Privacy Policy
Privacy statement
This privacy policy provides an overview of the type, scope and purpose of processing personal data when you visit our website. Personal data is all information with which you can be personally identified, including your IP address.
In addition, this privacy policy contains a further section of general information on data protection, which applies to all our processing activities.
The terms used in this statement are based on the definitions of Article 4 of the EU General Data Protection Regulation (GDPR).
Information for users of our website
Responsible for data collection on this website
WIH Wohnen in Hagenberg KG, Dreisesselbergstraße 5a, 4160 Aigen-Schlägl, Austria
Data collection on our website
On the one hand, your data is collected when you provide it to us, and on the other hand, data, in particular technical data, is automatically collected when you visit our website. Some of the data is collected to ensure that our website functions correctly. Other data can be used for analysis. You can find out more about this in the next point.
Third-party modules, plug-ins, or tools used
Cookies und Local Storage
We use cookies on our website to make our website more user-friendly and functional. Some cookies remain stored on your device.
Cookies are small data packets that are exchanged between your browser and the web server (s) when you visit our website. These do not cause any damage and are only used to recognize website visitors. Cookies can only store information that is delivered by your browser, i.e. information that you have entered into the browser yourself or is available on the website. Cookies cannot execute code and cannot be used to access your device.
The next time you visit our website using the same device, the information stored in cookies can then be returned either to us (“first-party cookie”) or to a web application from the third-party manufacturer to which the cookie belongs (“third-party cookie”). Through the stored and returned information, the respective web application recognizes that you have already accessed and visited the website using the browser on your device.
Cookies contain the following information:
- Cookie name
- Name of the server from which the cookie originally came
- Cookie ID number
- A date on which the cookie is automatically deleted
Depending on their purpose and function, we divide cookies into the following categories:
- Technically necessary cookies to ensure the technical operation and basic functions of our website. These types of cookies are used, for example, to remember your preferences as you navigate the website; or they can ensure that important information is retained throughout the session (e.g. login, shopping cart).
- Statistical cookies to understand how visitors interact with our website by simply collecting and analyzing information anonymously. This gives us valuable insights to optimize both the website and our products and services.
- Marketing cookies to set targeted advertising activities for users on our website.
- Unclassified cookies are cookies that we are currently trying to classify together with providers of individual cookies.
Depending on the storage period, we also divide cookies into session and persistent cookies. Session cookies store information that is used during your current browsing session. These cookies are automatically deleted when you close the browser. This does not leave any information on your device. Persistent cookies store information between two visits to the website. Based on this information, you are recognized as a returning visitor the next time you visit and the website reacts accordingly. The lifespan of a persistent cookie is determined by the cookie provider.
The legal basis for using technically necessary cookies is based on our legitimate interest in the technically flawless operation and smooth functionality of our website. Our website cannot function properly without these cookies. The use of statistical and marketing cookies requires your consent. You can withdraw your consent to the use of cookies at any time in the future. Consent is voluntary. If it is not granted, there will be no disadvantages. More information about the cookies we actually use (in particular about their purpose and storage period) can be found in this privacy policy and in the information about the cookies we use in our cookie banner.
You can also set your Internet browser to generally prevent cookies from being saved on your device or to ask you each time whether you agree to the use of cookies. Once cookies have been set, you can delete them at any time. You can find out how all of this works in detail in your browser's help function.
Please note that a general deactivation of cookies may result in functional restrictions on our website.
We also use so-called local storage functions (also known as “local storage”) on our website. Data is stored locally in your browser's cache, which continues to exist and can be read even after you close the browser — provided that it does not delete the cache or it is session storage.
The data stored in local storage cannot be accessed by third parties. Insofar as special plugins or tools use local storage functions, this is described in the respective plugin or tool.
If you do not want plugins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.
Google Analytics
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, email: support-de@google.com
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Purpose: web analysis, performance measurement, conversion tracking, collection of statistical data
Category: Statistics
Recipient: EU, USA
Processed data: IP address, website visit details, user data
Affected persons: website visitors
Technology: JavaScript call, cookies (details in the cookie list), fingerprinting, local storage
Legal basis: consent (purpose)
Certifications: EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework
More information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centers are located: https://www.google.com/about/datacenters/locations/
On our website, we use the functions of the web analysis service Google Analytics to analyze usage behavior and to optimize our website. The reports provided by Google are used to analyze the performance of our website and to measure the success of potential campaigns via our website.
