Privacy Statement Fabasoft

Due to the nature of the business, data protection is of particularly high importance to the Fabasoft Group. Fabasoft plc and its subsidiary companies (known as: “Fabasoft”) have dedicated themselves to the protection of data and, in particular, of personal data. Exactly how Fabasoft uses and protects personal data, such as first and surnames, email addresses or telephone numbers, will be outlined in more detail in this privacy statement. The use of personal data complies with the requirements of the EU’s General Data Protection Regulation also referred to in the following as "GDPR" and the relevant country-specific data protection regulations. The transfer of data for processing, both within and outside Fabasoft, for the purpose of job processing, is exclusively based on data processing agreements.

Valid as of 15 October 2020PDF download of the Fabasoft Privacy Statement (136 KB)

Contact Data Privacy Team

Fabasoft has a data security team (“Privacy Team”) entrusted with legal data security issues. You can contact the Privacy Team as follows:

privacy@fabasoft.com

Fabasoft AG, c/o Privacy Team, Honauerstrasse 4, 4020 Linz, Austria

 
If required by EU-GDPR or national regulations, Fabasoft has appointed data protection officers whom you can contact directly using the contact data below:

  • Austria:
    Mag. Gregor Haidenthaler, M.B.L.- HSG
    dpo-at@fabasoft.com
    Fabasoft AG, c/o Data Protection Officer AT, Honauerstrasse 4, 4020 Linz, Austria
  • Germany:
    intersoft consulting services AG | Team Data Protection I, dpo-de@fabasoft.com
    Fabasoft AG, c/o Data Protection Officer DE, Honauerstrasse 4, 4020 Linz, Austria

A. General Information

A.1. Who is responsible for data processing? - The Group’s Structure

The Fabasoft-company, with which you have a legal relationship, is responsible for your data protection. You will find all Fabasoft companies listed here:

 

Companies

Country Location
Fabasoft AG (parent company) Austria Honauerstrasse 4
4020 Linz
Fabasoft International Services GmbH Austria Honauerstrasse 4
4020 Linz
Fabasoft R&D GmbH Austria Honauerstrasse 4
4020 Linz
Fabasoft Austria GmbH Austria Honauerstrasse 4
4020 Linz
Fabasoft Deutschland GmbH Germany THE SQUAIRE 13, Am Flughafen
60549 Frankfurt am Main
Fabasoft Schweiz AG Switzerland Spitalgasse 36
3011 Bern
Mindbreeze GmbH1) Austria Honauerstrasse 2
4020 Linz
Mindbreeze Corporation1) USA 311 West Monroe Street, Suite 303
Chicago, IL 60606
Xpublisher GmbH2) Germany Schleißheimer Strasse 6-10
80333 München
Xpublisher Inc.2) USA Convene, 3rd floor
311 West Monroe Street
Chicago, IL, 60606

Additional Information:

1) Mindbreeze GmbH and its subsidiary company, the Mindbreeze Corporation, belong to the Fabasoft Group, but they have their own website, available at: www.mindbreeze.com and have their own public corporate design.

2) Xpublisher GmbH and its subsidiary company, the Xpublisher Inc., belong to the Fabasoft Group, but they have their own website, available at: www.xpublisher.com and have their own public corporate design.

The current privacy statement provides information about how Fabasoft handles personal data within its business operations, in particular with regard to the Fabasoft website (www.fabasoft.com). Due to its particular characteristics, there are a number of additional, separate privacy statements for the following areas:

With this privacy statement, Fabasoft is informing the data subjects of the nature, scope and purpose of the data they process, as well as informing them of their legal rights with regard to this. Since the technical and legal frameworks for processing personal data undergo continuous and progressive development, Fabasoft is committed to adhering to these changes.

The current version of this privacy statement is available at: https://www.fabasoft.com/privacy and is also available to download for free as a PDF.

A.2. Which data are processed? Where does the data come from (the data sources)?

 

1. Data collected from the data subject

  • Fabasoft processes personal data that has been collected directly from the data subject.
  • Fabasoft processes personal data that it obtains through its business relations (with customers, suppliers, partners or support requests) in order to fulfil a contract or to implement pre-contract procedures.
  • Fabasoft processes personal data supplied directly by the customers.
  • Fabasoft processes personal data that are required in order to fulfil a legal obligation.
  • Fabasoft processes personal data for which consent has been granted, for various reasons, by the data subject.

