Data protection

Last updated: July 11, 2024

The protection of your personal data is very important to us, which is why we would like to list all the information about the processing and storage of your data when you visit our website and in our company.

In order to use all the functions and services of our website, it is necessary to collect your personal data. However, the processing and storage only takes place in accordance with the legal guidelines and requirements of the General Data Protection Regulation (GDPR) and the Telecommunications Act (TKG 2021).

Responsible body:

LMa² Consulting
Lisa-Maria Mair, MSc, MBA

Salzburg Airportwest

Siezenheimer Straße 35
5020 Salzburg

You find more information in the Imprint.

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE

Note: In order to protect your data as comprehensively as possible from unwanted access, we take so-called technical and organizational measures and use an encryption process on our website. Your data is transmitted over the internet from your computer to our computer and vice versa using TLS encryption. TLS stands for “Transport Layer Security” and is an encryption protocol for data transmission on the internet. You can usually recognize “TLS” by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.

1. COLLECTION OF ACCESS AND LOG DATA

This website automatically collects and stores server log file information that your browser transmits to us.

This information includes

• IP address of the user,

• Date and time of access,

• the type of request,

• Customer information such as type and version,

• the user's operating system (device, OS version of the device),

• referrer information (i.e. the source of the access)

The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is based on being able to identify indications of illegal use of our website (e.g. defense against hacker attacks) and to ensure a smooth connection setup.

This website was created via Zyro. Zyro is a subsidiary of HOSTINGER INTERNATIONAL LIMITED. We have concluded a data processing agreement with the provider of this website, HOSTINGER INTERNATIONAL LIMITED, 61 Lordou Vironos Street Lumiel Building, 4th floor, CYP-6023 Larnaca, Cyprus, in accordance with Art. 28 GDPR. This is a contract prescribed by data protection law, which ensures that HOSTINGER INTERNATIONAL LIMITED processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. In the context of hosting, personal data may also be transferred to third countries. There is an adequacy decision for data transfers to Canada, data transfers to other third countries such as the USA are secured by standard contractual clauses.

The data collected is stored for 30 days in server log files that your browser automatically transmits to us in encrypted form. We only store the server log files in the event of attacks on our server infrastructure or other legal violations. This longer storage period is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR and serves only to preserve evidence.

2. INQUIRIES VIA THE CONTACT FORM, E-MAIL AND TELEPHONE

Any personal data that you provide to us on a voluntary basis will of course be treated confidentially. We use the personal data you provide exclusively to process and respond to your request. The legal basis for data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. This arises from our interest in responding to inquiries from our customers, business partners and interested parties and in promoting and maintaining customer satisfaction. Another legal basis for natural persons is the initiation or fulfillment of a contract in accordance with Art. 6 para. 1 lit. b) GDPR.

All personal data that you send to us with your request will be deleted or anonymized by us no later than 2 years after the final answer has been given to you, unless a contract is concluded. The retention period of 2 years is due to the fact that you may occasionally contact us again about the same matter after a reply and refer to the previous correspondence. In our experience, we have found that after 2 years there are no more queries following our replies.

3. REGISTRATION FOR EVENTS, SEMINARS AND OTHER EVENTS

Registration for events and seminars: You can register for the seminars I offer by e-mail or using the contact form. In this context, we process the following information when you contact us: First and last name, your contact details such as e-mail address as well as telephone number (according to e-mail signature, if available) and details of the planned seminar and, if applicable, your employer.

Certificate of participation: Confirm your participation in the seminars offered by us and a contract is concluded with you or your employer.

The legal basis for the data processing described here is the fulfillment of the contract in accordance with Art. 6 para. 1 lit. b) GDPR. Insofar as the contract is concluded with your employer, the legal basis for data processing is our legitimate interest in fulfilling the contract with our clients in accordance with Art. 6 para. 1 lit. f) GDPR.

Storage period: The 7-year retention period according to the Federal Fiscal Code applies.

4. ORDERING NEWSLETTERS

You can subscribe to my newsletters on this website. The newsletters contain information about offers or promotions. When you subscribe to the newsletter, we collect and store the data you enter in the input mask. You are only required to enter your e-mail address

After submitting the registration form, you will receive an e-mail from us with a confirmation link. As soon as you click on the link contained therein, you give us your consent to receive our newsletter and have successfully subscribed to it. You will be informed of this by another e-mail. You also give us your consent to process your e-mail address and, if applicable, your other data. This ensures that no third party or unauthorized person registers for our newsletter (compliance with the double opt-in procedure).

You can stop receiving the newsletter at any time by clicking on the “Unsubscribe” link at the end of each newsletter. If you withdraw your consent, your data will be deleted immediately; we will store proof of withdrawal for a further three years so that we can comply with our accountability obligations under Art. 5 para. 2 GDPR. This storage is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. The legal basis for the confirmation email is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which lies in being able to prove that you have given your consent. The burden of proof for the controller is set out in Art. 5 (2) GDPR.

The legal basis for sending the newsletter is your consent in accordance with Art. 6 para. 1 lit. a) GDPR and § 174 para. 3 TKG 2021.

