1) Information according to Article 13 of the GDPR (General Data Protection Regulation)
CADS GmbH – hereinafter referred to as CADS – would like to use this data protection declaration to inform readers and users of the website (users) about the type, scope and purpose of the personal data processed. Furthermore, this data protection declaration will inform data subjects/users about their rights.
We know that the careful handling of your personal data is very important to you and we appreciate the trust you place in CADS to handle this data conscientiously.
2) Controller as described in Article 24 of the GDPR
3) Data protection officer in accordance with Article 37 of the GDPR
CADS is a privately owned company. To protect your data, CADS has appointed the following data protection officer:
Mr. Ronald Kopecky
KOMDAT Datenschutz GmbH
Tel.: +43 / 7243 / 54300
4) Data protection declaration
Our data protection declaration explains the following;
- what information we collect and for what reason;
- how we use this information;
- what choices we offer, including how information can be accessed and updated;
We have tried to make this declaration as straightforward as possible.
5) Legal grounds for processing
CADS processes personal data exclusively on one of the following legal grounds:
- Your consent
- On a contract basis
- In a legitimate interest
6) How do we protect your personal data?
In order to guarantee the security of your personal data, we have introduced a number of technical and organisational measures in accordance with Article 32 of the GDPR. Your personal information is stored on secure networks that can only be accessed by a limited number of people who have special access rights and are committed to respecting and maintaining the confidentiality of that information. Despite these measures, each time you provide personal information via the Internet, there is a risk that it may be intercepted and used by third parties outside our control. Although we do everything in our power to protect your personal information and privacy, we are not in a position to guarantee the security of the information you provide via the Internet.
Data security measures:
- We encrypt many of our services using SSL
- User authentication controls
- Secure network infrastructures
- Network monitoring solutions
- Restricting access to personal data
- Employee Code of Conduct
- Obligation to ensure data secrecy
7) Who has access to your personal data and how far does this access reach?
CADS can have the personal data processed by contract processors. The processing of personal data takes place exclusively on our instructions and for the purposes that are defined in advance.
Apart from your personal data and the use of your personal data for the purposes described above, we do not sell or trade your personal data or disclose it to third parties without informing you in advance and in accordance with current data protection legislation.
8) Affected rights
You are entitled to the following rights as a data subject within the scope of the GDPR.
a) Right of access (Art. 15 GDPR)
You have the right at any time to receive information free-of-charge from the person responsible about the personal data stored about you and to obtain a copy of this information. If the right to information is unduly exercised by the data subject by sending excessive requests for information to the person responsible, CADS may charge the data subject the standard local fee for the administration costs of providing information to the data subject.
b) Right to Verification (Article 16 GDPR)
You have the right to ask the controller to immediately rectify any inaccurate personal data concerning you.
c) Right to Erasure (Right to be forgotten) (Article 17 GDPR)
You have the right to ask the controller to erase personal data relating to you without delay, insofar as they are not necessary for the purposes for which they were collected or otherwise processed and the erasure is not blocked for any legal reason. If the erasure is requested by the data subject, CADS checks the legal requirements mentioned above and informs the data subject accordingly.
d) Right to restriction of processing (Article 18 GDPR)
You have the right to ask the controller to restrict the processing of your personal data.
e) Right to Data Portability (Article 20 GDPR)
You have the right to receive the personal data concerning you that you have provided to a controller in a structured, commonly used and machine-readable format and have the right to transmit these data to another controller without hindrance from the controller to which the personal data have been provided.
f) Right to object (Article 21 GDPR)
If CADS processes personal data which are based on a public interest or are held in the role as an official authority or are necessary for a legitimate interest, the data subject has the right to object to the processing of their data at any time due to their particular situation. If CADS processes personal data for the purpose of direct marketing, the data subject has the right to object to such processing at any time. This also applies to profiling in so far as it is linked to such direct marketing.
g) Right to withdraw consent (Article 7 PARAGRAPH 3 GDPR)
You have the right to revoke any previously given consent to data processing at any time. By withdrawing consent, the legality of the data processed as a result of granting permission before it was withdraw remains unaffected.
h) Right to lodge a complaint (ARTICLE 77 GDPR)
If you come to the conclusion that the processing of your data violates data protection regulations or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, this is the data protection authority, Wickenburggasse 8, 1080 Vienna.
i) Perception of affected rights
If you have any questions regarding data protection or the exercise of the rights described above, please contact us as follows:
- by email: datenschutz@CADS.at*
- by mail: CADS GmbH, Technologiepark 17, 4320 Perg – Mr. Mario Moser *
*Please include a copy of your official ID or passport.
