Preamble

The protection of your personal data is very important to us. We therefore process your data exclusively on the basis of the statutory provisions (GDPR, TKG 2021). In this data protection declaration we inform you about the most important aspects of data processing on our website.

1. Responsible for data processing

Responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) is:

fiskaly GmbH
Mariahilfer Straße 36/5 (4th floor)
1070 Vienna
Austria

e-mail:office@fiskaly.com

2. Data Protection Officer

The person responsible has appointed a data protection officer within the meaning of Art. 37 DSGVO. The contact details of the data protection officer are as follows:

CoreTEC IT Security Solutions GmbH
Ernst-Melchior-Gasse 24/DG
1020 Vienna
Austria

e-mail:dsgvo@coretec.at

3. Purposes and legal basis of the processed data

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the Data Protection Act (DSG) and all other relevant laws (TKG 2021). Depending on whether, for example, you access our website, contact us via the contact form, subscribe to our newsletter or have a contractual relationship with us, we process your data for different purposes based on the legal bases mentioned in the following paragraph.

Depending on the purpose of the processing of your data, your consent (Art 6 Para 1 lit a GDPR), our legitimate interests (Art 6 Para 1 lit f GDPR), the fulfillment of our (pre)contractual activities (Art 6 Para 1 lit b GDPR) or the fulfillment of legal obligations (Art 6 Para 1 lit c GDPR) may be applicable as the legal basis.

3. 1. Data processing when visiting our website

3.1.1. Browser data

When you visit our website, certain data is automatically transmitted to us by your browser and stored in so-called server log files. This includes the following data: Type and version of the browser used, operating system used, date and time the website was accessed and IP address. The legal basis for the processing of this data is our legitimate interest (Art 6 Para 1 lit f GDPR) in the functionality and improvement of our website.

3. 1. 2. Contact

You can contact us by telephone, e-mail or via our contact form. In the event of such contact, we only process the data you provide to process and process the contact request and, if necessary, to fulfill (pre)contractual rights and obligations. If the establishment of contact is related to the fulfillment of (pre-)contractual obligations, the processing is necessary for the fulfillment of a contract or pre-contractual obligations (Article 6 (1) (b) GDPR), which represents the legal basis for the processing. If the request is made independently of the initiation or processing of a contract, the data will be processed on the basis of your consent (Art 6 Para 1 lit a GDPR), which you give by sending or making the contact request. You have the right to revoke your consent at any time (see point 4.6).

3. 1. 3. Application portal

You are welcome to send us your application documents using the contact form in the “Jobs” section. If so, we process the data you provide in order to be able to assess whether we can offer you a suitable vacancy or to process the application process and for applicant management. If your application results in employment in our company, your data will also be processed to fulfill our (employment/service) contractual obligations. The processing is therefore necessary to fulfill pre-contractual and contractual obligations (Art 6 Para 1 lit b GDPR).

3. 1. 4. Newsletter

If you decide to subscribe to our newsletter, you will receive ongoing information about our products. If so, you must register with your name and email address to receive the newsletter. The data you provide is required for the transmission and administration of our newsletter. The processing takes place on the basis of your consent (Art 6 Para 1 lit a DSGVO), which you give to us by sending the request to receive the newsletter. You have the right to revoke your consent at any time (see point 4.6).

You can also unsubscribe from the newsletter at any time, free of charge and easily, directly via a button in the sent (newsletter) message. If so, you will not receive any further mailings from our newsletter.

3. 1. 5. Customer account

If you decide to create a customer account with us via our website, the data you enter during registration and during use will be collected and processed for the purpose of customer service and to fulfill (pre)contractual obligations. The processing of this data is therefore necessary to fulfill a contract or pre-contractual measures (Art 6 Para 1 lit b GDPR).

3. 2. Integration and use of services and content of third parties as well as cookies

In order to optimize our offer and our website and make it more user-friendly, our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do no harm.

We use cookies for technical reasons in order to be able to offer our range of information and our service in a functional manner. Some cookies remain stored on your end device until you delete them. They enable us to recognize your browser on your next visit.

In the case of cookies that are not required for functional reasons, we ask for your consent in the cookie window (Art 6 Para 1 lit a GDPR). Your personal data will only be processed if this is actively given.

