1.1. This General Privacy Statement (GPS) applies – irrespective of any special privacy statements – to the processing of personal data (see Section 3.) by:
Companies Register No. (FN) 467638d, Commercial Court (LG) Linz
Johann-Roithner-Straße 131, 4050 Traun
E-Mail: email@example.com / Web: www.finnoq.com
1.2. FINNOQ complies in the context of its social responsibility with international data protection regulations, in particular:
(DATA PROTECTION REGULATIONS). The protection of privacy and security of personal data is given special emphasis, as this is the basis for trusting business relationships. The following GPS provides a complete overview of what type of data FINNOQ processes for what purposes, which principles are respected, how FINNOQ ensures the security of these data and which rights a data subject has.
1.3. This GPS is available on https://www.finnoq.com and can be viewed, printed, downloaded and stored on a storage medium at any time.
1.4. The terms used in this GPS are understood according to Art 4 GDPR.
2.1. FINNOQ (see Section 1.1.) is Controller according to Art 4 No 7 GDPR.
2.2. A data protection officer is not designated according to Art 37 Sec 1 GDPR, in particular because the core activities of FINNOQ do not consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale.
3.1. FINNOQ processes (see Art 4 No 2 GDPR) personal data (DATEN) relating to a natural person (DATA SUBJECT) according to Art 4 No 1 GDPR.
3.2. The term DATA SUBJECT is to be understood gender-neutral and applies to all categories of DATA, in particular, DATA of (prospective) customers, investors, contractors, suppliers, consultants (and their employees), employees, job applicants and users of the online offer of FINNOQ.
3.3. FINNOQ also processes special categories of personal data according to Art 9 Sec 1 GDPR (SENSITIVE DATA) revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
3.4. DATA will be processed according to the principles relating to processing of personal data in Art 5 GDPR and only if and to the extent that at least one of the cases in Art 6 GDPR applies, in particular, if:
3.5. SENSITVE DATA will be processed only, if and to the extent that at least one of the cases in Art 9 Sec 2 GDPR applies, in particular, if processing is necessary for the purposes of carrying out the obligations and exercising specific rights of FINNOQ or of the DATA SUBJECT in the field of employment and social security and social protection law (Art 9 Sec 2 lit b, g, h und j) or the DATA SUBJECT has given explicit consent to the processing of DATA or has manifestly made DATA public (Art 9 Sec 2 lit a und e).
3.6. If FINNOQ obtains contact details or requests, FINNOQ processes DATA for the purposes of processing the contact request according to Art 6 Sec 1 lit b) GDPR. DATA of prospective customers are processed for the purpose of submitting offers.
3.7. FINNOQ processes master data (e.g. names and addresses as well as contact details of suppliers, customers, consultants, other DATA SUBJECTS and their employees), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling its contractual obligations and services in accordance with Art 6 Sec 1 lit b) GDPR and for compliance with legal or regulatory requirements according to Art 6 Sec 1 lit c. GDPR.
3.8. If FINNOQ obtains from its customers their electronic contact details for electronic mail in the context of the sale of a product or a service, FINNOQ may use these electronic contact details for direct marketing of its own similar products or services according to Art 6 Sec 1 lit f) GDPR. The DATA SUBJECT has the right to object at any time (in particular, on the occasion of each message) to processing of DATA concerning him or her for such marketing (see Section 11.8.).
3.9. DATA of employees and job applicants are processed according to Art 6 Sec 1 lit b) and c) GDPR.
3.10. If the legal requirements of other cases according to Art 6 GDPR or – in the case of SENSITIVE DATE – according to Art 9 Sec 2 GDPR are not met, FINNOQ will ask the DATA SUBJECT for consent to the processing of his or her DATA for one or more specific purposes according to Art 6 lit a) GDPR. If the DATA SUBJECT makes available to or voluntarily provides DATA not requested or required by FINNOQ (e.g. in job applications or CV’s), the DATA SUBJECT gives his or her consent to the proceeding of these DATA according this GPS. The DATA SUBJECT has the right to withdraw his or her consent in whole or in part at any time. The withdrawal of consent is to be directed to FINNOQ (see Section 1.1.). Although the withdrawal of consent is not restricted to a certain form DATA SUBJECTS are advised to declare their withdrawal in text form (e.g. written letter or E-Mail) for the purpose of evidence.
