Data protection

Last updated: February 27, 2023

Change privacy settings | History of privacy settings | Revoke consent

Thank you for your interest in the information on our website!

With the help of this privacy policy, we would like to inform the users of our website about the type, scope and purpose of the processing of personal data. Personal data in this context is all information with which you as a user of our website can be personally identified (theoretically, possibly via detours or by linking various data), including your IP address. Information that is stored in cookies is generally not personal or only personal in exceptional cases; however, this is covered by a special regulation that makes the permissibility of the use of cookies largely dependent on the user's active consent, depending on their purpose.

In a general section of this privacy policy, we provide you with information on data protection that generally applies to our processing of data, including the collection of data on our website. In particular, you as the data subject will be informed of the rights to which you are entitled.

The terms used in our privacy policy and our data protection practices are based on the provisions of the EU General Data Protection Regulation ("GDPR") and other relevant national legislation.

Person responsible

tech2b Inkubator GmbH,

Hafenstrasse 47-51, 4020 Linz

Phone: + 43 732 9015 5601

Email: office@tech2b.at

Contact person: datenschutz@tech2b.at

Data collection on our website

On the one hand, personal data is collected from you if you expressly provide it to us; on the other hand, data, in particular technical data, is collected automatically when you visit our website. Some of this data is collected to ensure that our website functions correctly. Other data may be used for analysis purposes. However, you can generally use our website without having to provide any personal data.

Technologies on our website

Hosting

As part of the hosting of our website, all data to be processed in connection with the operation of our website is stored. This is necessary to enable the operation of the website. We therefore process the data accordingly on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the optimization of our website offer. To provide our online presence, we use the services of web hosting providers to whom we make the above-mentioned data available as part of order processing in accordance with Art. 28 GDPR.

JQuery Content Delivery Network

We use the JavaScript library jQuery on our website. The provider of the Content Delivery Network (CDN) is StackPath LLC, 1950 N Stemmons Fwy, Suite 1001, Dallas, TX 75207, USA.

ATTENTION: In the context of this service, data is transferred to the USA or such a transfer cannot be ruled out. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection for data transfer to the USA and that there are therefore various risks (such as possible access by US intelligence services).

This library primarily enables a modern design of our websites. To increase the loading speed of our web pages, we use jQuery's CDN (Content Delivery Network) to load this library. Even if your browser already has a copy of the jQuery library in its cache, a connection to the jQuery server in the USA is established and your IP address is transmitted to StackPath LLC, the CDN provider of jQuery.com.

The service is integrated to optimize our websites in accordance with our legitimate interest, pursuant to Art. 6 para. 1 lit. f GDPR.

The developer of the jQuery JavaScript library is the jQuery team of the JS Foundation: https://jquery.org/team/, https://js.foundation/contact

Further information on data protection at StackPath LLC can be found at: https://www.stackpath.com/privacy-statement/#Contact-Information

Piwik Pro / Matomo

On our website, we use the Piwik Pro / Matomo service of the provider Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin, Germany, for web analysis.

We use the Piwik Pro / Matomo service as an analysis and customer data platform, in particular to optimize the user experience by offering you products, content or services tailored to you. As part of this service, we therefore collect first-party data about website visitors based on cookies, IP numbers and browser fingerprints; we create user profiles based on browsing history and calculate metrics relating to website usage, such as bounce rate, intensity of visits, page views, etc. The analysis collects data on which content, pages and functions you use on our website.
You can find more information on this at: https://piwikpro.de/datenschutz/

The processing of your data, in particular tracking as part of this service, is based on your consent in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.

SSL encryption

When you visit our website, we use the widely used SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser. The use of this procedure is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the use of suitable encryption techniques.

We also use suitable technical and organizational security measures in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments and kept up to date with the state of the art.

Youtube

Purpose: External media
Recipient country: USA

We use the "YouTube" service on our website to embed videos. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube").

ATTENTION: In the context of this service, data is transferred to the USA or such a transfer cannot be ruled out. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection for data transfer to the USA and that there are therefore various risks (such as possible access by US intelligence services).

We have activated the extended data protection mode on YouTube. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch a video. However, the transfer of data to YouTube partners is not excluded by the extended data protection mode.

