How we use these data == | ||
- | These collected basic data are necessary to protect you and our websites from hacker attacks, and to detect, prohibit, and analyse such attacks. | + | These data will only be used for technical purposes |
Obtaining this basic computer and browser information is standard for any website you visit and allows to handle peculiarities and issues of your browser version, care for basic security measures, and to create general - NOT personalized - access statistics, e.g. site access by time or country. | Obtaining this basic computer and browser information is standard for any website you visit and allows to handle peculiarities and issues of your browser version, care for basic security measures, and to create general - NOT personalized - access statistics, e.g. site access by time or country. | ||
- | These data will only be used for technical purposes | + | These collected basic data are also necessary to protect you and our websites from hacker attacks, |
Line 66: | Line 69: | ||
== Lawfulness of processing these data == | == Lawfulness of processing these data == | ||
- | We collect and process these access data of anonymous users on the basis of GDPR Art.6, i.e. on __our legitimate | + | We collect and process these access data on the basis of GDPR Art.6, i.e. on __our legitimate |
* to provide you with a user-friendly website experience, | * to provide you with a user-friendly website experience, | ||
* to secure the communication between your computer and our services, | * to secure the communication between your computer and our services, | ||
* and to protect you, our website, and our services from cyber attacks | * and to protect you, our website, and our services from cyber attacks | ||
+ | |||
Line 75: | Line 79: | ||
Access to restricted business information will only be granted to registered users. It is necessary to clearly authenticate and identify users requesting access to restricted information. | Access to restricted business information will only be granted to registered users. It is necessary to clearly authenticate and identify users requesting access to restricted information. | ||
+ | |||
+ | In addition, we will collect and process your general web site access and use data which we also collect for anonymous users (see [[#Data from anonymous users|above]] for details about these data and their use and processing). | ||
Line 90: | Line 96: | ||
These data will be explicitely provided by you on a form when applying for a login account, along with your permissions to process these data for specific and agreed purposes. | These data will be explicitely provided by you on a form when applying for a login account, along with your permissions to process these data for specific and agreed purposes. | ||
- | |||
- | In addition, we will collect the general web site use data which we collect for anonymous users (see above). | ||
In your own discretion, you may pass additional information to us in web forms for performing specific services, like information related to a support case. | In your own discretion, you may pass additional information to us in web forms for performing specific services, like information related to a support case. | ||
Line 99: | Line 103: | ||
GEPARD will not ask you for any personal or business information that is not necessary for handling your authentication and your requests. | GEPARD will not ask you for any personal or business information that is not necessary for handling your authentication and your requests. | ||
- | We do not store any clear text passwords. Any password you set will be transmitted through a secured channel and only stored as irreversable | + | We also do not store clear text passwords. Any password you set will be transmitted through a secured channel and only stored as irreversible |
== How we use these data == | == How we use these data == | ||
- | All collected information will only be used to authenticate your login and to give you access to all information available under your account, and in support to carrying out specific actions you request. | + | All collected information will only be used to authenticate your login and to give you access to all information available under your account, and in support to carrying out the specific actions you requested. |
From time to time we may use your personal information to send notices concerning your account and about changes to the information you access through your account, e.g. availability of downloads, changes of legal documents. | From time to time we may use your personal information to send notices concerning your account and about changes to the information you access through your account, e.g. availability of downloads, changes of legal documents. | ||
Line 113: | Line 117: | ||
Login accounts are linked to an existing business relation with your organization. | Login accounts are linked to an existing business relation with your organization. | ||
- | Therefore, all related personal data must be stored for the lifetime of existing contracts and in accordance to legal and fiscal obligations, | + | Therefore, all related personal data must be stored for the lifetime of existing contracts and in accordance to legal and fiscal obligations, |
Line 134: | Line 138: | ||
+ | <WRAP pagebreak /> | ||
===== Cookies ===== | ===== Cookies ===== | ||
GEPARD' | GEPARD' | ||
- | We respect your privacy, and only use cookies for the technical functioning | + | A cookie is a small piece of data that a website |
