Privacy Policy

Data Protection

Personal data (hereinafter referred to as "data") is processed by us only to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there. According to Article 4(1) of Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), "processing" means any operation or set of operations performed on personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

This privacy policy informs you about the type, scope, purpose, duration, and legal basis of the processing of personal data, whether solely or jointly with others deciding on the purposes and means of processing. Additionally, information is provided about third-party components used for optimization and quality improvement, where third parties process data on their responsibility.

Our privacy policy is structured as follows:

I. Information about us as responsible parties

The responsible provider of this website in terms of data protection is:

CAATS Service GmbH
Rathausstraße 21/12
1010 Vienna
Austria
VAT ID: ATU 78116628

Commercial Register Number: FN 580032 p
Commercial Court: Commercial Court Vienna
Registered Office: Vienna
Legal Form: Limited Liability Company

Phone: +43 (0) 720 272 022
Email: office@caats.io

II. Rights of Users and Data Subjects

With regard to the data processing described below, users and data subjects have the right:

Additionally, the provider is obligated to inform all recipients to whom data has been disclosed about any corrections or deletions of data or the restriction of processing carried out under Articles 16, 17(1), 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have the right to information about these recipients. Users and data subjects also have the right, according to Art. 21 GDPR, to object to the future processing of data concerning them, provided that the data is processed by the provider in accordance with Art. 6(1)(f) GDPR. In particular, an objection to data processing for the purpose of direct marketing is permissible.

III. Information on Data Processing

Your data processed when using our website will be deleted or blocked as soon as the purpose of storage is no longer applicable, and there are no legal retention obligations preventing deletion. Any further details regarding individual processing procedures are provided below.

Server Data

For technical reasons, especially to ensure a secure and stable website, data is transmitted to us or our web space provider by your internet browser. These so-called server log files include the type and version of your internet browser, the operating system, the website from which you accessed our website (referrer URL), the website(s) of our site that you visit, the date and time of the respective access, and the IP address of the internet connection from which the use of our website occurs.

This data is temporarily stored but not with other data from you. The legal basis for this storage is Art. 6(1)(f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website. The data will be deleted after seven days at the latest, unless further storage is required for evidentiary purposes. In this case, the data is excluded from deletion until the final clarification of the incident.

Cookies

a) Session Cookies/Session Cookies

We use so-called cookies on our website. Cookies are small text files or other storage technologies that are stored on your end device by the internet browser you use. These cookies process certain information about you, such as your browser or location data or your IP address, to an individual extent.

This processing makes our website more user-friendly, effective, and secure, as it enables the playback of our website in different languages or the offering of a shopping cart function, for example.

The legal basis for this processing is Art. 6(1)(b) GDPR, insofar as these cookies process data for initiating or processing a contract. If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6(1)(f) GDPR.

These session cookies are deleted when you close your internet browser.

b) Third-Party Cookies

If necessary, our website may also use cookies from partner companies with whom we cooperate for the purpose of advertising, analysis, or the functionality of our website.

For details, especially regarding the purposes and legal bases for the processing of such third-party cookies, please refer to the information below.

c) Disabling Options

You can prevent or restrict the installation of cookies by setting your internet browser accordingly. You can also delete previously saved cookies at any time. However, the necessary steps and measures depend on your specific internet browser. Please use the help function or documentation of your internet browser or contact its manufacturer or support for this purpose. Flash cookies cannot be prevented by the settings of your browser. Instead, you need to change the settings of your Flash player in this regard. The necessary steps and measures also depend on your specific Flash player. For questions, please also use the help function or documentation of your Flash player or contact its manufacturer or user support.

However, blocking or restricting the installation of cookies may lead to the fact that not all functions of our website can be used to their full extent.

Embedded YouTube Videos

On some of our web pages, we embed YouTube videos. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube's servers is established. This informs YouTube about which pages you visit. If you are logged into your YouTube account, YouTube can associate your browsing behavior with you personally. You can prevent this by logging out of your YouTube account beforehand.

When a YouTube video is started, the provider uses cookies that collect information about user behavior.

If the storage of cookies for the Google Ad program is deactivated, such cookies will not be expected when viewing YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in your browser.

For more information on data protection at "YouTube," please refer to the provider's privacy policy: https://www.google.de/intl/de/policies/privacy/

Social Plugins

Social plugins from the providers listed below are used on our websites. You can recognize the plugins by the corresponding logo.

Through these plugins, information, including personal data, may be sent to the service provider and may be used by them. We prevent the unconscious and unintentional collection and transmission of data to the service provider through a 2-click solution. To activate a desired social plugin, it must first be activated by clicking on the corresponding switch. Only through this activation of the plugin is the collection of information and its transmission to the service provider triggered. We do not collect personal data using the social plugins or through their use.

We have no control over what data an activated plugin collects and how it is used by the provider. Currently, it must be assumed that a direct connection to the provider's services is expanded and at least the IP address and device-related information are collected and used. There is also the possibility that the service providers will try to store cookies on the device used. Please refer to the privacy policy of the respective service provider for specific details on which data is collected and how it is used. Note: If you are logged into Facebook at the same time, Facebook may identify you as a visitor to a specific page.