Google Analytics uses cookies, which make it possible to analyze the use of our website. All details (name, purpose, storage period) about the cookies can be found in our specific list of cookies used.
Google Analytics can use local storage. This is an alternative to using cookies to store the client ID. This makes it possible to track user behavior without setting cookies.
Information about the use of the website, such as browser type/version, operating system used, the previously visited page, host name of the accessing computer (IP address), time of the server request, is usually transmitted to a Google server and stored there. We have signed a contract with Google for this.
On our behalf, Google will use this information to evaluate the use of our website, to compile reports on activities within our website and to provide us with other services related to the use of our website and Internet usage.
We only use Google Analytics with IP anonymization activated by default. This abbreviates the IP address of a user by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there. According to Google, the IP address transmitted by a user's browser as part of Google Analytics is not linked to other Google data.
During a visit to the website, user behavior is recorded in the form of so-called events. These can represent the following:
- Page views, a user's click path
- Visiting our website for the first time
- websites visited
- Start a session
- Interacting with our website
- user behavior (e.g. clicks, scrolls, length of stay, bounce rates)
- file downloads
- viewed/clicked ads
- Interacting with videos
- internal searches
The following is also recorded:
- approximate location (region)
- date and time of visit
- IP address (in abbreviated form)
- technical information about the browser or the devices used (e.g. language settings, screen resolution)
- Internet provider
- referrer URL (via which website/advertising material a user came to our website)
This data is mainly processed by Google for its own purposes, such as profiling (without our influence).
The data about the use of our website will be deleted immediately after the end of the storage period set by us in each case. Google Analytics gives us 2 months as standard for the retention period of user and event data, with the maximum retention period being 14 months. This retention period also applies to conversion data. The following options are available for all other event data: 2 months, 14 months, 26 months (Google Analytics 360 only), 38 months (Google Analytics 360 only), 50 months (Google Analytics 360 only). We choose the shortest storage period that corresponds to our intended use. You can ask us at any time about the storage period currently set by us.
Data whose storage period has been reached is automatically deleted once a month.
Additional details can be found in the linked further information. It is recommended that you check these links regularly for changes as Google Analytics may update its features and privacy policies. Further information on rights and contact details can be found in the general part of this privacy policy.
Google Fonts
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA), https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Purpose: Inclusion of fonts
Category: Statistics
Recipient: EU, USA (possible)
processed data: IP address, language settings, screen resolution, version and name of the browser
Affected: Website visitors
Technology: JavaScript call
Legal basis: consent, data privacy framework
Site: www.google.com
More information: https://developers.google.com/fonts/faq https://policies.google.com/privacy https://www.google.com/about/datacenters/inside/locations/
Our website uses so-called web fonts, which are provided by Google, to uniformly display fonts.
To display web fonts from Google, the browser you use must connect to Google's servers. As a result, Google becomes aware that our website has been accessed via your IP address. Google also stores the IP address of the browser on the end device of the visitor to our website. If your browser does not support web fonts, a standard font is used by your device.
In addition to the IP address, information such as language settings, screen resolution, version and browser name is automatically transmitted to Google servers. In any case, Google can determine the popularity of fonts through the collected usage data. Google publishes the results on internal analysis pages (e.g. Google Analytics).
With Google Fonts, we can use fonts on our own website and don't have to upload them to our server. Google Fonts is an important component in keeping the quality of our website high. All Google fonts are automatically optimized for the web, which saves data volume and is a major advantage, especially when using mobile devices. When you visit us, the low file size ensures a quick load time. Furthermore, Google Fonts are secure web fonts and support all common browsers.
Google stores requests for CSS assets on its servers for one day. This allows us to use the fonts using a Google style sheet. The font files are stored by Google for one year. To delete data prematurely, you must contact Google Support ( https://support.google.com ).
Google Tag Manager
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Management of tools and plugins
Category: Technical Required
Recipient: EU, USA
processed data: IP address
Affected persons: Users
Technology: JavaScript call
Legal basis: Legitimate interest, data privacy framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Site: https://www.google.com
More information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out exactly where Google data centers are located: https://www.google.com/about/datacenters/locations/
The Google Tag Manager service is used on our website.
