DECLARATION OF DATA PROTECTION
The scope of this data protection declaration extends to the entire website of gehgassi GmbH, which can be reached under https://gehgassi.com and the various subdomains.
1. Data Controller/Data Protection Officer:
Managing Director/Data Protection Officer: Sophie Zimmermann, MAS; Kilian Wirl
Judengasse 1 2/2
5020 Salzburg, Austria
2. Τypes of processed data:
We collect and use personal data from you to the extent necessary to provide a functional website and our content and services or information.
The data we process is your
2.1. Inventory data (title, surname and first name, date of birth, gender, billing address)
2.2. Contact details (e-mail address, telephone number)
2.3. Usage data (device information, IP address, access time, cookies, log files)
2.4. Other personal data (your data that you disclose with your consent or otherwise in a permissible manner for the purpose of processing the services we offer, such as: Your bank details or credit card number but also sensitive data such as biometric data by uploading a photo).
3. Collection and Processing of Personal Data:
Your personal data will only be collected and processed to the extent permitted by law. This is the case if you have consented to the processing of your personal data for one or more specific purposes (Art. 6 para. 1 lit. a GDPR). The processing of your personal data is also necessary to fulfil a legal obligation incumbent on us. Your data will be processed by us if you have registered by creating a user account on our homepage (https://gehgassi.com) or in our app (Gehgassi) and are communicated by you in the course of this or if you otherwise contact us in any way. We use your data to enable you to use our platform and communicate with you. The personal data you provide to us will only be processed for the purpose for which you provided it to us.
4. Data processing when contacting or opening a user account:
As part of your contact with us (e.g. by e-mail; Registration on https://gehgassi.com or our app), personal data is collected. This data will be stored and processed exclusively for the purpose of answering your inquiry or for further contact with you and the associated technical administration. Art. 6 para 1 lit f GDPR forms the legal basis for the processing of your data as our legitimate interest in responding to your request. After final processing of your request or after termination of the contact, your data will be deleted by us, unless there is a statutory retention obligation to the contrary.
Your personal data will be collected by us in accordance with Art. 6 para. 1 lit a GDPR , provided that you provide it to us when opening a user account. Which data is collected can be seen from the registration form.
The deletion of your user account is possible at any time either by sending an email message to us as the person responsible or by clicking on the button "Delete user account" in your user account mask. We store and use your disclosed data until complete service processing, after which they will be blocked with regard to tax and company law retention periods and deleted after expiry of these periods, unless you expressly agree to a further use of your data or a legally permitted We reserve the right to further use of your data.
5. Contact form:
We offer you on our website under https://gehgassi.com/kontakt/ to contact us via a form provided.
If you use the contact form, we process your full name, e-mail address and, optionally, your telephone number. The provision of your personal data serves the purpose of processing your request. Your personal data disclosed in the contact form will not be passed on to third parties. The data processing described above takes place on the basis of Art. 6 para. 1 lit. a GDPR, after you voluntarily give your consent when submitting the form.
If the request made by you has been processed and completed, your personal data disclosed in the contact form will be irrevocably deleted by us. Further storage may take place in the legally prescribed case.
6. Data collection for service processing:
In order to process your services offered or to accept services from third parties , we work together with the following service providers who support us in whole or in part in the execution of contracts concluded between you and third parties. Certain personal data will be transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the users of our platform selected by you as part of the provision of services, insofar as this is necessary for the processing of services and your consent has been given by you. We will only pass on your bank and credit card details to the commissioned bank as part of payment processing, insofar as this is necessary for payment processing. For the proper performance of the contract between you and other users of our platform, the collection and disclosure of the data is necessary and Art. 6 para. 1 lit b GDPR provides the legal basis for this. However, you also give your express consent to the transfer of your personal data to payment service providers, for example, when completing a booking process, which is why Art. 6 para. 1 lit. a GDPR also applies.
In principle, we do not pass on any personal data to third parties outside the European Union and the European Economic Area.
6.1.Disclosure of personal data to payment service providers
To fulfil our contractual obligations,
we work together with the following payment service providers:
2 Avenue Amélie
Whether credit card payment, immediate payment or maestro, payment is processed via the payment service provider MANGOPAY SA.. to whom we pass on your data provided during the registration process purely for the purpose of payment processing in accordance with Article 6 (1) (b) GDPR. The transfer takes place only to the extent that it is actually necessary for payment processing. MANGOPAY SA.. receives the necessary personal data and payment data for the execution of the payment.
Further information on the dataprotection provisions of MANGOPAY SA. can be found at the following Internet address. : https://mangopay.com/privacy-statement
7. Cooperation partner:
In order to provide you with a comprehensive range of services, we work together with a wide variety of cooperation partners. This allows you, but also third parties, to perceive and use our website and our offer. Our cooperation partners receive anonymous information and key figures from us about the number of accesses to the website and app. Personal data is not transmitted and the data transferred does not allow any conclusions to be drawn about persons.
