Data protection information in accordance with Art. 13 & 14 of the GDPR
Thonauer Gesellschaft m.b.H.
Telefon: +431 804 28 71 0
No data protection officer has been appointed, as this is not required by law.
Purpose of data processing
Business management and accounting, marketing/advertising of goods and/or services of the enterprise as a whole.
Marketing and advertising (general): legitimate interest
The legitimate interest is the interest of the company in establishing an initial business contact and deepening business relationships with both existing and potential customers.
Newsletter, following consent (double opt-in procedure) by the persons concerned, with a possibility of opting-out at any time.
Use of photos of events on social media sites, in the newsletter or on the website as a blog post, following consent.
Legal basis for processing the data
Data processing is carried out on the basis of the statutory provisions of § 96 (3) TKG (Austrian Telecommunications Act) and Art. 6 (1) (a) (consent), lit b (required for fulfillment of the contract), lit c (legal obligations under BAO [Austrian Fiscal Code] and UGB [Austrian Commercial Code]) and lit d (legitimate interests of the person responsible) of the GDPR.
Categories of recipients
The categories of recipients vary according to the nature of the processing activity.
On this page, distinction is made between the following categories of recipients of personal data:
Data processing concerning own business
Tax consultants (accounting)
Courts, administrative authorities, other authorities, Austrian Statistics Office, insurance companies (for example, liability insurance)
Providers and IT service providers
Advertising Agency (Marketing)
In general, this page does not collect data relating to individual consulting services.
Processing activity & processing purpose
Processing of inquiries and orders including billing, marketing and advertising for the business’ own purposes.
The following categories of data are processed
Contact details: First and last name, telephone number, e-mail address, postal address, birthday
Master data: e.g. company data such as VAT number, bank account data, content of the order (e.g. offer, accounts receivable, billing and due dates, performance data, etc.) for the number assigned by the business (serial number or code designation)
Master data and contact details (of the persons / companies concerned)
Master data and contact details (of other third parties involved, e.g. clients, insurance companies, suppliers, tax consultants, contractual partners ...).
Data connected with the service commissioned (service content, processing data).
Data for the billing of our goods or services as well as the data required for accounting purposes.
Origin of the data
Self-disclosure through customer inquiries, registration for the newsletter, etc.
Notification by the intermediary client
Publicly available data (commercial register, contact data from homepage or public directories such as phone book, etc.)
As part of building a marketing database from public sources for the business’ own purposes, or when processing the personal data relating to referrals from existing customers.
Type of information in accordance with Art 14 of the GDPR
The provision of information within the meaning of Art. 14 of the GDPR takes place within the framework of the first use of the data, but no later than one month after its collection (no disclosure of the data to third parties is planned); the data notice is included in the e-mail signature so that the third party receives the information on his first contact.
Transmission to recipients in third countries
The data arising from processing and marketing activities and, where applicable, the use of photos, are usually not transmitted to recipients in third countries.
If, following the consent of the persons concerned, photos are published on the website or in social networks, we must point out that they are made available to an indefinite number of recipients.
The data arising from the processing activities of e-mail marketing/m-newsletter will be transmitted to a processor outside the area of the EU for the purpose of digital storage of the personal data and handling of e-mail dispatch as well as the analysis of the reaction behavior. The transmission takes place on the basis of an electronically closed agreement for order processing.
More information can be found below in the "Newsletter" section.
Storage duration & deletion periods
General storage period: Basically, the data will be deleted after the end of the 7th (seventh) year following the entry of the last document in relation to the file; retention period in accordance with Section 132 BAO.
Marketing data: Marketing data will be kept until five years after the last contact.
Legal / statutory retention obligations or contractual obligations, for example to customers concerning warranty or compensation, or contractual partners for a basis for the continued storage of personal data. (Art 6 (1) (c) GDPR - Basis for the lawfulness of processing: legal/statutory obligations)
The data may only be stored in a form that will enable the identification of the persons concerned only for as long as is necessary for the purposes for which they are processed; personal data may be stored for a longer period, provided that the personal data are subject to appropriate technical and organizational measures required by this regulation for the protection of the rights and freedoms of the persons concerned, exclusively for archival purposes in the public interest, for scientific and historical research purposes; or for statistical purposes in accordance with Article 89 (1) of the GDPR ("memory limitation"); (see Article 5 (1) (e) GDPR).
