Privacy Policy

1. General

The protection of your privacy and the lawful processing of your personal data are very important to us. As the controller, we wish to make our processing activities transparent to you and to inform you, in the following data privacy statement, about how your personal data shall be processed if you use this website, contact us, express an interest in our program and offerings.

2. Definitions

The terms regarding data protection legislation used in this data privacy statement, such as “personal data”, “processing” and “controller”, are defined in Art. 4 of the General Data Protection Regulation (GDPR).

3. Name and contact details of the controller responsible for the processing and of the data protection officer

The controller responsible for your personal data is:

SIGNA REM GERMANY RENT GMBH, HRB 217307, Josephspitalstraße 15, D-80331 München, T: +49 89 23 23 72 78 – 0 , F: +49 89 23 23 72 78 – 3029, E-Mail.: berlin@signa.at

In addition to the controller, you can also get in touch with the relevant data protection officer using the following contact details:

E-Mail.: datenschutz@signa.at
Postal adress:
SIGNA, 1010 Wien
Freyung 3
Attn. Datenschutzkoordinator

4. Categories of personal data which we process about you / sources of data

Personal data are any information relating to an identified or identifiable person, and therefore information that can be assigned to you individually. Examples include your name, address, telephone number, e-mail address or IP address. As described below, we process various personal data relating to you that we have received from you within the framework of our relationship with you.

Use of our website:
If you use our website, certain information shall be collected (further details under “Server log files”). In addition, data shall be collected through the use of cookies, tracking and online marketing tools and plug-ins (further details below).

Contact form / contacting us:
If you show an interest in our program and offers by filling in the contact form, we shall process your and the text of your comments which you provide to us via the free text field. We shall also process further personal data that you have communicated to us voluntarily.

Alternatively, you can also contact us using our contacts details as displayed on the website (e.g. by email or telephone). In this case, the data supplied by you shall be processed.

5. Relevant legal bases

If and insofar as the legal basis is not mentioned in the data privacy statement, the following shall apply: the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR and/or Art. 9(2)(a) GDPR; the legal basis for processing to provide our services and implement contractual measures as well as to respond to enquiries is Art. 6(1)(b) GDPR; the legal basis for processing to fulfil our legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR. For the event that vital interests of the data subject or of another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.

6. Contact form / contacting us

If you submit the contact form, your personal data in the contact fields () shall be processed for the purpose of contacting you and regularly sending invitations to events and information relating to our program offers. The processing of the data entered in the contact form as well as the forwarding of such data to third parties shall be based on your consent (pursuant to Art. 6(1)(a) GDPR) for the purposes stated. There is no obligation to actually provide the data that we request from you on our website. The personal data supplied by you via the contact form shall be processed for as long as we offer our aforementioned service in relation to our program offers to you and provided that you do not withdraw your consent. Your personal data shall, in any case, be erased 3 years after its last use, unless there are statutory retention periods.

Registration via the contact form shall involve the double opt-in procedure. Once you have sent your enquiry, you shall receive an automated e-mail from us containing a verification link for the purpose of confirming that the data you have provided are yours.

If, on the other hand, you get in touch with us using the contact details available on the website (e.g. by e-mail or telephone), the personal data that you have supplied to us voluntarily shall be processed for the purpose of handling the enquiry and to deal with any follow-up enquiries on the basis of your consent (pursuant to Art. 6(1)(a) GDPR). In this case, we shall erase your personal data if and insofar as such data are no longer required and/or the erasure is not opposed by statutory retention periods.

Withdrawal of consent:
Your consent may be withdrawn in full or in part at any time with future effect by getting in touch with the controller using the contact details above (under point 3.). Such withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.

7. Matomo

Matomo is an open source web analytics platform. A web analytics platform is used by a website owner in order to measure, collect, analyse and report visitors data for purposes of understanding and optimizing their website.

Purpose of the processing

Matomo is used to analyse the behaviour of the website visitors to identify potential pitfalls; not found pages, search engine indexing issues, which contents are the most appreciated… Once the data is processed (number of visitors reaching a not found pages, viewing only one page…), Matomo is generating reports for website owners to take action, for example changing the layout of the pages, publishing some fresh content… etc.

