1 General information about data processing and legal basis
1.2 The terms used here, such as “personal data” or their “processing” refer to the definitions set out under Art. 4 of the General Data Protection Regulation (GDPR).
1.3 The personal data of Users processed in the context of this Online Offering include static data (e.g. the names and addresses of customers), contractual data (e.g. services used, the names of individual Users, payment-related information), usage data (e.g. websites and pages of our Online Offering visited, interest in our products) and content data (e.g. entries made in contact forms).
1.4 The term User encompasses all categories of individuals affected by data processing. These include our business partners, customers, interested parties and other visitors to our Online Offering. The terms used, e.g. User(s), refer to both genders.
1.5 Treamo processes the personal data of Users only in compliance with the relevant data protection regulations. This implies that user data are only processed when legal consent has been obtained: i.e. in particular when data processing is necessary and/or legally prescribed in order for us to provide our contractual services (e.g. work on assignments) and online services, when consent has been provided by the Users, as well as on the grounds of legitimate interests on the part of Treamo (i.e. interest in the analysis, optimization, commercial use and security of the Online Offering as defined by Art. 6, para. 1 (f) of the GDPR, particularly with regard to internet audience measurement, preparing profiles for advertising and marketing purposes, as well as determining access data and the use of services by third parties.
1.6 Treamo hereby explicitly declares that the legal basis of consents shall be Art. 6, para. 1(a) and Art. 7 of the GDPR, the legal basis for the processing of data for the performance of services and the performance of contractual obligations shall be Art. 6, para. 1(b) of the GDPR, the legal basis for the data processing for the fulfilment of legal obligations shall be Art. 6, para. 1(c) of the GDPR, and the legal basis for the processing of data in order to maintain legitimate interests shall be Art. 6, para. 1(f) of the GDPR respectively.
2.1 Treamo employs organizational, contractual and technical security measures based on state-of-the-art technology to ensure that the regulations defined by data protection legislation are complied with and to safeguard against the data processed by Treamo being subject to any incidental or malicious manipulation, loss, destruction or access by unauthorized parties.
2.2 These security measures include, in particular, the encrypted transmission of data between the User’s browser and Treamo’s server.
3 Distribution of data to third parties and third-party providers
3.1 Data shall only be made available to third parties in as far as this is legally permissible. Treamo shall only distribute user data to third parties if, for example, this is necessary for contractual purposes, on the basis of Art. 6, para. 1(b) of the GDPR, or is for the purpose of legitimate interests related to commercial and effective business operations, as defined by Art. 6, para. 1(f) of the GDPR.
3.2 In as far as Treamo relies on subcontractors in order to provide its services, appropriate legal precautions and corresponding technical and organizational steps shall be taken to ensure the protection of personal data in accordance with the legal regulations.
4.1 When we are contacted (via a contact form or email), the details of the User are processed in order to deal with the contact request in accordance with Art. 6, para. 1(b) of the GDPR.
4.2 User details may be stored in Treamo’s customer relationship management (CRM) system.
5 Comments and postings
5.1 When Users post comments or other contributions, their IP addresses will be stored on the basis of the legitimate interests of Treamo as defined by Art. 6, para. 1(f) of the GDPR.
5.2 This serves to safeguard Treamo in the event of any comments or postings being made with unlawful contents (e.g. insults, forbidden political propaganda, etc.). In such cases, Treamo itself may be held accountable for such comments or postings and is therefore legitimately interested in identifying the author.
6 Capturing access data and log files
On the grounds of its legitimate interests, as defined by Art. 6, para. 1(f) of the GDPR, Treamo captures data about every access to the server on which this service is hosted (so-called server log files). These access data include the name of the website accessed, the file, the date and time of access, the data volume transferred, the notification of successful access, the browser type, including the version, the User’s operating system, referrer URL (of the page previously visited), the IP address and the provider lodging the request.
7 Cookies and internet audience measurement
7.1 Cookies represent information which is transferred from the Treamo server or third-party servers to the web browsers of Users and which are stored there for later access. Cookies may relate to small files or other means of storing information.
