Privacy policy of REFDAT
6. Processing operations
In this section we will describe the data processing that is connected with our internet offer or that applies to a general business relationship between you and our company.
The following legal bases serve us for the processing of your data.
Art. 6 I lit. a GDPR serves our company as a legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of your data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations required for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I lit. b GDPR. The same shall apply to such processing operations which are necessary for the performance of pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation which makes the processing of personal data necessary, for example to fulfil tax obligations, the processing is based on Art. 6 I lit. c GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the person concerned or of another natural person. This would be the case, for example, if a visitor to our company was injured and his name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. In this case the processing would be based on Art. 6 I lit. d GDPR.
Finally, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the above legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, unless the interests, fundamental rights and freedoms of you outweigh the processing. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator.
a) Website processing
We operate this website and collect various data in this context.
Cookies
The Internet pages partly use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. We, as website operators, have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, they are treated separately in this privacy policy.
Server log data
REFDAT or our website provider collects data about access to our website and stores it as "server log files". The following data is logged in this way:
- Visited website
- Time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached to the page
- Used Browser
- Operating system used
- IP address used (anonymized)
The data collected is only used for statistical analysis and to improve the website. However, we reserve the right to check the server log files subsequently if there are concrete indications of illegal use.
Registration on our website
On our website you have the possibility to register by providing your personal data. Your data will be entered into an input mask, transmitted to us and then stored. The data will not be passed on to third parties. The following data will be collected during your registration:
• data from input mask
• Personal information (company, first and last name, birth date, address, e-mail address)
• Further details (password, security answer)
By means of your registration we can offer you certain services and contents on our web portal, which due to the nature of things can only be made available to registered users. Your personal data will be processed on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR, unless they are necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR to which you are a party. Your data will be deleted as soon as they are no longer required for the purpose of their collection.
You have the possibility to have your data modified or deleted at any time. If you wish to delete your account, you can do so in writing by post, stating your user name (e-mail address), or by e-mail to info@refdat.net. Please note that a deletion may be contrary to contractual or legal obligations. You can change your data at any time in your account.
In addition, your IP address, date and time of your registration will be saved. The reason for this is to prevent misuse of our services and, if necessary, to be able to solve any criminal offences committed. For this reason it is necessary for us to store this data. As a matter of principle, data will not be passed on to third parties, unless there is a legal obligation to do so or the passing on serves the purpose of criminal prosecution.
Onlineshop on our website
Description, purpose and legal basis
You have the possibility to register for our online store on our website by entering your personal data. Which personal data will be transmitted to us in the process is determined by the respective input mask used for registration. The personal data entered by you will be collected and stored exclusively for internal use by us and for the purpose of contract processing. The data processing is thus carried out on the legal basis Art. 6 para. 1 lit. b GDPR for the fulfilment of the contract.
We may pass on your personal data to one or more data processors, for example a parcel service provider such as UPS, who will use your data in particular for the execution of the contract.
When you register in our online store, your IP address assigned by your Internet Service Provider (ISP), the date and time of registration are also stored. The storage of this data is carried out against the background that this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of criminal offences. To this extent, the storage of this data is necessary for our security. As a matter of principle, this data will not be passed on to third parties, unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.
If you provide voluntary personal data during registration, this data is used by us to offer you content or services which, due to the nature of the matter, can only be offered to registered users. The data processing is then carried out with your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You have the possibility to change the personal data you have provided us with at any time or to have it completely deleted from our database.
In order to optimize our online offer for you, we have a legitimate interest in passing on your personal data to third parties if necessary. This takes place on the legal basis of Art. 6 para. 1 lit. f GDPR.
Art. 6 para. 1 lit. c GDPR serves as the legal basis for the processing of your commercial and tax law requirements.
On request, we will be pleased to inform you which personal data we have stored about you. Furthermore, we will correct or delete your personal data at your request or notice, provided that no statutory retention periods conflict with your request. You are welcome to contact our employees for this purpose.
We store your personal data for as long as it is necessary to achieve the purpose for which it was collected. The purpose is fulfilled as soon as the contract has been completely processed. Even after the contract has been completely processed, it may be necessary to store your personal data. This is then the case to comply with contractual or legal obligations. We are obliged by commercial and tax law to store your address, payment and order data for a period of 10 years.
You have the right at any time to object to the processing of your personal data on the basis of our legitimate interest. For this purpose, you can contact us by e-mail or by any other means of contact. Please note, however, that the restriction or deletion of your personal data may be contrary to contractual or legal retention periods.
Receiver
For payment processing we pass your data to the appropriate payment service provider. These are listed below:
- PayPal (Europe S.à.r.l. & Cie, S.C.A.)
https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_EN
User account
In order to be able to place orders via our online store, you have the possibility to create a password protected user account. This account contains an overview of your transacted orders as well as active order processes. If you leave the online store, you will be logged out automatically.
Please make sure that you have a sufficiently secure password, as we cannot assume liability for password misuse unless we have caused it ourselves.
