Privacy Policy
We are very pleased about your interest in our company. Data protection has a particularly high priority for Andreas Mangl architect. The use of the Internet pages of Andreas Mangl architect is generally possible without any indication of personal data. However, if a data subject wants to make use of special services of our company via our website, processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Andreas Mangl architect. By means of this privacy policy, our company would like to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.
As the controller responsible for processing, Andreas Mangl architect has implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
1. Definitions
The privacy policy of Andreas Mangl architect is based on the terms used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy should be legible and understandable for the general public, as well as for our customers and business partners. To ensure this, we would like to first explain the terminology used.
In this privacy policy, we use, inter alia, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for the processing.
c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
h) Processor
Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient is a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not.
j) Third party
Third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and Address of the Controller
The controller for the purposes of the GDPR, other data protection laws applicable in Member States of the European Union, and other provisions related to data protection is:
Andreas Mangl architect
Mariahilfer Strasse 51/2/2
1060 Vienna
Austria
Tel.: +43 (0)699 19225890
E-mail: andreas.mangl@zirp.at
Website: www.zirp.at
3. Collection of General Data and Information
Each time the website of Andreas Mangl architect is accessed by a data subject or an automated system, a series of general data and information is collected and stored in the server log files. This may include: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (referrer), (4) the sub-pages accessed via an accessing system, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to avert danger in the event of attacks on our IT systems.
When using these general data and information, Andreas Mangl architect does not draw any conclusions about the data subject. This information is required in order to (1) deliver the content of our website correctly, (2) optimize the content of our website and advertising for it, (3) ensure the long-term viability of our IT systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. These anonymously collected data and information are therefore evaluated statistically by Andreas Mangl architect, with the aim of increasing data protection and data security in our company, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
4. Contact via the Website
Due to legal requirements, the website of Andreas Mangl architect contains information that enables a quick electronic contact with our company, as well as direct communication with us, including a general e-mail address. If a data subject contacts the controller by e-mail or via a contact form, the personal data voluntarily transmitted by the data subject are automatically stored. Such personal data transmitted voluntarily by a data subject to the controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
5. Routine Erasure and Blocking of Personal Data
The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage, or insofar as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.
6. Rights of the Data Subject
a) Right to confirmation – Every data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed.
b) Right of access – Every data subject has the right to obtain information free of charge about his or her stored personal data and a copy of this information, including details such as purposes of processing, categories of personal data, recipients, storage period, origin of data, existence of automated decision-making, and safeguards for transfers to third countries.
c) Right to rectification – Every data subject has the right to request the rectification of inaccurate personal data and the completion of incomplete data.
d) Right to erasure (“right to be forgotten”) – Every data subject has the right to request the deletion of personal data concerning him or her without undue delay if one of the legal grounds applies (e.g., no longer necessary, consent withdrawn, unlawful processing).
e) Right to restriction of processing – Every data subject has the right to request restriction of processing under certain conditions (e.g., contesting accuracy, unlawful processing but no deletion requested).
f) Right to data portability – Every data subject has the right to receive personal data provided to the controller in a structured, commonly used, and machine-readable format, and to transmit those data to another controller where technically feasible.
g) Right to object – Every data subject has the right to object at any time to the processing of personal data carried out on the basis of legitimate interests, including profiling, as well as to direct marketing.
h) Automated individual decision-making, including profiling – Every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, unless certain conditions are met.
i) Right to withdraw consent – Every data subject has the right to withdraw consent to the processing of personal data at any time.
7. Legal Basis for Processing
Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent. Processing necessary for the performance of a contract is based on Article 6(1)(b) GDPR. Processing necessary for compliance with a legal obligation is based on Article 6(1)(c) GDPR. In rare cases, processing may be necessary to protect vital interests (Article 6(1)(d) GDPR). Processing operations may also be based on Article 6(1)(f) GDPR, where processing is necessary for the purposes of legitimate interests pursued by our company or a third party, unless overridden by the interests or fundamental rights and freedoms of the data subject.
8. Legitimate Interests Pursued by the Controller or a Third Party
Where processing is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and shareholders.
9. Period for Which Personal Data Will Be Stored
The criterion used to determine the period of storage of personal data is the respective statutory retention period. After the expiration of that period, the corresponding data are routinely deleted, provided they are no longer necessary for contract fulfillment or contract initiation.
10. Statutory or Contractual Requirements for the Provision of Personal Data
We clarify that the provision of personal data is partly required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., information about the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data which must subsequently be processed by us. Failure to provide personal data would mean that the contract with the data subject could not be concluded.
11. Existence of Automated Decision-Making
As a responsible company, we do not use automatic decision-making or profiling.