Matomo is processing the following personal data:

  • Cookies
  • IP address (Shortened by the last 2 bytes)
  • User ID
  • Location of the user
  • Title of the page being viewed
  • URL of the page being viewed
  • URL of the page that was viewed prior to the current page
  • Screen resolution
  • Files that were clicked and downloaded
  • Pages generation time
  • Country, region, city
  • Main Language of the browser
  • User Agent of the browser

The processing of personal data with Matomo is based on explicit consent. Your privacy is our highest concern. That’s why we will not process any personal data with Matomo unless you give us clear explicit consent.

As Matomo is processing personal data on explicit consent, you can exercise the following rights:

  • Right of access: you can ask us at any time to access your personal data.
  • Right to erasure: you can ask us at any time to delete all the personal data we are processing about you.
  • Right to portability: you can ask us at any time for a copy of all the personal data we are processing about you in Matomo.
  • Right to withdraw consent: you can withdraw your consent at any time by clicking on the following button.

The right to withdraw consent at any time

You can withdraw at any time your consent by opting-out:

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

The right to lodge a complaint with a supervisory authority

If you think that the way we process your personal data with Matomo analytics is infringing the law, you have the right to lodge a complaint with a supervisory authority.

Whether the provision of personal data is part of a statutory or contractual requirement; or obligation and possible consequences of failing to provide the personal data

If you wish us to not process any personal data with Matomo, you can opt-out from it at any time. There will be no consequences at all regarding the use of our website.

 

8. Server log files

The provider of the website automatically collects and stores information (browser type and browser version, operating system used, referrer URL, host name of the computer accessing the website, time of the server request and IP address) in server log files which your browser transmits automatically.

The data collected are used to ensure that connection to the website is established smoothly, to make sure that our website is user-friendly and to analyse system security and stability. We reserve the right to subsequently examine these data if we become aware of specific indications of unlawful use. These data are not merged with other data sources.

The legal basis for such data processing is Art. 6(1)(f) GDPR. The legitimate interest arises from the purposes for data collection as listed above.

Server log files are stored for a period of 180 days and then erased. Data whose further retention is required for evidentiary purposes are excluded from such erasure until the incident concerned is finally resolved.

The recording of data to provide the website and the storage of these data in log files are absolutely essential for operation of the website. There is therefore no option to object to such usage in this case.

9. Cookies

Our website uses cookies. These are small files which can be stored on the visitor’s device when you visit our website. They serve to make the website generally more user-friendly and more effective.

This website uses transient and persistent cookies whose scope and function are explained below:

Transient cookies are erased automatically when you close the browser. These include session cookies, in particular. These store a session ID, which can be used to assign various requests from your browser to a common session. This makes it possible to recognise your computer if you return to our website. Session cookies are erased when you log out or close the browser.

Persistent cookies are erased automatically after a set period of time, which can vary depending on the cookie. You can erase cookies in your browser’s security settings at any time.

You can prevent the installation of cookies at any time by adjusting the settings of the browser used accordingly. In addition, you can erase already installed cookies at any time using your browser. This can be done in all standard browsers. However, please note that if you disable the installation of cookies in the internet browser you are using or if you have erased already installed cookies, you may not be able to use all the features of our website in full.

When you access our website for the first time, an information banner shall appear, informing you about the use of cookies. We use various groups of cookies. If you click on the details in the information banner, you shall be shown the cookies that we use and the group to which each cookie belongs. The dialogue box which you can configure shall inform you about the use of cookies and ask you to consent to this. Please note that you cannot affect the use of essential functional cookies. Only after you have selected the cookie groups shall cookies be used on the website.

10. Use of the mailing service provider

For mailing purposes we use “MailChimp”, a mailing platform belonging to the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The Privacy Policy of this mailing service provider can be viewed here: https://mailchimp.com/legal/privacy/.

The of our recipients are stored on MailChimp’s servers in the USA. MailChimp uses this information for mailing and analysis on our behalf. MailChimp can also, according to its own information, use these data to optimise or improve its own services, e.g. for technical optimisation of the mailing process and the presentation. However, MailChimp does not use data belonging to our recipients to contact them itself, nor does it forward data to third parties.

MailChimp is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law. This mailing service provider is deployed on the basis of a data processing agreement pursuant to Art. 28(3) GDPR, in which MailChimp undertakes to protect your personal data and to process it on our behalf.