As soon as you start a YouTube video, a connection to the YouTube servers is established. This tells YouTube which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. This can be prevented by logging out of your account.

Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable technologies (e.g. device fingerprinting). YouTube also uses local storage on your device. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts.

The use of YouTube is in the interest of an appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time for the future.

The applicable YouTube privacy policy can be found at: https://www.google.com/policies/privacy/, opt-out option: https://adssettings.google.com/authenticated

Real Cookie Banner

We use the "Real Cookie Banner" consent tool to manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents. Details on how "Real Cookie Banner" works can be found at https://devowl.io/de/rcb/datenverarbeitung/.

The legal basis for the processing of personal data in this context is Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consent.

Change privacy settings | History of privacy settings | Revoke consent

General information on data protection

The following provisions apply not only to the collection of data on our website, but also to the processing of personal data in general.

Personal data

Personal data is information that can be assigned to you individually. Examples of this include your address, your name and your postal address, e-mail address or telephone number. Information such as the number of users who visit a website is not personal data because it cannot be assigned to an individual person.

Legal basis for the processing of personal data

Unless more specific information is provided in this privacy policy (e.g. for the technologies used), we may process your personal data on the basis of the following legal bases:

• Consent pursuant to Art. 6 para. 1 lit. a GDPR - The data subject has given consent to the processing of their personal data for one or more specific purposes.
• Performance of a contract and pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR - Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract.
• Legal obligation pursuant to Art. 6 para. 1 lit. c GDPR - Processing is necessary for compliance with a legal obligation.
• Protection of vital interests pursuant to Art. 6 para. 1 lit. d GDPR - Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
• Legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Please note that in addition to the provisions of the GDPR, the national data protection regulations in your or our home country may apply.

Transmission of personal data

Your personal data will not be transferred to third parties for purposes other than those listed in this privacy policy.

We only pass on your personal data to third parties if:

• you have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR,
• the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary to safeguard legitimate interests and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
• there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c GDPR and this is permitted by law and / or
• it is necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b GDPR.

Cooperation with processors

We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of an order processing contract, this is done in accordance with Art. 28 GDPR.

Transfer to third countries

If we process data in a third country or if this occurs in the context of the use of third-party services or disclosure or transfer of data to other persons or companies, this will only take place on the basis of the legal bases described above for the transfer of data.

Subject to express consent or contractual necessity, we process or have the data processed in accordance with Art. 44-49 GDPR only in third countries with a level of data protection recognized as adequate or on the basis of special guarantees, such as a contractual obligation through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection regulations.

Data transfer to the USA / elimination of the Privacy Shield

We would like to expressly point out that as of July 16, 2020, due to a legal dispute between a private individual and the Irish supervisory authority, the so-called "Privacy Shield", an adequacy decision of the EU Commission pursuant to Art 45 GDPR, with which the USA was confirmed to have an adequate level of data protection under certain circumstances, is no longer valid with immediate effect.

The Privacy Shield is therefore no longer a valid legal basis for the transfer of personal data to the USA!

If we transfer data to the USA at all or if we use a service provider based in the USA, we explicitly refer to this in this privacy policy (see in particular the description of the technologies on our website).

What can the transfer of personal data to the USA mean for you as a user and what are the risks in this context?

Risks for you as a user are in any case the powers of the US intelligence services and the legal situation in the USA, which, according to the ECJ, currently no longer ensure an adequate level of data protection. These include the following points:

• Section 702 of the Foreign Intelligence Surveillance Act (FISA) provides no restrictions on the surveillance activities of the intelligence agencies and no safeguards for non-US citizens.

• Presidential Policy Directive 28 (PPD-28) does not provide affected persons with effective legal remedies against measures taken by the US authorities and does not provide for any limits to ensure proportionate measures.

• the ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive; he cannot issue binding orders to the intelligence services.

Legally compliant transfer of data to the USA on the basis of the standard contractual clauses?

The standard contractual clauses adopted by the Commission in 2010 (2010/87/EU of February 5, 2010), Art. 46 para. 2 c GDPR, are still valid, but a level of protection for personal data must be ensured that corresponds to that in the European Union. Therefore, not only the contractual relationships with our service providers are relevant here, but also the possibility of access to the data by authorities in the USA and the legal system there (legislation and jurisdiction, administrative practice of authorities).

