Privacy Policy
The protection and security of your data when browsing all sites under the domain pinked.at (hereinafter referred to as “our website”) are of utmost importance to the media owner (hereinafter referred to as “we”). For this reason, we process your data exclusively on the basis of legal provisions (DSG, GDPR, TKG 2003) and we would like to take the opportunity to inform you which of your personal data are recorded when visiting our website and for which purposes these data are used.
Since legislative changes or changes to our internal processes can necessitate adaptions to this data protection declaration, we kindly ask you to consult it regularly.
Responsible Body and Scope
The responsible body for the purpose of the General Data Protection Regulation (GDPR) and other national Data Protection Acts of member states as well as other statutory provisions regarding data protection laws is the media owner.
This data protection declaration applies to our entire website.
What are Personal Data?
Personal data are particulars concerning personal or material characteristics of an identified or identifiable person (data subject). These include, for instance, information like your name, your address, your telephone number, your date of birth, and your e-mail address. Information that cannot be linked to you personally (or only under disproportionate effort), such as anonymised information, do not count as personal data.
General Remarks on Data Processing
Scope
As a basic principle, we only collect and use personal data of our users to the extent that is necessary for providing our content and services. We use your personal data to provide information and desired services, to answer your questions and operate and improve our website.
We will only collect and use personal data of our users on the grounds of appropriate legal basis in compliance with the GDPR, e.g. with the user’s consent. Further details regarding specific given declarations of consent can be found below under the respective processing operation.
There will be no other form of utilisation of your personal data. Your personal data will not be transferred to third parties and your data will not be utilised for promotional purposes without your consent, other than in the cases specified below unless we are required to disclose any data pursuant to applicable law.
Legal Basis
Provided that we obtain a data subject’s consent for processing operations of personal data, Article 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) forms the legal basis for the processing of personal data. When processing personal data serves the performance of a contract whose contracting party is the data subject, Article 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for implementing pre-contractual measures. As far as the processing of personal data serves the performance of a legal obligation to which we are subject, Article 6 para. 1 lit. c GDPR serves as the legal basis.
In case an interest that is essential for the life of the data subject or that of another natural person necessitates the processing of personal data, Article 6 para. 1 lit. d GDPR serves as the legal basis. Where the processing is necessary to safeguard a legitimate interest of the Stonewall GmbH or a third party, and where the interests, basic rights, and fundamental freedoms of the data subject do not outweigh the former interest, Article 6 para. 1 lit. f GDPR serves as the legal basis for processing.
Data Erasure and Storage Period
Personal data of the data subject will be erased or blocked as soon as the purpose of storing ceases to exist. Furthermore, data may also be recorded if specified by the European or national legislative authority in Union law regulations, laws, or other rules to which the responsible body is subject. Data will also be subject to blocking or erasure when the storage period stipulated by one of the norms listed above expires unless a necessity exists to further store those data for the purpose of the conclusion or execution of a contract.
Different Processing Operations
In case you wish to use services provided within our web presence, such as a subscription to our newsletter., you are required to provide further data. For further details see the description of specific data processing operations below. In particular, personal data will be used as follows:
Providing website and creating log files
With every visit to our websites, our system automatically records data and information about the system of the requesting device. The following data will be collected here:
- IP address of the requesting device
- Date and time of access
- Name and URL of the requested file
- Volume of data transmitted
- Message whether the request was successful
- Identification data of the accessing browser as well as the operating system
- Website from which access was initiated
The log files contain IP addresses or other data that allow for linking to a specific user. This could be the case, for instance, when the link to the website from which the user is accessing the website or the link to the website to which the user is switching contains personal data. These data are also recorded in the log files of our system. These data are not stored together with other personal data of the user.
Storage in the log files is necessary to ensure the operability of the website. Furthermore, these data help us optimise the website and guarantee the security of our information technology systems. We do not analyse any data for marketing purposes. These purposes also define our legitimate interest in data processing in accordance with Article 6 para. 1 lit. f GDPR.
Data will be erased after 2 weeks. Collection of these data for the provision of the website is essential for operating the website. The user does not have the possibility of dissent.
Forms
Our website provides forms that can be used for initiating contact electronically. If a user makes use of this option, the data entered into the input mask will be transmitted to and recorded by us.
The following data will be recorded additionally:
- IP address of the requesting device
- Date and time the form is sent
- Website from which the form was sent
To process data, your consent is obtained in the course of the sending process and our data protection declaration will be brought to your attention. Alternatively, you can contact us via the provided e-mail address. In this case, the user’s personal data transmitted with the e-mail will be recorded.
No data will be disclosed to third parties in this context unless otherwise stated. The relevant data will only be used for processing the respective matter.
Legal basis for the processing of data where the user’s consent has been obtained is Article 6 para. 1 lit. a GDPR. Users grant the following consent:
I consent to the collection, storage, and procession of the personal data that I entered into the form above for the purpose of processing my concern. My data will be deleted after one year provided that this is not opposed by any other legal retention period. I hereby declare that this consent is given voluntarily. I have been informed that I can withdraw my consent with future effect at any time without adverse consequences. I can address my withdrawal of consent to info@pinked.at. In the case of my withdrawal, my data will be deleted.
Legal basis for the processing of data that are transmitted via e-mail is Article 6 para. 1 lit. f GDPR. Where the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Article 6 para. 1 lit. b GDPR. If contact is necessary to fulfil a legal obligation, the additional legal basis of the data processing is Article 6 para. 1 lit. c GDPR.