Order process
If you place an order, the personal data required for this purpose will be processed. These are usually surname, first name, address, payment data and e-mail address. Likewise these are passed on to third service providers for delivery or order processing. After contract processing, your personal data will be deleted if they are no longer required or if a contractual or legal retention period prevents deletion.
xt:Commerce
To run our online store, we use the e-commerce solution from xt:Commerce. xt:Commerce uses cookies to provide the basic functions of the store. If you have completely deactivated cookies in your browser, it is possible that the store will not function properly.
In this case it is possible that information from you in the context of the store use reaches the service provider behind this software. The provider for this is xt:Commerce GmbH, Maximilianstraße 9, 6020 Innsbruck, Austria. We have fulfilled our data protection obligations towards you with xt:Commerce and have signed a corresponding order processing agreement. The xt:Commerce data protection declaration can be found at www.xt-commerce.com/privatsphaere-datenschutz/.
Third party modules / analysis tools / advertising
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
b) Contact / Inquiries
In the following we describe the possibilities of contacting the companies and employees of our company.
E-Mail / Phone inquiry
If you send us inquiries by e-mail or telephone, your data from the e-mail or conversation, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent.
The processing of the data provided in the e-mail or telephone conversation is therefore based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out up to the point of revocation remains unaffected by the revocation. In further correspondence, there may be a change in legality (e.g. if it is business correspondence), in which case your data will be processed in accordance with Art. 6 Para. 1 lit. b GDPR.
The data provided by you in the mail or from the telephone conversation will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored ceases to apply (e.g. after your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected by this.
c) Data processing for the fulfilment of contracts
If you have entered into a business relationship with our company, e.g. if you have placed an order with us, the data processing will be carried out on the basis of Art. 6 para. 1 lit. b GDPR. All data necessary to initiate, fulfill or complete this order, such as contact data, object data, service providers involved, photo documentation, plans, orders for goods, etc., may be collected and processed by us without separate consent.
Should it be necessary to call in a subcontractor (e.g. other IT service providers, special software suppliers) to fulfill the contract with you, we may also pass on your data to this subcontractor. We guarantee that we have committed our subcontractors to the same strict data protection requirements that you can expect from us.
The data related to orders are subject to different retention periods. For example, general business letters must be proven for 6 years and tax law documents for 10 years. We will only pass on your data within our company to the extent necessary, if this is justified by the subject of the order.
7. Protection / encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
8. Profiling
As a responsible company, we avoid automatic decision making or profiling.
9. Actuality / status
This data protection declaration has the current status of January 2022 and is subject to constant updating and adaptation to new legal requirements and technical developments.
In this section we will describe the data processing that is connected with our internet offer or that applies to a general business relationship between you and our company.
The following legal bases serve us for the processing of your data.
Art. 6 I lit. a GDPR serves our company as a legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of your data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations required for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I lit. b GDPR. The same shall apply to such processing operations which are necessary for the performance of pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation which makes the processing of personal data necessary, for example to fulfil tax obligations, the processing is based on Art. 6 I lit. c GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the person concerned or of another natural person. This would be the case, for example, if a visitor to our company was injured and his name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. In this case the processing would be based on Art. 6 I lit. d GDPR.
Finally, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the above legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, unless the interests, fundamental rights and freedoms of you outweigh the processing. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator.
a) Website processing
We operate this website and collect various data in this context.
Cookies
The Internet pages partly use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. We, as website operators, have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, they are treated separately in this privacy policy.
Server log data
REFDAT or our website provider collects data about access to our website and stores it as "server log files". The following data is logged in this way:
- Visited website
- Time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached to the page
- Used Browser
- Operating system used
- IP address used (anonymized)
The data collected is only used for statistical analysis and to improve the website. However, we reserve the right to check the server log files subsequently if there are concrete indications of illegal use.
Registration on our website
On our website you have the possibility to register by providing your personal data. Your data will be entered into an input mask, transmitted to us and then stored. The data will not be passed on to third parties. The following data will be collected during your registration:
• data from input mask
• Personal information (company, first and last name, birth date, address, e-mail address)
• Further details (password, security answer)
By means of your registration we can offer you certain services and contents on our web portal, which due to the nature of things can only be made available to registered users. Your personal data will be processed on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR, unless they are necessary for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR to which you are a party. Your data will be deleted as soon as they are no longer required for the purpose of their collection.
You have the possibility to have your data modified or deleted at any time. If you wish to delete your account, you can do so in writing by post, stating your user name (e-mail address), or by e-mail to info@refdat.net. Please note that a deletion may be contrary to contractual or legal obligations. You can change your data at any time in your account.
In addition, your IP address, date and time of your registration will be saved. The reason for this is to prevent misuse of our services and, if necessary, to be able to solve any criminal offences committed. For this reason it is necessary for us to store this data. As a matter of principle, data will not be passed on to third parties, unless there is a legal obligation to do so or the passing on serves the purpose of criminal prosecution.
Onlineshop on our website
Description, purpose and legal basis
You have the possibility to register for our online store on our website by entering your personal data. Which personal data will be transmitted to us in the process is determined by the respective input mask used for registration. The personal data entered by you will be collected and stored exclusively for internal use by us and for the purpose of contract processing. The data processing is thus carried out on the legal basis Art. 6 para. 1 lit. b GDPR for the fulfilment of the contract.