11. Social media

On the basis of Art. 6(1)(f) GDPR, we place buttons on our website that belong to the social networks Facebook, Instagram and LinkedIn in order to increase awareness of our website and projects via these channels. To increase the protection of your data when you visit our website, these buttons are not unrestricted; they are merely embedded in the site using an HTML link. This embedding ensures that when you access a page of our website that contains such buttons, a connection is not established with the servers of the provider of the respective social network. By clicking on the respective icon, you consent to communication with the respective platform and to the transmission of information (e.g. IP address) to the respective service provider. The provider of the social network can be identified by the marking on the box, i.e. its initial letter or logo.

The purpose and scope of data collection and the further processing and use of the data by the providers on their sites, as well as your rights in this regard and the settings you can configure to protect your privacy, are set out in the data privacy policies of these providers. Please note that, as the provider of this website, we have no knowledge of the content of the data transmitted or of the use thereof by the respective providers. Addresses of the respective providers with their data privacy policies:

  • Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Facebook’s Data Policy: https://www.facebook.com/policy. Facebook is certified under the Privacy Shield agreement and thereby guarantees compliance with European data protection law.
  • Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA; Instagram’s Data Policy: http://instagram.com/about/legal/privacy/.
  • LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland. http://www.linkedin.com/legal/privacy-policy

12. Forwarding of data

Data shall only be forwarded to fulfil (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the grounds of our legitimate interests.

All processors are contractually obliged by us on the basis of Art. 28 GDPR to comply with applicable data protection legislation in relation to us. Alongside the service providers referred to in the data privacy statement, the IT service provider (currently SIGNA Informationstechnologie GmbH) in particular works for us as a processor.

Transmission to recipients in a third country (outside the EU) or to an international organisation is not intended, with the exception of the automated sending of e-mails via MailChimp as well as within the context of tracking and online marketing tools (further details on this above). MailChimp, Google and Facebook are certified under the Privacy Shield agreement and thereby guarantee compliance with European data protection law.

13. Data security

We implement appropriate technical and organisational measures to guarantee the security of the data processing and to process your personal data in a manner that provides protection against access by unauthorised third parties.

In spite of our security measures, it is impossible to rule out the fact that information which you supply to us via the internet, especially also within the framework of unencrypted e-mails, may be viewed and used by other persons.

14. Changes to this data privacy statement

We reserve the right to adapt the information provided in this data privacy statement, without prior notice, to changes in legislation and case-law and/or to amend it for organisational reasons. The latest version published here shall apply.

15. Your rights in connection with personal data

Pursuant to the GDPR, as the data subject you are entitled to the following rights.

Right of access:
You have the right to obtain information from us about whether we are processing personal data belonging to you and which data this concerns as well as further information pursuant to Art. 15 GDPR.

Right to rectification:
Pursuant to Art. 16 GDPR, you have the right to obtain the rectification of inaccurate personal data concerning you and/or – taking into account the purposes of the data processing – the completion of incomplete personal data.

Right to erasure of data ("right to be forgotten"):
You have the right to erasure of your data provided that the conditions of Art. 17 GDPR are met.

Right to restriction of processing:
In accordance with Art. 18 GDPR, you have the right to restriction of the processing of all personal data collected.

Right to data portability:
You have the right to data portability provided that the conditions of Art. 20 GDPR are met.

Right to withdraw consent:
If processing is based on consent, you also have the right to withdraw this consent at any time (see Art. 7(3) GDPR for details). Withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to object:
Pursuant to Art. 21(1) GDPR, you have the right at any time to object, on grounds relating to your particular situation, to the processing of relevant personal data which are necessary to protect our legitimate interests or those of a third party (Art. 6(1)(f) GDPR). If you object, your data shall no longer be processed unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.

Pursuant to Art. 21(2) and (3) GDPR, you also have the right to object to data processing for direct marketing purposes; such objection shall have future effect.

Assertion of rights and the right of appeal:
To assert your aforementioned rights, you can get in touch with the controller using the contact details above (under point 3.) and state your request.

To protect your privacy and security, we reserve the right to check your identity before we take any of the above measures.

The protection and lawful processing of your personal data are very important to us. If you have any questions or concerns about the processing of your personal data, please get in touch with us using the above contact details for the controller (under point 3.) or contact the data protection officer. If, however, you feel that the processing of your personal data is unlawful, you can also turn to a data protection authority.