Table of contents
- Which of your data do we collect, for which purposes and on which legal basis do we process it?
- Additional embedded services and contents of third parties
- Is your data transmitted to third parties?
- Retention period
- Rights of Data Subjects
- Data security
- It is of utmost importance for IXOPAY GmbH, Mariahilfer Straße 77-79, 1060 Vienna, [email protected] ("IXOPAY", "we", "us") to protect your personal data. We therefore comply with the applicable data protection provisions, in particular the General Data Protection Regulation ("GDPR"), the Austrian Data Protection Act ("DSG") and the Telecommunications Act ("TKG") concerning the protection, lawful processing and confidentiality of personal data as well as data security.
Which of your data do we collect, for which purposes and on which legal basis do we process it?
When you fill out the contact form on our Website and send your enquiry or establish contact with us via e-mail or through other electronic channels (such as social media platforms), we process the data you voluntarily provided us with (name, e-mail address, nature of the enquiry respectively the subject of your message and the content of your message).
We process the data provided within the course of contacting us solely for processing your enquiry, to get in contact with you if desired and to provide you with the requested information. This data processing is therefore necessary for the fulfilment of our (pre)contractual obligations.
Access data and log files
We collect and process the following data when you use our Website and the connected services, that means accessing the respective server which contains the specifically requested service (so called server log files): name of the accessed site, file (e.g. html, JPG, PNG), date and time of access, transmitted quantity of data, server status codes, username, processing time, browser and client type alongside the version, your operating system, referrer URL (the previously visited site), IP-address and the requesting provider, reverse DNS, location data, connection data, source and target (network discovery or address, port numbers, protocol, e-mail address, e-mail subject, connecting server, protocol details, reputation data, reverse DNS, obvious labelling, connected servers), authentication details and e-mail meta information.
This data is generated automatically through our servers when you use our Website and is necessary so that we can provide you with the desired services. We therefore process server log files solely to be able to operate our Website and the connected services, to identify you as a user authorized to access, to distribute web server requests in our server pool as well as for security reasons (e.g. for clarification of abusive and fraudulent activities). Thus, this data processing activity is necessary to ensure our legitimate interests in operating a user friendly and secure Website.
Based on your consent declaration, we collect and process the following data about your use and interaction with our Website: IP-address of your device, the used internet browser, the browser language, your operating system, the requested files from our Website, your settings regarding Java, screen resolution, colour depth, your click behaviour on the Website (time of access, clicks) as well as the internet site from which you visit us (referrer URL).
On the basis of your consent declaration (obtained through the so called double opt-in process, this means after registration for the newsletter you receive an e-mail in which you are asked to confirm your registration) we process the personal data that you provided us with voluntarily in the course of the registration for the newsletter (your e-mail address and potentially your name) (i) for sending you e-mail newsletters about our current projects, marketing and product information as well as (ii) for tracking your reading habits of our newsletter and (iii) to transmit your provided data to companies of the IXOLIT group which can send you e-mail newsletters for the same purposes as well. You can find a complete list of all companies of the IXOLIT group here ("IXOLIT group").
Performance measurement: Our newsletters contain a mechanism for the tracking of your reading habits. With that we can determine whether our newsletter is opened, when it is opened and what links are clicked. These statistical evaluations are serving solely the detection of the reading habits of our newsletter recipients and to adjust our contents to them.
You can withdraw your consent to the receipt of our newsletter at any time (e.g. via e-mail to [email protected] or through the unsubscribe link in our e-mail newsletters) with effect for the future and free of charge. After receipt of your withdrawal we and the IXOLIT group will cease the further sending of e-mail newsletters immediately and erase your personal data from the mailing list.
Registration and User Account
When you are registered on our Website and have a user account for the use of our Online Services, we process the following personal data: title, name, company, e-mail address, address, telephone number, IP address, VAT number as well as your access data.
We process the data of your user account solely for operating your account, the provision of our Online Services as well as for the billing of our services. This data processing is therefore necessary for the fulfilment of our (pre)contractual obligations.
- Cookies are files that are transmitted from our web server to your web browser and are stored on your device for later retrieval. Through such cookies, our Website can store important data to provide you with our services and to make the use of our Website more comfortable for you.