Personal data includes: title, first name(s), surname, email address(es), home address(es), telephone number(s), fax number, date of birth (if provided), contract details (incl. contact details of the contracting parties as well as contact persons), company details, other relevant information (correspondence history, contact details, data relating to reminders and actions).

When you make use of our support, we process data about your support inquiry (problem description, log files, attachments, screenshots, communication, documentation of troubleshooting, contact details of the involved persons). 

 

2. Data not directly collected from the data subject

In addition, Fabasoft processes personal data that is not directly obtained from the data subject. This includes the following data: telephone numbers, job titles, gender, company name, size of the company, titles, industry, street, post code, locations and country.

This data comes from publicly accessible registers, company websites and information published by individuals on business platforms (XING, LinkedIN) or on social media platforms.

A.3. Why is personal data processed and what is the legal basis for doing this?

  1. The fulfilment of contractual and pre-contractual obligations.
    Processing personal data is important for providing products and services that are appropriate for the required/commissioned scope of the project. The purpose of data processing is strictly aligned with the commissioned product or service. You will find more detailed information on this topic on our website www.fabasoft.com. Personal data are processed for the purpose of fulfilling existing contracts or within the framework of initiating new contracts.
     
  2. The fulfilment of legal obligations.
    As far as the processing of personal data is necessary to fulfil a legal obligation that is subject to our company, Art. 6 para. 1 lit. c DSGVO applies as the legal basis for data processing. There are special legal obligations arising, for instance, from the stock exchange listing and the organisation of our company as a public limited company, for example connected to the holding of the annual general meeting or due to international financial reporting standards.
     
  3. Protecting legitimate interests
    It is in Fabasoft’s interest to continuously improve its products and services and allow the active particiaption of all interested parties in the sustainable development of our company (key topics). In order to receive feedback, Fabasoft invites all interested parties to participate in surveys on key topics within the framework of a sustainable development of our company. These surveys can be answered without disclosing personal data. The provision of personal data is voluntary and not a requirement. These findings serve to further improve the products and services of Fabasoft.

    It is in the interest of Fabasoft customers and interested persons/companies to provide the best possible information about market trends and market developments. Fabasoft also makes comprehensive research papers available for download free of charge in which Fabasoft products and services have been evaluated by renowned analyst firms. In addition, Fabasoft strives to provide the best possible support and advice for customers and interested persons/companies. In this context, Fabasoft or a responsible Fabasoft partner will contact you by e-mail, provided that you have given your consent (this consent can be revoked at any time; the data processing that has been carried out until such time remains lawful).
     

  4. Data processing and consent
    Irrespective of the above-mentioned legal bases, Fabasoft may require consent for certain processing operations and obtain it from the person concerned. If Fabasoft is granted consent to the processing of personal data, the data will be processed exclusively for the purposes specified in this consent, such as sending information in the "Fabasoft Times" newsletter or Fabasoft eGov newsletter, information on webinars, events, blog articles, downloading resources or research reports. The consent may be revoked at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation.

 

In the interest of Fabasoft customers (contractual relationship) and potential customers (pre-contractual measures), it is important for Fabasoft to provide regular information on the ongoing development of their products and services as well as on trends in this sector and topics that are relevant to the market. Fabasoft also hosts their own events, presents the company at events, holds webinars, and provides information by means of e-mail newsletters.

Those data received by Fabasoft in the course of its contractual relationship with the customer, will be processed by Fabasoft in order to send emails, letters or advertising brochures to customers for the purpose of depicting and presenting Fabasoft products (Art. 6 (1)(f) GDPR). The customer has the right to object to this processing of the customer's data for the purpose of direct advertising, said right can be exercised at any time without giving reasons by means of letter to Fabasoft c/o Privacy or email to privacy@fabasoft.com. Fabasoft will process the customer data for this purpose for as long as the customer lodges no objection, however, up to a maximum of 3 years after the last activity. Where other forms of direct advertising are concerned, Fabasoft will only process the customer data if the customer has expressly given its express consent to the processing of its data (Art. 6 (1)(a) GDPR). If the customer has given its consent to the data processing, it can revoke this consent without giving reasons by means of letter to Fabasoft or email to privacy@fabasoft.com. The processing performed until objection is made against such processing or until consent is revoked shall remain lawful. The processing of the personal data of the customer for the purpose of direct advertising is not necessary for the execution of the contractual relationship.