Rights of the persons concerned
These rights serve to promote the transparency of the processing of personal data. The person concerned should be able to acquire information and should also know by whom, how, in what way and why data is being processed.
Information, deletion, blocking
At any time you have the right to free-of-charge information about your stored personal data, their origin and recipients, the purpose of the data processing together with the following rights:
- Restriction of processing
- Right to object to processing (only where there is a legitimate interest)
- Right to data portability (only in the case of contractual relationship or consent)
- Right of appeal to the supervisory authority
- If the processing is based on consent, you have the right to revoke your consent at any time (marketing for the business’ own purposes); the revocation does not affect the legality of any processing carried out on the basis of consent before revocation.
You can exercise all your rights by sending an e-mail to firstname.lastname@example.org or by personal contact (e.g. by telephone) or by post, as well as by using the contact form on the website.
You will need to identify yourself and also assist in your identification, in order to ensure that where there is a response to the exercise of rights, the actual person concerned is addressed.
Further information on data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations (GDPR). This requires either legal permission or your consent. Legal permission exists where, in particular, inventory and usage data is being processed. If we obtain your consent to the further use of your data, we will inform you in detail as how your data will be used. It is usually possible to use our website without providing any personal information.
Changes to the data protection statement
If a change to the data protection statement is required, we will update this page accordingly.
Our website uses so-called cookies. These are small text files that are stored on your device using the browser. They do no harm and serve to make our services user-friendly.
Some cookies remain stored on your device until you delete them. They allow us to recognize your browser when you next visit.
You can permanently prevent the storage of cookies in your browser by downloading and installing the plugin available at the link below. You will find more information here.
Likewise, you may prevent the use of third-party cookies by opting out on the opt-out page of the Network Advertising Initiative in accordance with the instructions there. You will find more information here.
Server log files (access statistics)
The provider of these pages automatically collects and stores information when using this website in so-called server log files, which your browser automatically transmits to us.
These include, for example, your IP address, browser type/ browser version, operating system used, the page from which you came to visit our website, the host name of the accessing computer and the time of the server request. These data cannot be assigned to specific persons and do not allow us to identify our users. There will be no merging of this data with data from other sources. This data will only be used for statistical purposes. We reserve the right to check this data retrospectively, should we become aware of any specific indications of illegal use.
Interactions in/with/through our website
Where personal data is collected from users (for example, name, address or e-mail addresses), this always takes place on voluntary basis. We will use the information you provide for the purpose for which we collected it.
In each case we will delete your data, as far as this is permitted or required by law, or its storage is no longer required for the use of our website and our offers, or you wish it to be deleted.
These data will not be disclosed to third parties without your explicit consent.
We would like to point out that when transmitting data over the Internet (e.g. when communicating by e-mail) there may be security vulnerabilities. It is not possible to completely protect the data from access by third parties.
Newsletter, contact form, call-back service
By subscribing to the newsletter, sending the request form or using the call-back service, you are deemed to have consented to the processing of your personal data by Thonauer Gesellschaft m.b.H, Perfektastrasse 59, 1230 Vienna, such as your name, company, address, telephone number and e-mail address, for the purpose of contacting you and sending you business information. The data is collected in the CRM system belonging to Komax AG in Switzerland and sent to the advertising agency commissioned for shipping. The adequacy decision for Switzerland is available. The data will be stored until such time as its storage is revoked, but no later than five years from the last contact. Your consent to the storage of data can be revoked at any time. This can be canceled at any time by means of a link in the relevant mailing or by contacting us directly. Please send your cancellation to the following e-mail address: email@example.com. We will immediately delete your data that is connected with the delivery of the newsletter.
You have the opportunity to subscribe to our newsletter via our website. For this we need your e-mail address and your declaration that you agree with the subscription to the newsletter.
In order to provide you with targeted information, we also collect and process voluntarily-provided information covering company names, addresses and areas of interest.
We use this data exclusively for the delivery of the requested information – these will be forwarded to our order processor, Lighthouse Werbeagentur (Angelika Thonauer, Ludwig Höfler-Gasse 48, 2340 Mödling). We have concluded a suitable contract with the provider for processing contract data.