Tag Manager is a service that allows us to manage website tags via an interface. This allows us to integrate code snippets such as tracking codes or conversion pixels on websites without interfering with the source code. The data is only forwarded by Tag Manager, but neither collected nor stored. The Tag Manager itself is a cookie-free domain and does not process any personal data, as it only serves to manage other services in our online offering.
When you start Google Tag Manager, the browser connects to Google's servers. These are mainly found in the USA. As a result, Google becomes aware that our website has been accessed via a user's IP address.
The Tag Manager resolves other tags, which in turn may collect data. However, Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this will persist for all tracking tags that are implemented with the Tag Manager.
Hosting
As part of hosting our website, all data processed in connection with the operation of our website is stored. This is necessary to enable the website to operate. We therefore process the data accordingly on the basis of our legitimate interest in optimising our website offering. To provide our online presence, we use services from web hosting providers, to whom we provide the above data as part of order processing.
JQuery Content Delivery Network
Provider: Fastly Inc., 475 Brannan St. Suite 300 San Francisco, CA 94107, USA
Purpose: Optimizing the loading speed of the website
Category: technically required
Recipient country: USA (third country)
processed data: IP address
Affected: Website visitors
Technology: JavaScript Libraries, Content Delivery Network (CDN)
Legal basis: legitimate interest (improvement of the website), US Data Privacy Framework certification.
Site: https://www.fastly.com/
More information:
https://www.fastly.com/privacy/
https://www.fastly.com/data-processing/
https://www.fastly.com/terms/
https://www.fastly.com/acceptable-use/
On our website, we use the jQuery JavaScript library. jQuery is made available via a content delivery network (CDN). This service allows our website to load much faster, especially for users from abroad, as our website can be delivered from a nearby server.
The jQuery library primarily enables a modern design of our websites.
The jQuery JavaScript library is developed by the jQuery team from the Open JS Foundation: https://jquery.org/team/, https://js.foundation/contact To increase the loading speed of our website, we use the provider's CDN (Content Delivery Network) to load the jQuery library. Even if your browser already has a cached copy of the jQuery library, a connection to the jQuery server is established and your IP address is transmitted to the service provider.
The provider has distributed servers in various countries and a user's data can therefore be stored both in the USA and within the EU. The provider stores personal data, on our behalf, for as long as is necessary to provide our services and to fulfill our legal obligations.
Contacting
Our website offers various ways to contact us, for example via contact forms or provided e-mail addresses. When contacting us, the personal data provided will only be processed to process and answer the respective request. Processing is carried out insofar as this is necessary to carry out pre-contractual measures or to fulfill a contract, or on the basis of legitimate interests, such as maintaining customer relationships or documenting processes.
It may be necessary to provide certain data in order to be able to fully process a request. Without this information, the processing of the request may not be possible or may only be carried out to a limited extent.
Personal data from contact requests can also be stored in a customer or interested party database on the basis of legitimate interests in order to optimize communication and support. It is only used for marketing purposes if there is separate consent or there is a legitimate interest and there is no overriding legitimate interest of the data subject.
Personal data from contact requests will only be stored for as long as is necessary to process and process the request or as long as there are legal storage obligations. After final processing of the request and expiry of any legal deadlines, the data will be deleted or anonymized. As a rule, deletion takes place after three years at the latest without further contact, provided that there are no longer legal or contractual storage obligations.
Further information on the handling of personal data can be found in the website's privacy policy.
Server-Log-Files
For technical reasons, in particular to ensure a functional and secure Internet presence, we process technically necessary data about accesses to our website in so-called server log files, which your browser automatically transmits to us.
The access data that we process includes:
- Name of the retrieved website
- Browser type used including version
- operating system used by visitors
- the previously visited page of visitors (referrer URL)
- Time of server request
- amount of data transferred
- Host name of the accessing computer (IP address used)
This data is not assigned to natural persons and is only used for statistical evaluations and to operate and improve our website as well as to security and optimize our Internet offering. This data is only transmitted to our website host. This data is not connected or combined with other data sources. If there is a suspicion of illegal use of our website, we reserve the right to check this data retrospectively. Data processing is based on our legitimate interest in the technically error-free presentation and optimization of our website.
The access data is deleted shortly after the purpose has been completed, usually after a few days, unless further storage is required for evidentiary purposes. Otherwise, the data will be kept until an incident is finally resolved.
