last update of the privacy policy on 24.01.2023
Data protection is a major concern for us. Therefore, our privacy policy is very comprehensive. Of course, also to fully comply with legal requirements. For your orientation, here is a summary of each chapter at the beginning so that you can quickly find the information you need.
- Preamble – Our position on data protection and which websites it affects
- Cookies – What are cookies and where do we use them?
- Log data – websites also collect information of your web accesses
- Tracking Tools – Re-Marketing/Re-Targeting with Google Analytics
- Social media plugins – What it means when you click on one of these buttons
- Data storage – Which of your data is stored how, for what purpose, where and for how long
- Data security – What we do to protect your data as much as possible
- Your rights – We take these very seriously, more on this in this chapter.
1. preamble
With the following data protection declaration, we would like to inform you about the type, scope and purpose of the collection, processing and use of personal data in the context of the use of the website offered by RISK CONSULT Sicherheits- und Risiko-Managementberatung Gesellschaft m.b.H. (hereinafter referred to as “Risk Consult”) and the respective services offered on it.
Your trust and the protection of your personal data is very important to Risk Consult. Therefore, we would like to show you transparently how and for what your data is used. We process your data exclusively on the basis of the current legal provisions in accordance with the EU General Data Protection Regulation (DSGVO) and the Telecommunications Act (TKG 2003).
We work according to these principles of processing your personal data:
- You only give us the data that is necessary for the respective service
- Your data will only be stored as long as it is necessary for these services
- We use your data only for the purposes we have mutually agreed upon
- We only share your data with third parties that are necessary for the operation of these services
- Your data will be transmitted and stored by us exclusively encrypted
This privacy policy applies to this website, its sub-domains and also all future sub-domains of Risk Consult. With the storage, processing and use of personal data, we want to provide you with a user-friendly, smooth, customer-oriented and secure service.
We will not use or share your information except as described in this Privacy Policy. By using the Service, you consent to the collection and use of information in accordance with this Statement. Unless otherwise specified in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
2. cookies
Risk Consult uses so-called cookies on this website. This is small text information that is stored on your end device with the help of the Internet browser. They do not cause any damage. Cookies allow us to speed up navigation on our website, to adapt it to your needs and interests, and to prevent misuse of the services. As soon as you connect to our website again, our server can identify your terminal device in this way, so that you do not have to log in again every time you visit our website, for example.
Risk Consult uses so-called session cookies, which are already deleted when you close your web browser, because they only contain information that was required for the one visit to Risk Consult. In addition to session cookies, we also use so-called permanent cookies. These enable the service to maintain and offer you your personal settings or advertisements over a longer period of time (depending on the respective service). Permanent cookies are automatically deleted after a specified duration, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
You can configure your browser settings according to your wishes and also refuse to accept cookies. However, we would like to point out that you may then not be able to use all the functions of the website.
Our concern regarding these cookies in terms of DSGVO Art.6 Para1 lit. f is the legitimate interest on our part for the improvement of our offer and our overall web presence.
3. log data
We may also collect information that your browser sends when you visit our Service or when you access the Service through a mobile device (“Log Data”).
This log or log data may include information such as browser type, browser version, device IP address, the pages of our Services that you visit, the time and date of your visit, and the time spent on those pages and other statistics.
When you access the Service from or through a mobile device, this log data may include information such as the type of mobile device you are using, the unique ID of the mobile device, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser, and other statistics.
4. re-marketing through tracking tools
We use tracking tools on our websites to measure user behavior on our websites, thereby better understanding and further developing our offers in a customer-oriented manner. Likewise, this allows us to target advertisements in the online space. This is done in accordance with DSGVO Art.6 Para1 lit. f (for legitimate interest on our part).
For this purpose, we have installed a so-called “cookie banner” on all of our websites, by means of which you give us your consent for this (DSGVO Art.6 Para1 lit. a) or, of course, can also reject this. You can change this decision at any time by clicking on the Borlabs icon (in the browser window at the bottom left).
