Webseite: www.exito.ag or www.exito.at
We look forward to your visit on this website. Data protection and data security for our customers and users have a high priority for us. We observe the data protection regulations, in particular the EU General Data Protection Regulation (“DSGVO”) and the Data Protection Act (“DSG”).
In this data protection information, we explain to you which information (including personal data) is processed by us during your visit to and use of our aforementioned website (“website“).
I. Who is responsible for data processing?
The person responsible for the processing of personal data under data protection law is Exito GmbH, 4841 Ungenach, Brunau 9, 0043 7672/30 233, firstname.lastname@example.org. As far as “we” or “us” are mentioned in this data protection information, this refers to the aforementioned company.
According to the DSGVO in conjunction with the DSG, our company does not require a data protection officer. Our person responsible and our data protection coordinator can be reached via the aforementioned contact channels and at email@example.com.
II. Which principles do we observe?
In compliance with data protection regulations, we only process your personal data if a legal requirement allows us to do so or if you have given your consent. This also applies to the processing of personal data for advertising and marketing purposes.
We can also collect information on this website that does not in itself allow us to draw any direct conclusions about your person. In certain cases – especially when combined with other data – this information can nonetheless be regarded as “personal data” in the sense of data protection law. We can also collect information on this website that enables us to identify you neither directly nor indirectly; this is e.g. This is the case with summarized information about all users of this website.
III. Which data do we process?
You can access our website without providing any personal information (such as your name, postal address or email address). In this case, too, we have to collect and save certain information in order to enable you to access our website.
1. Logfiles: When you visit this website, our web server automatically saves the domain name or the IP address of the requesting computer (usually your internet access provider) including the date, time and duration of your visit, the subpages / URLs that You visit and information about the applications and devices you use to view our website.
4. Information and advice options: We offer you various information and advice options through our contact options. Depending on the option or options you want, we process different personal data:
If you contact us via one of the channels specified on our website, we will process the personal data contained in your message and provided by you in order to process and answer your request.
b. Information material
If you have asked for information material to be sent, we will process the data you provide in the contact form, at least your surname and first name, company and the details of the contact method you have chosen (post and / or e-mail) for the one-time sending of yours desired material.
c. telefonic consultancy
If you have asked for information material to be sent, we will process the data you provide in the contact form, at least your surname and first name, company and the details of the contact method you have chosen (post and / or e-mail ) for the one-time sending of yours desired material.
d. Personal advice / roadshow
If you have asked for personal advice, we will process the data you provide in the contact form, at least your surname and first name, as well as your telephone number and / or e-mail address, in order to contact you to arrange a personal consultation.
IV. For what purposes and on what legal basis do we process your data?
1. The processing of any personal data contained in the log files takes place in order to enable you to use our website; this is done on the basis of § 97 TKG 2003 or on the basis of Article 6 Paragraph 1 f) DSGVO to safeguard our legitimate interest in the operation of our website.
2. The processing of the data collected via cookies (including the web analysis services etracker and Google Analytics) and the pseudonymous usage profiles takes place for the purposes of advertising, market research and the needs-based design of our website on the basis of Article 6 Paragraph 1 f) DSGVO to safeguard our legitimate interests to analyze the use of our website.
3. The processing of the data for processing an inquiry via one of the channels indicated on our website takes place in any case to safeguard our legitimate interest in establishing and maintaining business contacts on the basis of Article 6 Paragraph 1 f) DSGVO. If your request relates to the conclusion of a contract or pre-contractual measures, we will process your personal data on the basis of Article 6 Paragraph 1 b) DSGVO.
4. The processing of the data for the use of the information and advice offers takes place in order to carry out the offer you have chosen or, in the case of the e-mail newsletter, to register for the newsletter and to send it. All of this processing takes place with your consent on the basis of Article 6 Paragraph 1 a) DSGVO. Please note that you can revoke your consent given to us at any time with effect for the future, e.g. by clicking on the corresponding link in each of our newsletters or by sending a message by post, fax or email via one of the contact channels mentioned on the first page of this data protection information.
5. We can also process those in connection with your use of our website to fulfill legal obligations to which we are subject; this is done on the basis of Article 6 paragraph 1 c) DSGVO.
