DATA PRIVACY INFORMATION
for people affected according to Articles 13 and 14 GDPR
Responsible party according to Article 24 GDPR
Kwizda Kosmetik GmbH, („KWIZDA“)
Jochen-Rindt-Straße 23, 1230 Wien
Tel. +43 / (0)5 9977 30 338
Fax. +43 / (0)5 9977 30 330
DatenschutzKosmetik@kwizda.at
represented by:
Mag Richard P Kwizda and
Dkfm Dr Johann F Kwizda
Data protection officer according to Article 37 GDPR
KWIZDA is a private limited liability company (GmbH) based on the Limited Liability Companies Act (GmbHG) and is therefore a private company and not an authority or public body within the meaning of Article 37 Para. 1 Lit. a GDPR. As part of our core activity, neither extensive processing of special categories of data or of personal data on criminal convictions and criminal offences nor extensive regular and systematic monitoring of the people concerned is carried out in accordance with Article 37 Para. 1 Lit. b and c GDPR. For this reason, KWIZDA is not obligated to appoint a data protection officer.
Dealing with personal data
KWIZDA takes the protection of personal data very seriously.
Personal data is information that can be assigned to an individual person. Examples of this are your address, name, postal address, email address and telephone number. Information, such as the number of users visiting a website, is not personal data because it is not assigned to a person.
KWIZDA treats personal data in accordance with the statutory data protection provisions (notably the EU General Data Protection Regulation, Data Protection Amendment Act GDPR 2018) and this data privacy policy.
You have the option of lodging a complaint with a supervisory authority regarding the unlawful processing of your data by us in accordance with Article 77 GDPR. You can usually contact the supervisory authority at your usual place of residence or workplace or at our company headquarters. In Austria this is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde) Wickenburggasse 8, 1080 Vienna, +43 1 52 152-0, dsb@dsb.gv.at.
Rights of people concerned
You have the right:
- to request information about your personal data processed by us according to the Article 15 GDPR. Notably you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data if it have not been collected by us and the existence of automated decision-making, including profiling and, if applicable, meaningful information on their details;
- to immediately request the correction of incorrect or complete personal data stored by us in accordance with Article 16 GDPR;
- to request the deletion of your personal data stored by us in accordance with Article 17 GDPR unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- to restrict the processing of your personal data in accordance with Article 18 GDPR if you dispute the accuracy of the data, if the processing is unlawful but you refuse the deletion of the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing in accordance with Article 21 GDPR.
- to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another responsible party in accordance with Article 20 GDPR;
- to revoke the consent given to us at any time in accordance with Article 7 Para. 3 GDPR. As a result, this means that we will no longer be allowed to continue processing data based on this consent in the future.
Asserting the rights of persons concerned
You decide on the processing of your personal data. If you want to exercise one of the aforementioned rights, please contact us at DatenschutzKosmetik@kwizda.at. Please send a copy of an official photo ID together with your request for clear identification and support us in assessing and establishing your enquiry by answering questions from our responsible staff regarding the processing of your personal data. Please also indicate in your enquiry in which role (employee, applicant, supplier, customer, etc.) and in which period of time you had a relationship with us. This ensures that the matter is dealt with quickly.
Revocation
If your personal data is processed on the basis of legitimate interests in accordance with Article 6 Para. 1 Sentence 1 Lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR provided that there are reasons for this which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
If you would like to make use of your right to revocation or objection, simply send an email to DatenschutzKosmetik@kwizda.at.
Storage duration (deletion periods)
According to the applicable data protection requirements, we are obliged to delete personal data immediately as soon as the purpose for processing is complete in accordance with Article 5 Para. 1 Lit. e GDPR. In this context, we would like to point out that statutory retention obligations and periods represent a legitimate purpose for processing personal data.
In any case, data will be stored and retained by us in a personal form until the end of the business relationship or until the expiry of applicable warranty, guarantee or limitation periods; also until the end of any possible legal disputes in which the data is required as evidence; or in any case until the end of the third year after the last contact with a business partner.
We also adhere to the periods below.
Industry-specific periods:
- Identification obligation within the supply chain in accordance with Article 7 EU Cosmetics Regulation 1223/2009: 3 years
- Product information file in accordance with Article 11 EU Cosmetics Regulation 1223/2009: 10 years
Accounting and tax law:
- Tax law-related retention obligation in accordance with Sections 207 Para. 2 209 Austrian Federal Tax Code (BAO): 10 years
Contracts:
- Purchase price claim for movable items in accordance with Section 1062 in conjunction with Section 1486 Austrian General Civil Code (ABGB): 3 years
- Purchase price claim for immovable items (from contract Section 1486 ABGB): 30 years
- Claims from a contract for work and services in accordance with Section 1486 ABGB (if the service was rendered within the scope of a commercial or other business operation): 3 years
- General compensation in accordance with Section 1489 ABGB (compensation claims): 3 years (if damage and liable party are known)/otherwise 30 years
Employment contracts:
- Entitlement to a written reference in accordance with Section 1163 in conjunction with Section 1478 ABGB: 30 years
- Employment relationship in accordance with ABGB (subsidiary to the Employee Act): Employee’s claims and employer’s claims for remuneration, advances and all other claims arising from the employment contract in accordance with Section 1153 et seq. in conjunction with 1486 ABGB: 3 years
- Employee data relevant to accounting: such as bookkeeping.