In the case of cookies that are marked as functionally required in the cookie window, our legitimate interest (Art 6 Para 1 lit f GDPR) in making the website user-friendly serves as the legal basis.

Please note that the functionality of our website may be restricted if cookies are deactivated.

Below you will find more detailed information on the cookies used.

3. 2. 1. Google Analytics

Google Analytics is used on this website to provide detailed insights into visitor behavior and website performance. It allows analysis of data such as page views, visitor sources, conversion rates and demographic information to improve the effectiveness of marketing strategies and user experience.

The purpose of using Google Analytics is to collect and analyze detailed information about visitor behavior on a website. Personal data such as your IP address, but also browser information (language settings, screen resolution, etc.) are transmitted to Google. The storage period is up to one year.

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access Google's data protection declaration under the following link:

https://policies.google.com/privacy

3. 2. 2. Google reCaptcha

Google reCAPTCHA is used on a website to distinguish automated bots from human users and to protect against spam, abuse and unwanted access. It poses a security measure by asking users to complete certain puzzles or tasks to prove they are not bots.

Personal data such as your IP address, but also browser information (language settings, screen resolution, etc.) are transmitted to Google. The exact storage period of this data is determined by Google and may vary. According to information from Google, reCAPTCHA data is usually deleted within 30 days. However, it is important to note that Google may store certain data longer to ensure the security and integrity of the reCAPTCHA service.

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The use of Google reCAPTCHA as an absolutely necessary cookie is in accordance with Article 6 Paragraph 1 lit. f GDPR, as our legitimate interest is to protect our website and users from unwanted access, spam and abuse. For more information on how we use and protect your data, please see our full privacy policy.

You can access Google's data protection declaration under the following link:

https://policies.google.com/privacy .

3. 2. 3. Google Tag Manager

Google Tag Manager is used on a website to simplify the management and implementation of tracking codes, tags and scripts.

Google Tag Manager itself does not process any personal data. It is a tag management system designed to simplify the management and deployment of tracking tags and scripts on a website.

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access Google's data protection declaration under the following link:

https://policies.google.com/privacy

3. 2. 4. Google Ads

Google Ads is used on this website to place advertisements and to optimize online marketing. By placing ads in Google search results and on Google Display Network websites, businesses can reach their target audience, drive traffic to their website, and engage potential customers.

Google Ads allows fiskaly to create targeted advertising campaigns, target our audience, increase traffic to their website and attract potential customers. Google Ads processes various personal data in connection with advertisements. This includes information such as IP addresses, device identifiers, cookie data, location data, demographic information and interaction data such as clicks and conversions. The exact storage period of the personal data processed by Google Ads is determined by Google itself and may vary. According to information from Google, personal data is usually stored for a period of 18 months. After this time, the data will either be made anonymous or deleted.

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access Google's data protection declaration under the following link:

https://policies.google.com/privacy

3. 2. 5. Google Ads Conversion

Google Ads Conversion is used on a website to track the behavior of website visitors after clicking on an ad and to measure whether they perform predefined actions, such as making a purchase, registering or filling out a form. This allows advertisers to measure the success of their ad campaigns and optimize conversions. It lets fiskaly determine how well ads are performing and whether they lead to desired actions from users, such as purchases, registrations, or downloading files.

Google Ads Conversion Tracking processes certain personal data related to the conversions carried out on a website. This typically includes information such as IP addresses, device identifiers, cookie data and demographic data where available. The exact storage period of the personal data processed by Google Ads Conversion Tracking is determined by Google and may vary. According to information from Google, this data is usually stored for a period of 30 days. After this time, they will either be made anonymous or deleted.

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access Google's data protection declaration under the following link: https://policies.google.com/privacy

3. 2. 6. Google Ads Conversion Tracking

Google Ads Conversion Tracking is used on a website to measure the success of advertising campaigns by tracking visitor behavior and recording conversions. It allows fiskaly to see how well our ads are performing, what actions visitors take on the website, and whether those actions lead to predefined goals, such as purchases, sign-ups, or download files.

Google Ads Conversion Tracking processes certain personal data related to the conversions carried out on a website. This usually includes information such as IP addresses, device identifiers, cookie data and demographic data, if available. The exact storage period of the personal data processed by Google Ads Conversion Tracking is determined by Google and may vary. According to information from Google, this data is usually stored for a period of 30 days. After this time, they will either be made anonymous or deleted.