3.11. The withdrawal of consent shall not affect the processing of DATA on the basis of other cases according to Art 6 GDPR or – in the case of SENSITIVE DATE – according to Art 9 Sec 2 GDPR and the lawfulness of processing based on consent before its withdrawal.
3.12. FINNOQ discloses DATA only if and to the extent permitted by the applicable laws, in particular, in the cases according to Art 6 GDPR or – in the case of SENSITIVE DATE – according to Art 9 Sec 2 GDPR or to processors according to Art 28 GDPR. Within the company of FINNOQ DATA will be disclosed to all positions and organizational units involved in the procession of the relevant DATA. DATA of customers may be disclosed to contractors or suppliers of FINNOQ for for the performance of a contract to which the DATA SUBJECT is party or in order to take steps at the request of the DATA SUBJECT prior to entering into a contract. DATA will never be disclosed to third parties for advertising or marketing purposes.
3.13. FINNOQ does not proceed any form of automated processing DATA consisting of the use of DATA to evaluate certain personal aspects relating to a natural person (profiling according to Art 4 No 4 GDPR).
4.1. Users can visit the websites of FINNOQ without giving any personal information. Therefore, during the operation of its websites, FINNOQ only processes data of a technical nature about every access to the server on which this service is located (server log files) which is automatically processed using cookies (see Section 6.) and which are considered as personal data or can be used to identify the person or personal data of the data subject (ACCESS DATA). These include, for example, the IP address, unique device identification, type and version of the operating system and the browser, name of the retrieved web page, file, date and time of retrieval, referrer URL (previously visited page) and the requesting provider.
4.2. FINNOQ does not process this ACCESS DATA for the purpose of identifying the person or personal data of the DATA SUBJECT, but solely for the purpose of providing, customizing, adapting, improving, maintaining, optimizing and further developing the websites (including functions, services, modules and features thereof), for error detection and correction, to maintain the security system and for the purpose of internal statistical evaluation, without any conclusions being drawn on the person or data of the data subject. There is also no profiling within the meaning of Art 4 Sec 4 GDPR.
5.1. FINNOQ operates online portals on its websites where DATA SUBJECTS can register and optionally create user accounts, enabling them – after logging in – to retrieve information and documents online in the closed area (login area) and to take advantage of personalized services and communicate with FINNOQ. When registering for online portals, the following DATA is processed: first and last name, gender, address, date of birth, contact and communication data such as telephone number and e-mail address, correspondence, username, password as well as further DATA resulting from any requests submitted by the DATA SUBJECT. The processing of DATA takes place exclusively for the purposes described above and in accordance with Art 6 Sec 1 b), c) and d) and Art 9 Sec 2 GDPR. DATA will be transferred only using SSL encryption and treated confidentially.
5.2. As part of the registration and further log-ins and the use of online portals, FINNOQ processes the IP address and the time of the respective access by the DATA SUBJECT. After successful registration, a user account will be opened for the DATA SUBJECT. The registered DATA SUBJECT can then gain access to the login area of the online portals at any time by entering his login data (username or e-mail address and the password chosen). DATA SUBJECT also have the option of changing or deleting the DATA specified during registration at any time.
