CONSCAN.TECH — Datenschutz

Types of Processed Data
– Master Data: (e.g., names, addresses)
– Contact Data: (e.g., email addresses, phone numbers)
– Content Data: (e.g., text entries, photographs, videos)
– ‍Usage Data: (e.g., visited websites, interest in content, access times)
– Meta/Communication Data: (e.g., device information, IP addresses)

Categories of Affected Individuals
Visitors and users of the online services (hereafter collectively referred to as "users").
‍
Purpose of Processing
– Providing the online services, including its functions and content.
– Responding to contact requests and user communication.
– Implementing security measures.
– Measuring reach/marketing.
‍
Definitions
Personal Data: Any information relating to an identified or identifiable natural person (referred to as "data subject"). A person is considered identifiable if they can be identified directly or indirectly, especially by reference to an identifier such as a name, an identification number, location data, or an online identifier (e.g., cookie), or by reference to specific characteristics that are an expression of their physical, physiological, genetic, mental, economic, cultural, or social identity.
‍
Processing: Any operation or set of operations performed on personal data, whether or not by automated means. The term encompasses practically any handling of data.
‍
Pseudonymization: The processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such information is stored separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
‍
Profiling: Any automated processing of personal data to evaluate certain personal aspects related to a natural person, particularly to analyze or predict aspects concerning their job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
‍
Controller: The natural or legal person, public authority, agency, or other body that determines the purposes and means of the processing of personal data, alone or jointly with others.
‍
Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

Legal Basis
Pursuant to Article 13 GDPR, we disclose the legal bases for our data processing activities. If not explicitly stated in the privacy policy, the following applies:
– Consent: Article 6(1)(a) and Article 7 GDPR.
– Contract performance or pre-contractual measures: Article 6(1)(b) GDPR.
– Legal obligations: Article 6(1)(c) GDPR.
– Legitimate interests: Article 6(1)(f) GDPR.
– Protection of vital interests: Article 6(1)(d) GDPR.
‍
Security Measures
Pursuant to Article 32 of the GDPR, and taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.These measures specifically include safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data as well as access to, input into, transfer of, ensuring availability of, and separation of the data.Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. Additionally, we consider the protection of personal data during the development or selection of hardware, software, and processes, in accordance with the principle of data protection by design and by default (Article 25 GDPR).
‍
Collaboration with Processors and Third Parties
If we disclose data to other individuals and companies (processors or third parties), transfer it to them, or otherwise grant them access to the data as part of our processing, this is done solely based on a legal authorization (e.g., if the transfer of data to third parties, such as payment service providers, is necessary for contract performance pursuant to Art. 6(1)(b) GDPR), if you have given your consent, if a legal obligation requires it, or based on our legitimate interests (e.g., when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "processing agreement," this is done in accordance with Art. 28 GDPR.

Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this will only take place if it is necessary for the fulfillment of our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we will only process or allow the processing of data in a third country if the specific conditions of Articles 44 et seq. of the GDPR are met. This means that processing will take place, for example, based on special guarantees, such as the officially recognized determination of an adequate level of data protection corresponding to the EU (e.g., for the USA through the "Privacy Shield") or compliance with officially recognized specific contractual obligations (so-called "Standard Contractual Clauses").
‍
Rights of Data Subjects
You have the right to request confirmation as to whether your data is being processed and to obtain information about this data, as well as further details and a copy of the data in accordance with Article 15 of the GDPR.
In accordance with Article 16 of the GDPR, you have the right to request the completion of your data or the correction of any inaccurate data concerning you.
Under Article 17 of the GDPR, you have the right to request the immediate deletion of your data, or alternatively, under Article 18 of the GDPR, you can request the restriction of data processing.
You also have the right to request that the data concerning you, which you have provided to us, be provided to you in accordance with Article 20 of the GDPR and to demand its transfer to other controllers.
Furthermore, according to Article 77 of the GDPR, you have the right to lodge a complaint with the competent supervisory authority.
Widerrufsrecht
You have the right to withdraw any consents given in accordance with Article 7(3) of the GDPR with effect for the future.
‍
Right to object
You can object to the future processing of your personal data at any time in accordance with Article 21 of the GDPR. The objection can specifically be made against processing for direct marketing purposes.
‍
Cookies and the right to object to direct marketing
Cookies and the right to object to direct marketing"Cookies" are small files stored on users' computers. Within these cookies, different types of information can be stored. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, or "session cookies" or "transient cookies," are those that are deleted when a user leaves the online service and closes their browser. For example, a cookie can store the contents of a shopping cart in an online store or a login status. "Permanent" or "persistent" cookies are those that remain after the browser is closed. For instance, a login status can be saved when users visit the service after several days. Additionally, such a cookie can store users' interests, which are used for reach measurement or marketing purposes. "Third-party cookies" are those offered by providers other than the operator of the online service (otherwise, if they are only the operator's cookies, they are referred to as "first-party cookies").
We may use temporary and permanent cookies and inform users about this in our privacy policy.If users do not want cookies stored on their computers, they are requested to disable the relevant option in their browser's system settings. Stored cookies can be deleted in the browser's settings. Excluding cookies may result in functionality limitations for this online service.
A general objection to the use of cookies for online marketing purposes can be made on the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/, especially in the case of tracking. Furthermore, cookie storage can be controlled through browser settings. Please note that in such cases, not all features of this online service may be accessible.
‍
Data Deletion
The data we process will be deleted or its processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless explicitly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as it is no longer necessary for its intended purpose and no legal retention obligations prevent its deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means the data will be locked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.According to legal requirements in Germany, data retention is particularly for 10 years in accordance with §§ 147 (1) AO, 257 (1) No. 1 and 4, (4) HGB (books, records, management reports, accounting documents, trade books, tax-relevant documents, etc.), and 6 years in accordance with § 257 (1) No. 2 and 3, (4) HGB (business correspondence).According to legal requirements in Austria, retention is particularly for 7 years in accordance with § 132 (1) BAO (accounting documents, receipts/invoices, accounts, vouchers, business papers, income and expense statements, etc.), for 22 years in connection with real estate, and for 10 years for documents related to electronically provided services, telecommunications, broadcasting, and television services provided to non-business customers in EU member states, where the Mini One-Stop-Shop (MOSS) is used.
‍
‍
Administration, Financial Accounting, Office Organization, Contact Management
We process data as part of administrative tasks, organization of our operations, financial accounting, and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of providing our contractual services. The legal basis for processing is Article 6 (1) (c) GDPR and Article 6 (1) (f) GDPR. Affected by the processing are customers, prospects, business partners, and website visitors. The purpose and our interest in processing lies in administration, financial accounting, office organization, data archiving, and tasks that serve the maintenance of our business activities, the fulfillment of our duties, and the provision of our services. The deletion of data with regard to contractual services and communication follows the provisions mentioned for these processing activities.We disclose or transmit data to tax authorities, advisors such as tax consultants or auditors, as well as other fee offices and payment service providers. Furthermore, based on our business interests, we store information about suppliers, event organizers, and other business partners, for example, for later contact. These predominantly company-related data are generally stored permanently.

‍
Hosting
In order to provide our online services securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online service can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.The data processed in the context of providing the hosting service may include all information related to the users of our online service that arises during use and communication. This regularly includes the IP address, which is necessary to deliver the content of online services to browsers, as well as any input made within our online service or on websites.

‍Collection of Access Data and Logfiles
We (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the retrieved webpages and files, the date and time of the retrieval, the amount of data transferred, a message about the successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), and in most cases, IP addresses and the requesting provider.The server log files may be used for security purposes, for example, to avoid server overload (particularly in the case of abusive attacks, such as DDoS attacks), and to ensure the load and stability of the servers.
‍
‍Content-Delivery-Network
We use a "Content Delivery Network" (CDN). A CDN is a service that helps deliver content from an online service, particularly large media files like images or program scripts, more quickly and securely by using regionally distributed servers connected via the internet.‍
Processed data types
Content data (e.g., entries in online forms), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).

‍Affected persons
Users (e.g., website visitors, users of online services).

Purposes of processing
Provision of our online services and user-friendliness, Content Delivery Network (CDN).4o mini
‍Legal basis:
Legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR)
‍
‍Services used and service providers
‍
Webflow
We use Webflow services to create static websites, which may also include online forms. Service provider: Webflow, Inc. 208 Utah, Suite 210, San Francisco, CA 94103, USA; Website: https://webflow.com; Privacy policy: https://webflow.com/legal/eu-privacy-policy.4o mini
‍
Collection of Access Data and LogfilesWe, or our hosting provider, collect data about each access to the server where this service is hosted (so-called server log files) based on our legitimate interests as per Art. 6 (1) lit. f of the GDPR. The access data may include the name of the accessed website, file, date and time of access, amount of data transmitted, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.Logfile information is stored for security reasons (e.g., to investigate abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident has been fully clarified.
‍
Integration of Third-Party Services and ContentWe integrate third-party content or service offerings within our online services based on our legitimate interests (i.e., the interest in analyzing, optimizing, and operating our online services economically as per Art. 6 (1) lit. f of the GDPR) in order to include their content and services, such as videos or fonts (hereinafter referred to as "Content").This always requires that the third-party providers of the content collect the users' IP addresses, as they would not be able to send the content to the users' browsers without the IP address. Therefore, the IP address is necessary for displaying this content. We strive to use only those content providers who use the IP address solely for delivering the content.Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These pixel tags allow for the analysis of visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users' device and may include technical information about the browser and operating system, referring websites, visit times, as well as other details about the use of our online services, and may be linked with such information from other sources.