Your consent to the storage of such data, your e-mail address and their use in delivering the newsletter can be revoked at any time. This can be canceled at any time by means of a link in the relevant mailing or by contacting us directly. Please send your cancellation to the following e-mail address: firstname.lastname@example.org. We will immediately delete your data that is connected with the delivery of the newsletter.
For the transmission of information we use the provider MailChimp, a trademark of Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA. Mail Chimp is registered with privacy shield and is required to comply with EU privacy rules.
Regarding the handling of your data at MailChimp, please refer to the MailChimp data protection statement . MailChimp will only use your data for sending the newsletter and evaluating this transmission on our behalf. Furthermore, MailChimp will only use your data to improve our own service. MailChimp will not use the data to write to you or share your information with others.
The data used by MailChimp includes a "web-beacon" that sends the opening of the newsletter and/or the activation of a link within it to MailChimp. At this point, information about your browser, your location and your IP address will be sent to MailChimp. This information is used to optimize our response to you.
This site uses SSL encryption for security reasons and to protect the transmission of sensitive content, such as the requests you send to us, the site operator. An encrypted connection is indicated when the browser's address bar changes from "http://" to "https://" and the lock icon appears in your browser bar. When the SSL encryption is enabled, the data you submit to us cannot be read by third parties.
Social Media Plugins
Social media plugins usually result in every visitor to a page being immediately tracked by these services with their IP address and, if necessary, logging their further browser behavior. This can occur even if you do not press the button.
For the integration of videos our site uses the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Usually, when you visit an embedded video page, your IP address will be sent to YouTube and cookies will be installed on your computer. However, we have integrated our YouTube videos with enhanced privacy mode (in which case, YouTube will still contact the Google DoubleClick service, but according to Google's data protection statement, personal data will not be evaluated). This means that YouTube does not store any information about visitors unless they watch the video. If you click on the video, your IP-address will be sent to YouTube and YouTube will know that you have watched the video. If you are logged in to YouTube, this information will also be associated with your user account (you can prevent this by logging out of YouTube before calling up the video).
We are not aware of a possible collection and use of your data by YouTube. More information can be found in YouTube’s data protection statement at https://policies.google.com/privacy?hl=en&gl=de . In addition, we refer you to the general handling and deactivation of cookies on our general presentation in this data protection statement.
Integration of third party services and contents
Third party content, such as YouTube videos, maps from Google Maps, RSS feeds or graphics from other websites, may be included in this online offer. This assumes that the providers of this content (hereinafter referred to as "third party providers") can always detect the IP address of the users, as without the IP address, they cannot send the content to the user‘s browser. The IP address is therefore required in order to present this content. We endeavor to only use content where the provider only uses the IP address for its delivery. However, we do not have any influence on this, and the third party providers may store the IP address e.g. for statistical purposes. Where we are aware of this, we explain the situation to users or anonymize the IP insofar as it is technically feasible for us to do so.
We will therefore never pass your data on to third parties, as far as this is not necessary for the use of this website or the fulfillment of our contractual obligations (such as passing on information to suppliers, payment service providers or integrated additional providers on this page) or we are legally obliged by a state or an authority to publicize your data.
Disclosure to foreign countries, in particular the USA
Our website uses external providers based outside the EU for various functions. In particular, cookies, active Java scripts and other technologies may result in your data being processed and stored outside the EU. However, we will not pass on your data to a third country unless the EU Commission has established there is comparable data protection to that in the EU, you have given us your informed consent or we have agreed the standard contractual clauses to protect your data with the provider. A Privacy Shield Agreement exists with the USA.
which under certain conditions offers sufficient data protection. For more information about your rights in each of the following transfers of information to the United States, see
Integration of other services and of third party content
Google Analytics data protection statement
Our website uses features of web analytics services Google Analytics and Google Remarketing. These are services provided by Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA).
During your visit to our website, we record certain information, including the following:
- Pages viewed
- Your behavior on these pages (for example, clicks, scrolling behavior and length of stay)
- Your approximate location (country and city)
- Your IP address (in abbreviated form, so that no unique assignment is possible)
- Technical information such as browser, Internet service provider, terminal and screen resolution
- Source of your visit (i.e. via which website or via which advertisement you have come to us)
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that will allow you to be recognized during future visits to our website.