 

A.4. Who receives the personal data?

 

Within Fabasoft, the individual employees, departments or Fabasoft companies, that require it in order to fulfil contractual or legal obligations, such as legitimate interests, receive the personal data. Furthermore, if necessary, we will transfer your data to tax consultants and auditors for purposes of tax consultancy and auditing and, in individual cases, to lawyers and courts, if necessary for legal advice or law enforcement purposes.  In individual cases, we also forward your data to our data protection officer in Austria or Germany in order to obtain advice on the implementation of data protection regulations, e.g. if you assert claims against us. In addition, Fabasoft employs various sub-contractors, to whom personal data is transferred to enable them to effectively carry out their respective services.

All sub-contractors are required to use the data solely for the purpose of providing the service that has been clearly defined by Fabasoft.

Through contractual agreements, Fabasoft collaborates with the following providers when dealing with marketing and communication:

  • SC-Networks GmbH, Starnberg, Germany
    Service: Sending of e-mail newsletters and e-mail direct mails to Fabasofta customers and interested parties using the marketing solution Evalanche. The data required for the sending of the emails (e.g. salutation, first and surname, email address, addresses, communication data, behavioural data) are stored on the servers of SC-Networks GmbH in Germany. Fabasoft uses Evalance to analyse the opening and clicking behaviour of the email newsletter and email direct mails sent. Processing is based on your consent, which you can revoke at any time using the unsubscribe function at the end of each newsletter sent by Fabasoft. The legality of the already completed data processing operations remains unaffected by the revocation.
  • Swat.io GmbH located in Vienna, Austria
    Service: The company provides services in the field of social media publishing. The software swat.io enables us to keep track of and maintain our social media presence. Monitoring functions are not used.
  • LogMeIn. Inc, located in Boston, Massachusetts, USA
    Service: Platform for the organisation and implementation of webinars.
    Information on compliance with the GDPR: https://www.logmeininc.com/gdpr/gdpr-compliance
    Swiss-US-Privacy Shield Framework: https://www.privacyshield.gov/list
  • Lewis Communications GmbH, located in Düsseldorf, Germany.
    Service: The agency provides services for Fabasoft concerning public relations
  • Trummer & Team GmbH, located in Vienna, Austria
    Service: The agency provides services for Fabasoft concerning public relations
  • Fabasoft International Services GmbH
    Service: The provision of services for the whole Fabasoft Group
  • Fabasoft Austria GmbH
    Service: Fabasoft Austria GmbH provides the customer support services for Fabasoft products.

Insofar personal data are to be transmitted to the USA or any other country with a less stringent level of data protection, Fabasoft ensures in advance that a suitable level of data protection is in place. The appropriate or reasonable guarantees agreed in individual cases, as well as the possibility of obtaining a copy, are available at privacy@fabasoft.com.

A.5. For how long is data stored?

Fabasoft stores personal data for as long as is necessary for the duration of the business relationship, from the initiation, to the execution and until the termination of the contract. In addition, it complies with the records management, retention and disposal policy, which stems from the legal business and fiscal retention requirement (usually a period of 10 years) or from the limitation periods outlined in the German Civil Code (up to 30 years).

Personal information (for example for a newsletter, announcement, webinar etc) that is submitted to Fabasoft with consent will be stored for a maximum of three years after its last activity, provided that it is not withdrawn before this period ends.

A.6. Where is the data stored?

Fabasoft stores data on its own hardware in highly secure, external data centres in Germany, Austria and Switzerland.

A.7. What are the data subject’s data protection rights?

You have the right to disclosure, correction, removal or restriction in the processing of the stored information. You have the right to object to the use of your personal information as well as the right to data portability in accordance with the requirements of the data protection law.

In the event that you withdraw consent to use your personal information, Fabasoft will immediately stop using this data, provided that the use of this data is solely based on your consent. Exceptions arise as a result of legal or contractual obligations, which render storing data necessary, but this is only in the event of the aforementioned obligations. The legitimacy of the processing, for which consent was granted, remains intact until the consent is withdrawn.

All Fabasoft companies may demand any of the rights outlined above through the following channels.

