Privacy

Data Protection Notice pursuant to EU Regulation No. 679/2016

The purpose of this notice is to provide information on the methods, scope, and purposes of the processing of personal data by Baumgartner Georg, in accordance with EU Regulation No. 679/2016 (hereinafter GDPR).

‍

South Tyrol Guest Pass

Purpose

The personal data provided will be transmitted to the single coordinating body of the Guest Pass in order to enable the creation and use of the Guest Pass and to provide the associated services.

Recipient

In connection with the issuance of the Guest Pass, your data will be transmitted to Mobilitätskonsortium, VAT No. 02735170215, which acts as the cardholder and central coordinating body and serves as the independent data controller for the processing of the transferred data. For further information regarding the processing of your data, please send an email to privacy@moko.bz.it.

Legal basis

The legal basis for processing is Article 6(1)(b) of the GDPR.

‍

1. Data Controller:

The Data Controller is Baumgartner Georg, with registered offices at Sagschmöl 5, Latzfons – 39043 Klausen (BZ), represented by its legal representative Baumgartner Georg; contact details: info@oebersthof.com.

The Data Protection Officer, Georg Baumgartner, can be contacted either by certified mail or email at the following addresses: Sagschmöl 5, Latzfons – 39043 Klausen (BZ), info@oebersthof.com.

‍

2. Data subjects and types of personal data processed:

‍

Baumgartner Georg processes the personal data of customers, suppliers, and individuals who voluntarily provide their data in person (whether by telephone, fax, or email) and/or by registering on our website, as well as individuals whose data have been shared by third parties, such as in public registers and directories, etc. In the case of third parties, processing is limited to basic personal data.

3. Purpose of data processing:

Personal data is processed exclusively for the following purposes:

a. compliance with legal obligations, including tax and accounting requirements

b. performance of a contract

c. activities related to the company’s business, such as internal statistics, invoicing, and accounting

d. quotations

e. sending newsletters

f. internal statistics

4. Legal bases for data processing:

Data is processed in compliance with applicable law and on the following legal grounds, in accordance with Articles 6 and 7 of the GDPR:

- contract performance, i.e., providing the required services, fulfilling contractual obligations, and responding to inquiries

- compliance with legal obligations

- pursuing the Company’s legitimate interests

- consent provided by the data subject

5. Methods of data processing:

Data may be processed with or without the use of electronic or automated means. Data processing activities may include the collection, storage, organization, filing, consultation, processing in the strict sense of the term, and modification, selection, extraction, comparison, use, linking, blocking, transmission, and deletion of data.

Data processing is carried out by the Data Controller, as well as by Data Processors and third parties who may have been entrusted by the Data Controller with processing data for the purposes outlined in paragraph 3 or in cases where this is required by law. The Data Controller guarantees that any Processors and third parties who have been granted access to the personal data also process it in accordance with the GDPR.

If necessary for the activities and purposes described in paragraph 3, the data will be shared with domestic and/or foreign individuals and/or legal entities. Except in these cases, personal data are not disclosed.

Data is processed using the following methods:

a. User account

When you register, personal data is collected and processed to create a user account. During registration and when you log in to your account, your IP address and access times are tracked.

This data will be deleted as soon as the user’s account is deleted, except in cases where retention is required for tax or accounting purposes.

b. Contact

When a user contacts the Company via a contact form, email, or social media, their personal data is processed in order to respond to inquiries or provide the services they request. In such cases, the data collected may be stored in a customer relationship management system or similar systems.

Inquiries are deleted as soon as they are no longer needed, unless the relevant data are required to comply with legal obligations.

a. Newsletter

Users of this website have the option to subscribe to our newsletter. By subscribing, the user agrees to receive emails and other electronic communications containing promotional information. Upon cancellation, the relevant personal data will be deleted unless retention is required to comply with legal obligations.

b. Google Tag Manager

This website uses Google Tag Manager, a tag management interface that allows Google marketing services to be integrated into our online platform. Google Tag Manager itself does not process any personal data; for more information, please refer to the Google Tag Manager Terms of Service: https://www.google.com/analytics/tag-manager/use-policy/

c. Google Analytics

This website uses analytics tools provided by Google Inc. for marketing and optimization purposes. Google Analytics uses cookies, which are text files stored on the user’s computer that help us analyze how our website is being used. Data is collected, transferred to a Google server in the United States, and stored there in anonymous form. The IP address transmitted by the data subject’s browser within the scope of Google Analytics will not be associated with other Google data. In addition, the “anonymizeIP” function is integrated into the code, which ensures that the IP address is masked; all data are therefore collected anonymously. Only in exceptional cases may the full IP address be transmitted to a Google server in the USA and shortened there for anonymization. The data collected are not used to personally identify the visitor to this website; the user remains anonymous and no data are shared with third parties. Google uses this information to create various reports on website activity on behalf of the website administrator.