Without prior successful identity verification, we will not be able to process the inquiry. For this reason, we ask you to support the identity verification process accordingly.
9) Retention of personal data
In accordance with applicable law, we are obliged pursuant to Art. 5 para. 1 lit. of the GDPR to delete your data if the purpose no longer exists and there is no legal basis for retaining the data.
Data will be stored and kept by us in person-related form until the termination of the business relationship or until the expiry of applicable periods; moreover, until the termination of any legal disputes in which the data is required as evidence; or until the expiry of the third year after the last contact with a business partner.
In addition, we comply with the following statutory deadlines:
10) Data transfer to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only pass on your personal data to third parties if:
- You have given your express consent in accordance with article 6 paragraph 1 sub-paragraph (a) of the GDPR,
- the transfer in accordance with article 6 paragraph 1 sub-paragraph (f) of the GDPR is necessary to safeguard operational interests and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in your data not being transferred,
- tn the event that there is a legal obligation to transfer data pursuant to article 6 paragraph 1 sub-paragraph (c) of the GDPR, and
- this is legally permissible and necessary for the execution of contractual relationships with you pursuant to article 6 paragraph 1 sub-paragraph (b) of the GDPR.
CADS may share your personal data with suppliers who provide services on our behalf in accordance with our instructions.
CADS may also share your personal data with our affiliate companies and partners.
In addition, CADS may disclose your personal information if we are required to do so by law, regulation or governmental authority, or if we believe that disclosure is necessary or appropriate to prevent physical damage or financial loss.
CADS reserves the right to transfer personal data we have about you when we sell or transfer all or part of our business or assets (including in the event of restructuring, dissolution or liquidation).
11) Data transfers
CADS may also transfer your personal data to countries outside the country where the information was originally collected. These countries may not have the same data protection laws as the country in which you originally provided the personal data. When we transfer your information to other countries, we protect that information as described in this data protection declaration, and these transfers are governed by the relevant applicable law.
The countries to which we share personal data are located
- within the European Union or
• outside the European Union
If we transfer personal data from the European Union to countries or international organisations outside the European Union, the transfer takes place on the following basis:
- An adequacy decision by the European Commission;
- In the absence of such a requirement for other legally permissible reasons, such as the existence of a legally binding and enforceable document between authorities or public bodies, binding internal company rules, standard data protection clauses and approved or certified codes of conduct.
In exceptional cases, data may also be transmitted on the basis of article 49 of the GDPR:
- Article 49 paragraph 1 sub-paragraph (a) of the GDPR
the data subject has given his or her explicit consent to the proposed data transfer after having been informed of the potential risks to him or her of such data transfers without an adequacy decision and without appropriate safeguards,
- Article 49 paragraph 1 sub-paragraph (b) of the GDPR
the transfer is necessary for the fulfilment of a contract between the data subject and the controller or for the implementation of pre-contractual measures at the request of the data subject,
- Article 49 paragraph 1 sub-paragraph (c) of the GDPR
the transfer is necessary for the conclusion or fulfilment – in the interest of the data subject – of a contract concluded by the person responsible with another natural or legal person,
12) Server log files
When you visit this website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information will be collected without your intervention and stored until it is erased automatically:
- IP address of the computer sending the request,
- date and time of access,
- name and URL of the file called,
- website from which access is made (referrer URL),
- the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The possibility of using this data on the legal basis pursuant to article 6 paragraph 1 sub-paragraph (f) of the GDPR for purposes such as
- ensuring smooth connection to the website,
- ensuring convenient use of our website,
- the evaluation of system safety and stability as well as
- for other administrative purposes
is currently being implemented by us. The collected data will under no circumstances be used to draw conclusions about your person.
These data are collected on the basis of article 6 paragraph 1 sub-paragraph (f) of the GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of their website – and it is for this purpose that the server log files need to be recorded.
13) ONLINE CONTACT FORM
You can use a contact form to send requests, suggestions and wishes to CADS.
In order to contact us, you will need to provide the following information:
- First and last name
- Email address
In addition, you have to write a text in the corresponding field.
You acknowledge that the aforementioned data will be processed by CADS for the purpose of processing or responding to your request.