By email: privacy@fabasoft.com
By post: Fabasoft AG, c/o Privacy, Honauerstraße 4, 4020 Linz, Austria 

All rights asserted against Fabasoft must be submitted in writing. To prevent any misuse of these rights by unauthorised parties, you are obliged to verify your identity vis-à-vis Fabasoft in a suitable manner if we are not able to ascertain this beyond doubt. Every person has the right of access.

Fabasoft is free to continue to use the personal data concerned provided they have been anonymised prior to such use in such a way that it is no longer possible to relate the data to an identified or identifiable individual.

Complaints should be directed to the Austrian Data Protection Authority or to another data protection authority within the European Union or Switzerland, preferably where you live or work.

A.8. Contact with Data Protection Officers

Fabasoft has a data security team at its disposal that is dedicated to data protection issues (“Privacy Team”) The contact details for this privacy team are available at: https://www.fabasoft.com/privacy. The privacy team can be contacted at: privacy@fabasoft.com

As far as the GDPR, or rather national regulations, require, Fabasoft will appoint a data protection officer. The contact details of this data protection officer are available at: https://www.fabasoft.com/privacy

A.9. Compulsory provision of personal information

In the context of the business contract or pre-contractual procedures, personal data necessary for the execution of the business contract, and to which Fabasoft is legally obliged to collect, must be provided. If this information is not provided, the delivery of products and service, for example, will not be possible.

 

B. Additional Information About the Fabasoft Website

B.1. Data collection

The Fabasoft website collects general information with every visit. Such information includes, for example: the IP address, the type of browser used, the language, the login pages, the device used, the volume of data transmitted, the browsing history as well as the HTTP referrer.

Fabasoft does not use this data to draw any conclusions about the data subject. This information will be needed in order to successfully deliver the content of the website, to guarantee the website is always functioning or to provide relevant information to the authorities.

In addition, the Fabasoft website offers many opportunities to register your personal information or to get in contact with the company through the email addresses provided. The following Fabasoft companies are responsible for your data protection for the purposes listed in the tabular below:

  • For Germany: Fabasoft Deutschland GmbH
  • For Switzerland: Fabasoft Schweiz AG
  • For Austria and all other countries: Fabasoft Austria GmbH

For a better overview, the ways in which you can register will be outlined separately:

Ways to register

The purpose of data collection
To register for the Fabasoft partner programme as Cloud Broker To send information about the partner programme with the aim of attracting this interested person as a partner
To register for the Fabasoft partner programme as Cloud Developer To send information about the partner programme with the aim of attracting this interested person as a partner
To register for the newsletter “Fabasoft Times” To send information about the product Fabasoft Cloud, as well as information on the issue of digitalisation, approx. 1x/month
To register for the newsletter “eGov” To send information about Fabasoft’s product eGove-Suite, as well as information on the issue of E-Documents/E-Government, approx. 1x/quarter
Register for webinars To send information about webinars, access details for webinar participants, check the status of registrations, as well as progress reports, and information about similar webinars or events (via the "Fabasoft Times" newsletter or a personal letter)
Register for Fabasoft events To send information about events, communicate the status of registrations, as well as progress reports and to distribute information about similar events or webinars (via the "Fabasoft Times" newsletter or a personal letter)
Register for blog articles Information about new blog articles available on the Fabasoft website, approx. 2x/month
Register to download resources
Selected documents such as whitepapers and case studies are made available here after registration.
To forward the download link to the necessary documents via email
To send additional supporting information about the products or services via email
Register for Fabasoft Cloud (Test access) https://www.fabasoft.com/cloudservices/data-security
https://www.fabasoft.com/public-cloud/contract
Register for the Fabasoft Cloud as an existing customer or guest https://www.fabasoft.com/cloudservices/data-security
Online application See separate privacy statement “Data protection for applicants during the application process”
Request help from sales or support team Contact the sales or support team
Fabasoft Shop (order Fabasoft Cloud) https://www.fabasoft.com/public-cloud/contract
https://www.fabasoft.com/cloudservices/gtc
Sign up for fee-based trainings To send information about training, communicate the registration status, and to send information about similar trainings
https://www.fabasoft.com/en/support/product-trainigs/gtc-training-services
Providing information about products and services To receive information about the technical advancements of products such as Release Notes, Software Product Information (SPI), Knowledge Base on a regular basis

When registering for one or more of the purposes mentioned above, personal data will only be collected in the form of first name(s), surname(s), email address, company, job title, gender, telephone number, street, postcode, location and country. This information contributes to providing an efficient service and will be processed if consent is granted.

