Data protection agreement
1.1 Person responsible:Name/Company: Unwired Networks GmbH Street no.: Gonzagagasse 11/25 Postcode, City, Country: 1010, Vienna, Austria Company register number: 365784v Managing Director: Mag. Alexander Szlezak Phone: +43 1 996 2051 E-mail adress: firstname.lastname@example.org
1.2 Data Protection Officer:For questions or suggestions regarding data protection, please contact the company data protection officer. E-mail adress: email@example.com
2. Purpose of processing
2.1 Data processedList of categories with examples,
- Inventory data (e.g., names, addresses).
- Contact data (e.g., e-mail, telephone numbers).
- Contract data (e.g., subject matter of contract, term, customer category).
- Payment data (e.g., bank details, payment history).
- Logs & website analysis (e.g., browser type & version, operating system, referrer, IP address).
- Cookies (Facebook, Google Ads, Session Cookies, …).
LogsOur website (web server, plugins) stores log data including IP address for a short time for the purpose of technical monitoring of the service and prevention of misuse.
CookiesA ‘cookie’ is a small file consisting of a text-only string of information that a website transfers to your computer hard drive web browser and places there temporarily for the duration of your visit to the site or sometimes longer, depending on the type of cookie. Cookies perform different functions (e.g., to distinguish between you and other users of the same website or to remember certain facts about you, such as very specific preferences) and are used by most websites to provide a higher quality user experience. Each cookie is unique to your web browser and contains anonymous information. Typically, a cookie contains the name of the domain from which it came from, the “lifetime” of the cookie, and a value (usually in the form of a randomly generated, unique number). Because we respect your right to privacy, you can choose not to allow certain types of cookies. So, apart from technically necessary cookies (strictly necessary cookies), which may also be set without your consent, you can agree to other cookies, such as performance cookies and cookies for marketing purposes, or reject them out of hand.
- User-input cookies (session-id), e.g., first-party cookies that limit the user input, e.g., when filling out online forms, but only for the duration of the session. Persistent cookies may be excluded if they are stored for less than an hour.
- authentication cookies, which record the user’s login status, e.g., as soon as he or she is logged in as a family member; this must be limited to the duration of the session.
- user-centric security cookies, which serve to increase the security of a service, e.g., recognition of several failed log-in attempts, for a limited period of time (a few hours).
- multimedia content player cookies, which store technical data for playing video and audio files, e.g., Flash cookies, for the duration of a session, but may not contain any additional information that is not absolutely necessary for playing.
- load-balancing cookies, which are necessary with regard to the technology of a so-called load balancer in order to ensure forwarding to a specific server in the pool, limited to the duration of the session.
- user-interface customisation cookies, which store the user’s preferences with regard to a service across several websites and are not linked to other, permanent identifiers (e.g., username), but are expressly desired (button, checkbox), e.g., cookies for setting the language preference, for the duration of the session.
- third-party social plug-in content-sharing cookies, provided they are a logged-in member of a social network and are required for the desired functionality (also via third-party websites), for the duration of the browser session or until the member is logged out. However, as a non-member or logged out member, you must give your consent.
2.2 Persons concerned
- Interested parties
- Suppliers, service providers, partner companies and their employees
- Website visitors
- Interested parties
2.3 Legal basis
- We process inventory data (e.g., names and addresses as well as contact data of users), applicant data, contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para 1 point (b) GDPR.
- In order to be able to offer the website, Unwired collects data that is technically absolutely necessary. In addition, Unwired has a legitimate interest in collecting further data for optimising and securing the website. Unwired obtains the consent of the website user for the use of personal data (e.g., e-mail address).
- The legal basis for obtaining consent is Art. 6 para. 1 point (a) and Art. 7 GDPR, the legal basis for processing for the fulfilment of our services and implementation of contractual measures as well as answering enquiries is Art. 6 para. 1 point (b) GDPR, the legal basis for processing for the compliance with a legal obligations is Art. 6 para. 1 point (c) GDPR, and the legal basis for processing for the purpose of our legitimate interests is Art. 6 para 1 point (f) GDPR.
