Skip to main content
APS-VIE GmbH

Privacy Policy

Overview of Legal Bases under the General Data Protection Regulation (GDPR)

It’s important to be aware that in addition to the GDPR, national data protection laws may also apply, depending on your or our country of residence. Where more specific legal bases are relevant, these will be detailed in our data protection declaration.

1. Consent (Article 6(1)(a) GDPR): Processing of personal data is permissible when the individual has explicitly consented to the processing for one or more specific purposes.

2. Contractual Necessity (Article 6(1)(b) GDPR): Personal data processing is essential for the performance of a contract where the data subject is a party, or to undertake pre-contractual measures at the data subject’s request.

3. Legal Obligation (Article 6(1)(c) GDPR): Processing is necessary for compliance with a legal obligation to which the data controller is subject.

4. Legitimate Interests (Article 6(1)(f) GDPR): Processing is justified to protect the legitimate interests of the data controller or a third party, provided that such interests are not overridden by the data subject’s interests, fundamental rights, or freedoms, particularly when personal data is involved.

In Austria, the GDPR is supplemented by national data protection laws, such as the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act – DSG). This Act includes specific provisions on rights to information, correction, deletion, the processing of special categories of personal data, secondary processing, data transmission, and automated decision-making under certain conditions.

Safety Measures

We implement appropriate technical and organizational measures to ensure a high level of protection for personal data. These measures are designed in accordance with legal requirements and consider several factors:

  • Current technology
  • Implementation costs
  • Nature, scope, context, and purposes of processing
  • Probability and severity of risks to the rights and freedoms of natural persons

Our safety measures focus on ensuring the confidentiality, integrity, and availability of data. This includes:

  • Controlling physical and electronic access to data
  • Managing data input, transfer, availability, and segregation
  • Procedures to uphold data subject rights, ensure data deletion, and manage data security incidents
  • Incorporating data protection in the selection and development of hardware and software
  • Data protection by design and by default, including TLS encryption for data transmission (https://)

Transfer of Personal Data

In our data processing activities, personal data may be transferred or disclosed to:

  • External entities, companies, or persons
  • IT service providers and website content providers

We comply with legal obligations and ensure the protection of your data through specific contracts or agreements with these recipients.

Data Processing in Third Countries

Data processing in third countries (outside the EU/EEA) adheres strictly to legal requirements. We ensure:

  • Processing in countries with an adequate level of data protection
  • Use of EU Commission standard contractual clauses for data transfer
  • Compliance with certifications or binding internal data protection rules
  • Reference to EU Commission’s information on international data protection (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de)

Deletion of Data

Data is deleted as per legal requirements when:

  • The consent for data processing is withdrawn
  • Other permissions cease to apply (e.g., the purpose for data processing no longer exists)

If data is retained for legal purposes, its processing is restricted to these specific purposes. This applies to data required for commercial, tax, legal claim defense, or protection of rights of natural/legal persons. Further details on data storage and deletion are available in our data protection information, applicable to respective processing activities.

Use of Cookies

Cookies are small files or data stored on end devices to save information, such as login status, shopping cart contents, or user preferences in online services. They can serve various purposes, including enhancing functionality, security, and analyzing visitor behavior in online offers.

Consent for Cookies:

  • We use cookies lawfully, obtaining prior consent from users.
  • Consent is not required when cookies are necessary to provide a Telemedia service explicitly requested by the user.
  • Users are informed about cookie usage clearly, with the option to revoke consent.

Legal Bases for Data Processing with Cookies:

  • When consent is obtained, it forms the legal basis for processing personal data via cookies.
  • Without consent, cookies are used based on our legitimate interests (e.g., operational purposes, usability enhancement) or contractual obligations.
  • Purposes of cookie processing are detailed in our privacy policy and consent procedures.

Storage Duration of Cookies:

  • Temporary Cookies (Session Cookies): Deleted after the user leaves the online service and closes their device.
  • Permanent Cookies: Remain stored even after closing the device, allowing for features like saved login status or preferred content display. They may last up to two years unless otherwise stated.

Revocation and Objection (Opt-Out):

  • Consent can be revoked anytime, with objection rights under Art. 21 GDPR.
  • Users can opt out via browser settings or by e-mail (a.hafez(at)aps-port.com).
  • Opting out may affect the functionality of our online services.

Cookie Data Processing Based on Consent:

  • We employ a cookie consent management procedure.
  • Consent, along with its scope, is stored server-side or in a cookie to avoid repeated consent requests and comply with legal obligations.
  • The storage duration of consent can be up to two years, with a pseudonymous user identifier tracking the consent details and the user’s device information.