We have integrated the social media buttons of the following companies on our website:

If you want to prevent these providers from directly associating the data collected through our website with your profile with the respective service provider, you must log out of the respective service provider before visiting our website. You can also completely prevent the loading of plugins with add-ons for your browser, e.g., with the script blocker "NoScript" (https://noscript.net/).

IV. Newsletter

Newsletter Data

If you would like to receive the newsletter offered on the website, we need an email address from you, as well as information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. No further data is collected or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered into the newsletter registration form is based exclusively on your consent (Art. 6(1)(a) GDPR). You can revoke your consent to the storage of data, the email address, and their use for sending the newsletter at any time, for example, via the "unsubscribe" link in the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter, and it will be deleted after the newsletter is unsubscribed. Data that has been stored by us for other purposes remains unaffected.

Mailchimp - Newsletter

The newsletters are sent using "MailChimp," a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter recipients, as well as their other data described in these notices, are stored on MailChimp's servers in the USA. MailChimp uses this information to send and evaluate newsletters on our behalf. Furthermore, MailChimp may use this data according to its own information to optimize or improve its own services, e.g., for technical optimization of the sending and presentation of newsletters or for economic purposes to determine from which countries recipients come. However, MailChimp does not use the data of our newsletter recipients to contact them itself or pass it on to third parties.

We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement "Privacy Shield" and is committed to complying with EU data protection requirements. Furthermore, we have concluded a "Data Processing Agreement" with MailChimp. This is a contract in which MailChimp commits to protecting the data of our users, processing it on our behalf in accordance with its data protection provisions and not passing it on to third parties. You can view MailChimp's privacy policy here: https://mailchimp.com/legal/privacy/

V. Routine Deletion and Blocking of Personal Data

The data controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or as stipulated by the European legislator or another legislator in laws or regulations to which the data controller is subject.

Once the purpose of storage is no longer applicable or the storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with legal requirements.

VI. Rights of the Data Subject

a) Right to Confirmation

Every data subject has the right granted by the European legislator to obtain confirmation from the data controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right to confirmation, they can contact an employee of the data controller at any time.

b) Right to Information

Every data subject affected by the processing of personal data has the right, granted by the European legislator, to obtain information from the data controller at any time and free of charge about the personal data stored about them and a copy of this information. Furthermore, the European legislator has granted the data subject the right to information about the following:

Furthermore, the data subject has the right to know whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate guarantees in connection with the transfer.

If a data subject wishes to exercise this right to information, they can contact an employee of the data controller at any time.

c) Right to Rectification

Every data subject affected by the processing of personal data has the right granted by the European legislator to demand the immediate correction of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of processing.

If a data subject wishes to exercise this right to rectification, they can contact an employee of the data controller at any time.

d) Right to Erasure (Right to be Forgotten)

Every data subject affected by the processing of personal data has the right granted by the European legislator to request from the controller the erasure of personal data concerning them without undue delay if one of the following reasons applies and the processing is not necessary:

If one of the above reasons applies, and a data subject wishes to request the erasure of personal data stored by the data controller, they can contact an employee of the data controller at any time. The employee of the data controller will arrange for the erasure request to be complied with immediately.

If the personal data has been made public by the data controller and our company, as the data controller, is obligated to erase the personal data pursuant to Art. 17(1) GDPR, the data controller, taking into account available technology and implementation costs, will take reasonable steps, including technical measures, to inform other data controllers processing the personal data that the data subject has requested the erasure of any links to, or copy or replication of, this personal data, as long as the processing is not necessary. The employee of the data controller will do what is necessary in individual cases.

e) Right to Restriction of Processing

Every data subject affected by the processing of personal data has the right granted by the European legislator to request from the data controller the restriction of processing if one of the following conditions is met:

If one of the above conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the data controller, they can contact an employee of the data controller at any time. The employee of the data controller will initiate the restriction of processing.

f) Right to Data Portability

Every data subject affected by the processing of personal data has the right granted by the European legislator to receive the personal data concerning them, which was provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, as long as the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Art. 20(1) GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

To assert the right to data portability, the data subject can contact an employee of the data controller at any time.

g) Right to Object

Every data subject affected by the processing of personal data has the right granted by the European legislator to object, on grounds relating to their particular situation, at any time, to the processing of personal data concerning them which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.

The data controller shall no longer process the personal data in the event of the objection unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

If the data controller processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the data controller to the processing for direct marketing purposes, the data controller will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to their particular situation, to object to the processing of personal data concerning them by the data controller for scientific or historical research purposes, or for statistical purposes pursuant to Art. 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject can contact any employee of the data controller or another employee directly. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise their right to object by automated means using technical specifications.

h) Automated Individual Decision-Making, Including Profiling

Every data subject affected by the processing of personal data has the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, as long as the decision is not necessary for entering into, or the performance of, a contract between the data subject and the data controller, is not authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or is not based on the data subject's explicit consent.

If the decision is necessary for entering into, or the performance of, a contract between the data subject and the data controller, or it is based on the data subject's explicit consent, the data controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.

If the data subject wishes to exercise rights related to automated decision-making, they can contact an employee of the data controller at any time.

i) Right to Withdraw Consent to Data Processing

Every data subject affected by the processing of personal data has the right granted by the European legislator to withdraw their consent to the processing of personal data at any time.

If the data subject wishes to exercise the right to withdraw consent, they can contact an employee of the data controller at any time.