Legal basis newsletter dispatch
- We inform existing employees, customers, suppliers and partners by newsletter within the meaning of the GDPR on the basis of our legitimate interest. We inform interested parties by newsletter on the basis of their consent within the meaning of the GDPR.
- Germany: The newsletter is sent and its success measured on the basis of the recipients’ consent pursuant to Art. 6 para 1 point (a), Art. 7 GDPR in conjunction with Section 7 para. 2 point 3 UWG or on the basis of the legal permission pursuant to Section 7 para. 3 UWG.
- Austria: The newsletter is sent and its success is measured on the basis of the recipients’ consent pursuant to Art. 6 para 1 point (a), Art. 7 GDPR in conjunction with Section 107 para. 2 TKG or on the basis of legal permission pursuant to Section 107 para. 2 and 3 TKG.
- The logging of the registration process is carried out on the basis of our legitimate interests pursuant to Art. 6 para 1 point (f) GDPR and serves as proof of consent to receive the newsletter.
- Cancellation/revocation – You can cancel receipt of our newsletter at any time, i.e., revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled this subscription, their personal data will be deleted.
2.4 Third-party provider
Within the EUData transfer within the company: We may pass on individual data processing operations to specialised areas of our company. This happens so that we can better process your data for internal administrative purposes, for example. External service providers: We comply with legal and contractual obligations. Data processing is often carried out by specialised companies, so-called service providers (processors). Our order processors include in particular IT service providers, service providers in the context of customer care, contract management, market research institutes, marketing companies and advertising agencies. Courts and authorities: There are also legal obligations that we can only fulfil if we transfer your personal data to authorities (such as social insurance institutions, financial authorities or law enforcement authorities, supervisory authorities, customs authorities, health authorities) or courts to the extent required. Other recipients: Within the framework of the contractual relationship and in particular in connection with our performance obligation or in connection with legal disputes, there may – depending on the individual case – be further transfers of your personal data (such as lawyers, interest groups, direct marketing companies, banks, insurance companies, auditors, tax consultants, external payment service providers).
Outside the EUData may also be transferred to a third country if this third country has been confirmed by the European Commission to have an adequate level of data protection or if other suitable data protection guarantees are in place (e.g. binding internal company data protection regulations or EU standard data protection clauses only including a documented case-by-case assessment of the adequacy of the level of protection). With your explicit consent, data may be transferred to a third country (Art. 49 para. 1 point (a) GDPR). We hereby inform you about possible risks in the event of an intended data transfer and the lack of suitable data protection guarantees. We use various cookies and similar technologies on our website, with which we and third-party providers sometimes also process personal data. The European Court of Justice has not certified the USA as having an adequate level of data protection. In particular, there is a risk that your data may be accessed by US authorities for control and monitoring purposes and that no effective legal remedies are available against this. Before we set cookies and transfer your data to these companies, we ask for your explicit consent (Art. 6 para. 1 point (a) GDPR in conjunction with Art. 49 para. 1 point (a) GDPR). You can revoke your consent at any time with future effect by adjusting your preferences under “Edit cookie setting” on our website.
- We use the billing programme “Easybill”, from the provider easybill GmbH, Düsselstr. 21, 41564 Kaarst, Germany, on the basis of our legitimate interests (efficient and fast processing of billing). For this purpose, we have concluded a contract with easybill with so-called standard contractual clauses, in which easybill undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level (https://www.easybill.de/privacy).
- We use the CRM system “Pipedrive”, of the provider Pipedrive, Paldiski mnt 80, Tallinn, Harjumaa 10617 Estonia on the basis of our legitimate interests (efficient and fast processing of user requests). For this purpose, we have concluded a contract with Pipedrive with so-called standard contractual clauses, in which Pipedrive undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. Pipedrive is also certified under the Privacy Shield agreement and thereby offers an additional guarantee of compliance with European data protection law (https://www.pipedrive.com/en/privacy).