SSL encryption
We use the common SSL (Secure Socket Layer) method for your visit to our website in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock icon in the status bar of your browser. The use of this procedure is based on our legitimate interest in using appropriate encryption techniques.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments and kept up to date with the latest technology.
Webcare
Provider: DataReporter GmbH, Zeileisstraße 6, 4600 Wels, Austria
Purpose: Consent Management
Category: technically required
Recipient: EU, AT
processed data: IP address, consent data
Affected persons: Users
Technology: JavaScript call, cookies, swarmcrawler
Legal basis: Legitimate interest, consent (swarmcrawler to evaluate search results)
Site: https://www.datareporter.eu/
More information: https://www.datareporter.eu/company/info
On our website, we use the Webcare tool for consent management. Webcare records and stores the decisions of the respective users of our website. Our consent banner ensures that statistical and marketing technologies such as cookies or external tools are only set or started when the user has given their express consent to use them.
For this purpose, we store information on the extent to which the user has confirmed the use of cookies. The user's decision can be revoked at any time by accessing the cookie settings and managing the declaration of consent. Existing cookies will be deleted after consent has been withdrawn. To store information about the status of the user's consent, a cookie is also set, which is referred to in the cookie details. In addition, when calling this service, the IP address of the respective user (s) is transmitted to the DataReporter server. The IP address is neither stored nor associated with any other user data; it is only used to correctly execute the service.
With the help of Webcare, our website is regularly examined for technologies relevant to data protection law. This investigation is only carried out with those users who have expressly given their consent (for statistical or marketing purposes). Users' search results are evaluated anonymously and only using technologies based on Webcare and used to fulfill our information obligations. To start the Swarmcrawler technology, a request is sent to our servers and the user's IP address is transmitted for the purpose of data transmission. Servers are selected which are in geographical proximity to the user's respective location. It can be assumed that users within the EU will also choose a server located within the EU. The user's IP address is not stored and is removed immediately after the end of the communication.
YouTube
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: integration of video content, collection of statistical data
Category: Statistics
Recipient: EU, USA
processed data: IP address, website visit details, user data
Affected persons: Users
Technology: JavaScript access, cookies, device fingerprinting, local storage
legal basis: consent, data privacy framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Site: https://www.youtube.com
More information: https://www.youtube.com/intl/ALL_at/howyoutubeworks/user-settings/privacy/
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://support.google.com/youtube/answer/10364219?hl=de
On our website, we use the YouTube service to integrate external videos.
We have activated the extended data protection mode on YouTube. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch a video. However, the extended data protection mode does not preclude the transfer of data to YouTube partners.
As soon as a YouTube video is started on our website, a connection to YouTube's servers is established. This gives YouTube information about which of our pages you have visited. If you are logged into your YouTube account, this allows YouTube to associate your surfing behavior directly with your personal profile. This can be prevented by logging out of your account.
In addition, after you start a video, YouTube can save various cookies on your device or use comparable technologies (such as device fingerprinting). YouTube also uses local storage on your device. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve usability, and prevent fraud attempts.
Exchange of interested parties
If you have also signed up for the interested party exchange as part of your registration, your data will be stored in our database for a period of at least 6 months and automatically deleted after 6 months of inactivity. The amount of data depends on the completeness of your profile, but at least the following data is stored
- first name
- last name
- email address
- password (encrypted)
- date of registration
- last login date
Your data can be viewed by other registered and logged-in users at any time, depending on the completeness of your profile to fulfill the purpose of the interested party exchange for logged-in users.
Your data will also be passed on to the property management (see Contact). In order to make it easier to contact other interested parties, the property management will also share your contact details with other registered interested parties so that a WG partner can be found quickly.
If you no longer need your profile, you can delete it yourself at any time or delete it by sending an email to office@wohnen-in-hagenberg.at
If you send us inquiries by email, we will store your details, including the contact details you provided there, for the purpose of processing the request and in case of follow-up questions. We expressly point out that data transmission over the Internet (e.g. when communicating by e-mail) has security gaps and cannot be completely protected against access by third parties.
Commercial advertising
The use of the contact details of our legal notice or our website for commercial advertising is expressly prohibited, unless we give written consent to do so. All persons named on this website hereby object to any commercial use and transfer of this data.