B.2. Sending requests to general email addresses

On the Fabasoft website, to contact Fabasoft additional general email addresses will be provided. When you send us an email, it is automatically directed to the relevant person so that you query can be processed.

B.3. The use of cookies

If you click on “accept cookies” when you visit our website, you thereby accept all types of cookies or you click on “Manage settings” to receive more detailed information and determine individually which cookies you consent to. You can manage the settings you have made at any time under the item “Cookie settings” in the footer of the website. 

Fabasoft uses the following cookies: 

Cookies are small text files that are saved by the website server onto the user’s device hard drive (computer, notebook, tablet, smartphone etc) via your internet browser. This information is called up at subsequent visits to the website and enables the website to recognise your device. Both personal and non-personal data can be saved in cookies. User profiles can also be created through the placing of cookies. 

Session cookies are delected at the end of the session, i.e. when you close your browser. They record navigation through the website so that the website “remembers” your entries. These session cookies are normally used to temporarily save the user’s entries when filling in online forms that span several pages or to temporarily save the information entered by the user when adding items to online shopping baskets. Such entries may include: data entered when placing an order, currency, login status or simply when navigating through the site. 
 

Essential cookies:
Essential cookies enable basic functions and are needed to ensure proper functioning of the website. These cookies are first-party cookies that belong to Fabasoft.

Cookie name

Purpose/description

Lifespan

JSESSIONID

Session ID for the website search. It is placed when the search function is used. Searching on the website is not possible otherwise.

30 days

cookie_settings

Saves information concerning your cookie settings.

30 days

TEAMNX

Fabasoft makes downloads available via public links from its product Fabasoft Cloud. This cookie optimises performance distribution, so downloads can be provided with optimum performance.

9 hours

_pk_ses* Session identifier for Matomo 30 minutes
_pk_id* Session identifier for Matomo 13 months
_pk_ref* Session identifier for Matomo 6 months
_pk_hsr* Stores anonymised data about your visit for a short time 30 minutes

Fabsoft offers entry in its product “Fabasoft Cloud” via its website. When you click on the button “Cloud login” you are redirected to the domains of the product (at.cloud.fabasoft.com) and more product-related cookies are set. You will find more detailed information on this topic at Performance Characteristics Data Security

Cookie name Purpose/description Lifespan

TEAM

Session ID for Fabasoft Cloud

1 hour

FABASESSIONID

Session ID for Fabasoft Cloud

7 days

apmguid

Session ID for Fabasoft Cloud

7 days

lastlogin

Saves the Fabasoft Cloud login method last used

7 days

remembermepass

Saves the last email address used for the login

7 days

Tracking and Analytics tools:

This website uses the open-source tool Matomo to analyse individual pages and components. You will find a detailed description of the use of analytics services under B.4.

Data is stored and collected on the following website for the purposes of marketing, market research and optimisation, using SalesViewer technology. You will find a detailed description of the use of analytics services under B.4.
 

B.4. The use of analytics services

Web analytics tool Matomo

This website uses the open-source tool Matomo to analyse individual pages and components. Matomo uses cookies to statistically analyse the use of this website. Usage information is transferred for analytic purposes; however, your IP address is anonymised immediately. As such, no personal data is stored for statistical evaluation. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the user of this website and it is not compiled alongside personal data about the person bearing the pseudonym. The data collected through Matomo is stored on our own servers. It will not be transferred to third parties. 

You can prevent Matomo from collecting data in the future by following this link https://matomo.org/privacy-policy/.
 

SalesViewer B2B website tracking

Based on the legitimate interests of the website operator (Art. 6 (1) (f) GDPR), data for marketing, market research and optimisation purposed are collected and saved on this website using the SalesViewer® technology from SalesViewer® GmbH.

SalesViewer allows the collection of the following information:

  • IP address
  • company or organisation visiting the site (via web domains) 
  • http Referrer 
  • last URL 
  • possible keyword (“if a search engine is used”)
  • time and duration of the visit
  • sub-pages visited
  • mouse tracking 

A JavaScript-based code is used here that serves to collect company-related data and the respective use. The data collected with this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data are immediately pseudonymised and are not used to identify the website visitor personally.