We do not pass on the data to third parties. The newsletter is sent by our processor Brevo through the company sendinblue GmbH based in Germany. Furthermore, sendinblue GmbH may transfer personal data to subcontractors (assets.brevo.com and sibforms.com) in order to fulfill its services. Insofar as transfers are made to third countries without an adequacy decision, these are covered by standard contractual clauses concluded by sendinblue GmbH.

5. ARRANGING APPOINTMENTS VIA ONLINE FORM

I use an appointment booking tool that allows you to book an appointment directly. After booking, you will also receive an appointment confirmation by email and an email reminder of the upcoming appointment 30 minutes before the appointment. The legal basis for the collection of your personal data via the booking form and the sending of the reminder email is your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

To simplify the booking of appointments, we use the “Microsoft Bookings” software from our processor Microsoft Ireland Limited, based in Ireland, with whom we have concluded a contract for order processing in accordance with Art. 28 GDPR. We do not pass on your data to third parties beyond this.

The booked appointments are stored for the duration of the contract initiation. The storage periods for inquiries via contact forms apply analogously.

Data processing of business partners and customers

1. Fulfillment of contractual obligations (Art. 6 para. 1 lit. b) GDPR)

The purposes of data processing arise from the implementation of pre-contractual measures and the fulfillment of obligations arising from the concluded contract.

2. For the fulfillment of legal obligations (Art. 6 para. 1 lit. c) GDPR)

The purposes of data processing arise in individual cases from legal requirements. These legal obligations include, for example, the fulfillment of retention and identification obligations, e.g. in the context of requirements for tax control and reporting obligations and data processing in the context of inquiries from authorities.

3. To fulfill our legitimate interests (Art. 6 para. 1 lit. f GDPR)

We process the contact details of contact persons at customers, interested parties, suppliers and other business partners for communication by email, telephone and post. The legal basis for data processing is the legitimate interest pursuant to Art. 6 para. 1 f) GDPR. The legitimate interest arises from the interest in conducting or initiating the business relationship with customers, interested parties, suppliers and other business partners as well as personal contact with contact persons.

Personal data is stored for the purpose of conducting business relationships for as long as there is a legitimate interest in doing so. It may be necessary to process the personal data provided by you beyond the actual fulfillment of the contract with business partners. The legitimate interests here are in particular the selection of suitable business partners, the fulfillment of compliance measures, the assertion of legal claims, the defense against liability claims, the prevention of criminal offenses and the settlement of damages resulting from the business relationship.

POSTAL ADVERTISING APPROACH TO EXISTING CUSTOMERS:

We regularly send existing customers product or service recommendations by email if the legal requirements are met. In this way, we send you information about our services from our range that you may still be interested in based on your previous purchases of our services.

The legal basis for this is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR, which lies in informing our existing customers about further services from us. In doing so, we strictly comply with the legal requirements. You can object to this at any time (Art. 21 GDPR).

4. Who receives the personal data you have provided?

As part of the contractual relationship, we may also commission processors or service providers who may have access to your personal data. Compliance with data protection regulations is ensured by contract. Furthermore, we process your data in our BMD accounting system from BMD Systemhaus GmbH, based in Steyr, Austria. A contract for order processing in accordance with Art. 28 GDPR exists.

5. Storage period

The personal data will be stored for as long as is necessary to fulfill the above-mentioned purposes.

6. Data processing to document compliance with the GDPR

Insofar as your data is processed on the basis of consent in accordance with Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR, we process your data exclusively for a specific purpose and after separate information in order to be able to prove that you have consented to the data processing in question within the framework of the accountability obligation incumbent on us pursuant to Art. 5 para. 2 GDPR.

If you assert your rights as a data subject under the GDPR against us, we will also process and store your data in order to be able to prove that we have complied with the GDPR when processing your request as part of our accountability obligation pursuant to Art. 5 para. 2 GDPR.

Operation of social media presences

We maintain the following social media presences:

LinkedIn: https://www.linkedin.com/in/lisa-maria-mair/

“LinkedIn” is operated by the European subsidiary LinkedIn Ireland Unlimited Company based in Ireland. The parent company LinkedIn Inc. is based in the USA.

Data processing by us:

a. Maintaining the above-mentioned social media pages and placing ads (“advertisements”)

The personal data entered on social media pages, such as comments, videos, images, likes, public messages, etc. are published by the respective social media platform. We reserve the right to delete content if necessary. If necessary, we share content on our site and contact you via the social media platform, for example via the messengers offered. In addition, we regularly place advertisements (“ads”) via our social media pages. The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.

b. Page-Insights

The social media platforms provide anonymized statistics and insights that help us gain knowledge about the types of actions people take on our site (so-called “Page Insights”). These Page Insights are created on the basis of certain information about people who have visited our site.

The legal basis for this data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR, which is based on obtaining information about the actions and visitors to our website.

This processing of personal data is carried out by the social media platform and us as so-called joint controllers in accordance with Art. 26 GDPR. In the case of joint controllership, a separate agreement must be concluded.

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

If you wish to object to certain data processing over which we have an influence (e.g. deletion of comments), please contact us using the contact details given above.