Note: Further details on cookie management services and processing procedures are available upon individual request.

Business Services Data Processing

Scope and Purpose of Data Processing: We process data of our contractual and business partners, including prospective customers. This processing occurs within the framework of contractual and comparable legal relationships, associated actions, and communication (including pre-contractual communications) such as responding to inquiries. Our processing activities encompass:

  • Fulfilling contractual obligations, including service delivery and updates.
  • Managing remedies in cases of warranty or service issues.
  • Protecting our rights and managing administrative tasks related to company organization.
  • Pursuing our legitimate interests in efficient business management and ensuring security measures against misuse or threats to our partners’ data, secrets, and rights. This may involve engaging auxiliary services like telecommunications, transport, subcontractors, banks, legal advisors, payment service providers, or tax authorities.

Disclosure to Third Parties: In compliance with the law, we may disclose partner data to third parties when necessary for our purposes or to fulfill legal obligations. Partners will be informed about any additional processing activities, such as for marketing, in this data protection declaration.

Data Collection Requirements: We clearly inform partners about the necessary data for the aforementioned purposes, either before or during data collection. This is done through online forms, special markings (like colors), symbols (like asterisks), or in person.

Data Deletion Policy: Data is deleted following the expiration of legal warranty and comparable obligations, typically after 4 years. Exceptions include data stored in customer accounts or data that must be retained for legal archiving purposes. Legal retention periods are:

  • 10 years for tax-related documents and other organizational and accounting records.
  • 6 years for commercial and business letters, whether received or sent.
  • These periods start at the end of the calendar year in which the relevant document was finalized or the correspondence occurred.

Third-party Providers and Platforms: If we use third-party providers or platforms for our services, the terms and conditions and privacy policies of these third parties apply.

Types of Processed Data:

  • Inventory Data: e.g., names, addresses
  • Payment Data: e.g., bank details, invoices, payment history
  • Contact Data: e.g., email, phone numbers
  • Contract Data: e.g., contract subject, duration, customer category
  • Usage Data: e.g., visited websites, content interest, access times
  • Meta/Communication Data: e.g., device information, IP addresses

Data Subjects:

  • Customers
  • Prospective customers
  • Business and contractual partners

Purposes of Processing:

  • Provision of contractual services and customer care
  • Security measures
  • Handling contact requests and communication
  • Office and organizational procedures
  • Administration and response to inquiries

Legal Basis:

  • Contract performance and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR)
  • Legal obligation (Art. 6 Para. 1 S. 1 lit. c GDPR)
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR)

Further Details on Processing Activities, Procedures, and Services:

1. Customer Account:

  • Functionality: Customers can create a “customer account” through our online service.
  • Registration Information: Mandatory registration information is communicated to customers.
  • Privacy: Customer accounts are private and not indexed by search engines.
  • Security Measures: IP addresses and access times are recorded to prevent misuse.
  • Account Deletion: Upon termination, account data is deleted unless required by law. Customers are responsible for data backup.
  • Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b GDPR).

2. Store and E-Commerce:

  • Functionality: We process customer data for product selection, purchase, and provision of services, including payment and delivery.
  • Service Providers: Involvement of postal, forwarding, and shipping companies for delivery, and banks and payment service providers for transactions.
  • Information Requirements: Essential details for delivery, provision, billing, and contact are required during the ordering process.
  • Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b GDPR).

3. Agency Services:

  • Services Offered: Our contractual services include consulting, campaign planning, software and design development/maintenance, implementation, server administration, data analysis, and training.
  • Data Processing: Customer data processing in line with these services.
  • Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b GDPR).

4. Provision of Online Services and Web Hosting:

  • Data Processing: Users’ data, including IP addresses, are processed to deliver online services.
  • Types of Data Processed: Usage data (e.g., websites visited), meta/communication data (e.g., device information, IP addresses), content data (e.g., online form entries).
  • Data Subjects: Users of our website and online services.
  • Purpose: Providing online offerings and ensuring user-friendliness; managing IT infrastructure; security measures.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).

Further Insights on Processing Operations, Procedures, and Services:

1. Provision of Online Services on Rented Storage Space:

  • Description: We utilize storage space, computing capacity, and software from a server provider (web hoster) for our online services.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).

2. Collection of Access Data and Log Files:

  • Data Collected: Includes web pages/files accessed, access times, data volumes, browser type/version, operating system, referrer URL, and IP addresses.
  • Purpose: For security (e.g., preventing server overload, DDoS attacks) and maintaining server stability.
  • Data Retention: Stored for a maximum of 30 days; longer retention for necessary evidence in specific incidents.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).

