XUND Version 1
1. General information
For XUND Solutions GmbH (hereinafter referred to as 'XUND', 'we', and 'us'), the protection of the personal data of all website visitors is of great importance. Therefore, we comply with the applicable legal provisions for the protection and processing of personal data, in particular the General Data Protection Regulation ('GDPR'), the Austrian Data Protection Act ('DSG'), and the Austrian Telecommunications Act ('TKG').
1.2. Data of the Data controller
XUND Solutions GmbH
Dorotheergasse 10/12a, 1010 Vienna, Austria
FN 495664 v
+43 1 2535999
2. Processing of data
2.1. Processed personal data and purpose of processing
2.1.1. Get in contact
When you contact us by email or phone, we will process your contact data (name, telephone number, email address) as well as the content of your message. If you use the contact form on our website, we will process the provided information: In particular first name, family name, email address, the purpose of the contact, organizational affiliation, company website, and the location of your company.
The processing is based on pre-contractual obligations according to Art 6 para 1 lit b GDPR.
If you sign up for our newsletter, we will process your first name, your family name, your email address as well as the newsletter opening rates.
The processing is based on your freely given consent according to Art 6 para 1 lit a GDPR. You may withdraw your consent with effect for the future at any time without giving any reasons, e.g., by our unsubscribe link, which you can find in every newsletter.
2.1.3. Social media
You can interact with us on our 'LinkedIn' social media page by commenting on our posts, using the 'Like' button, sharing our content on your page, or forwarding it to other users. XUND will process your interaction, your 'LinkedIn' name, and, if applicable, the data of other users.
This data may also be processed by the platform 'LinkedIn'. In this case, XUND and 'LinkedIn' act as joint controllers according to Art 26 GDPR. Or further information regarding the processing of your personal data by 'LinkedIn', visit the following link https://www.linkedin.com/legal/privacy-policy.
XUND will process this data to answer your questions, to respond to your feedback, to offer another way of communication, and to promote our products. The processing is based on our legitimate interests according to Art 6 para 1 lit f GDPR or is necessary for the fulfillment of our (pre-)contractual obligations according to Art 6 para 1 lit b GDPR.
2.1.4. Job applications
2.1.6. Security and error logs
To maintain the security and functionality of our website, we also process security and error logs. Logs are digital records of events related to our website. They enable us to react quickly to security breaches, errors, or malfunctions and to identify their origin. This enables us to restore the usual usability of the homepage more quickly. The processing is based on our legitimate interests pursuant to Art 6 para 1 lit f GDPR.
2.2. Transfer of personal data
Personal data relevant for the respective purposes mentioned above can be transferred to the following recipients:
- to external third parties to a necessary extent based on our legitimate interest (e.g., personnel consultants and service providers, auditors, insurers, legal representatives, labor market service, other third parties involved in the fulfillment of the contract with the data subject or the provision of services by the controller to the data subject and other third parties involved in the employment relationship, e.g., insurance companies, tax consultants, operators of the IT infrastructure);
- to courts, authorities, and other public bodies to the extent required by law (e.g., Chamber of Labor, Data Protection Authority).
In addition, we work with external service providers (processors) and transmit your personal data to them to the extent necessary to provide our service. Our processors are the supplier of IT-services and services for contract administration:
- software and service provider (supply of IT applications) for email as well as for administrative tasks;
- general IT administration (including support, software, and maintenance, data centers, and cloud services).
2.3. Retention periods
XUND processes your personal data only for the time necessary to fulfill the respective purpose. In certain circumstances, we retain the data for a longer period until the end of business relations, court proceedings, warranty periods, or general limitation periods. This is necessary in the case of claims for compensation or copyright claims.
We store the data from your contact requests for six months to respond in case of inquiries.
The data from your interaction with our social media pages will be stored as long as our content is available online. Before this, you can request the deletion or simply delete your post on your own.
Our hosting provider will store security and error logs for 14 days.
3. Data subject rights
You have the right to access your personal data, right to rectification, erasure, restriction of processing, and data portability. If the processing is based on your consent, you can withdraw it at any time with the effect for the future, e.g., by email to email@example.com. In addition, you can object to data processing if it is based on our legitimate interests on grounds relating to your particular situation. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds. These grounds must override your interests and rights, or the processing is necessary for the establishment, exercise, or defense of our legal rights.
If you feel that the processing of your data is unlawful or that your data subject rights are infringed in any other manner, you are entitled to file a complaint at the Data Protection Authority. In Austria, it is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna. Prior to your formal complaint or if you need any help exercising your rights, contact us at firstname.lastname@example.org.
Effective: August 2022
XUND Solutions GmbH
9. Appendix – Definitions
- 'personal data' means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- 'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- 'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- 'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- 'recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- 'third party' means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
- 'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;