- We transmit data to our account-holding bank for the purpose of processing payment orders and to our tax advisor.
- We use wholesale service providers in order to be able to provide our services: e.g.: A1 Telekom Austria AG, Hutchinson Drei Austria GmbH.
- We use shipping service providers for shipping goods and documents: e.g.: Österreichische Post AG, DHL Paket (Austria) GmbH
- We use the web-based instant messaging service “Slack” of the Irish company Slack Technologies Limited, Hatch Street Upper, Dublin 2, Ireland, based on our legitimate interests (quality assurance of our internal processes). For this purpose, we have concluded a contract with Slack with so-called standard contractual clauses in which Slack undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level (https://slack.com/intl/de/privacy-policy).
- For the integration of various databases and tools, we use Zapier, a service of Zapier Inc, 548 Market St #62411, San Francisco, California 94104, USA. This may involve the transmission of customer data with the exception of payment data. Further information on data protection at Zapier can be found at https://zapier.com/privacy.
- We use “Google”, of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 as a document management system and e-mail provider based on our legitimate interests. For this purpose, we have concluded a contract with Google with so-called standard contractual clauses, in which Google undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. Google is also certified under the Privacy Shield agreement and thus offers an additional guarantee of compliance with European data protection law https://policies.google.com/privacy?hl=de&gl=de
In order to be able to offer the website, Unwired works together with various service providers or partners (e.g. roaming partners), who also receive access to the technical systems and data for troubleshooting purposes. Some of these service providers and partners are also located outside the European Union. If this is the case, Unwired ensures by means of suitable guarantees that the high level of data protection of the European Union as well as of Austria is also adhered to by the service providers and partners.
- This website uses Borlabs Cookie from Borlabs, Rübenkamp 32, 22305 Hamburg, which sets a technically necessary cookie (borlabs-cookie) to save your cookie consents. Borlabs cookies do not process any personal data. The borlabs-cookie stores the consent you gave when entering the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.
[borlabs-cookie type=”btn-cookie-preference” title=”Change Cookie Preferences” element=”link” /]
- This website uses WPML. This is used for the purpose of translating the website. WPML also stores your current browser language to display the website in the correct language.
- We use the software “Matomo” (www.matomo.org) on this website, a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. The software sets a cookie (a text file) on your computer, with which your browser can be recognised. If sub-pages of our website are called up, the following data is stored:
- The user’s IP address, shortened by the last two bytes (anonymised).
- The sub-page called up and the time of the call-up.
- The page from which the user accessed our website (referrer).
- Which browser with which plug-ins, which operating system and which screen resolution is used.
- The length of time spent on the website.
- The pages that are accessed from the sub-page called up.
- The data collected with Matomo is stored on our own servers. It is not passed on to third parties. The data will not be passed on to third parties.
- This website uses Google Analytics, a web analytics service provided by Google, Inc. („Google“).
- Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
- You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: Browser-Plugin (http://tools.google.com/dlpage/gaoptout?hl=de).
- The storage of Google Analytics cookies is based on Art. 6 para. 1 point (f) GDPR. The storage takes place for an unlimited period of time, unless you make use of your opt-out options.
- We use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
- This feature makes it possible to link the advertising audiences created with Google Analytics Remarketing with the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).
- If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you log in with your Google account.
- To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create target groups for cross-device ad advertising.
- IX. Google Ads and Google Conversion Tracking:
- We use Google Ads. Google Ads is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
- Within the framework of Google Ads, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the ad and was redirected to this page.
- Each Google Ads customer receives a different cookie. The cookies cannot be tracked across Ads customers’ websites. The information collected using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.
- Change Google Analytics Preferences: [borlabs-cookie type=”btn-switch-consent” id=”google-analytics” title=”Google Analytics” /]
- Furthermore, we may use the “Google Tag Manager” to integrate and manage Google analytics and marketing services on our website.