With your consent to use these services, you also consent to the processing of your data in the USA in accordance with DSGVO Art. 49 (1) lit. a to. The ECJ classifies the USA as a country with insufficient data protection according to EU standards. For example, there is a risk that U.S. authorities will process personal data in surveillance programs without an existing possibility for Europeans to sue.
Google Analytics
On our websites, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics also uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of our websites is usually transferred to a Google server in the USA and stored there. However, by activating IP anonymization, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
On our behalf, Google will use this information for the purpose of evaluating your use of our websites, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
You can also prevent the collection of data generated by the cookie and related to your use of our website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link to deactivate: https://tools.google.com/dlpage/gaoptout?hl=de
You can read how this data is used by Google here:
https://policies.google.com/technologies/partner-sites
5. use of plugins (icons) from LinkedIn on our website.
So-called social plugins (“plugins”) of the social network LinkedIn are used on our website. Our concern in terms of the GDPR (legitimate interest) is the improvement of our offer and our overall web presence, the expansion of our community (followers) and for advertising purposes.
LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. You can find an overview of Twitter buttons and their appearance here:
https://developer.linkedin.com/plugins
When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the servers of LinkedIn. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the provider receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider and stored there.
If you are logged in to one of the services, the provider can directly assign the visit to our website to your profile on LinkedIn. If you interact with the plugins, the corresponding information is also transmitted directly to a server of the providers and stored there. The information may also be published on the social network after your consent and displayed there to your contacts.
The purpose and scope of the data collection and the further processing and use of the data by the providers, as well as your rights in this regard and setting options for protecting your privacy, can be found in the providers’ data protection notices.
Privacy policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
If you do not want LinkedIn to directly assign the data collected via our website to your profile in the respective service, you must log out of the corresponding service before visiting our website. You can also completely prevent the loading of the plugins with add-ons for your browser, e.g. with the script blocker “NoScript”(https://noscript.net/).
6. data storage
We use third party companies to provide our Services, to perform Service-related services under completed contracts, or to help us analyze how our Service is used.
These third parties only have access to your personal information to perform these tasks on our behalf and are required not to disclose or use it for any other purpose. We have concluded corresponding contracts for commissioned data processing with all third-party providers. In this way, we would like to ensure for you that these data processors are also fully committed to the valid legal provisions on data protection (DSGVO).
7. data security
Data protection and children
Our Service is not intended for persons under the age of 14 (“Children”). We do not knowingly or intentionally collect personal information from children under the age of 14. If you are a parent or guardian and know that your child has provided us with personal information, please contact us. If we are aware that we have collected personal information from children under the age of 14 without the consent of their legal guardians, we will take steps to remove that information from our servers.
Technical and organizational data security measures
The security of your personal information is very important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use all commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
We take these technical and organizational measures for the security of your personal data:
- Different passwords for all software tools
- Virus protection for all IT hardware used
- SSL encryption for secure data transmission
- Firewall for our internal company network
- Regular training on data security and protection for all employees
- Regular updates of all software components
- Regular data backup to ensure availability
- Regular risk analyses of the corresponding IT systems
8. we are glad to be there for you to fulfill your rights
You can contact us at any time if you have questions about our data protection precautions or wish to have your profile and all data stored about you deleted or corrected. You also have the right to free information about your stored data at any time, as well as the right to restriction, data transfer of your data and revocation or objection. If a third party has registered with us using your e-mail address, we ask you to inform us accordingly and, if you wish, we will delete your profile immediately.
If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in some way, you can bring this to the attention of the supervisory authority in the form of a complaint. In Austria, this is the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, phone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at
As we continue to develop our services and implement new technologies, Risk Consult reserves the right to update this privacy policy on an ongoing basis. Therefore, we recommend that you revisit and read it from time to time under Privacy Policy.
If you have any questions about data protection, simply send us an e-mail to
office@riskconsult.at
or write to us at the postal address given in the imprint.
Data protection is a matter of concern to us!
With best regards
RISK CONSULT Sicherheits- und Risiko-Management Gesellschaft m.b.H.