7.3 If Users do not wish cookies to be stored on their computer, they are requested to deactivate the appropriate option in the system settings of their browser. Previously stored cookies can be deleted in the browser’s system settings. The failure to accept cookies may lead to certain functions of this Online Offering being restricted.
- the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/), - via the US website http://www.aboutads.info/choices or the European
- website http://www.youronlinechoices.com/uk/your-ad-choices/.
8 Google Analytics
8.1 Treamo employs Google Analytics, a web-based analysis service provided by Google Inc. (Google) on the grounds of its legitimate interests (i.e. interests in analyzing, optimizing and commercially operating its Online Offering as defined by Art. 6, para. 1(f) of the GDPR). Google employs cookies. The information generated by the cookie as a result of the use of the Online Offering by the User is generally transferred to and stored on a Google server located in the USA.
8.2 Google is certified under the EU-US Privacy Shield and therefore provides a guarantee to comply with EU data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
8.3 On behalf of Treamo, Google will use this information in order to analyze the use of the Online Offering by the User, to compile reports about activities within the scope of the Online Offering and in order to provide Treamo with other services related to the use of the Online Offering and the internet. This many involve exploiting the data processed to create pseudonymized user profiles.
8.4 Treamo only uses Google Analytics on the basis of active IP-address anonymization. This means that the IP addresses of Users within Member States of the European Union or in other signatory states to the Privacy Shield via the European Economic Area are trimmed. Only in exceptional cases is the full IP transmitted to a Google server in the USA and trimmed there.
8.5 The IP address transmitted by the User’s browser is not combined with other data by Google. Users can prevent the storage of cookies by means of an appropriate setting in their browser software. In addition, Users can also prevent the capturing of data as a result of the cookies relating to their use of the Online Offering as well as the processing of these data by Google by downloading and installing the following browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
9.1 By means of the following information, Treamo explains to Users the contents of the Treamo newsletter, the registration, distribution and the statistical analysis procedures, as well as their opt-out rights. By subscribing to the newsletter, Users consent to the receipt thereof and the procedures described.
9.2 Contents of the newsletter: Treamo only distributes newsletters, emails and other electronic messages with advertising information (hereinafter referred to as [the] Newsletter(s)) with the consent of the recipient or when legally permitted to do so. In as far as the registration procedure for the Newsletter includes a specific paraphrasing of its contents, this shall be decisive in terms of the consent of the User. In addition, Newsletters contain information about products, offerings and promotions from Treamo and about the company itself.
9.3 Double opt-in and logging: Registration for our Newsletter is based on a so-called double opt-in or closed-loop authentication procedure. This means that Users receive an email after the initial registration in which they are requested to confirm their registration. This confirmation is necessary in order to prevent anyone registering using third-party email addresses. Registrations for the Newsletter are logged in order to be able to verify that the registration process is compliant with the applicable legal requirements. This includes storing the registration and confirmation time as well as the IP address. Changes to the data stored by the email service provider are also logged.
9.4 Email service provider: Newsletters are distributed by MailChimp, a newsletter distribution platform run by the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. Users can access the following link to view the data protection rules of the email service provider: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the EU-US Privacy Shield and therefore provides a guarantee to comply with EU data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
9.5 According to the information it provides, this email service provider can also use these data in an anonymized form, i.e. without their being attributable to a particular User, in order to optimize or improve its own services, e.g. for technically optimizing the distribution and the displaying of the Newsletter, or for statistical purposes, in order to determine which countries recipients are located in. The email service provider does not however use the data of Treamo Newsletter recipients in order to either personally address these Users or distribute this information to third parties.
9.6 Registration data: In order to register for the Newsletter, all Users need to do is to provide their email address. Treamo also offers Users the option of providing their first name and last name as well as a salutation. These details are exclusively used to personalize the Newsletter. In addition, Users are requested to provide optional details about their company and their position. Treamo only uses this information to tailor the contents of the Newsletter to readers’ interests.