The data stored by SalesViewer are deleted as soon as they are no longer required for their intended purpose and if deleting them does not violate any legal obligations of retention.

The data collection and storage can be revoked at any time with immediate effect for the future, by clicking on the link https://www.salesviewer.com/opt-out, in order to prevent SalesViewer® collecting your data in future. 
 

Privacy policy regarding the employment and use of Google Ads

Fabasoft uses Google Ads. Google Ads is an internet advertising service that permits advertisers to change the advertisements both on Google’s search engine results page and on Google’s Display Network. Google AdWords enables advertisers to specify certain key words in advance that will trigger the display of specific advertisements on Google’s search engine page if the user searches for a relevant key word in the search engine. On Google’s Display Network, advertisements are filtered by an automatic algorithm and taking into account key words that have been entered on similar internet sites.

The operating company that provides the Google Ads service is Google Ireland Limited („Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of using Google Ads is to advertise our website by placing interesting and relevant advertisements on third-party companies’ websites, onto Google’s search engine results page. 

If one of Google’s advertisements succeeds in directing someone to our website, Google will file a so-called conversion cookie on this person’s device. Cookies have already been defined above.

A conversion cookie expires after thirty days and does not serve to identify the data subject. Provided that it has not yet expired, conversion cookies can be used to establish whether certain sub-sites, for example the basket in online shopping systems, are visited on our website.

Through conversion cookies, both we and Google can establish whether a data subject, who is directed to our website via an Ads advertisement, generates revenue, for example by making purchases in the basket or if they cancel them.

Google uses the data and information collected by conversion cookies in order to generate statistics on the number of visits to our website.

On the other hand, we use these statistics to determine the total number of people using our website and how many of them are directed to us by Ads advertisements. Therefore, we use this information to evaluate how successful various Ads advertisements are at directing people to our site and in order to streamline our Ads advertisements in the future. Neither our company nor Google AdWords’ other advertisement customers receive information from Google that would enable a data subject to be identified.

Through conversion cookies, personal information, for example internet sites visited by the data subject, will be stored. With each visit to our website, personal information will therefore be sent to Google in the USA, including the IP address of the data subject’s Internet connection. This personal information will be stored by Google in the USA. Google will pass on the personal information collected through online activity to third-parties if necessary.

The data subject can prevent the use of cookies on our website, at any time by changing the relevant settings of the internet browser and thus permanently reject the use of cookies, as explained above.

This setting on the internet browser would also prevent Google from creating a conversion cookie on the data subject’s computer system. In addition, cookies that have been already established by Google AdWords can be deleted via the internet browser, or other software programmes, at any time.

Furthermore, the data subject may reject personalised advertising from Google. To do so, the data subject must use the following link to remove the internet browsers they used and to set their desired settings: https://www.google.de/settings/ads

Additional information and Google’s current privacy policy can be found at this link: https://www.google.de/intl/de/policies/privacy 

 

B.5. Social Media Icons

Fabasoft also provides links on this website to the following social media sites: Twitter, Facebook, YouTube, Xing, LinkedIn, Instagram. Some of these links are displayed as icons. When you click on these social media icons (links) you will be subsequently redirected from the Fabasoft website to the respective social media site.

When you click on one of these links, you will be redirected to the respective website and are thus allowing the respective site operator to access your personal information. No personal data are collected by Fabasoft via these links.

 

C. Data protection information for visitors to our Facebook Fan Page

Data protection information for visitors to our Facebook Fan Page

If you visit our fan pages (https://www.facebook.com/fabasoft/ and https://www.facebook.com/Fabasoft-AG-133182076695530/ as well as https://www.facebook.com/RoboterProgrammieren) on Facebook, we will process personal data in connection with this visit, regardless of whether you are registered on Facebook or whether you are logged in or not. Fan pages are user accounts that can be set up by private individuals or companies on Facebook. This fan page allows us to present our company to Facebook users and individuals who visit our fan page, and also to communicate with these people. The data provided directly by you or by Facebook are used exclusively for the purpose of communication with customers and interested parties as an overriding legitimate interest according to Art. 6 (f) GDPR, putting us in a position to offer the most interesting information for you.