The processing of your data takes place on the basis of fulfilment of a contract or pre-contractual measures pursuant to article 6 paragraph 1 sub-paragraph (b) of the GDPR and on the basis of your consent pursuant to article 6 paragraph 1 sub-paragraph (a) of the GDPR.
We collect certain information when you visit our websites. This information is referred to as a “cookie”. Together with the information you have provided us with, we can optimise your visits to our website even better to even better match your needs.
Cookies are small files that allow CADS to store information on your PC or digital device specific to you as the user while you visit the websites. The website uses or sets cookies in accordance with legislation under EU law and Austrian law (article 5 paragraph 3 of the E-Privacy Directive and article 96 paragraph 3 of TKG 2003). Cookies help to determine the frequency of use and the number of users of the internet pages, as well as to configure the offering as conveniently and efficiently as possible for you. The content of the cookies used is usually limited to an identification number and usage data that does not permit any personal reference being made to the user.
The use of our website is also possible without cookies, but may restrict the usage of the website.
When using or setting cookies which contain personal data, or which affect privacy, CADS obtains your active consent in advance when your navigation through our website brings you to our cookie banner where you receive information about the purposes of the cookies used and can give your consent to the setting of cookies.
For us, data protection is an essential contribution to customer satisfaction. You can therefore deactivate the storage of cookies in your browser, restrict it to certain websites or set your browser to notify you when a cookie is sent. You can also delete cookies from your PC’s hard drive at any time. Please note, however, that this will result in a restricted display of the page and you can expect limited user guidance.
15) Use of Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is generally sent to a Google server in the USA and stored there. Because IP-anonymization is activated on these websites, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional circumstances is the full IP address transmitted to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website traffic and to provide other services relating to website use and internet use to the website operator. The IP address transmitted from your browser for Google Analytics will not be combined with other data at Google.
You can prevent the saving of cookies by selecting the appropriate settings in your browser software; note, however, that this may mean that you are unable to use all functions of this website to the full extent. You can also prevent data related to your use of the website compiled by the cookie from being obtained and processed by Google by downloading and installing the browser add-on available at the following link: Browser-Add-on to deactivate Google Analytics.
a. IP Anonymization
We use the function “Activation of IP anonymization” on this website. Because IP anonymization is activated on these websites, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional circumstances is the full IP address transmitted to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website traffic and to provide other services relating to website use and internet use to the website operator. The IP address transmitted from your browser for Google Analytics will not be combined with other data at Google.
16) Use of script libraries (Google Webfonts)
In order to present our content correctly and in a graphically appealing way across all browsers, we use script libraries and font libraries such as Google Web Fonts(https://www.google.com/webfonts/) on this website. Google Web Fonts are transferred to your browser’s cache to avoid multiple loading. If your browser does not support Google Web Fonts or does not allow access, content will be displayed in a default font.
Calling script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible – but currently also unclear whether and, if so, for what purposes – for the operators of such libraries to collect data.
17) Use of Google Maps
Detailed instructions on how to manage your own data related to Google products can be found here.
18) Embedded Youtube Videos
We embed YouTube videos on some of our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our website pages that has a YouTube plugin, a connection is established with the YouTube servers. YouTube is then informed about which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.
If you have deactivated the saving of cookies for the Google Ad program, you will not be sent such cookies when watching YouTube videos. However, YouTube also saves non-personal usage information in other cookies. If you wish to prevent this, you must block the saving of cookies in your browser.
More information about the protection of user data is available in the YouTube data protection policy: https://www.google.de/intl/de/policies/privacy.
19) Embedded Vimeo Videos
We embed vimeo videos on some of our websites. The operator of the corresponding plugins is Vimeo, LLC, 555 West 18th Street, New York, NY 10011, USA.
If you have a Vimeo user account and do not want Vimeo to collect information about you from this website and link it to your member data stored with Vimeo, you must log out of Vimeo before visiting this website.
In addition, Vimeo calls the tracker Google Analytics via an iframe, in which the video is called up. This is a separate tracking of Vimeo, to which we have no access. You can stop Google Analytics tracking by using the opt-out tools that Google offers for some Internet browsers. You may also prevent the collection by Google of the data generated by Google Analytics and related to your use of the website (including your IP address) and the processing of this data by Google by downloading the browser plug-in available under the following link and install:
20) SSL Encryption
In order to protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS. You can recognize an encrypted connection by the character string “https://” at the start of the internet address and the lock symbol in your browser address line