9.7 Statistical data capturing and analyses: Newsletters contain a so-called web beacon, i.e. a pixel-sized file which is accessed by the server of the email service provider when the Newsletter is opened. When this is accessed, certain technical information is captured, such as information about the User’s browser and operating system as well as their IP address and the time that the Newsletter is opened. This information is only used in order to technically improve the services provided on the basis of the technical data, or the target groups and their reading behavior, on the basis of the locations from which the Newsletter is accessed (determined with the aid of the IP address) or the times of access. The statistical data captured also include determining whether Newsletters are opened and, if they are opened, which links are actually clicked on. Although this information can technically be associated with individual recipients of the Newsletter, it is neither the intention of Treamo nor the email service provider to monitor specific Users. The analyses performed are intended as a means for Treamo to identify the reading habits of Users, and to tailor the contents accordingly, or to send different contents to specific readers based on their relevant interests.
9.8 The use of the email service provider, the performance of the statistical data capturing and analyses as well as logging the registration procedure are all based on the legitimate interests of Treamo as defined by Art. 6, para. 1(f) of the GDPR. This interest lies in providing a user-friendly and secure Newsletter system which conforms to both Treamo’s own commercial interests as well as the expectations of Users.
9.9 Unsubscribe/revoke consent: Users can unsubscribe from the Treamo Newsletter at any time, i.e. withdraw or revoke their consent. This simultaneously revokes their consent to the distribution of the Newsletter by the email service provider and to the statistical analyses. It is unfortunately not possible to unsubscribe from the Newsletter distributed by the email service provider and the statistical analysis separately. A link which allows Users to unsubscribe from the Newsletter is provided at the end of every Newsletter. If Users have only subscribed to receive the Newsletter and have then cancelled this subscription, their personal data will be erased.
10 Integration of third-party services and contents
10.1 In the context of our Online Offering and on the basis of our legitimate interests (i.e. interests in the analysis, optimization and commercial provision of Treamo’s Online Offering as defined by Art. 6, para. 1(f) of the GDPR), we rely on content-based or service offerings from Third-party Providers in order to integrate their contents and services, such as videos and fonts, for example (hereinafter referred to as Contents). A precondition for this is always that the Third-party Providers of these contents can identify the IP address of Users due to the fact that they are unable to transmit the Contents to their browsers without the IP address. The IP address is therefore necessary in order to display these Contents. Treamo undertakes all reasonable efforts to ensure that it only uses Contents the providers of which exclusively use the IP address only for the provision of the Contents. Third-party Providers may also use so-called pixel tags (invisible graphic files, also referred to as web beacons) for statistical analyses or marketing purposes. Pixel tags allow information such as User traffic on the pages of this Website to be analyzed. This pseudonymized information may also be stored in cookies installed on Users’ devices and include, inter alia, technical information about the browser and the operating system, referral websites, time on site and other information about the use of Treamo’s Online Offering and may also be combined with other such information from other sources.
10.2 The following section provides an overview of Third-party Providers and their Contents as well as links to their data privacy policies which contain further information about the processing of data and, in part already mentioned here, opt-out options:
11 User rights
11.1 Users have the right to receive information free of charge about their personal data stored by Treamo.
11.2 In addition, Users have the right to insist that any incorrect personal data about them are rectified, that the processing of these data is restricted, that these are erased, where applicable, to assert their right to data portability and, if they assume that their data have been processed unlawfully, to lodge a complaint to the competent supervisory authority.
11.3 Users may also revoke their consents, generally restricted to the future.
12 Erasure of data
12.1 Data stored by Treamo are deleted (‘erased’) as soon as they are no longer required for their intended purpose and provided that their erasure is not contradicted by any mandatory data storage obligations. In as far as user data are not erased on the grounds that they are required for other and legally permissible purposes, their processing will be restricted. This means that these data will be blocked and not processed for other purposes. This applies, for example, to user data which have to be stored for trading or taxation reasons.
12.2 In line with legal requirements, as defined by Art. 132, para. 1 of the Austrian Federal Fiscal Code (BAO), these must be stored for a period of seven years.
13 Right of objection
In accordance with the relevant legal stipulations, Users may object to the future processing of their personalized data at any time. This objection can apply, in particular, to data processing for direct marketing purposes.
If you have any questions relating to data protection, please call us on weekdays between 09:00 and 18:00 (CET) on +43-1-512 22 03 or send an email to firstname.lastname@example.org.