- | Many web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. Registered users must have cookies enabled in order to log-in. | + | We respect your privacy, and only use cookies for the technical functioning and security of this website, in accordance with [[http:// |
+ | |||
+ | Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer, or delete them whenever you like. This may prevent you from taking full advantage of the website. | ||
+ | Registered users must have cookies enabled in order to log-in. | ||
The underlying Wiki software uses the following 4 cookies: | The underlying Wiki software uses the following 4 cookies: | ||
Line 147: | Line 155: | ||
The standard PHP session identifier. Used to hold temporary data and to avoid [[wp> | The standard PHP session identifier. Used to hold temporary data and to avoid [[wp> | ||
- | + | Importance: necessary; typical | |
- | * Importance: necessary | + | Expires: at the end of the browser session |
- | * Typical | + | |
- | | + | |
== Cookie: DOKU_PREFS == | == Cookie: DOKU_PREFS == | ||
Used for remembering helpful user preferences, | Used for remembering helpful user preferences, | ||
- | + | Importance: functional; typical | |
- | * Importance: functional | + | Expires: at the end of a browser session |
- | * Typical | + | |
- | | + | |
== Cookie: DW< | == Cookie: DW< | ||
Used for authentication after login. This holds the necessary data to (re)login a previously authenticated user. | Used for authentication after login. This holds the necessary data to (re)login a previously authenticated user. | ||
- | + | Importance: necessary for anyone who needs to log in | |
- | * Importance: necessary for anyone who needs to log in | + | Typical content: encrypted username and password |
- | | + | Expires: at the end of a browser session |
- | | + | |
== Cookie: cookielaw == | == Cookie: cookielaw == | ||
- | Sets a flag if user has accepted | + | Sets a flag if user has acknowledged |
- | + | Importance: minor; typical | |
- | * Importance: minor | + | Expires: |
- | * Typical | + | |
- | | + | |
+ | <WRAP pagebreak /> | ||
===== Protecting your personal information ===== | ===== Protecting your personal information ===== | ||
- | We understand that the security of your personal information is very important. | + | We provide |
- | All sensitive data and user logins are hosted on a secure HTTPS server using Secure Socket Layer (SSL) and an internationally acknowledged SSL certificate. This technology protects the confidentiality of your personal information and data while they are transmitted over the Internet. However, despite all efforts, no security controls worldwide can be guaranteed to be a 100% effective, and therefore, GEPARD cannot fully warrant the security of your personal information. | + | All sensitive data and user logins are hosted on a secure HTTPS server using Secure Socket Layer (SSL) and an internationally acknowledged SSL certificate. This technology protects the confidentiality of your personal information and data while they are transmitted over the Internet. However, despite all efforts, no security controls worldwide can be guaranteed to be a 100% effective, and therefore, GEPARD cannot fully warrant the security |
All services and features offered on GEPARD websites are hosted on virtual machines managed by an Internet Service Provider (ISP). GEPARD has sole root access to these servers but no control where these servers are located and where they are backup-ed to. We trust our ISP to have installed proper measures against unauthorized access, disclosure, alteration, and destruction. | All services and features offered on GEPARD websites are hosted on virtual machines managed by an Internet Service Provider (ISP). GEPARD has sole root access to these servers but no control where these servers are located and where they are backup-ed to. We trust our ISP to have installed proper measures against unauthorized access, disclosure, alteration, and destruction. | ||
Line 196: | Line 198: | ||
In the event of a merger or sale we may transfer any and all data and systems to the relevant third party. In case of a reorganization of the company all data, contracts, rights and duties may be passed to the legal successor. Registered users will be notified in such case. | In the event of a merger or sale we may transfer any and all data and systems to the relevant third party. In case of a reorganization of the company all data, contracts, rights and duties may be passed to the legal successor. Registered users will be notified in such case. | ||
+ | |||
+ | |||
===== Links to other websites ===== | ===== Links to other websites ===== | ||
- | Our website | + | Our websites |
+ | |||
+ | We do our best to carefully select and decide on external links at the time of editing a web page. But as contents of other websites continuously change, and referred websites may be dicontinued, | ||
+ | content of these Third Party sites. | ||
===== User Rights - Controlling your personal information ===== | ===== User Rights - Controlling your personal information ===== | ||
- | Acoording | + | According |
* check if and which personal data we store about you, | * check if and which personal data we store about you, | ||
* request a copy of such data, | * request a copy of such data, | ||
Line 209: | Line 216: | ||
* object the processing of your personal data, | * object the processing of your personal data, | ||