General information on data protection for data subjects
Responsible for data protection:
WIH Wohnen in Hagenberg KG, Dreisesselbergstraße 5a, 4160 Aigen-Schlägl, Austria
Handling of personal data:
Protecting your personal data is important to us.
Personal data is information that can be assigned to you individually. Examples include your address, name, postal address, email address or telephone number. Information such as the number of users who visit a website is not personal data because it is not assigned to a person.
We treat personal data in accordance with legal data protection regulations, in particular the EU General Data Protection Regulation and in accordance with this privacy policy and the applicable national data protection laws.
Processing of personal data by us:
Rights of data subjects
You have the right to:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can provide information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of their data, unless they have been collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about request their details;
- in accordance with Article 16 GDPR, to immediately request the correction of incorrect or completed personal data stored by us;
- to request the deletion of your personal data stored by us in accordance with Article 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- to request the restriction of the processing of your personal data in accordance with Article 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to processing in accordance with Article 21 GDPR;
- in accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible;
- in accordance with Article 21 GDPR, provided that your personal data is processed on the basis of our legitimate interest to object to the processing of your personal data, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation.
- in accordance with Article 7 (3) GDPR, to withdraw your consent to us at any time. As a result, we are no longer allowed to continue data processing based on this consent in the future.
- in accordance with Article 77 GDPR, to complain to a supervisory authority regarding the unlawful processing of your data by us. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our company headquarters.
The responsible supervisory authority for WIH Wohnen in Hagenberg KG is:
Austrian data protection authority
Barichgasse 40-42, 1030 Vienna, Austria
Phone: +43 1 52 152-0, dsb@dsb.gv.at
Assertion of data subject rights:
You yourself decide how to use your personal data. Should you therefore wish to exercise any of the above rights against us, you are welcome to send an email to office@wohnen-in-hagenberg.at turn around. Please submit a copy of an official photo ID together with your request for unique identification and help us to specify your request by answering questions from our responsible employees regarding the processing of your personal data. In your request, please state in which role (employee, applicant, supplier, customer, etc.) and during which period of time you were in relationship with us. This makes it possible to process your request promptly.
Storage period (deletion periods):
In accordance with Article 5 (1) letter e GDPR, we are required to delete personal data immediately as soon as the purpose for processing has been completed. In this context, we would like to point out that legal storage obligations and periods represent a legitimate purpose for processing personal data.
In any case, we store and store data in personal form until the end of the business relationship or until the expiry of applicable warranty, warranty or limitation periods; in addition, until the termination of any legal disputes in which the data is required as proof; or in any case until the end of the third year after the last contact with a business partner.
Sharing data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only share your personal information with third parties if:
You have given your express consent in accordance with Article 6 (1) letter a GDPR, the transfer in accordance with Article 6 (1) letter f GDPR is necessary to protect operational interests and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not sharing your data, in the event that there is a legal obligation to do so in accordance with Article 6 (1) letter c GDPR, as permitted by law and in accordance with Art. 6 Paragraph 1 letter b DSGVO is necessary for the processing of contractual relationships with you.
Cooperation with contract processors
If we commission third parties to process data on the basis of an order processing contract, this is done on the basis of Article 28 GDPR.
Transfer to third countries
If we process data in a third country or if this is done as part of the use of third-party services or disclosure or transfer of data to other persons or companies, this is only done for the reasons set out above for the transfer of data. Subject to express consent or contractual necessity, we process or allow the data to be processed only in third countries with a recognized level of data protection, which includes US processors certified under the “Privacy Shield” or on the basis of special guarantees, such as a contractual obligation through so-called standard contractual clauses issued by the EU Commission, the existence of certifications or binding internal data protection regulations (Articles 44 - 49 GDPR).
Safety measures
In accordance with Article 32 GDPR, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access to the data as well as access to, input, transfer, availability and separation of the data. We have also set up procedures that ensure the exercise of data subject rights, deletion of data and response to data risks. Furthermore, the protection of personal data is already taken into account when developing or selecting hardware, software and processes, in accordance with the principle of data protection through technology design and through privacy-friendly default settings (Art. 25 GDPR).
Timeliness and amendment of this privacy policy
As a result of the development of our website and offers on it or due to changes in legal or regulatory requirements, it may be necessary to change this privacy policy. You can access and print out the current privacy policy on our website at any time.