WertInvest Beteiligungsverwaltungs GmbH
Mariahilfer Straße 1/Getreidemarkt 17
1060 Wien
Tel.: 01 961 95 38
ATU 68248112
office@wertinvest.at
dpc@wertinvest.at
Fax: 01 961 95 38 - 45
It is paramount to us that personal data be treated confidentially and securely. This policy is meant to guarantee the utmost transparency and information about our data processing operations, as well as the rights of all persons affected by that processing.
Whenever personal data is recorded on our website or used by us later, the statutory framework conditions are always complied with, especially the EU General Data Protection Regulation (GDPR). You will find additional information about the GDPR on the homepage of the data protection authorities (http://www.dsb.gv.at) or under: http://eur-lex.europa.eu/legal-content/DE/ALL/?uri=CELEX%3A32016R0679
We process personal data either because of automated functions (for more on this, see "Cookies and Co" below) or certain actions taken by visitors or users. Based on such operations or actions, we process data if:
• a declaration of support has been given,
• contents are sent, evaluated or commented on,
• there is participation in voting,
• a questionnaire if filled out,
• a petition letter is sent,
• a proprietary campaign is started,
• participation in actions or events is announced,
• events are created,
• a user account is opened,
• downloads or other contents are requested,
• contact with us is actively established using a contact form or email,
• reactions are made to functions in emails ("action links") or
• we are provided with other, optional information.
Depending on the website's specific function, we store the following data in particular to be processed: First name, last name, date of birth, gender, photo, address, email, telephone number, registration data, user name, password, IP address, the action being participated in, the activities that were taken, or other data explicitly visible in the respective form (such as transmitted content).
If personal data is collected during these actions or functions, we will process those data to enable these functions, and for the purposes implied by each function to realise the goals of the campaign. We also have a legitimate interest in the processing done to provide this service and, therefore, the smooth operations of the website, along with the data processing necessary to that end.
a) Establishing contact
Our goal is to inform about our company and our projects. Therefore, an essential component of our service is our Website to share all relevant information and our contact details. The data we receive is used to send messages via email, by post or other channels that are clearly identifiable in the respective form, based on the individualisation described above. You can always stop messages from being sent through the link contained in emails or by answering via email or letter to the contact addresses listed above.
b) Publication of data
Many functions of our website exist in order to publish data provided by users (personal committees, photo walls, etc.). In most cases this is obvious, but the website explicitly mentions this again before a button is clicked which would result in such publication. Sending the data constitutes implied consent to the publication (to withdraw that consent, see "Rights").
c) Legal basis of our data processing
Whenever functions of our website are used that require the entry and collection of personal data, by using those functions and entering those data you are giving us your consent to use those data in the forms mentioned. If special categories of personal data as defined by Art. 9 GDPR are or could be processed, such as political opinions, your explicit consent will be obtained by using a tick. But in any case, you can always withdraw your consent with effect for the future (see "Rights").
The legal basis for the data processing is therefore our legitimate interest in the effective provision of our services, and the implied or explicit consent to the action or function in question.
We would like to expressly point out that we do not collect and consolidate activity data, as mentioned, to serve "profiling" as defined by Art 22 GDPR, which would lead to an automated decision affecting the data subject or otherwise significantly impairing that party, but only to be able to offer information and services which match the user's interests.
To fulfil our website's functions, we rely on the expertise and services of specialised providers, including providers of email software, testing and analysis services, and technical infrastructure (hosting). Such forwarding is always performed within the restrictions of data protection law and only for the aforementioned purposes.
Processors render their services and process data exclusively on our behalf and on our express instructions. Under no circumstances may they use the data they receive for their own purposes or transmit those data to third parties.
These processors may also be situated individually in third countries outside the European Economic Area (EEA) or bring in sub-processors located in third countries. In any case, however, a level of data protection equal to that which applies in the EEA is ensured with the recipients, based on adequacy decisions of the commission or contractual agreements pursuant to Art. 46 GDPR.
