Data protection

DATA PROTECTION DECLARATION according to 

 

Art. 13 Data Protection Basic Regulation (DSGVO).

 

 

 

Note: Data transmission on the Internet (e.g. communication by e-mail) can have security gaps. In order to protect your data from unwanted access as far as possible, we take so-called technical and organizational measures. Specifically, we use an encryption process on the website. Your data is transmitted over the Internet using TLS encryption from your computer to my computer and vice versa. TLS means “Transport Layer Security” and is an encryption protocol for data transmission on the Internet. You can usually recognize “TLS” by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.

 

Responsible party according to Art. 4 No. 7 DSGVO

 

The responsible party is 

 

Matijević Anto e.U., Unterm Kirchenberg 26a, 3362 Öhling, Austria.

 

Phone: +43 677 627 554 19

 

E-mail: toni@mtjvc.com

 

You can also find more information in the imprint.

 

Data processing on this website

 

 

 

Server data

 

This website automatically collects and stores server log file information that your browser transmits to us. These are:

 

IP address, 

host name and 

time of access. 

The legal basis for this data processing is the legitimate interest according to Art. 6 para. 1 lit. f) DSGVO. The legitimate interest lies in being able to identify indications of unlawful use of our website. 

 

Your personal data will not be transmitted to third parties. We have concluded an order processing agreement with the provider of this website, easyname GmbH, based in Austria, in accordance with Art. 28 DSGVO. This is a contract required by data protection law, which ensures that easyname GmbH processes the personal data of our website visitors only according to our instructions and in compliance with the DSGVO. 

 

The collected data is stored for 30 days in server log files that your browser automatically transmits to us. Only in the event of attacks on our server infrastructure or other legal violations do we store the server log files for longer than 30 days. This longer storage is based on our legitimate interest according to Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the preservation of evidence.

 

Inquiries by e-mail, telephone or contact form

 

We treat personal information that you provide to us by e-mail, telephone or contact form as confidential. We use your data exclusively to process and respond to your inquiry. The legal basis for data processing is our legitimate interest according to Art. 6 (1) lit. f) DSGVO. Our legitimate interest arises from our interest in answering inquiries from our customers, business partners and interested parties and in maintaining and promoting customer satisfaction.

 

We exclude the transfer of data to third parties. Exceptionally, data is processed on our behalf by order processors. These are in each case carefully selected, are contractually obligated by us in accordance with Art. 28 DSGVO.

 

All personal data that you provide to us in connection with inquiries will be deleted or anonymized by us no later than 180 days after the final response to you. The retention of 180 days is due to the fact that it may occasionally happen that you contact us again about the same matter after a reply and refer to the previous correspondence. Experience has shown that, as a rule, after 180 days, queries about our responses no longer occur.

 

 

 

Inquiries by direct messages via WhatsApp-Business as well as the integrated chat on our homepage

 

For direct and uncomplicated contact, we offer a chat via WhatsApp-Business, which is directly integrated on our homepage. The data processing in this context is based on the legal basis of contract performance or contract initiation according to Art. 6 para. 1 lit. b) DSGVO. The chat via WhatsApp is not intended for you to exchange sensitive data such as health data, data on religious affiliation or data on ethical origin. Please send us this sensitive data exclusively by e-mail.

 

In the context of the use of WhatsApp, WhatsApp Ireland Limited is the recipient of your data and a processor in accordance with Art. 28 DSGVO. WhatsApp is a product of the Meta Companies (formerly Facebook Inc.). In the context of Messenger, your data will also be transferred to third countries outside the European Union for which no adequacy decision exists. The legal basis for the transfer of data to third countries such as the USA within the scope of use are standard contractual clauses pursuant to Art. 46 (1) lit. c) DSGVO. 

 

Your data will be stored for the duration of the current contract and then deleted from WhatsApp.

 

If no contract is concluded with you, we will delete the chat no later than 180 days after the final response to you has been given. The retention of 180 days results from the fact that it may occasionally happen that you contact us again about the same matter after a reply and refer to the pre-correspondence. Experience has shown that, as a rule, after 180 days, queries about our replies no longer occur.

 

For more information on data processing in the context of my social media presences as well as the use of messengers there, please refer to the chapter Information on my social media presences.

 

 

 

Google Tag Manager

 

We use the Google Tag Manager of the provider Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland. Through Google Tag Manager, website tags are managed through one interface, which allows us as marketers to manage website tags through one interface. Tags are small sections of code that, for example, record (track) your activity on our website. The Google Tag Manager takes care of triggering other tags, which in turn may collect data. 