8. Use of your data to receive newsletters:
Users receive newsletters by e-mail after express written consent from us. After you have registered to receive our newsletter and given your consent by clicking on the"Sign up button", you will receive an e-mail from us as confirmation of your consent with a link to repeat the registration confirmation. After carrying out the so-called double opt-in procedure, you are registered for the newsletter.
After your consent, you will receive newsletters from us at regular intervals with current information about our offers and news.
You can revoke your consent at any time by sending us a corresponding written notification. After you unsubscribe, your e-mail address will be deleted immediately from the mailing list of our newsletter, unless you have expressly consented to further use of your data by us or further use of your data by us has been reserved, insofar as permitted by law and stated in this data protection declaration.
9. Online presence / Social media:
We are active within social networks and platforms in order to get in touch with users, interested parties and customers and to inform them about our services. When the respective platform/networks are accessed , the respective general terms and conditions and data protection processing guidelines apply.
We process the data of users, interested parties and customers, insofar as we contact them on platforms and social networks, for example by writing texts on our online presences or by processing text messages.
10. Public data:
Data that is public is visible to everyone. In order to be able to use our offer, some data that you provide to us is always public. This includes your language, your place of residence and a section of your profile so that you can connect with other users. Your public profile includes your first name, gender, place of residence, and profile picture.
The indication of your language, your place of residence, your first name, your gender and your profile picture gives users the opportunity to find you and perhaps recognize you but also to use our offer as desired.
For further information that you voluntarily share in the context of contact with users, we are not responsible and we assume no liability for it.
12. Tracking and analysis tools:
We work on our website with so-called "hyperlinks", which redirect you directly to the websites of other providers when clicked. You can see this by changing the URL in your browser.
We assume no responsibility for the handling of your data on these websites. Please inform yourself about the handling of your personal data on these websites directly on the corresponding websites.
Social plugins of social networks, especially Facebook, Instagram, Tiktok, Youtube and Snapchat are included on https://gehgassi.com.
When you visit our website, the plugin establishes a direct connection between your browser and the respective social network. The latter receives the information that you have visited our site and can assign you to your account if necessary on the basis of the transmitted data. If you do not want such a direct assignment, we recommend logging out of the account of the respective provider/social network before visiting our services.
The Facebook plugins are used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the widest possible visibility in social media.
We would like to point out that we have no knowledge of the content of the transmitted data or its use by the corresponding social network. For further information, please refer to the corresponding data protection declaration.
As a data subject of the processing of personal data, you have the following rights under the General Data Protection Regulation:
- You have the right to information about your personal data processed by us as well as the purposes of processing, the categories of personal data being processed, the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, if possible the planned duration for which the personal data stored, or, if that is not possible, the criteria used to determine that period, the existence of a right to rectification or erasure of personal data concerning him or her or to restriction of processing by the controller or a right to object to such processing, the existence of a right of appeal to a supervisory authority; where the personal data are not collected from the data subject, any available information as to the source of the data; the existence of automated decision-making, including profiling, and, where applicable, meaningful information on its details. (Art. 15 GDPR)
- You can also request the immediate correction of incorrect or the completion of your personal data stored by us. (Art. 16 GDPR)
- You can demand from us that we delete your personal data stored by us immediately, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or toassert, exercise or defend legal claims. (Art. 17 GDPR)
- You can request the restriction of the processing of your personal data if the accuracy of your data is disputed, the processing is unlawful, we no longer need your data and you do not give your consent to the deletion because you need it to assert, exercise or defend legal claims. (Art. 18 GDPR)
- You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. (Art. 20 GDPR)
- You have the right to revoke your consent to us at any time in writing to firstname.lastname@example.org. As soon as we have received the revocation, we may no longer process your data. (Art. 7 para. 3 GDPR)
- Furthermore, if you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you have the right to lodge a complaint with the supervisory authority. Information and the responsible data protection authority can be found here: https://www.dsb.gv.at/
16. Right to object:
In accordance with Article 21 GDPR, you have the right to object to the processing of your personal data if there are reasons for doing so, arising from your particular situation, or if the objection is directed against direct marketing. In the case of direct advertising, you have the right to object at any time; this also applies to profiling to the extent that it is associated with such direct marketing. Once you have objected, your personal data will no longer be processed for these purposes.
17. Duration of data storage:
In principle, we delete your personal data if they are no longer required to display the website or if they are no longer required to display the website. you no longer use our services. For the operation of the website, the collection of data and its storage in log files is absolutely necessary, there is no possibility of objection. Further storage takes place in individual cases, insofar as this is provided for by law.
18. Security measures/data security:
We are obliged to treat your personal data confidentially. We have taken extensive technical and organizational precautions to prevent manipulation or loss/misuse of your data stored by us. However, we would like to point out that it is possible that others may not comply with the standards of the Data Protection Act and our security measures by others, which is not our responsibility and we assume no liability for this. In particular, there is the possibility that unencrypted disclosed data is read by third parties. This is beyond our control. It is therefore your personal responsibility as a user of our offer to protect the unencrypted data provided by you.