3. E-mail Dispatch and Hosting:

  • Services Included: Sending, receiving, and storing emails.
  • Data Processed: Email addresses of senders and recipients, email content, and SPAM detection data.
  • Security Note: Emails are generally encrypted in transit but not necessarily on servers.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).

4. Contact and Inquiry Management:

  • Context: Processing information from individuals contacting us via various channels.
  • Types of Data Processed: Contact data, content data, usage data, meta/communication data.
  • Data Subjects: Communication partners.
  • Purposes: Responding to inquiries, feedback collection, enhancing online services.
  • Legal Basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR); contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b GDPR).

5. Use of Contact Form:

  • Procedure: Processing data provided by users through contact forms, email, or other communication channels.
  • Purpose: To handle and respond to user requests.
  • Legal Basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Web Analysis, Monitoring, and Optimization:

1. Purpose and Techniques:

  • Web analytics are used to understand visitor traffic and may include anonymous demographic information.
  • Tools like A/B testing help optimize our online offerings.
  • Data collection includes visited websites, browser and system information, and usage times. Location data may be processed with user consent.
  • IP addresses are stored but pseudonymized for user protection.
  • We emphasize pseudonymization: no identifiable user data like email addresses or names are stored.

2. Data Processed:

  • Usage data (e.g., web pages visited, content interest, access times)
  • Meta/communication data (e.g., device information, IP addresses)

3. Data Subjects:

  • Users of our website and online services

4. Processing Purposes:

  • Reach measurement, profiling, tracking, enhancing user experience

5. Security Measure:

  • IP masking for pseudonymization

6. Legal Basis:

  • Consent (Art. 6 para. 1 p. 1 lit. a GDPR)

Google Analytics:

  • Services: Web analytics and user flow measurement
  • Provider: Google Ireland Limited
  • Legal Basis: Consent (Art. 6 para. 1 p. 1 lit. a GDPR)
  • Useful Links: Google Analytics Website, Privacy Policy, Opt-Out Plugin, Ads Settings
  • Additional Info: Google Ads Services

Privacy Policy Updates:

We recommend regularly reviewing our privacy policy.

Changes will be communicated, especially if they require user action or individual notification.

Contact details in the policy are subject to change; verify before reaching out.

Rights of Data Subjects:

  • Right to Object: You can object to data processing based on Art. 6(1)(e) or (f) GDPR, including for direct marketing.
  • Right to Withdraw Consent: You can revoke consent at any time.
  • Right to Information: You can request confirmation and details of data processing, along with a copy of your data.
  • Right to Rectification: You can have incomplete or inaccurate data corrected.
  • Right to Erasure and Restriction: You can request data deletion or restriction of processing.
  • Right to Data Portability: You have the right to receive your data in a structured format or transfer it to another party.
  • Right to Lodge a Complaint: You can complain to a supervisory authority about data processing practices.

Definitions of Terms in This Privacy Declaration

This section offers an overview of key terms used in our privacy declaration. The terms are listed alphabetically for ease of reference. While many of the terms are legally defined, particularly in Art. 4 of the GDPR, the following explanations are intended to aid in understanding.

1. Personal Data:

  • Definition: Data that identifies a natural person, either directly or indirectly. This can include a name, an identification number, location data, an online identifier (like a cookie), or factors specific to the person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

2. Profiles with User-Related Information:

  • Definition: The automated processing of personal data to evaluate certain personal aspects of a natural person. This often involves demographic, behavioral, and interest data (e.g., interaction with websites and content, interests in specific content/products, click behavior).

3. Reach Measurement:

  • Definition: The analysis of visitor traffic to an online service, focusing on visitor behavior and interest in specific information like website content.

4. Tracking:

  • Definition: The practice of monitoring user behavior across various online services. Typically involves storing behavioral and interest information in cookies or on tracking technology providers’ servers (profiling). This data can be used for targeted advertising based on user interests.

5. Controller:

  • Definition: The natural or legal person, public authority, agency, or other body which alone or jointly with others decides the purposes and means of personal data processing.

6. Processing:

  • Definition: Any operation or set of operations performed on personal data, whether by automatic means. This encompasses a wide range of actions including collection, evaluation, storage, transmission, and deletion of data.

Note: The legal definitions provided in the GDPR are binding. The explanations here are meant to facilitate understanding.

Close Menu

Copyright © 2025 APS-VIE GmbH | All rights reserved.