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access Google's data protection declaration under the following link:

https://policies.google.com/privacy

3. 2. 7. Google Ads Remarketing

Google Ads Remarketing is used on a website to target users who have already visited the website by showing them targeted ads when they visit other websites on the Google Display Network. This enables potential customers to be re-addressed and helps increase recognition and conversions.

Google Ads Remarketing usually processes personal data related to the use of the service. This includes information such as IP addresses, cookie data, device identifiers and interaction data collected from the website. For information on the storage period and more detailed information, consult Google's data protection declaration.

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access Google's data protection declaration under the following link:

https://policies.google.com/privacy

3. 2. 8. Youtube

YouTube is embedded on a website to allow users to play videos directly on the website without having to leave the site. It offers seamless integration of video content and extends the functionality of the website with visual and interactive multimedia content. With the embedding of Youtube, Fiskaly offers the direct playback of videos on the website.

When YouTube is embedded on a website, personal data such as IP addresses and cookie data of users can be processed. It is possible that YouTube also collects further information about the use and interaction of users with the embedded videos. The exact processing and storage of personal data by embedding YouTube on a website is managed by YouTube itself. For detailed information about data processing and storage, it is advisable to consult YouTube's data protection declaration. It also states how long YouTube stores the data and what control options are available to users

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access YouTube's data protection declaration under the following link:

https://policies.google.com/privacy

3. 2. 9. Microsoft Advertising

Microsoft Advertising is used on a website to serve targeted ads and increase the visibility of a company, product or service in the search results of Microsoft search engines such as Bing. It enables fiskaly to target their target audience, increase website traffic and attract potential customers.

By integrating Microsoft Advertising on a website, various personal data can be processed, such as IP addresses, cookie data, device identifiers and demographic information, where available. The exact processing and storage of personal data by Microsoft Advertising is regulated by Microsoft itself and may vary.

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access Microsoft's data protection declaration under the following link:https://privacy.microsoft.com/en-us/privacystatement

3. 2. 10. LinkedIn Insight Tag

LinkedIn Insight Tag is used on a website to track visitor behavior and gain insights into user engagement and interaction with the LinkedIn Ads and Company Page. It enables fiskaly to create targeted advertising campaigns, better understand target groups and optimize the effectiveness of LinkedIn marketing activities.

By embedding the LinkedIn Insight Tag on a website, personal data such as IP addresses, device identifiers, cookie data and demographic information can be processed. This data allows LinkedIn to track website visitor behavior and provide statistical information about engagement and interaction with LinkedIn ads. The exact storage period of the personal data processed by the LinkedIn Insight Tag is determined by LinkedIn and may vary. According to information from LinkedIn, the data is usually stored for a period of 180 days. However, it is important to note that LinkedIn may retain additional data for longer periods of time where required for legal or business purposes.

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access LinkedIn's data protection declaration under the following link:https://de.linkedin.com/legal/privacy-policy

3. 2. 11. Microsoft Advertising Remarketing

Microsoft Advertising Remarketing is used on a website to target users who have already visited the website by showing them targeted ads when they visit other websites in the Microsoft Advertising network. This allows fiskaly to re-address the target group, increase brand awareness and increase recognition value to promote conversions.

By incorporating Microsoft Advertising Remarketing on a website, personal data such as IP addresses, cookie data, device identifiers and demographic information can be processed. This data allows Microsoft to identify users who have visited the website and serve them targeted ads when they visit other websites in the Microsoft Advertising Network. The exact storage period of the processed personal data by Microsoft Advertising Remarketing is determined by Microsoft and may vary. According to Microsoft's information, the data is usually stored for a period of 180 days. However, it is possible that Microsoft also stores the data for a longer period of time if this is necessary for legal or business purposes.

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access Microsoft's data protection declaration under the following link:https://privacy.microsoft.com/en-us/privacystatement

3. 2. 12. Microsoft Conversion Tracking

Microsoft conversion tracking is used on a website to track the behavior and actions of users who come to the website through Microsoft Advertising campaigns. This allows fiskaly to measure the effectiveness of ads, track conversions and analyze the ROI of their ad spend.