In this regard, data subjects have the right to withdraw their consent at any time by installing the opt-out browser add-on, available at: https://tools.google.com/dlpage/gaoptout?hl=en.

d. Google AdWords and conversion tracking:

Services provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, are incorporated into this website, including Google AdWords, an online marketing tool. Google is certified under the Privacy Shield Agreement and guarantees compliance with European data protection laws. Google AdWords is used to place ads on the Google Advertising Network to be displayed to users who are likely to be interested. This allows for more targeted advertising of the content of and within this website, with users being presented only with ads that potentially correspond to their interests. On websites belonging to the Google Advertising Network, Google directly executes a code that integrates so-called marketing tags into the website, downloading an individual cookie onto the user’s device. The cookie tracks which websites the user visits, which content he or she is interested in, as well as technical information about the browser, operating system, and time of visit to the website. Google also uses conversion cookies to generate statistics that count the total number of users who have viewed the ad. However, users themselves are not personally identifiable, as Google only processes cookie-related data within anonymous user profiles unless a user expressly consents to Google processing their data without anonymization. For further information, please refer to Google’s privacy policy (https://policies.google.com/technologies/ads).

e. Twitter

We have integrated a Twitter widget into our customer management system so that tweets from our account are displayed directly on our website. Through this connection, log data are transmitted to Twitter and a cookie is set on the user’s computer. After a maximum of ten days, Twitter will begin deleting, anonymizing, or aggregating the collected data. For more information, please refer to the Twitter Privacy Policy (https://twitter.com/en/privacy)

f. Facebook:

This website incorporates plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. The plugins are identifiable by the Facebook logo or the "Like" button and establish a direct connection between the user’s browser and the Facebook server. Facebook receives the information that the user has visited this website and enables the user to link the website’s content to their Facebook profile via the “Like” button. For more information, please refer to the Facebook Privacy Policy (https://www.facebook.com/legal/FB_Work_Privacy)

g. Instagram:

This website uses social plug-ins provided by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA. Identifiable by the Instagram logo, the plug-ins establish a direct connection between the user’s browser and the Instagram server located in the United States, so that Instagram receives information that the user has visited the relevant page. If the user is logged into the social network, Instagram can directly associate the data with the respective account. For further information, please refer to the Instagram privacy policy

(https://help.instagram.com/519522125107875?helpref=page_content)

h. Social media presence

(Company Name) Baumgartner Georg maintains an online presence on various social networks and platforms to communicate with customers, users, and anyone else interested, and to inform them about its services. In this context, the privacy policies of each respective social network apply.

i. Transfer of data for domain registration

Domain registration requires that personal data be transmitted to the relevant national or international registrars. In this regard, we only transmit the minimum amount of data required. Users may view and access the data provided to the registrars if they so wish. The registries prohibit the use of personal data for commercial or abusive purposes.

j. Transfer of data for certification purposes

Personal data is transferred to the competent authority for the issuance of an SSL certificate. In this regard, we only transmit the minimum amount of data required. The data subject consents to his or her data being automatically transferred to the authority for the purposes of certification.

k. Business analysis and market research

This website conducts analysis and profiling activities using personal data to identify current market trends and meet the needs of users and clients. The data processed for these purposes include contact information, contract and billing data, payment data, and usage data, as well as metadata regarding contractual partners, interested parties, customers, and visitors to our website. Analysis of this data is used to improve user-friendliness, optimize our services, and increase efficiency; the data collected will not be disclosed to third parties.

1. Cookies

When you visit this website, session cookies are created that are stored only for the duration of your visit. These cookies are not shared across domains nor used to track user behavior.

6. Provision of personal data and refusal:

The provision of personal data is optional but strictly necessary for the purposes listed in paragraph 3; failure to provide the requested data will make it impossible to carry out the aforementioned activities.

7. Storage of personal data:

Unless otherwise expressly stated in this notice, processed data will be deleted as soon as they are no longer needed for the purposes described in paragraph 3, provided that storage is not or is no longer required by law. As a general rule, personal data will not be retained for longer than two years.

If deletion is not possible for legal reasons, data processing will be restricted; that is, the data will be blocked and not used for any other purposes.

8. Rights of Data Subjects:

Under the GDPR, data subjects have the following rights:

a. The right to access their personal data held by the Data Controller, to request the erasure or rectification of such data and the restriction of processing, as well as the right to object to processing;

b. The right to data portability, i.e., the right to receive one’s own data from the data controller in a structured and easily understandable format, and to request that the data be transmitted to another controller;

c. The right to withdraw their consent to the processing of data at any time, provided that the lawful basis for the processing is the data subject’s consent, without prejudice to the lawfulness of data processing carried out on the basis of consent prior to the withdrawal;

d. The right to file a complaint with the competent supervisory authority.

To exercise these rights, data subjects may send a request by certified email to the following email address: info@oebersthof.com, or by registered letter with return receipt to: Sagschmöl 5, Latzfons – 39043 Klausen (BZ).