* withdraw a previous agreement to process your personal data (which does not affect the lawfullness of the data processing until the time of withdrawal) | * withdraw a previous agreement to process your personal data (which does not affect the lawfullness of the data processing until the time of withdrawal) | ||
- | * request data portability | + | * request data portability |
* request the identity of third parties to which your personal data are being transmitted | * request the identity of third parties to which your personal data are being transmitted | ||
* lodge a complaint with the Austrian Data Protection Agency | * lodge a complaint with the Austrian Data Protection Agency | ||
Line 223: | Line 230: | ||
== Form of requests == | == Form of requests == | ||
- | All such requests shall be submitted in writing to the address below. | + | All such requests shall be submitted in writing to the address |
- | **If you are an anonymous surfer** on our websites, | + | **If you are an anonymous surfer** on our websites, the data collected about you are only linked to your IP address and not to any natural person or organization. Therefore, your request can only be processed if you provide |
- | the data collected about you are only linked to your IP address and not to any natural person or organization. Therefore, your request can only be processed if you provide | + | |
* the IP address which your request is based on | * the IP address which your request is based on | ||
- | * the proof that you were the sole owner of this IP address during the requested time period | + | * the statement and proof that you were the sole owner of this IP address during the requested time period |
* if the owner of the IP address is not a natural person, the request will only be accepted from an authorized representative of this organization | * if the owner of the IP address is not a natural person, the request will only be accepted from an authorized representative of this organization | ||
* your full contact credentials including full name, postal address, email address, and telephone number in order to verify the legitimacy and authenticity of the request | * your full contact credentials including full name, postal address, email address, and telephone number in order to verify the legitimacy and authenticity of the request | ||
- | **If you are a registered user, customer, supplier or other business partner**, | + | **If you are a registered user, customer, supplier or other business partner**, your request must include all credentials necessary for your unambiguous identification including |
- | your request must include all credentials necessary for your unambiguous identification including | + | |
* your full contact credentials including full name, postal address, email address, and telephone number in order to verify the legitimacy and authenticity of the request | * your full contact credentials including full name, postal address, email address, and telephone number in order to verify the legitimacy and authenticity of the request | ||
* requests on behalf of an organization or concerning data related to an organization will only be accepted from an authorized representative of this organization | * requests on behalf of an organization or concerning data related to an organization will only be accepted from an authorized representative of this organization | ||
Line 240: | Line 245: | ||
== Processing of your requests == | == Processing of your requests == | ||
+ | |||
+ | Before releasing any of your data or applying any changes to your data and related processes, we will contact you to verify the legitimacy of the request, in order to protect you and us from unauthorized third party interference. | ||
+ | We will inform you on completion of your request. | ||
Legitimate requests will usually be processed within a month. | Legitimate requests will usually be processed within a month. | ||
Line 246: | Line 254: | ||
Processing of legitimate and reasonable requests is free of charge. But for requested additional data copies, frequent and/or excessive requests, a resonable fee based on administrative costs will be charged. | Processing of legitimate and reasonable requests is free of charge. But for requested additional data copies, frequent and/or excessive requests, a resonable fee based on administrative costs will be charged. | ||
- | Before applying any changes to your data and related processes, we will contact you to verify the legitimacy of your request, in order to protect you and us from unauthorized third party interference. | + | Any request regarding personal data will trigger a separate data processing action and produce a separate set of personal information related to this request, which will be stored for a legal record retention period of (currently) |
- | We will inform you on completion of your request. | + | |
- | + | ||
- | Any request regarding personal data will trigger a separate data processing action and produce a separate set of personal information related to this request, which will be stored for a legal record retention period of (currently) | + | |
Request from a customer may be stored up to 10 years. | Request from a customer may be stored up to 10 years. | ||
Line 256: | Line 261: | ||
===== Contact ===== | ===== Contact ===== | ||
- | Related to the Terms of Use and Privacy Policy: | + | The responsibility for the collection, use, and processing |
GEPARD, J. Scheiber KG | GEPARD, J. Scheiber KG | ||
Line 265: | Line 270: | ||
[[tel> | [[tel> | ||
[[fax> | [[fax> | ||
- | <admin1@gepard.at> | + | [[mailto> |
- | + | ||
[[https:// | [[https:// | ||
- | + | ||