By integrating Microsoft Conversion Tracking on a website, personal data such as IP addresses, cookie data, device identifiers and interaction data can be processed. This data allows Microsoft to track user behavior in terms of conversions and actions on the website. The exact storage period of the processed personal data by Microsoft Conversion Tracking is determined by Microsoft and may vary. According to Microsoft's information, the data is usually stored for a period of 180 days. However, Microsoft may store the data for a longer period of time if this is necessary for legal or business purposes.

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access Microsoft's data protection declaration under the following link:https://privacy.microsoft.com/en-us/privacystatement

3. 2. 13. Facebook Pixel

Facebook Pixel is used on a website to track user behavior and collect information about their interactions. This enables fiskaly to place targeted ads, measure conversions and optimize target groups for Facebook advertising campaigns.

By integrating Facebook Pixel on a website, personal data such as IP addresses, cookie data, device identifiers, location data and interaction data can be processed. This data enables Facebook to analyze user behavior, optimize ads and run targeted advertising campaigns. The exact storage period of the processed personal data by Facebook Pixel is determined by Facebook and may vary. According to information from Facebook, the data is usually stored for a period of 180 days. However, it is possible for Facebook to store the data for a longer period of time if this is necessary for legal or business purposes.

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access Facebook's data protection declaration under the following link:https://de-de.facebook.com/privacy/policy/

3. 2. 14. Facebook Custom Audiences

Facebook Custom Audiences is used on a website to create personalized advertising campaigns for a specific target group. Embedding the Facebook pixel allows website visitors to be tracked and identified as a custom audience in order to show them relevant ads on Facebook and drive conversions.

By integrating Facebook Custom Audiences on a website, personal data such as IP addresses, cookie data, device identifiers, location data and interaction data can be processed. This data allows Facebook to create a custom audience and serve personalized ads to users. The exact storage period of the processed personal data by Facebook Custom Audiences is determined by Facebook and may vary. According to information from Facebook, the data is usually stored for a period of 180 days. However, it is possible for Facebook to store the data for a longer period of time if this is necessary for legal or business purposes.

Please note that as part of this service, your personal data will be transmitted to the USA and such data transmission cannot be ruled out with certainty. The European Commission currently has an adequacy decision on the USA. According to the case law of the European Court of Justice, an adequate level of data protection cannot currently be guaranteed when data is transferred to the USA. In particular, there is a risk that US-based authorities will access your data and you have no legal remedy or legal remedy against this access. It also cannot be ruled out that your rights as a data subject cannot be exercised or not to the same extent as within the European Union.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access Facebook's data protection declaration under the following link:https://de-de.facebook.com/privacy/policy/

3. 2. 15. WebinarGeek

WebinarGeek is used on a website to enable interactive webinars to be conducted. It provides features such as attendee registration, presenting content, chatting with viewers, and recording the webinars to help us educate customers.

When registering for one of our webinars, your first and last name as well as your e-mail address will be requested and processed for the purpose of confirming your registration. For more detailed information, please consult Webinar Geek's privacy policy.

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access Webinar Geek's privacy policy under the following link:https://www.webinargeek.com/de/datenschutzerklarung

3. 2. 16. Pipedrive web-visitors (by Leadfeeder)

This website uses Pipedrive's Leadfeeder add-on to track website visitors and browsing activity. A visitor cookie is used to track data such as IP address (specifically company and geographic location), pages viewed and time spent on pages. Web visit data is grouped at an organizational rather than an individual level. For more information about Leadfeeder and GDPR compliance, please visit

The legal basis for the processing of your personal data is your express consent within the meaning of Art 6 Para 1 lit a in conjunction with Art 49 Para 1 lit a GDPR. You have the right to withdraw your consent at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation. You can find more information on withdrawing your consent under point 4.6 of this data protection declaration.

You can access Pipedrive's data protection declaration under the following link:https://www.leadfeeder.com/privacy/

3. 2. 17. Microsoft Clarity

Microsoft Clarity is used on a website to analyze user behavior and gain valuable insights into how visitors interact with the website. It offers features like heat maps, user action recording, and website analytics to improve user experience and optimize website performance.