5.3. The user account has to be protected against access by other persons by the password chosen by the DATA SUBJECT. The DATA SUBJECT is obliged to treat his password confidentially and to ensure with the necessary care that third parties do not gain access to it. A transfer or disclosure of the credentials to the online portal to third parties and / or their authorization to use the user account of the DATA SUBJECT is expressly prohibited. The DATA SUBJECT must not pass on credentials to third parties and must protect them against unauthorized access by third parties, misuse or fraudulent use. The DATA SUBJECT must immediately report to FINNOQ any unauthorized, abusive or fraudulent use of the user account and the suspicion that the user account could be exposed to such a risk and change his password. If there is any suspicion that an account is being used or was being created unauthorizedly, abusively or fraudulently, FINNOQ has the right to temporarily suspend or permanently delete the user account in question without prior notice. The user accounts are not public and cannot be indexed by search engines. DATA SUBJECT can delete their user account at any time. In this case, all DATA concerning the user account will be deleted if and insofar as their retention is not necessary for contractual or legal reasons. It is up to DATA SUBJECT to save the DATA before deleting the user account.
5.4. With the registration DATA SUBJECTS accept that they may be contacted by telephone or by e-mail by FINNOQ employees who are involved with the purpose in order to ensure a smooth application process. The DATA SUBJECT assures to provide all information truthfully. Misrepresentations may lead to dismissal.
6.1. FINNOQ uses so called “Cookies” on the basis of Art 6 Sec 1 lit d) GDPR. Cookies are files that are stored locally in the buffer of the internet browser of the DATA SUBJECT and serve in particular to make the website (in particular by recognizing the accessing browser) more user-friendly, effective and secure as well as enabling an analysis of the use of the websites by the DATA SUBJECTS. FINNOQ automatically processes certain data such as IP address, browser used, operating system on the DATA SUBJECTS's computer and its connection to the Internet.
6.2. Cookies cannot be used to launch programs or to transfer viruses to a computer. Based on the information contained in cookies, FINNOQ makes it easier for those affected to navigate and facilitate the correct display of the websites. Under no circumstances FINNOQ will pass on any the data collected to third parties or will establish a link with DATA without the consent of the DATA SUBJECT.
6.3. Users can also view FINNOQ’s websites without using of cookies. The DATA SUBJECT has the option of deactivating and/or deleting cookies in the settings of the Internet browser at any time, as well as set the duration of their storage and when they are deleted. The procedure depends on the Internet browser used by the DATA SUBJECTS. However, disabling cookies may result in certain features and/or contents of the websites not functioning or functioning as expected.
7.1. FINNOQ’s websites use – on the basis of according to Art 6 Sec 1 lit d) GDPR – Google Analytics, a web analytics service provided by Google Inc. Google Analytics uses so-called "Cookies", i.e. text files that are stored on a computer and that allow an analysis of the use of the website by a data subject (see Section 6.). The information generated by the cookie about the use of a website is usually transmitted to a Google server in the USA and stored there. However, FINNOQ only uses Google Analytics only with active IP-anonymization on its websites, which means an IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states of the Agreement in the European Economic Area. Only in exceptional cases the full IP address will be sent to a Google server in the USA and shortened there. On behalf of FINNOQ, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
7.2. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).
7.3. DATA SUBJECTS have the possibility to anytime deactivate the cookie-settings in the internet browser and/or to delete and enhance settings as to how long cookies may be stored and when they need to be deleted. The procedure depends on the internet browser used. However, disabling cookies may cause some features and content of the websites to fail or not work as expected. Moreover, DATA SUBJECTS can prevent the collection of the DATA generated by the cookie and related to the use of the website (including IP address) as well as the processing of this DATA by Google by downloading the browser plug-in available under the following link and installing: https://tools.google.com/dlpage/gaoptout?hl=de.
7.4. In addition, or as an alternative to the browser add-on, DATA SUBJECTS can prevent tracking by Google Analytics on FINNOQ’s websites. An opt-out cookie will be installed on the device. This will prevent the collection by Google Analytics for this website and for this browser in future, as long as the cookie remains installed in the browser.