The recorded data is stored together with the randomly generated user ID, allowing the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data will remain stored in aggregated form for an unlimited period of time.
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Your IP address is captured but immediately pseudonymized. As a result, only a rough localization is possible. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data.
We have implemented Google AdWords Display Advertising for the offers on this website. This means that our advertising may appear on third-party websites, including those of Google. We have activated the Google Analytics remarketing feature, based on display advertising.
The combined use of first-party cookies (such as Google Analytics cookies) and third-party cookies (such as DoubleClick cookies) allows our advertising to be targeted, optimized and promoted, based onpast visits by visitors to this site.
Visitors to this site can disable Google Analytics for display advertising with the Ads Preferences Manager and customize ads on the Google Display Network. In addition, you can use the above browser add-on to deactivate Google Analytics.
Preventing the collection of your data
You can prevent Google Analytics collecting the data generated by the cookie that is related to your use of the website by downloading and installing the deactivation browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You may opt out of the collection and storage data at any time, with immediate effect in the future. In view of the discussion regarding the use of analysis tools with full IP addresses, we would like to point out that this website uses Google Analytics with the extension "_anonymizeIp()" and therefore IP addresses are only processed in a shortened form in order to exclude any direct personal references.
We have entered into a corresponding contract data processing contract with the provider.
The relationship with the web analytics provider is based on an adequacy decision by the European Commission ("Privacy Shield").
If you want to learn more about Google's Data Protection Declaration, please use the following link: https://www.google.com/intl/en/policies/privacy/ .
Data processing is based on the statutory provisions of § 96 (3) TKG (Austrian Telecommunications Act) and Article 6(1) (a) (consent) and/or (legitimate interest) of the GDPR.
Within the meaning of the GDPR (legitimate interests), our concern is to improve our offering and our website. Since the privacy of our users is important to us, the user data is pseudonymized [pseudonymization is recommended on the legal basis of "legitimate interest"; this must be clarified with the web analysis service].
Using Google AdWords Conversion Tracking
We use the Google AdWords online advertising program and use conversion tracking as part of Google AdWords. Google Conversion Tracking is an analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").
If you click on a Google ad, a cookie for conversion tracking is stored on your computer. These cookies lose their validity after 30 days, contain no personal data and thus are not used for personal identification.
If you visit certain web pages on our website and the cookie has not expired, Google and we may recognize that you clicked on the ad and were redirected to this page.
Each Google AdWords customer receives a different cookie. This means that there is no possibility that cookies can be tracked through the websites of AdWords advertisers.
The information gathered using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. It tells customers the total number of users who clicked on their ad and were redirected to a page containing a conversion tracking tag. However, they do not receive information that personally identifies users.
If you do not want to participate in tracking, you can object to this by preventing the installation of cookies using a suitable setting in your browser software (deactivation option). You will not be included in the conversion tracking statistics.
For more information and Google's data protection statement, please visit: https://policies.google.com/technologies/ads?hl=en, https://policies.google.com/privacy?gl=de&hl=en
Using the Remarketing or "Similar Target Groups" function of Google Inc.
We use the Remarketing or "Similar Target Groups" function of Google Inc. ("Google") on our website. Using this function, together with Google, we can address our visitors to this website with target-oriented advertising by placing personalized, interest-related advertisements when they visit other sites on the Google Display Network.
Google uses so-called "cookies" to carry out an analysis of website usage, which forms the basis for creating interest-based advertisements. For this purpose, Google stores a small file with a sequence of numbers in the browsers of the visitors to the website. This number is used to record website visits and anonymous data on website use. The personal data of visitors to the website is not stored. If you then visit another website on the Google Display Network, you will see ads that are likely to include previously viewed products and information.
Alternatively, you may disable the use of third-party cookies by visiting the Network Advertising Initiative deactivation page at http://www.networkadvertising.org/choices/ and implementing the opt-out information listed there.
For more information about Google Remarketing and Google's data protection statement, please visit: https://policies.google.com/technologies/ads?hl=en