Note: The provision of your data is neither legally nor contractually required or necessary for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing your data is that you will not be able to communicate with us via our social media pages, interact with us or take part in the competition. To contact us, please use the above e-mail address.

Data processing by the operator of the social media platform:

In addition to us, there is also the operator of the social media platforms themselves. From a data protection perspective, this is also regarded as another controller that carries out its own data processing. This means that the operator is also a separate controller under the GDPR. However, we only have limited influence on data processing by the operator. Where we can exert influence (e.g. through parameterization), we work within the scope of our possibilities to ensure that the operator of the social media platform handles data in accordance with data protection regulations. In many cases, however, we cannot influence the data processing by the operator of the social media platform and do not know exactly what data they process. The respective operator will inform you about the processing of personal data in its own privacy policy:

LinkedIn: https://de.linkedin.com/legal/privacy-policy?

When using the platform, your personal data is generally also processed by the respective platform operator on servers in third countries, in particular in the USA and the United Kingdom. This means that the legal situation regarding the protection of privacy in these countries is comparable to that in the EU or the EEA. You can find more information on the current countries with an adequacy decision here. In all other cases, we conclude so-called standard contractual clauses with the platform operators for the transfer of personal data to third countries.

Note: The operator of the social media platform uses web tracking methods. Web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we can hardly influence the web tracking methods of the social media platform. For example, we cannot switch it off. Please be aware of this: It cannot be ruled out that the provider of the social media platform uses your profile and behavioral data, for example to evaluate your habits or personal relationships and preferences, etc. We have no influence on the processing of your data by the provider of the social media platform.

Communication via the Microsoft Teams video conferencing system

We use the “Microsoft Teams” tool to hold telephone conferences, online meetings and video conferences. You will receive access to the agreed appointments via a link provided by e-mail. You can enter the video room by clicking on the link. Before joining, you can decide for yourself whether you want to activate the video or not. You are muted by default and must manually enable your microphone if you wish. If you switch on your camera and/or microphone, the data from your microphone and video camera will be processed during the meeting.

If you take part in an online meeting as an external participant, you will receive an access link by email from the meeting host. When registering for the online meeting, you must then enter your name and, if applicable, your e-mail address.

The following additional data may also be processed depending on the type and scope of the specific use:

• Personal details (e.g. first and last name, email address, profile picture)

• Meeting metadata (e.g. date, time and duration of communication, name of the meeting, participant IP address)

• Device/hardware data (e.g. IP addresses, MAC addresses, Clint version)

• Text, audio and video data (e.g. chat histories, video, audio and presentation recordings)

• Connection data (e.g. phone numbers, country names, start and end times, IP addresses)

Furthermore, your personal data may be processed. This also depends specifically on your use, such as the use of the chat and the whiteboard.

We would like to explicitly draw your attention to the fact that any information you provide during the meeting will be processed at least for the duration of the meeting.

Legal basis

The legal basis for data processing for direct contractual partners is Art. 6 para. 1 lit. b) GDPR, for business partners or contact persons at external bodies the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the organization of virtual communication and the web conference.

Microsoft Teams is a service of the Microsoft Corporation. Further information on the processing of your data when using “Teams” can be found at: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer. We cannot rule out the possibility that data may also be routed via Internet servers located outside the EU or the EEA. The adequacy decision for the USA applies to data transfers to Microsoft in the USA. You can view Microsoft's certification here.

The provider Microsoft necessarily receives knowledge of the above-mentioned data insofar as this is contractually regulated within the framework of our order processing contract in accordance with Art. 28 GDPR. There are no other recipients.

In principle, you are not obliged to communicate with us via Microsoft Teams. Alternatively, meetings can also be held by telephone.

We generally delete personal data when there is no need for further storage.

Rights of data subjects

Your rights as a data subject

In accordance with Art. 15 (1) GDPR, you have the right to receive information about the personal data stored about you free of charge upon request. Furthermore, if the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data. If you have provided the processed data yourself, you have the right to data portability in accordance with Art. 20 GDPR.

If the data processing is based on Art. 6 para. 1 e) or f) GDPR, you have the right to object in accordance with Art. 21 GDPR. If you object to data processing, this will not take place in future unless the controller can demonstrate compelling legitimate grounds for further processing which override the data subject's interest in objecting.

If the data processing is based on consent in accordance with Art. 6 para. 1 lit. a), Art. 9 para. 2 lit. a) or Art. 49 para. 1 lit. a) GDPR, you can revoke your consent at any time with effect for the future without affecting the legality of the previous processing.

You also have the right to lodge a complaint with a data protection supervisory authority. The complaint can be lodged in particular with a supervisory authority in the EU Member State of your place of residence, place of work or place of the alleged infringement.

Contact details for the competent data protection authority in Austria: dsb@dsb.gv.at

No automated decision-making

We do not use automated decision-making or profiling.

Provision

Unless otherwise stated in the previous chapters, the provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract. Failure to provide your personal data may mean that we are unable to respond to your inquiries, for example.

This data protection information was created in cooperation with the consulting firm SCALELINE. The legal texts are subject to copyright.