- LinkedIn (Insight Tag): We use the LinkedIn Insight Tag on our website for Converison Tracking, a tool of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For this purpose, the LinkedIn Insight Tag is integrated on our website, whereby a cookie is set on your device when you visit our website. This enables us to statistically evaluate the use of our website in order to constantly optimise it. We learn, for example, which LinkedIn ad you used to access our website. This enables us to better control the display of our advertising and to carry out so-called retargeting.
- You can prevent the analysis of your usage behaviour by LinkedIn and the display of interest-based recommendations via https://www.linkedin.com/help/linkedin/answer/62931.
2.5 Deletion periods
We do not store collected data longer than necessary and are guided by legal obligations.
- We delete enquiries if they are no longer necessary. We review the necessity every two years; we store enquiries from customers who have a customer account permanently and refer to the customer account details for deletion. The statutory limitation period under the Austrian General Civil Code is between three and thirty years. During this time, claims can be asserted against us. As long as it is necessary, depending on the possible claim, we may retain your personal data required for this purpose. In the case of legal archiving obligations, deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).
- Vouchers, business papers, other documents (§ 212 UGB), 7 years § 132 BAO.
- Application data, 6 months after rejection according to § 15 GlBG.
- The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in each newsletter.
- This also enables the revocation of consent to the storage of personal data collected during the registration process.
3. Relevant legal bases
We ask you to regularly inform yourself about the content of our data protection declaration. We adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
3.2 Provision of contractual services
We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para 1 point (b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
3.3 Rights of data subjects
You are generally entitled to the rights of information, correction, deletion, erasure, data portability, revocation and objection. If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. In Austria, this is the data protection authority.
You have the right to request confirmation as to whether data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
According to Art. 16 GDPR, you have the right to request that the data concerning you be completed or that the inaccurate data concerning you be corrected.
In accordance with Art. 17 GDPR, you have the right to demand that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 GDPR, to demand that the processing of the data be restricted.
You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 GDPR and to request that it be transferred to other data controllers.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.
You have the right at any time to free information about the data stored about you, its origin and recipient as well as the purpose of the data processing. You also have the right to data transfer and deletion of your data.
Please contact us via the contact form or by telephone.
Should there ever be cause for complaint regarding the processing of your data, you can also contact the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, or at firstname.lastname@example.org .
3.3.1 Right of withdrawal
You have the right to withdraw your consent in accordance with Art. 7 para. 3 GDPR with effect for the future.
3.3.2 Right to object
You may object to the future processing of data concerning you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against processing for direct marketing purposes.
3.3.3 Right to erasure
The data processed by us will be deleted or restricted in its processing in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
Germany: In accordance with legal requirements, storage takes place in particular for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
Austria: The statutory limitation period under the Austrian General Civil Code is between three and thirty years. During this time, claims can be asserted against us. As long as it is necessary, depending on the possible claim, we may retain your personal data required for this purpose. In accordance with legal requirements, storage is carried out in particular for 7 years in accordance with § 132 para. 1 BAO (accounting records, vouchers/invoices, accounts, receipts, business papers, statement of income and expenditure, etc.), for 22 years in connection with real property and for 10 years for documents in connection with electronically provided services, telecommunications, radio and television services provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is claimed.
3.4 Data security
We strive to protect our users from unauthorised access to or unauthorised alteration, disclosure or destruction of data. In particular:
- we encrypt many of our services using SSL.
- we review our collection, storage and processing practices, including physical security measures, to protect against unauthorised access to systems.
- we restrict access to personal data to employees and contractors who have a compelling need to know the data in order to process it for us and who are subject to strict confidentiality obligations and may be subject to disciplinary action or termination if they fail to comply with those obligations.
3.6 Regulatory compliance in cooperation with government agencies
Competent supervisory authority
Austrian Data Protection Authority
Telefon: +43 1 521 52-25 69
Version as of 11. Mai 2022