Effective November 7th, 2019
1.1. Data protection is a matter of trust and your privacy is important to us. To make you feel safe when visiting our service and purchasing products, we comply with the applicable data protection laws (General Data Protection Directive/GDPR, Austrian Telecommunications Act/Telekommunikationsgesetz/TKG 2003) when processing your personal information and will hereinafter inform you about the data we collect and how we use it.
2. Definitions and legal references
2.1. Personal data: any information regarding a natural person, which is, or can be, identified, even indirectly. Examples are name, address, e-mail-address, telephone number, birth date, age, sex, social security number, pictures or even biometric data.
2.2. Usage data: information collected automatically from kompany (or third party services employed by kompany), which can include: the IP addresses or domain names of the computers utilized by the Users who use kompany, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
2.3. User: the individual using kompany, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refer.
2.4. Data subject: the natural person to whom the Personal Data refers.
2.6. Data controller (or owner): the natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of kompany. The Data Controller, unless otherwise specified, is the Owner of kompany.
2.7. kompany: the hardware or software tools by which the Personal Data of the User are collected.
2.8. Cookies: small pieces of data stored in the User's device.
3. Data Controller
The controller for the purpose of the General Data Protection Regulation is:
360kompany AG (hereinafter "kompany")
Phone: +43 720 230360
4. Personal data
4.1. The Data concerning the User is collected to allow the Data Controller to provide its services, as well as for the following purposes: Registration and authentication, Remarketing and behavioural Targeting, Handling payments, Analytics, User database management, Contacting the User, managing email addresses and sending messages, Advertising and Infrastructure monitoring.
4.2. Among the types of Personal Data that kompany collects there are:
- First Name & Last Name
- Phone number
- Company Name
- Address, State, Province, ZIP/Postal code, City
- VAT Number
- Cookie and Usage Data
4.4 If you register to our mailing list or for our newsletter, you will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning kompany. Email addresses might also be added to this list as a result of signing up to kompany or after making a purchase. For the purpose of sending you those e-mails we collect your email, first name, and last name. In some cases, we collect your company name and VAT number. You can revoke your consent at any time.
4.5 If you choose to contact us via our contact forms, you authorize kompany to use your details to reply to requests for information as well as for quotes or any other kind of request. If you use the contact form we will collect your email, first name, last name, password, company name and phone number.
4.6 By registering or authenticating, you allow kompany to identify and give you access to dedicated services. You register by filling out the registration form. For the purpose of registration, you provide us with the following personal data which will be collected by us: email, first name, last name, password and in some cases company name and VAT number.
4.7 The Personal Data collected is freely provided by the User when using the kompany live services.
4.8 All Data processed via the service hosted by kompany are used by kompany solely for the purpose of providing the service to the Users. Such Data will not be transferred or sold by kompany to any third party. The Owner reserves the right to aggregate the Data imported on the application by the different kompany Users, for the purpose of creating anonymized aggregated metrics.
5. Methods of processing
The Data Controller processes the Data of Users in a proper manner and is taking appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the service (administration, support, sales, marketing, legal, system administration, financial) or external parties (such as third party service providers, mail carriers, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.
The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller.
7. Legal basis for processing personal data
7.1. Consent – Art 6 (1) (a) GDPR
For certain processing operations we will seek your consent, e.g. sending you our newsletter. In the context of consent to the processing of your personal data, processing will take place only in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. Once you have given your consent, you can revoke it at any time with effect for the future.
7.2. Contractual Obligations – Art 6 (1) (b) GDPR
Personal data will be processed in order to provide and arrange kompany's services, most notably in order to perform our contracts with you and to execute your requests. The purposes of data processing are primarily dictated by the specific product, the respective contract documents and the Terms and Conditions.
7.3. Legal Obligations – Art 6 (1) (c) GDPR
Personal data may be processed for the purpose of fulfilling various legal obligations, e.g. tax obligations or obligations arising out of license agreements with commercial registers.
7.4. Legitimate Interests – Art 6 (1) (f) GDPR
If it is necessary and after weighing up interests, data may be processed in favour of kompany beyond the actual performance of the contract in order to protect our legitimate interests. Situations in which data is processed to protect legitimate interests for example include
- Our Website using cookies, storing the IP-address and log-in information,
- Measures to prevent and combat fraud,
- Measures to correct the delivery of faulty services.