FaceBook provides fan page administrators with the “Page Insights” function, which we use to receive anonymised statitstical data about the users and visitors to our fan page. These so-called “Page Insights” are summerised statistics created using specific “events” that are recorded by Facebook when users or visitors interact with our fan page and its linked contents.

These data are collected using so-called cookies. These are small text files that are saved by Facebook onto the website user’s device hard drive (computer, notebook, tablet, smartphone etc) via the browser. This information is called up at subsequent visits to the website and enables the website to recognise your device. The information saved in the cookies is received, recorded and processed by Facebook in personalised form.

The purpose of the use of cookies is to improve the Facebook advertising system on the one hand and on the other to enable the use of cookies made available to us by Facebook statistics to manage and improve the marketing of our activities.

By creating the fan page, we contribute to the processing of the personal data of visitors to our fan page, regardless of whether these are registered with or logged-in to Facebook or not. Although Facebook provides the data collected using cookies to us solely in an anonymised form, the production of these statistics relies on the prior processing of personal data. For this reason, we, as administrators of the fan page, are involved in deciding the purposes and means of processing the personal data of visitors to our fan page, and as such, we are joint data controllers with Facebook as defined by Article 26 of the GDPR with regard to this processing. The joint responsibility includes the processing of your data for the purpose of creating “Page Insights” in connection with a visit or other interaction with our fan page or contents linked with it. We have entered into an agreement with Facebook concerning the joint responsibility in compliance with Art. 26 GDPR, whereby Facebook undertakes, among other things, to provide the data protection informantion pursuant to Art. 13 GDPR as well as to observe the rights of the data subject.

The main content of the agreement between the joint controllers is provided by Facebook Ireland and can be accessed via the following link: https://de-de.facebook.com/legal/terms/information_about_page_insights_data.

Depending on the respective event that triggers a recording, we receive from Facebook the following data categories in anonymised form:

Actions of individuals

  • Viewing a page, a post, a video, a story or other content linked with a page
  • Interacting with a story
  • Subscribing or unsubscribing to a page
  • “Like” or “Unlike” a page or post
  • Recommending the page in a post or comment
  • Commenting on, sharing or reacting to a post on the page (including the type of reaction)
  • Hiding a post on a page or reporting it as spam
  • Hovering the cursor over a link to a page or the name or the profile picture of a page to see a preview of the page content
  • Clicking on the website, telephone number or “Route planner” button or another button on the page
  • Viewing the event of page, reacting to an event (including type of reaction), clicking on a link for an event
  • Starting a Messenger conversation with the page
  • Viewing or clicking on an article in a page shop

Information on the actions, the individuals who carried out the actions and on the browsers/apps used for the actions

  • Date and time of the action
  • Country/town (estimation based on the IP address or logged in users from the user profile)
  • Language codes (from the HTTP header of the browser and/or language setting)
  • Age/gender group (from the user profile, only in the case of logged in users)
  • Previously visited websites (from the HTTP header of the browser)
  • Whether the action was carried out on a computer or a mobile device (from the browser user agent or from app attributes)
  • Facebook user ID (only in the case of logged in users)

We have no access to personal data that are processed within the framework of “Events”, only to the summerised Page Insights in the form of an anonymised statistical evaluation. As we have no access to personal data, we cannot transfer these to any third parties. Please find information on the legal basis of the data processing by any possible recipients or any possible transfers of your data by Facebook to third countries in Facebook’s privicy policy (https://www.facebook.com/privacy/explanation) and Facebook’s cookie policy (https://www.facebook.com/policies/cookies/). Please note, however, that we might be able to associate your profile picture with your “Like” fan page information if you marked the fan page with "Like" and set your "Like" page information to "Public".

According to the relevant Facebook terms of use and its privacy policy and cookie policy, if you are registered and logged into Facebook you consent to the processing of your personal data by Facebook. We draw your attention to the fact that we have no influence over Facebook’s terms of use or data privacy and cookie policy. Facebook uses cookies to determine whether you are logged into Facebook.

However, even if you are not registered or logged into Facebook, it is neverteless possible that if you click on a sub-page within our fan page or carry our some action within our fan page, Facebook will undertake a statistical analysis of your personal data and and transfer these anonymised statistics to us. If you do not click on any sub-pages or carry out any actions on our fan page (e.g. clicking on a photo or video in a post), your personal data will not be collected via cookies.