- Deadline for asserting claims in accordance with Sections 15 Para. 1 and 29 Austrian Equal Treatment Act (GlBG) on the grounds of discrimination in promotions or applications: 6 months from the refusal of promotion or application or, according to the applicant’s declaration of consent, 3 years for application documents.
Disclosure of data
Your personal data will not be transmitted to third parties for purposes other than those listed below.
We will only pass on your personal data to third parties if:
- you have given your explicit consent in accordance with Article 6 Para. 1 Sentence 6 Lit. a GDPR,
- disclosure in accordance with Article 6 Para. 1 Sentence 1 Lit. f GDPR is necessary to safeguard the company’s interests and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
- in the event that a legal obligation exists for the transfer in accordance with Article 6 Para. 1 Sentence 1 Lit. c GDPR and
- this is legally permissible and is necessary for processing contractual relationships with you in accordance with Article 6 Para. 1 Sentence 1 Lit. b GDPR.
Use of our website
a) When you visit our website, the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called “log file”. The following information is recorded without any action on your part and stored until it is automatically deleted:
- IP address of the enquiring computer,
- data and time of access,
- name and URL of the accessed file,
- website from which access is made (referrer URL),
- browser used and, where necessary, your computer’s operating system and the name of your access provider.
The data mention will be processed by us for the following purposes:
- ensuring a smooth website connection,
- ensuring comfortable use of our website,
- analysing system security and stability, and
- for other administrative purposes.
The legal basis for the data processing is Article 6 Para. 1 Sentence 1 Lit. f GDPR. Our legitimate interest comes from the purposes listed above for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you.
In addition, we use cookies and analysis services when you visit our website. You will find more detailed explanations under “Cookies” in this data privacy policy.
b) Using our contact form
If you have any questions, we provide you with the opportunity to contact us using the form provided on the website. A valid email address is required so that we know who sent the request and can respond to it. Other information can be provided voluntarily.
The data will be processed for the purpose of contacting us in accordance with Article 6 Para. 1 Sentence 1 Lit. a GDPR on the basis of your voluntary consent. The personal data collected by us for the use of the contact form will be automatically deleted after your request has been processed.
Cookies
Our website uses so-called “cookies”. These are small text files that are saved on your end device with the help of the browser. They do no damage.
We use cookies to make our offer more user friendly. Some cookies remain on your end device until you delete them. They enable us to recognise your browser the next time you visit.
If you do not want this, you can set up your browser so that it informs you about cookies being set and you only allow this in individual cases. The functionality of our website may be limited if cookies are deactivated.
Server log files
The provider of the site automatically collects and saves information in so-called “server log files” that your browser automatically sends to us. These are:
- browser type/browser version
- operating system used
- referrer URL
- host name of the accessing computer
- time of the server request
This data cannot be assigned to specific people. A merger of this data with other data sources shall not be performed. We reserve the right to check this data retroactively if we become aware of any concrete evidence of illegal
use.
Web analysis
This website uses functions of the Google Analytics web analysis service. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files placed on your computer to help the website analyse how visitors use the site. The information generated by cookies about your use of the website will normally be transmitted to and stored by Google on servers in the USA.
We only use Google Analytics with activated IP anonymisation. This means that on this website, your IP address will be truncated beforehand within a member state of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google will not associate your IP address transferred within the framework of Google Analytics with any other data held by Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent Google’s collection and use of data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plug-in or alternatively clicking on the following link to opt out of cookies: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on the use of data for advertising purposes by Google, setting and objection options can be found on Google’s websites:
- https://www.google.com/intl/de/policies/privacy/partners/ (“How Google uses data when you use our partners’ sites or apps”),
- http://www.google.com/policies/technologies/ads (“How Google uses cookies in advertising”), http://www.google.de/settings/ads (“Control the information Google uses to show you ads”) and http://www.google.com/ads/preferences/ (“Take control of your Google ads experience”).
Content
Our website may contain links to third-party websites (“external links”). These external links are subject to the liability of the respective operators. KWIZDA has no influence whatsoever on the current and future design or the content of linked websites. Providing external links does not mean that the content is content from KWIZDA. A continual check of external links is not possible and reasonable for KWIZDA without specific indications of legal violations. However, if we become aware of any legal violations, these external links will be deleted immediately.
If you send us an enquiry by email, your information, including the contact details given by you in the email for the purpose of processing your request and for follow-up questions, shall be saved by us. KWIZDA would like to expressly point out that data transmission on the Internet (e.g. when communicating by email) has security gaps and cannot be completely protected from access by third parties.
Commercial advertising
The use of the contact data in our imprint or our website for commercial advertising is expressly not welcome unless we give our written consent. KWIZDA and all persons named on this website hereby object to any commercial use and disclosure of this data.
Data security
We use the widely used SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we revert to 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in your browser’s lower status bar.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
Validity of and changes to this data privacy policy
It may become necessary to change this data privacy policy because of the development of our website and offers above or due to changed legal or official requirements. The currently valid data privacy policy can be viewed and printed by you at any time on our website at https://www.ateia.at/en/dataprotection.
Vienna, 1 March 2018
Kwizda Kosmetik GmbH