The standard contractual clauses cannot bind authorities in the USA and therefore do not provide adequate protection in cases where the authorities are authorized under US law to interfere with the rights of data subjects without additional action by us and our service provider.

Legally compliant transfer of data to the USA based on your consent?

It is currently disputed whether informed consent and thus a deliberate and knowing restriction of parts of your fundamental right to data protection is legally possible at all.

What measures do we take to ensure that data transfers to the USA are legally compliant?

Where US providers offer the option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and cannot be accessed by US authorities.

We are also carefully examining European alternatives to the US tools used. However, this is a process that does not happen overnight, as it also has technical and economic consequences for us. Only if the use of European tools and/or the immediate shutdown of US tools is impossible for us for technical and/or economic reasons will we continue to use US service providers.

We take the following measures for the continued use of US tools:

Where possible, your consent will be requested before using a US tool and you will be informed transparently in advance about how a service works. The risks of transferring data to the USA can be found in this section.

We endeavor to conclude standard contractual clauses with US service providers and demand additional guarantees. In particular, we require the use of technologies that make it impossible to access data, e.g. the use of encryption that cannot be broken by US services or anonymization or pseudonymization of data where only the service provider can make the allocation. At the same time, we require additional information from the service provider if data is actually accessed by third parties or that the service provider exhaust all legal remedies until access to data is granted at all.

Storage period in general

If no explicit storage period is specified when data is collected (e.g. as part of a declaration of consent), we are obliged to delete personal data in accordance with Art. 5 para. 1 lit. e GDPR as soon as the purpose of its processing no longer exists. In this context, we would like to point out that statutory retention obligations to which we are subject constitute a legitimate purpose for the further processing of the personal data collected.

In principle, we store and retain data in personal form until the termination of a business relationship or until the expiry of applicable guarantee, warranty or limitation periods, and beyond that until the termination of any legal disputes in which the data is required as evidence, or in any case until the end of the third year after the last contact with a business partner.

Storage duration in particular

As part of the description of individual technologies on our website, you will find specific information on the storage duration of data. Our cookie table informs you about the storage duration of individual cookies. In addition, you always have the option of asking us directly about the specific storage duration of data. To do so, please use the contact details provided in this privacy policy.

Rights of data subjects

Affected persons have the right:

• (i) in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

• (ii) in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;

• (iii) in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us under certain circumstances, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

• (iv) in accordance with Art. 18 GDPR, to demand the (temporary) restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it, we no longer need the data but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;

• (v) in accordance with Art. 20 GDPR, to receive from us your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted directly to another controller; however, this only covers your personal data that we process with the aid of automated procedures on the basis of your consent or on the basis of a contract;

• (vi) pursuant to Art. 21 GDPR, insofar as your personal data is processed on the basis of our legitimate interest, to object to the processing of your personal data, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation;

• (vii) in accordance with Art. 7 (3) GDPR, to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future. Among other things, you have the option of revoking your consent to the use of cookies on our website with effect for the future by accessing our cookie settings;

• (viii) in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority regarding the unlawful processing of your data by us. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

The competent supervisory authority for tech2b Inkubator GmbH is:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna, Austria
Phone: +43 1 52 152-0, dsb@dsb.gv.at

Assertion of data subject rights

You yourself decide on the use of your personal data. Should you therefore wish to exercise any of the above rights against us, you are welcome to contact us by e-mail at datenschutz@tech2b.at or by post or telephone.

Please help us to clarify your request by answering questions from our responsible employees regarding the specific processing of your personal data. If there are reasonable doubts about your identity, we may request a copy of your ID.

If you have any questions about data protection, please contact us at datenschutz@tech2b.at or using the other contact details provided in this privacy policy.

Linz, February 27, 2023

Essential

Technically necessary cookies serve to enable the technical operation of a website and to make it functionally usable for you. They are used on the basis of our legitimate interest in offering a technically flawless website. However, you can generally deactivate the use of cookies in your browser.

Functional cookies

Statistics cookies collect information about how websites are used in order to improve their attractiveness, content and functionality. They are only used with your consent and only as long as you have not deactivated the respective cookie.

Compliance