 

 

 

By implementing the Google Tag Manager, your IP address is transmitted to Google. This may also result in data transfers to Google servers in the USA. 

 

 

 

In the account settings of the tag manager, we have not allowed Google to receive anonymized data from us. 

 

 

 

Storage period still needs to be clarified.

 

 

 

COOKIES

 

 

 

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at <a href=”https://devowl.io/de/rcb/datenverarbeitung/” rel=”noreferrer” target=”_blank”>https://devowl.io/de/rcb/datenverarbeitung/</a>.

 

 

 

Legal bases for the processing of personal data in this context are Art. 6 para. 1 lit. c DS-GVO and Art. 6 para. 1 lit. f DS-GVO. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

 

 

 

The provision of the personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

 

 

 

Google Fonts

 

We use fonts from Google on our website, so-called “Google Fonts”. Instead of loading the fonts directly via Google servers, we have embedded them directly on our servers. This means that no connection to a US server is established.  

 

 

 

Data processing in the context of contract fulfillment

 

Detailed information about data processing in the context of your order can be found here. 

 

 

 

Communication via Zoom video conferencing system

 

We use the Zoom tool of the company Zoom Video Communications Inc. to conduct telephone conferences, online meetings and video conferences. You can access the scheduled appointments via a link provided by email. By clicking on the link, you can join the video room. Before joining, you can decide for yourself whether to enable the video or not. You will be muted by default and will need to manually un-mute your microphone if desired. If you turn on your camera and/or microphone, data from your microphone as well as your video camera will be processed during the meeting.

 

The following additional data may also be processed depending on the type and scope of the specific use:

 

Personal data (e.g., first and last name, e-mail address, profile picture).

Meeting metadata (e.g. date, time and duration of the communication, name of the meeting, participant IP address)

Device/hardware data (e.g. IP addresses, MAC addresses, Clint version)

Text, audio and video data (e.g. chat histories, video, audio and presentation recordings)

Connection data (e.g. phone numbers, country names, start and end times, IP addresses)

Furthermore, personal data of you may be processed. This depends specifically on your use, such as use of the chat, the whiteboard. We would like to explicitly point out that any information you provide during the meeting will be processed at least for the duration of the meeting. 

 

Legal basis

 

The legal basis for data processing for direct contractual partners is Art. 6 para. 1 lit. b) DSGVO, for business partners or contact persons at external bodies the legitimate interest according to Art. 6 para. 1 lit. f) DSGVO. The legitimate interest is the organization of virtual communication and the web conference.

 

We cannot exclude that the routing of data also takes place via internet servers that are located outside the EU or EEA. In some countries, such as the U.S., there is a risk that authorities may access data for security and surveillance purposes without notifying you or allowing you to seek redress. We have agreed to EU standard contractual clauses with Zoom as the legal basis for data transfer.

 

The provider Zoom necessarily receives knowledge of the above-mentioned data to the extent that this is contractually regulated within the scope of our order processing agreement pursuant to Art. 28 DSGVO. There are no other recipients.

 

In principle, you are not obliged to communicate with us via Zoom. Alternatively, meetings can also take place by telephone.

 

We generally delete personal data when there is no need for further storage. 

 

Operation of social media presences

 

We operate the following social media presences: 

 

LinkedIn: https://www.linkedin.com/company/matijevic-b%C3%BCroservice/about/

 

Facebook: https://www.facebook.com/mtjvcofficial

 

Instagram: https://www.instagram.com/mtjvc_official/

 

Instagram and Facebook are products of Meta Platforms Inc. (formerly Facebook Inc.) Instagram is a Facebook product: facebook.com/help/1561485474074139/?helpref=related

 

Data processing by us:

 

Operating the aforementioned social media sites.

Personal data entered on social media sites, such as comments, videos, images, likes, public messages, etc., are published by the respective social media platform. We reserve the right to delete content if this should be necessary. If applicable, we share content on our site and contact you via the social media platform, e.g. via the messengers offered. The legal basis is the legitimate interest according to Art. 6 (1) lit. f) DSGVO, which is in the interest of our public relations and communication. 

 

Organizing sweepstakes

We also organize sweepstakes in which you can participate, e.g. by (re)posting or commenting. If you are registered under your real name (first and last name) on the respective social media platform page, other social media users may be able to recognize you by this; the same applies to your profile picture. 

 

The collected data will only be processed for the purpose of handling the competition. This includes the following processes: The determination of the winners, their notification and, if applicable, also the sending of the prize, if it is a psychic product. Unless you give us voluntary and separate consent to do so, any announcement of winners will be made exclusively anonymously. You are under no circumstances obligated to participate in any publication as part of my sweepstakes. The publication is a separate process.