9.1. In the context of processing DATA, FINNOQ discloses, transmits or otherwise grants access to other persons and companies only on basis of Art 6 and Art 9 Sec 2 GDPR.
9.2. When DATA processing is carried out on behalf of FINNOQ, it only uses processors within the meaning of Art 4 Sec 8 and Art 28 GDPR providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the DATA PROTECTION REGULATIONS and ensure the protection of the rights of the DATA SUBJECTS. For this purpose, FINNOQ enters into appropriate contracts with its processors which meet the requirements of Art 28 GDPR and respects Art 44 GDPR for data processors based in non-EU member states (third countries). This means, DATA processing is done on basis of special guarantees, such as the officially recognized statement of an EU-compliant level of data protecting (e.g. for the U.S. by ‘Privacy Shield’) or officially recognized, special contractual obligations.
9.3. Any disclosure, transfer or communication of DATA to natural or legal persons who are neither processors of FINNOQ, nor authorized to process DATA under the direct responsibility of FINNOQ or any authorized by processors (third parties), is carried out only in accordance with Art 6 GDPR or an express request of the DATA SUBJECT to transmit the DATA processed by FINNOQ directly to another controller, insofar as this is technically feasible and insofar as this does not affect the rights and freedoms of other subjects.
9.4. The processing of DATA by third parties is not the subject of this GPS and FINNOQ assumes no liability whatsoever in respect of any liability, responsibility or liability.
10.1. FINNOQ does not process and store DATA on a permanent basis, but only as is required to comply with the deadlines stipulated under the current applicable legislation. However, for at least as long as is necessary for the purpose of carrying out (pre- and post) contractual measures and the fulfilment of the contractual relationship of FINNOQ (including the expiry of any warranty claims and guarantee periods as well as the legal termination of any official or judicial proceedings).
10.2. Subject to the above circumstances, stored DATA will be deleted immediately as a result of a legitimate objection, a revocation of consent or termination of the contractual relationship.
10.3. Some ACCESS DATA which is not required for the entire duration of the contract, is not stored permanently by FINNOQ, but only temporarily for the duration of the access or the use by the DATA SUBJECT. If and as far as DATA is processed for the purpose of the anonymous internal statistical evaluation, it is only stored until completion of the evaluation or analysis and then deleted. Session cookies are only stored temporarily for the duration of access or use by the DATA SUBJECT; persistent cookies until the DATA SUBJECT removes them from the browser.
11.1. FINNOQ implements, with regard to the criteria set out in Art 32 GDPR, adequate and appropriate technical and organizational measures (TOM) to ensure a level of security appropriate to the risk and to protect the security of the processed DATA from risks, such as accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, DATA transmitted, stored or otherwise processed. In order to protect the security of DATA during transmission, FINNOQ uses state-of-the-art encryption techniques (e.g. SSL) over HTTPS.
11.2. When a DATA breach is likely to result in a high risk to the rights and freedoms of natural persons and subject to the cases set out in Art 34 Sec 3 GDPR, FINNOQ will communicate the personal data breach to the DATA SUBJECT without undue delay.
12.1. FINNOQ safeguards the rights of the DATA SUBJECTS in accordance with the applicable legislation, currently the DATA PROTECTION REGULATIONS. DATA SUBJECTS can assert the following rights with regard to the processed DATA by submitting a request to FINNOQ (contact details see Section 1.1.) in text form (e.g. written letter or E-Mail) for the purpose of evidence. Binding deadlines in the DATA PROTECTION REGULATIONS will be respected by FINNOQ.
12.2. Right to non-disclosure
FINNOQ safeguards the fundamental rights of the DATA SUBJECT to non-disclosure in accordance with Para 1 Sec 1 DSG 2018 and to confidentiality according to Para 6 DSG 2018.
12.3. Right to information and access
In accordance with Art 13 to 15 GDPR the DATA SUBJECT has the right to confirmation as to whether or not DATA concerning him or her are being processed, and, where that is the case, access to the DATA and information about the DATA processed and the rights of DATA SUBJECTS.