By embedding Microsoft Clarity on a website, various personal data can be processed, such as IP addresses, device identifiers, cookie data and interaction data collected on the website.

The exact storage period of the processed personal data by Microsoft Clarity is determined by Microsoft and may vary. However, it is known that the data is usually stored for a period of 30 days. After this time, the data will be anonymized or deleted.

For detailed information about data processing and storage by Microsoft Clarity, it is advisable to consult Microsoft Clarity's data protection declaration. It is stated there which data is collected and how long it is stored.

You can access Microsoft's data protection declaration under the following link:https://privacy.microsoft.com/en-us/privacystatement

3. 2. 18. Zapier

Zapier is used on our website to enable workflow automation by connecting different applications and transferring data between them. This allows routine tasks to be automated to increase efficiency and reduce manual work.

Zapier as a data integration service processes potentially personal data transmitted by the various integrated applications. This can be data such as names, email addresses, contact details and other business-related information.

The storage period of the personal data processed by Zapier depends on the privacy policies of the applications involved, as Zapier acts as an intermediary. It is advisable to check the privacy statements of the applications used for precise information on data processing and storage. Zapier itself states that they typically store data for 7 days, but not permanently.

You can access Zapier's privacy policy at the following link: https://zapier.com/legal/data-privacy

3. 2. 19. Outfunnel

We use Outfunnel marketing software to send our emails and manage our marketing campaigns. Outfunnel uses cookies as part of the tracking so that we receive information about the effectiveness of various marketing activities. This may include data such as user ID, IP address, device identifiers, cookie data, and other interaction data. Outfunnel also tracks activity on the Site and tracks email opens, clicks on hyperlinks contained therein, and other email activity.

You can access Outfunnel's privacy policy at the following link: https://outfunnel.com/privacy

4. Storage duration

In principle, your data will only be stored for as long as is necessary to fulfill the respective purpose (item 2.1) for which the data was collected. Insofar as we are obliged to store your data further due to legal storage obligations, for example according to the provisions of the General Civil Code (ABGB), the Business Code (UGB) or the Federal Fiscal Code (BAO), your data can also be stored for the period specified by the storage obligations. The data can also be stored for as long as this is necessary to assert, exercise or defend legal claims.

5. Data subject rights

As a data subject, you have the following rights under the GDPR:

5. 1. Right to information (Article 15 GDPR)

You have the right to request information about the data stored about you.

5. 2. Right to rectification (Art 16 GDPR)

You have the right to request the person responsible to correct and/or complete the incorrect and/or incomplete data concerning you without undue delay.

5. 3. Right to erasure (Article 17 GDPR)

You have the right to demand that the person responsible delete the personal data concerning you immediately.

5. 4. Right to restriction of processing (Article 18 GDPR)

You have the right to request the person responsible to restrict the processing of your personal data.

5. 5. Right to data portability (Article 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to a person responsible in a structured, common and machine-readable format and to transmit this data to another person responsible without hindrance by the person responsible to whom the personal data was provided.

5. 6. Right of withdrawal (Article 7 (3) GDPR)

You have the right to withdraw your consent to the processing of personal data at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation. The revocation is only effective for the processing of personal data, which is based on your consent.

5. 7. Right of objection (Article 21 GDPR)

In particular, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you, which is based on a legitimate interest. Unless our legitimate interests prevail or the processing serves to assert, exercise or defend legal claims, we will no longer process your personal data.

1. PROVISION OF DATA

The provision of personal data is required for the purposes stated in each case. If the data is not provided or not provided to the required extent, the respective services cannot be used.

2. AUTOMATED DECISION MAKING / PROFILING

Fiskaly does not use automated decision-making or profiling.

6. Right of appeal to the supervisory authority

You have the option of contacting the responsible data protection supervisory authority with a complaint. In Austria, this is the data protection authority (DSB).

Austrian data protection authority
Barichgasse 40-42
1030 Vienna
Austria

E-mail:dsb@dsb.gv.at
Phone: +43 1 52 152 0

7. Final Provisions

We reserve the right to adapt this data protection declaration if necessary, in particular to comply with new legal and/or technical requirements or changes. We will endeavor to inform you promptly of such relevant changes. In any case, you will find the current version of the data protection declaration on our homepage (https://www.fiskaly.com/privacy-policy).