The processing of personal data from the input mask serves the sole purpose of processing your concern. If contact is initiated via e-mail, the required legitimate interest in processing the data is evident. Other personal data processed during the sending process serve the prevention of abuse of the form and guarantee the security of our information technology systems.
Data will be deleted after a period of one year provided it can be inferred from circumstances that the relevant state of affairs has been conclusively resolved.
Newsletter
It is possible to subscribe to a newsletter on our website that is free of charge. When subscribing to the newsletter, the data entered into the input mask are transmitted to us. Furthermore, the following data are collected upon registration:
- IP address of the requesting device
- Date and time of subscription
- URL at which you subscribed
If you contact us via a contact form on our website, provide your e-mail address and furthermore consent to receive our newsletter, this e-mail address can subsequently be used for sending a newsletter.
The processing of personal data is based on the following given consent according to Article 6 para. 1 lit. a GDPR:
I consent to the collection, storage, and procession of my personal data for the purpose of sending a newsletter. I hereby declare that this consent is given voluntarily. I have been informed that I can withdraw my consent at any time with future effect without adverse consequences. I can withdraw my consent from the newsletter by clicking on the unsubscribe link in the footer of each newsletter. Alternatively, I can address my withdrawal of consent to info@pinked.at. In the case of my withdrawal, my data will be deleted.
For sending the newsletter, we use a so-called double opt-in procedure, i.e. we will only send you the newsletter once you have confirmed your registration via a link provided in the confirmation e-mail sent to you for this purpose. With this, we want to guarantee that only you as the owner of the given e-mail address can subscribe to the newsletter. Your confirmation regarding this matter must follow promptly upon receiving the confirmation e-mail since otherwise your newsletter registration is deleted from our database. In this context, we store the date and time of the confirmation as well as the IP address from which the confirmation is made.
Collecting the user’s e-mail address serves the purpose of delivering the newsletter.
When registering for the respective newsletter, your e-mail address will be used for our own (marketing) purposes and to inform you about our partners until you unsubscribe from the newsletter.
Other personal data collected in the course of the registration process are used to prevent abuse of services or the used e-mail address.
Data will be deleted as soon as their collection no longer serves the fulfilment of their purpose, Accordingly, your data will be stored as long as the subscription to the newsletter is active.
In connection with data processing for sending newsletters, no data will be disclosed to third parties. Data will be used strictly for sending the respective newsletter.
When receiving/opening our newsletter, the following data is collected:
- IP address
- Browser type
- E-mail programme
In addition, we store newsletter openings and link clicks on the user level. These data give us information about the performance of our newsletter. If a so-called do-not-track header – a request to not record users’ activities – is sent when you receive/open the newsletter, we respect this request – openings and link clicks are not collected.
Security measures for protecting stored data
We commit ourselves to protecting your privacy and treating your data as confidential. To prevent manipulation, loss, or abuse of the data stored by us, we implement technical and organisational safety precautions that are reviewed on a regular basis and updated in accordance with technological developments, such as, among other things, the use of recognised encryption methods (TLS). However, we would like to point out that due to the nature of the internet it is possible that other persons or institutions outside of our control do not abide by the rules of data protection and the abovementioned security precautions. In particular, data that are revealed without encryption – e.g. where data are transmitted via e-mail – can be read by third parties. Technically, we have no influence on this. It is in the user’s responsibility to protect the provided data against abuse by means of encryption or other measures.
Objection
Concerning the processing of your personal data based on legitimate interests corresponding to Article 6 para. 1 lit. f GDPR you have the right to enter an objection against the processing of your personal data based on Article 21 GDPR provided there are reasons relating to your particular situation, or in case the objection is directed towards direct advertising. In the case of direct advertising, you have a general right to object that we will enforce without requiring a particular situation or reason. Please contact info@pinked.at concerning an objection.
Your Rights as a Data Subject
The following rights arise from the GDPR for you as the subject of the processing of personal data:
- According to Article 15 GDPR, you have the right to demand information on your personal data processed by us. In particular, you can demand information on processing purposes, the categories of personal data, categories of recipients to whom your data were or are disclosed, planned storage periods, the existence of the right to rectification, erasure, restriction of processing or objection, the existence of the right to lodge a complaint, the source of your data provided they have not been collected by us, the transfer of data to third countries or international organisations, as well as the existence of automated decision-making and profiling and, if applicable, meaningful and significant information on their details.
- According to Article 16 GDPR, you have the right to demand the rectification of incorrect personal data or the completion of incomplete personal data stored by us without any undue delay.
- According to Article 17 GDPR, you have the right to demand the erasure of personal data stored by us provided that the processing is not imperative for exercising the right to freedom of speech and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise, or defence of legal claims.
- According to Article 18 GDPR, you have the right to demand the restriction of the processing of your personal data provided that you deny the correctness of data, the processing is unlawful, we do not require the data in question anymore and you object to their erasure because you need them for the assertion, exercise, or defence of legal claims. The right arising from Article 18 GDPR remains in force even if you objected to processing in accordance with Article 21 GDPR.
- According to Article 20 GDPR, you have the right to obtain personal data that you provided to us in a structured, common, and machine-processable format, or you can demand the transmission to another responsible body.
- According to Article 7 para. 3 GDPR, you have the right to withdraw your consent that you once granted us at all times. This implicates that, with future effect, we may no longer pursue the data processing that was based on this consent.
- According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can consult the supervisory authority of your usual residence, your workplace, or our place of business. In Austria, the responsible supervisory authority is the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, telephone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at, website: dsb.gv.at.