8. Provision of personal data
Both for the conclusion of the contract as well as its fulfilment it is necessary that you provide us with your personal data, which will be processed by us. You are only obliged to provide personal data that is necessary for the assumption and performance of the business relationship and which kompany is obliged by law to collect. Failure to provide certain Personal Data will make it impossible for kompany to provide its services or fulfil an existent contract.
9. Cookies & Server Log Files
9.2. For operation and maintenance purposes, kompany and any third party services may collect files that record interaction with kompany (System Logs) or use for this purpose other Personal Data (such as IP Address).
10. Web and email analysis
10.1. Marketing: kompany uses a third party marketing and sales platform to manage a database of companies and contacts to communicate with the User. This service is also used to send emails and collect data concerning the date and time when the mail is viewed by the User, as well as when the User interacts with incoming mail, such as by clicking on links included in the mail.
10.2. Analytics, Monitoring and Reporting: Various services are used to collect, to track and to examine web traffic and can be used to track User behavior.
10.3. Service Monitoring and Reporting: kompany also uses services to enable kompany to monitor the use and behavior of its components so that performance, operation, maintenance and troubleshooting can be improved.
11. Social Media and Advertising
11.1 Remarketing and Behavioral Targeting: These services allow kompany and its partners to send, optimize and serve advertising based on past use of kompany by the User. This activity is performed by tracking Usage Data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioral targeting activity.
12. Disclosure of your personal data
12.1. In order to provide our services, it is necessary to disclose your data to third parties.
12.2. Some of the recipients of your personal data are located outside the European Union and/or process your data there. The data protection level in other countries may not comply to that of Austria. However, kompany only transmits your personal data to countries for which the EU Commission has decided that they have an appropriate level of data protection. If this is not the case we take measures to ensure that all recipients have an adequate data protection level, for which we conclude standard contractual clauses (2010/87/EC and/or 2004/915/EC).
12.3. User Database Management: kompany uses regulated third party services to manage user profiles. These profiles are built from an email address, a personal name, or other information that the User provides to kompany. This personal data is matched with publicly available information about the User (such as organisations and company profiles) and used to build profiles that the Owner can use for improving kompany. kompany's core platform also manages user profiles and is hosted in the EEA at an ISO 27001 certified data center located in Austria.
12.4. Handling payments: Payment processing services enable kompany to process payments by credit card, bank transfer or other means. To ensure greater security, kompany shares only the information necessary to execute the transaction with the financial intermediaries handling the transaction.
12.5. Hosting and monitoring: kompany's core platform is hosted within the ISO 27001 certified date centers operated by Next Layer Telekommunikations- und Beratungs GmbH, located in Austria. Next Layer operate digital and physical security measures consistent with the certification for both live datastores and backups. kompany also uses Amazon Web Services (AWS) hosting service platform in Germany, Dublin, USA and Singapore.
12.6. The User’s Personal Data may be used for legal purposes by the data controller, in court or in the stages leading to possible legal action arising from improper use of kompany or the related services.
12.7. We will disclose user’s personal information where the data controller is bound to do so, at law or via a court order as well as to meet any legal or regulatory requirement or obligations. The data controller will use all reasonable efforts to ensure that those requirements or obligations are in accordance with Applicable Law.
12.8. The data controller reserves the right to disclose user information to any Third Party, if the data controller has reasonable information to believe that the disclosure is necessary for the purpose of an investigation and/or for the enforcement of any breaches of the Terms of Service (if applicable), to detect, prevent or otherwise address fraud, security, technical issues or other irregularities or illegalities, protect the rights and interests as well as the property of kompany.
12.9. The data controller will disclose the user's data upon request of public authorities.
12.10. kompany does not sell any Personal Data collected or processed as part of using the kompany service.
13. Period of storage
14. Rights of affected persons
14.1. As customer or Data Subject you have at any time the right to request information about your stored Personal Data, their origin and recipients and the purpose of data processing. You also have the right to demand rectification, transfer, and, where applicable, to object or restrict the processing or deletion of inaccurate or improperly processed data.
14.2. If you believe that the processing of your personal data by kompany violates the applicable data protection law or your data protection claims in any other way, you may complain to the competent supervisory authority. In Austria the competent supervisory authority is the Austrian Data Protection Authority (österreichische Datenschutzbehörde).
15. Contact Person
Johanna Konrad, Chief Strategy Officer
Schwindgasse 7/12, 1040 Vienna, Austria
16. Right of modification