6. If necessary, we process your data beyond the aforementioned purposes, also to safeguard our legitimate interests or the interests of third parties; this is done on the basis of Article 6 Paragraph 1 f)DSGVO. Our legitimate interests include
a. the assertion of legal claims and the defense in legal disputes;
b. the prevention and investigation of criminal offenses;
c. the management and further development of our business activities including risk management;
V. Am I obliged to provide data?
The information required to register for our newsletter and to take advantage of the information and advice offered is marked as mandatory in the corresponding area of the website (e.g. an online form); Without the provision of mandatory information, we cannot enable you to use the respective functionality.
If we also collect personal data from you, we will inform you when collecting it whether the provision of this information is required by law or contract or is necessary for the conclusion of a contract. As a rule, we mark the information that is provided voluntarily and is not based on one of the aforementioned obligations or is not required to conclude a contract.
VI. Who will receive my data?
Your personal data are generally processed within our company. Depending on the type of personal data, only certain departments / organizational units have access to your personal data. This includes in particular the specialist departments involved in the provision of our digital offers (e.g. websites) and our IT department. Through a role and authorization concept, access within our company is limited to those functions and the scope that is required for the respective purpose of processing.
We can also transfer your personal data to third parties outside of our company to the extent permitted by law. These external recipients can include in particular
- Affiliated companies within the Xella Group, to whom we transfer personal data for internal administrative purposes and to fulfill contracts
- the service providers engaged by us who provide services for us on a separate contractual basis, which may also include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
- Non-public and public bodies, insofar as we are obliged to transmit your personal data due to legal obligations.
VII. Is automated decision-making used?
In connection with the operation of our website, we generally do not use automated decision-making (including profiling) within the meaning of Article 22 DSGVO. If we use such procedures in individual cases, we will inform you of this separately to the extent provided by law.
VIII. Are data transferred to countries outside the EU / EEA?
Your personal data is generally processed within the EU or the European Economic Area.
Only in connection with the involvement of service providers to provide web analysis services can information be transmitted to recipients in so-called “third countries”. “Third countries” are countries outside the European Union or the Agreement on the European Economic Area, in which a level of data protection cannot be assumed without further ado that is comparable to that in the European Union.
If the transmitted information also includes personal data, we ensure before such transmission that the required appropriate level of data protection is guaranteed in the respective third country or with the recipient in the third country. This can result in particular from a so-called “adequacy decision” of the European Commission, with which an adequate level of data protection for a certain third country is determined overall. Alternatively, we can base the data transfer on the so-called “EU standard contractual clauses” agreed with a recipient or – in the case of recipients in the USA – on compliance with the principles of the so-called “EU-US Privacy Shield”. We will be happy to provide you with further information on suitable and appropriate guarantees for compliance with an appropriate level of data protection on request; You will find the contact details at the beginning of this data protection information. You can also find information on the participants in the EU-US Privacy Shield herer www.privacyshield.gov/list.
IX. How long will my data be saved?
We generally store your personal data as long as we have a legitimate interest in this storage and your interests in not continuing the storage do not outweigh your interests.
Even without a legitimate interest, we can continue to store the data if we are legally obliged to do so (for example to fulfill storage obligations). We delete your personal data even without your intervention, as soon as knowledge of it is no longer necessary to fulfill the purpose of processing or storage is otherwise legally inadmissible.
- the log data is deleted within seven days, unless further storage is required for purposes stipulated by law, such as the detection of misuse and the detection and elimination of technical faults;
- the data processed in connection with an order are deleted at the latest after the statutory retention periods have expired; and
- the data processed in connection with a registration as a user or a customer account is deleted after the registration is completed or the customer account is deleted.
The personal data that we have to store in order to fulfill our retention requirements will be stored until the end of the respective retention requirements. Insofar as we only store personal data for the purpose of fulfilling storage obligations, these are usually blocked so that they can only be accessed if this is necessary for the purpose of the storage obligation.
X. What rights do I have?
As a data subject, you have the right
- to information about the personal data stored about you, Article 15 DSGVO;
- to correct incorrect or incomplete data, Article 16 DSGVO;
- to erasure of personal data, Article 17 DSGVO;
- to restriction of processing, Article 18 DSGVO;
- on data portability, article 20 DSGVO, and
- to object to the processing of your personal data, Article 21 DSGVO.
To exercise these rights, you can contact us at any time via one of the contact channels specified at the beginning of this data protection information (Exito GmbH, 4841 Ungenach, Brunau 9, 0043 7672/30 233, firstname.lastname@example.org).
You are also entitled to lodge a complaint with a competent supervisory authority for data protection, Article 77 DSGVO.