- Most of the cookies that are used by us are so called "session cookies" that are stored on your device for the time of your current visit of our Website, only. This temporary cookies make a conformable use of our Website possible for you (e.g. through adaptation of user settings for the sorting of references and choice of language according to your needs). Session cookies are just valid for the duration of your specific visit of our Website and are subsequently erased automatically. Moreover, we also use "persistent cookies" that stay on your device and are not erased automatically when you close your browser. You can, of course, erase these cookies yourself at any time. With persistent cookies we especially pursue the purpose to improve your user experience by customising the Website to your personal needs and thus to optimise the loading time accordingly.
We use the following types of cookies on our Website:
- "Necessary Cookies" and "Functionality Cookies" are necessary to be able to provide you with our Website and the connected services, to operate our Website and serve for the proper functionality and security of our Website. These cookies are therefore necessary to pursue our legitimate interests in the provision of a user friendly and secure Website.
- "Tracking Cookies", "Marketing Cookies" and "Web-Analysis Cookies" record your user behaviour and your interactions with our Website. Through these Cookies, we can adapt our Online Services specifically to you as well as place advertisements suitable for you. We place such cookies only on the basis of your consent that you can withdraw at any time. You can find further details about the specifically used Tracking, Marketing and Web-Analysis Cookies in point 3.5.
Cookies with obligatory consent
Provided that you have given your consent to cookies, we use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") on our Website. The information generated through the Google Analytics Cookie about the use of the Website are usually transmitted to the servers of Google in the United States of America and stored there.
Google will use this information on our behalf to evaluate the usage of our Website by the users, to assemble reports about the activities on our Website and to deliver to us further services connected to the use of the Website. In doing so, pseudonymised user profiles of users can be generated from the processed data. Google will also potentially transmit the data to third parties if legally required or third parties process the data on behalf of Google.
We use Google Analytics only with activated IP-anonymisation. This means that your IP address is shortened by Google within the member states of the European Union or in the European Economic Area. Only in exempt cases the full IP address is transmitted to a server of Google in the US and shortened there. To our knowledge, the IP address transmitted from your browser is not merged with other data of Google.
You can prevent the use of Google Analytics by downloading and installing the browser plug-in available through the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can find out more information about the data usage through Google, setting and objection possibilities on the websites of Google: https://www.google.com/intl/de/policies/privacy/partners.
If you have rendered your consent to cookies, we use marketing and remarketing services by Google. The data collected by Google Marketing respectively Remarketing Cookies from the users of our Website are transmitted to Google and stored at Google servers in the US.
The marketing and remarketing services by Google allow us to place advertisements for and on our Website more precisely to present the users with suitable adverts that potentially match their interests. The Google Marketing or Remarketing Cookies therefore record especially which websites the user visits, what contents he is interested in and which offers he has clicked on, furthermore technical information about the browser and the operating system, referencing websites, time of the visit as well as the IP address of the user. To our knowledge, the IP address is not merged with the user data within other offers of Google.
Google Adwords: The online marketing program "Google AdWords" also belongs to the Google marketing and remarketing services we use. In the case of Google AdWords every AdWords client (and therefore we as well) receives a different, so called "conversion cookie". Cookies can therefore not be tracked by the websites of AdWords clients. The information collected with the help of the Google AdWord Cookie serves the creation of statistics for AdWords clients. Through that, the AdWords clients in particular find out the total number of users that have clicked on their advertisement and were forwarded to a site connected with a conversion-tracking tag. They do not receive any information with which users can be personally identified.
Google Tag Manager: Furthermore, our Website uses the "Google Tag Manager" to implement and manage the Google Analysis and Marketing services into our Website.
If you want to object to interest-related advertising through Google Marketing and Remarketing services, you can use the setting and opt-out possibilities provided by Google: https://adssettings.google.com/authenticated. You can find out more information about data usage for marketing purposes by Google through the data protection notice of Google at https://policies.google.com/privacy.