We will never transmit to third parties any data which have been entrusted to us, to be processed for purposes other than those consented to or stipulated when they were collected.
With each access of our homepage or files provided on our webserver, certain technical data are logged: the IP address of the accessing computer, name of the accessed file(s), date and time of access, quantity of transmitted data, status report regarding the access and information about the browser used, operating system, internet service provider, websites from which the user arrived at our website (referrer) and the resources accessed by the user.
These data are stored to optimise our website's stability and security and to identify and pursue attacks on or misuse of our website. We have a legitimate interest in this processing (Art. 6 (1) f GDPR). The data will be deleted as soon as they are no longer needed to attain the objective for which they were collected.
Our website uses the following cookies: policy-popup, countryGeo, _gid, _gat, _ga; information from a website which is stored in the user's browser and to which only the website in question has access. Among other things, cookies make it possible to store settings, simplify registration, offer interest-based advertisement, combat fraud and analyse the website's use and functionality. Cookies have a lifespan (maximum storage period), after whose expiry they will be deleted from the browser automatically.
The following cookies are used on our website:
The following will describe which cookies and services we use from third-party providers and how the use of those cookies and services can be restricted. If you restrict or deactivate cookies, you may not be able to fully utilise our website or individual functions thereof.
Google Analytics
This website uses Google Analytics, a service of Google Inc. ("Google") to analyse website use.
We use the data collected by the cookies to observe and evaluate the use of our website and continually improve our website and services.
The information generated by Google Analytics will be transmitted to a Google server. This server can be located in various places, including the USA. We use the anonymised version of Google Analytics: In so doing, the last part of the IP address is removed before it is collected, preventing it from being connected to a specific user.
The storage of cookies can be prevented by adjusting your browser settings accordingly. By using our website, you are agreeing to the use of Google Analytics.
You can find more information about Google Analytics under http://www.google.at/intl/de/analytics, information about Google's privacy policy under http://www.google.de/policies/privacy and the possibility for restricting the use of Google Analytics in your current browser under https://tools.google.com/ dlpage/gaoptout?hl=de.
Email-Tracking
In the emails we send to the email address provided, we use "tracking pixels" to observe and evaluate the use of our emails and continually improve our email communication. When tracking pixels are used, an invisible image is called up when the email is shown, telling us that the email has been opened. No personal data are stored during this procedure. However, the reaction to the email or use of an action (such as participation in a survey by activating a link in the email) is recorded with a personal reference.
On request, we will gladly enable a user to do the following as soon as we can and to the extent possible:
• learn which personal data are currently being processed
• have erroneous personal data corrected
• restrict the processing of personal data
• have personal data erased, unless another legal basis exists for processing them further (such as statutory retention obligations or ongoing legal proceedings)
• object to the processing
• transmit the data to another controller
• withdraw consent to the processing, with effect for the future, although this will not affect the legality of processing that occurred before consent was withdrawn.
It is simplest to send an email request to the data protection officer named above. For many of these requests, the GDPR provides for a maximum response time of one month, with which we will do our best to comply. Although we try to react more quickly, please be patient, since many requests take longer to process if we are to deal with them completely and thoroughly.
To avoid misuse such as data theft, we might ask you to provide us with a suitable form of identification (such as a valid photo ID) while we are handling your request.
If you suspect something might be illegal, you also have the right to lodge a complaint with the competent supervisory authority (for Austria, this is the Data Protection Authority).
We will store and use the data we collect as long as those data are needed for the purposes described above — especially to maintain the contact for the duration of the campaign and until the campaign objective is reached — statutory provisions prescribe such storage, or until the user withdraws their consent, an objection is filed, or erasure is requested.
We try to use all technical and organisational measures to store personal data beyond the access of third parties. But we cannot guarantee that data communicated via email and websites will be absolutely secure, so we recommend sending confidential information by post.
Last revision: 22 May 2018