We may pass on your personal data to one or more data processors, for example a parcel service provider such as UPS, who will use your data in particular for the execution of the contract.
When you register in our online store, your IP address assigned by your Internet Service Provider (ISP), the date and time of registration are also stored. The storage of this data is carried out against the background that this is the only way to prevent the misuse of our services and, if necessary, to enable the investigation of criminal offences. To this extent, the storage of this data is necessary for our security. As a matter of principle, this data will not be passed on to third parties, unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.
If you provide voluntary personal data during registration, this data is used by us to offer you content or services which, due to the nature of the matter, can only be offered to registered users. The data processing is then carried out with your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You have the possibility to change the personal data you have provided us with at any time or to have it completely deleted from our database.
In order to optimize our online offer for you, we have a legitimate interest in passing on your personal data to third parties if necessary. This takes place on the legal basis of Art. 6 para. 1 lit. f GDPR.
Art. 6 para. 1 lit. c GDPR serves as the legal basis for the processing of your commercial and tax law requirements.
On request, we will be pleased to inform you which personal data we have stored about you. Furthermore, we will correct or delete your personal data at your request or notice, provided that no statutory retention periods conflict with your request. You are welcome to contact our employees for this purpose.
We store your personal data for as long as it is necessary to achieve the purpose for which it was collected. The purpose is fulfilled as soon as the contract has been completely processed. Even after the contract has been completely processed, it may be necessary to store your personal data. This is then the case to comply with contractual or legal obligations. We are obliged by commercial and tax law to store your address, payment and order data for a period of 10 years.
You have the right at any time to object to the processing of your personal data on the basis of our legitimate interest. For this purpose, you can contact us by e-mail or by any other means of contact. Please note, however, that the restriction or deletion of your personal data may be contrary to contractual or legal retention periods.
Receiver
For payment processing we pass your data to the appropriate payment service provider. These are listed below:
- PayPal (Europe S.à.r.l. & Cie, S.C.A.)
https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_EN
User account
In order to be able to place orders via our online store, you have the possibility to create a password protected user account. This account contains an overview of your transacted orders as well as active order processes. If you leave the online store, you will be logged out automatically.
Please make sure that you have a sufficiently secure password, as we cannot assume liability for password misuse unless we have caused it ourselves.
Order process
If you place an order, the personal data required for this purpose will be processed. These are usually surname, first name, address, payment data and e-mail address. Likewise these are passed on to third service providers for delivery or order processing. After contract processing, your personal data will be deleted if they are no longer required or if a contractual or legal retention period prevents deletion.
xt:Commerce
To run our online store, we use the e-commerce solution from xt:Commerce. xt:Commerce uses cookies to provide the basic functions of the store. If you have completely deactivated cookies in your browser, it is possible that the store will not function properly.
In this case it is possible that information from you in the context of the store use reaches the service provider behind this software. The provider for this is xt:Commerce GmbH, Maximilianstraße 9, 6020 Innsbruck, Austria. We have fulfilled our data protection obligations towards you with xt:Commerce and have signed a corresponding order processing agreement. The xt:Commerce data protection declaration can be found at www.xt-commerce.com/privatsphaere-datenschutz/.
Third party modules / analysis tools / advertising
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
b) Contact / Inquiries
In the following we describe the possibilities of contacting the companies and employees of our company.
E-Mail / Phone inquiry
If you send us inquiries by e-mail or telephone, your data from the e-mail or conversation, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not pass on this data without your consent.
The processing of the data provided in the e-mail or telephone conversation is therefore based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out up to the point of revocation remains unaffected by the revocation. In further correspondence, there may be a change in legality (e.g. if it is business correspondence), in which case your data will be processed in accordance with Art. 6 Para. 1 lit. b GDPR.
The data provided by you in the mail or from the telephone conversation will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored ceases to apply (e.g. after your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected by this.
c) Data processing for the fulfilment of contracts
If you have entered into a business relationship with our company, e.g. if you have placed an order with us, the data processing will be carried out on the basis of Art. 6 para. 1 lit. b GDPR. All data necessary to initiate, fulfill or complete this order, such as contact data, object data, service providers involved, photo documentation, plans, orders for goods, etc., may be collected and processed by us without separate consent.
Should it be necessary to call in a subcontractor (e.g. other IT service providers, special software suppliers) to fulfill the contract with you, we may also pass on your data to this subcontractor. We guarantee that we have committed our subcontractors to the same strict data protection requirements that you can expect from us.
The data related to orders are subject to different retention periods. For example, general business letters must be proven for 6 years and tax law documents for 10 years. We will only pass on your data within our company to the extent necessary, if this is justified by the subject of the order.
7. Protection / encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
8. Profiling
As a responsible company, we avoid automatic decision making or profiling.
9. Actuality / status
This data protection declaration has the current status of January 2022 and is subject to constant updating and adaptation to new legal requirements and technical developments.