12.4. Right to rectification
In accordance with Art 16 GDPR the DATA SUBJECT has the right to obtain from FINNOQ without undue delay the rectification of inaccurate DATA concerning him or her.
12.5. Right to erasure (‘right to be forgotten’)
In accordance with Art 17 GDPR the DATA SUBJECT has the right to obtain from FINNOQ the erasure of DATA concerning him or her without undue delay.
12.6. Right to restriction of processing
In accordance with Art 18 GDPR the DATA SUBJECT has the right to obtain from FINNOQ restriction of processing.
12.7. Right to data portability
In accordance with Art 20 GDPR the DATA SUBJECT has the right to receive the DATA concerning him or her, which he or she has provided to FINNOQ, in a structured, commonly used and machine-readable format and has the right to transmit those DATA directly to another controller, insofar as this is technically feasible and insofar as this does not affect the rights and freedoms of other subjects.
12.8. Right to object
In accordance with Art 21 GDPR the DATA SUBJECT has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Art 6 lit e) or f), including profiling based on those provisions. In this case, FINNOQ will no longer process the DATA unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the DATA SUBJECT or for the establishment, exercise or defense of legal claims. Where the DATA SUBJECT objects to processing for direct marketing purposes, the DATA will no longer be processed for such purposes.
12.9. Right not to be subject to a decision based solely on automated processing, including profiling
In accordance with Art 22 GDPR the DATA SUBJECT has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
12.10. Right to withdrawal of consent
According to Art 7 Sec 3 GDPR the DATA SUBJECT has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
12.11. Right to lodge a complaint with a supervisory authority
In accordance with Art 77 GDPR and Para 24 DSG 2018 the DATA SUBJECT has the right to lodge a complaint with a supervisory authority (Datenschutzbehörde) if the DATA SUBJECT considers that the processing of personal data relating to him or her infringes this Regulation.
12.12. Right to an effective judicial remedy
In accordance with Art 79 GDPR and Para 27 DSG 2018 the DATA SUBJECT has the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her DATA in non-compliance with this Regulation.
13.1. Despite all precautions and measures taken by FINNOQ it cannot be ruled out that DATA losses, corruptions and alterations will occur and the DATA SUBJECT will suffer damage. The provision of online offers by FINNOQ is at the risk and responsibility of the DATA SUBJECT. FINNOQ assumes no responsibility or liability for any damage or consequential loss arising out of or in connection with DATA loss, damage or alteration, unauthorized and / or manipulative access to or interference with DATA processing and DATA communication, or violations of data protection regulations, which was not unlawfully and culpably cause by FINNOQ or its employees.
This GPS shall be governed by the laws of the Republic of Austria. The application of the Austrian Private International Law (IPRG) or other rules on conflict of laws shall be excluded. For consumers according to the Regulation (EC) No 593/2008 on the law applicable to contractual obligations (Rome I-Regulation) and the Federal Act Governing Provisions to Protect Consumers (Konsumentenschutzgesetz – KSchG) this clause may not, however, have the result of depriving the consumer of the protection afforded to him by provisions that cannot be derogated from by agreement by virtue of the law which, in the absence of choice, would have been applicable on the basis of Art 6 Sec 1 of the Rome I-Regulation.
FINNOQ is committed to working with the relevant regulatory authorities to handle any complaint regarding the processing of the DATA which it cannot itself clarify with the DATA SUBJECT.
16.1. FINNOQ regularly reviews compliance with and the validity of this GPS and reserves the right to amend or supplement it at any time without giving reason, in particular, but not limited to legislation valid at the time and the interests of the DATA SUBJECT. If amendments or supplements require consent of the DATA SUBJECT, FINNOQ will ask the DATA SUBJECT for consent.
16.2. Should individual provisions of this GPS be or become ineffective, this will not affect the validity of the remaining provisions.