PRIVACY POLICY

 

1. GENERAL

1.1 This data protection declaration explains which personal data (the „Data“) are processed when using the internet services of TBA I Gmbh, Römerweg 935, 6100 Seefeld i. Tirol, Tyrol-Austria, FN 497237 i („we“), under www.tba.rocks.com („our Website“), and how this Data is subsequently protected by TBA I Gmbh as the controller.
1.2 You will find information on our processing of Data below, or you may contact us at info@tba.rocks. The Website contains links to third-party websites. We have no control over the content or privacy practices of these other websites. Please read the respective data protection provisions of these other websites that you visit.

2. PROCESSING OF DATA

2.1 When you visit our Website, we process the Data that you voluntarily provide (e.g. in connection with a product or service request, contact form, registration, communication with you personally, or your job application), such as title, name, contact data (telephone number, address, email address).
2.2 However, you can also visit our website without actively providing us with disclosures about your identity. In this case, we will only gather the personal data transmitted by your browser to our server. This data will be anonymised or gathered using pseudonyms in order to deliver the contents of the website to the user’s computer and in order to perform an evaluation for the purposes of optimising and monitoring the functionality of our web presence while ensuring the security of our information technology systems (Art. 6 Para. 1 Letter f GDPR).
2.3 Our log files contain disclosures about the date and time of retrieval of our website, browser type, version and settings, your operating system and Internet service provider, about the websites used by you to get to our website or which called up by you via our website, as well as the quantity of data transmitted.
2.4 Your IP address will likewise be gathered on a case-by-case basis, i.e. an address allocated by your Internet service provider to your computer once to connect to the Internet. This IP address enables communication on the Internet. Your Internet service provider can retrace the IP address allocated to you at a given point in time. Since the full IP address allows at least to establish an indirect relation to an identifiable person on this account, we will exclusively gather your IP address in an abbreviated (anonymised) form to ensure that establishing any relation to an identifiable person by us will be excluded, and we will store it separately from any personal data.
2.5 Collection of such data to provide the website and to store the data in log files will be absolutely necessary to ensure operation of the website. Any possibility to object does not exist in this context.

3. PURPOSES OF PROCESSING

We process Data for the following purposes
– reply to messages, complaints and service requests you send us;
– reply to and management of job application you send us;
– operation, management, analysis and improvement of our website;
– IT support and maintenance;
– ensuring network and data security.

4. LEGAL BASIS FOR PROCESSING DATA

4.1 The legal basis for the collection and processing of Data depends on the specific context in which we collect it. We may process your Data:
4.1.1 if we have received your consent (Art 6 para 1 lit a GDPR), e.g. in connection with cookies pursuant to § 96 Austrian Telecommunications Act 2003), only to the extent of the consent given. You can withdraw your consent at any time with effect for the future.
4.1.2 in order to manage and fulfill (pre-)contractual obligations (Art 6 para 1 lit b GDPR) in connection with your requests via our Website. Further, we may process your Data in order to fulfill legal obligations (Art 6 para 1 lit c GDPR), such as ensuring network and data security.
4.1.3 on the basis of our legitimate interests (Art 6 para 1 lit f GDPR) or of a third party. These legitimate interests include: effective business management, further development of our services and products as well as for customer acquisition.
4.1.4 Sensitive Data within the meaning of Art 9 GDPR are generally not processed on our Website.

5. RECIPIENTS OF PERSONAL DATA

5.1 We may share the Data with the following recipients:
5.1.1 Our employees who need them to fulfill contractual and legal obligations and legitimate interests, group companies, external service providers (e.g. IT service providers) and partners who provide data processing services for us or who otherwise process Data for the purposes described in this declaration (such as external advisors) or who are disclosed to you when we collect your Data. A list of group companies, service providers and partners is available on request. All recipients are obliged to treat your Data confidentially and to process it only within the framework of the provision of services;
5.1.2 to any competent authority, such as supervisory or safety authorities, or public authorities, a court or other third parties, when disclosure is necessary (i) by law or regulation, (ii) to exercise, protect or defend our statutory rights, or (iii) to protect your important interests or the important interests of another person;
5.1.3 to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of our business (or any part of it) if we inform the buyer that he may only use your Data for the purposes stated in this data protection declaration;
5.1.4 to any other person upon your consent if necessary.

6. OBLIGATION TO PROVIDE DATA

Some of the Data marked as mandatory fields on the Website are required in order to process your request or notification. Without providing this Data, we may not be able to or not completely to process or respond to your inquiry, notification, report, etc.

7. INTERNATIONAL DATA TRANSFER

7.1 Your Data may be transferred and processed in other countries outside the EU/EEA for which an adequate level of data protection has not yet been established by the EU Commission and which may not provide the same high level of protection. Subject to local laws and regulations Data may be accessible to local authorities or courts.
7.2 However, we have taken appropriate security measures to ensure that your Data remains protected in accordance with this data protection declaration. This includes the application of the EU Commission’s standard contractual clauses for the transfer of Data. Further details on the appropriate safety precautions taken are available on request.

8. DATA RETENTION

8.1 We keep your Data as long as this is necessary for the fulfilment of the purpose or as long as legal retention or documentation obligations, statutory limitation periods (e.g. the special limitation period for damages of 3 years or in specific case the general limitation period of 30 years according to the General Civil Code (ABGB)), or legitimate interests (keeping of evidence for asserting or defending legal claims) exist.

8.2 As soon as there are no legitimate purposes for the further storage of Data, these will either be deleted or made anonymous. If this is not possible (for example because your Data was stored in backup archives), we will store your Data securely and make it inaccessible to further processing until deletion is possible.

9. DATA SUBJECT RIGHTS

9.1 In accordance with applicable law, you have the right to access, correct, request deletion of his Data, to object to the processing of his Data, and portability of your Data, to request restriction of the processing of your Data, and to file a complaint with the data protection authority, when you believe your data protection rights have been violated (in Austria: Austrian Data Protection Authority, Österreichische Datenschutzbehörde).
9.2 If we process your Data on the basis of your consent, you can withdraw your consent at any time. You can withdraw your consent, which you have given by corresponding confirmation within the cookie banner, at any time also by a corresponding setting in your browser. The withdrawal of your consent has no effect on the legitimacy of the processing until your withdrawal.
9.3 To exercise these rights send an email to info@tba.rocks or a letter to TBA I Gmbh, Römerweg 935, 6100 Seefeld i. Tirol, Tyrol-Austria.
9.4 Automated decisions within the meaning of Art 22 GDPR mean that a decision that has legal effect on you or significantly affects you in a similar way is automatically made – including profiling – without verification by a natural person. We do not use automated decisions. We process Data partially automated to assess specific individual aspects (profiling) in order to provide you better services and information tailored to your interests.
9.5 The information and services available on the Website are directed at persons over 18 years of age. We will not knowingly process personal data of minors under the age of 18.