 

The legal basis in the context of the sweepstakes is the fulfillment of the award contract according to Art. 6 para. 1 lit. b) DSGVO. After the winner has been determined, the participants’ data will be deleted. The original post of the sweepstakes can no longer be deleted, if applicable. For more information, please refer to the privacy notices of the platform operators. The processing of your data (profile name) is required for participation in the sweepstakes.

 

Page Insights

The social media platforms provide anonymized statistics and insights that help us gain knowledge about the types of actions that people take on our site (so-called “page insights”). These page insights are created based on certain information about individuals who have visited our site. 

 

 

 

The legal basis for this data processing is our legitimate interest according to Art. 6 para. 1 lit. f) DSGVO, which is based on obtaining information about the actions as well as visitors to our pages. 

 

 

 

This processing of personal data is carried out by the social media platform and me as a so-called jointly responsible party according to Art. 26 DSGVO. In the case of joint responsibility, a separate agreement must be concluded. 

 

 

 

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

 

 

 

Instagram and Facebook: https://www.facebook.com/legal/terms/page_controller_addendum

 

 

 

If you wish to object to a specific data processing over which we have control, please contact us using the contact details above.

 

Note: The provision of your data is not required by law or contract or necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing it is that you will not be able to communicate or interact with us via our social media pages or participate in the competition. To contact us, please then use my e-mail address: toni@mtjvc.com

 

Data processing by the operator of the social media platform:

 

In addition to us, there is also the operator of the social media platforms per se. From a data protection point of view, this operator is also considered to be another controller that carries out its own data processing. This means that the operator is also a separate responsible party under the GDPR. However, we have only limited influence on the data processing by the operator. At the points where we can exert influence (e.g., through parameterization), we work within the scope of our possibilities towards data protection-compliant handling by the operator of the social media platform. In many places, however, we cannot influence the data processing by the operator of the social media platform and also do not know exactly what data it processes. The operator will inform you about the processing of personal data in its own privacy policy:

 

LinkedIn: https://de.linkedin.com/legal/privacy-policy

 

Facebook: www.facebook.com/help/568137493302217

 

Instagram: help.instagram.com/519522125107875

 

Note: The operator of the social media platform uses web tracking methods. In this context, web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already shown, we can unfortunately hardly influence the web tracking methods of the social media platform. We cannot, for example, switch this off. Please be aware of this: It cannot be ruled out that the provider of the social media platform uses your profile and behavioral data, for example, to evaluate your habits, personal relationships, preferences, etc. We have no influence on the processing of your data by the provider of the social media platform.

 

Data transfer to third countries and recipients:

 

In the context of platform use, your personal data is also processed by YouTube, Facebook and Instagram on servers in third countries, such as the USA. There is no adequate level of data protection for the USA. The data transfer takes place on the basis of standard contractual clauses. In some countries (such as also in the USA), this involves the risk that authorities may access the data for security and monitoring purposes without you being informed or being able to appeal.

 

 

 

Data subject rights

Your rights as a data subject

 

Pursuant to Art. 15 (1) DSGVO, you have the right to receive, upon request and free of charge, information about the personal data stored about you. Furthermore, you have the right to correction (Art. 16 DSGVO), deletion (Art. 17 DSGVO) and restriction of processing (Art. 18 DSGVO) of your personal data if the legal requirements are met. If you yourself have provided the processed data, you have a right to data transfer according to Art. 20 DSGVO.

 

If the data processing is based on Art. 6 (1) e) or f) DSGVO, you have the right to object according to Art. 21 DSGVO. If you object to data processing, it will not be carried out in the future unless the controller can demonstrate compelling legitimate grounds for further processing that outweigh the data subject’s interest in objecting.

 

If the data processing is based on consent pursuant to Art. 6(1)(a), Art. 9(2)(a) or Art. 49(1)(a) DSGVO, you may withdraw your consent at any time with effect for the future without affecting the lawfulness of the previous processing.

 

In the aforementioned cases, in the event of open questions or in the event of complaints, please contact us in writing or by e-mail at toni@mtjvc.com.

 

In addition, you have the right to lodge a complaint with a data protection supervisory authority. In particular, the complaint may be lodged with a supervisory authority in the EU member state of your place of residence, your place of work or the place of the alleged infringement.

 

No automated decision making

No automated decision-making or profiling takes place.

 

 Provision

Unless otherwise stated in the previous chapters, the provision of personal data is not required by law or contract or necessary for the conclusion of a contract.  Failure to provide your personal data may mean that we are unable to respond to your inquiries, for example.