Additional embedded services and contents of third parties
Within our Online Services, we use further services and contents of third party providers to incorporate their contents and services on the basis of our legitimate interests in the provision, optimisation and economical operation of our Online Services. This regularly requires that the third parties of these contents receive the IP address of the user as they are not able to send the requested contents to the right browser without the IP address. The IP address is therefore necessary for the display of these contents and the use of the embedded services.
Specifically, we have utilised the following services and contents of third parties in our Online Services:
Is your data transmitted to third parties?
We entrust your personal data in the extent necessary to the following external service providers (data processors) that support us with the performance of our services:
- IT-service providers and/or providers of data hosting solutions or similar services;
- Other service providers, providers of tools and software solutions that support us with the performance of our services as well and operate on our behalf (including providers of marketing tools, marketing agencies, communication service providers, shipping service providers and call centres).
All our data processors process your data only on our behalf and on the basis of our instructions so that we can provide you with our Online Services.
Apart from that, we transmit your personal data in the extent necessary to the following recipients (controllers):
- Potential third parties that are participating in the provision of services to you for the fulfilment of our contractual obligations (e.g. banks for processing of the payment, payment service providers);
- External third parties on the basis of our legitimate interests in the extent necessary (e.g. auditors and tax consultants, insurances in case of insured events, legal representatives in case of incidents);
- Authorities and other public entities in the extent legally necessary (e.g. financial authorities).
- If we process your data in a third country outside the European Union (EU), or respectively the European Economic Area (EEA) or this happens within the scope of using services of third parties, this only occurs, if necessary for the fulfilment of our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. We have implemented suitable and appropriate guarantees to develop a way of transmission of your data to the respective third country compliant with data protection (e.g. for the US through the "Privacy Shield" or the conclusion of so called "Standard Data Protection Clauses"). Upon your enquiry we can transmit a copy of those suitable guarantees to you, provided that we process or let your data be processed in third countries.
- We store your personal data just as long as necessary for the purposes for which they are processed. Beyond that, we are potentially obligated to store your data for longer in accordance to legal retention periods.
- Specifically, we store your data in connection with the establishment of contact with us in accordance with legal retention periods for a time period of usually seven years.
- Access data and log files are stored for a maximum time period of 500 days and are erased subsequently.
- We store data about your user behaviour for a time period of usually three years, or respectively at the latest until the withdrawal of your consent.
- Provided that you have only registered for our newsletter and are, apart from that, no client of us, we store your data until the withdrawal of your consent and beyond that for a maximum of three years.
- We store data in connection with your registration and your user account until the end of your client relationship with us, or respectively beyond that until the expiry of the respective legal retention periods (usually for a time period of seven years).
- Apart from that, we also store your personal data after an incident beyond the abovementioned time periods as long as legal claims out of the relationship between you and us can be enforced, or respectively until the definitive clarification of an incident or legal dispute. This longer storage occurs for the ensuring of our overriding legitimate interests to the enforcement, clarification and defence of our legal claims.
Rights of Data Subjects
- You have the right to access your personal data that is being processed by us (Art 15 GDPR). Apart from that, you have the right to rectification of inaccurate or incomplete data and – under certain circumstances – the right to erasure (Art 16 and Art 17 GDPR). Additionally, you have the right to restriction of processing (Art 18 GDPR) as well as the right to data portability concerning the data you have provided us with (Art 20 GDPR).
- Moreover, you have the right to object on grounds relating to your particular situation (art 21 GDPR). Such an objection can in particular occur relating to processing of data for the purposes of direct marketing.
- Additionally, you have the right to withdraw your consent at any time with effect for the future.
- Finally, you have the right to lodge a complaint with the responsible supervisory authority (Art 77 GDPR). The responsible supervisory authority for Austria is the Österreichische Datenschutzbehörde, Wickenburggasse 8, 1080 Vienna.
If you have questions relating to this or any other questions, you can contact us at:
Mariahilfer Straße 77-79, 1060 Vienna
We comply with appropriate technical and organisational security measures pursuant to Art 32 GDPR to, considering the risks, guarantee an appropriate data protection level, especially to protect your personal data against accidental or unlawful destruction, alteration or against loss and against unauthorised disclosure or unauthorised access.
Version: May 2018