Cookies placed by Facebook are stored for up to two years after being placed or updated. Cookies already stored can be deleted at any time. You can also prevent the installation of cookies via your browser settings.

You have the right to demand at any time information as to which of your data are processed (Art. 15 GDPR). You have the right to have incomplete data completed and inaccurate data rectified or erased (Art. 16, 17 GDPR). Under certain circumstances you can demand erasure of your data (Art. 17 GDPR). However, the right to erasure does not apply if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims. Under certain circumstances you can also demand the restriction of the processing of your data (Art. 18 GDPR) and object to the processing of your data (Art. 21 GDPR). You have the right to receive the personal data which you have provided in a structured, commonly used and machine-readable format and to transmit these data to another controller or – if technically feasible – to allow Facebook to transmit the data (Art. 20 GDPR).

Insofar your data are processed based on your consent, you have the right to revoke this consent at any time. Such revocation shall in no way affect the legality of the data processing carried out until the time of the revocation.

For requests to exercise your rights as data subject, or to withdraw your consent in connection with the processing of data within the scope of Page Insights, please use the form linked in Facebook’s Data Policy for Page Insights data (https://de-de.facebook.com/legal/terms/information_about_page_insights_data) or contact Facebook Ireland by post at Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. You can always send your requests to us and we will then forward them to Facebook.

You have the right to lodge a complaint with the Irish Data Protection Commission, the Austrian Data Protection Authority or with another Data Protection Supervisory Authority in the EU, in particular at your habitual residence or place of work.

 

D. Data protection information for visitors to our Instagram account

Our Instagram presence allows us to present our company to the users of this network and to communicate with these individuals. The data provided directly by you or by Instagram are used exclusively for the purpose of communication with customers and interested parties as an overriding legitimate interest according to Art. 6 (f) GDPR, putting us in a position to offer the most interesting information for you.

Instagram is part of the Facebook corporate group and shares the infrastructure, systems and technology with Facebook Ireland and other Facebook companies.

If you visit our Instagram page, Instagram and its associated company Facebook collect your IP address and other personal data in the form of cookies. These are small text files that are saved by Instagram onto the website user’s device hard drive (computer, notebook, tablet, smartphone etc) via the browser. This information is called up at subseqent visits to the website and enables the website to recognise your device. The information saved in the cookies is received, recorded and processed by Facebook in personalised form. The purpose of the use of cookies is, among other things, to improve the Instagram advertising system. We have no influence on the the data collection and processing carried out by Instagram nor on the extent to which this occurs or the length of time these data are stored. Please find information on the legal basis of the data processing by any possible recipients or any possible transfers of your data by Facebook to third countries in the information on data protection (https://help.instagram.com/519522125107875) and the Instagram cookie policy (https://help.instagram.com/1896641480634370?ref=ig).

You have the right to demand at any time information as to which of your data are processed (Art. 15 GDPR). You have the right to have incomplete data completed and inaccurate data rectified or erased (Art. 16, 17 GDPR). Under certain circumstances you can demand erasure of your data (Art. 17 GDPR). However, the right to erasure does not apply if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims. Under certain circumstances you can also demand the restriction of the processing of your data (Art. 18 GDPR) and object to the processing of your data (Art. 21 GDPR). You have the right to receive the personal data which you have provided in a structured, commonly used and machine-readable format and to transmit these data to another controller or – if technically feasible – to allow Facebook to transmit the data (Art. 20 GDPR).

Insofar your data are processed based on your consent, you have the right to revoke this consent at any time. Such revocation shall in no way affect the legality of the data processing carried out until the time of the revocation.

For requests to exercise your rights as data subject, or to withdraw your consent, please use the form linked in Instagram’s Data Policy (https://help.instagram.com/519522125107875) or contact Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland by post. You can always send your requests to us and we will then forward them to Facebook if necessary.

You have the right to lodge a complaint with the Irish Data Protection Commission, the Austrian Data Protection Authority or with another Data Protection Supervisory Authority in the EU, in particular at your habitual residence or place of work.

Fabasoft International Services GmbH, Honauerstraße 4, 4020 Linz is responsible for the content of our Instagram page. You will find more detailted information about Fabasoft companies and our data processing at https://www.fabasoft.com/privacy.