Table of contents
- Which of your data do we collect, for which purposes and on which legal basis do we process it?
- Additional embedded services and contents of third parties
- Is your data transmitted to third parties?
- Retention period
- Your Rights under Data Protection Law
- Data security
1. General, Scope IXOLIT GmbH / IXOPAY GmbH
1.1. It is of utmost importance for us to protect your personal data. We therefore comply with the applicable data protection provisions, in particular the General Data Protection Regulation ("GDPR"), the Austrian Data Protection Act ("DSG") and the Telecommunications Act ("TKG") concerning the protection, lawful processing and confidentiality of personal data as well as data security.
1.2.a. Controller of the processing on the Websites www.ixolit.com, www.ixo.care, www.ixocreate.com, www.ixoplan.com is IXOLIT GmbH, Mariahilfer Straße 77-79, 1060 Vienna, FN 213107v, Commercial Court Vienna ("IXOLIT").
1.2.b. Controller of the processing on the Website www.ixopay.com is IXOPAY GmbH, Mariahilfer Straße 77-79, 1060 Vienna, FN 451099g, Commercial Court Vienna ("IXOPAY").
In accordance with this distinction, the terms "we", "us" and "our" refer either to IXOLIT or IXOPAY, depending on which of the above-mentioned Websites you use.
2. Which of your data do we collect, for which purposes and on which legal basis do we process it?
2.1. Contacting us
When you fill out the contact form or the qualification form on our Website or establish contact with us via e-mail or through other communication means, we process the data you voluntarily provided us with in the aforementioned media (name, e-mail address, nature of the enquiry respectively the subject of your message and the content of your message, as well as other fields in the aforementioned forms on our Website).
We process the data provided within the course of contacting us solely for processing your enquiry, to get in contact with you if desired and to provide you with the requested information. This data processing is therefore necessary for the fulfilment of our (pre)contractual obligations.
2.2. Server log files
We collect and process the following data when you visit our Website and use our Online Services, that is – technically speaking – when you access the respective server containing the specifically requested service (so called server log files): name of the accessed Website, file (e.g. html, JPG, PNG), date and time of access, transmitted quantity of data, server status codes, processing time, browser and client type alongside the version, your operating system, referrer URL (the previously visited Website or external site), IP-address and the requesting provider, reverse DNS; if you contact us via the Contact Form, we also process connection data regarding source and target (network discovery or address, port numbers, protocol, e-mail address, e-mail subject, connecting server, protocol details, reputation data for spam filters, reverse DNS, obvious labelling, connected servers), authentication details and technical e-mail meta information.
This data is generated automatically through our servers when you use our Website and is necessary so that we can provide you with our Online Services. We therefore process server log files solely to be able to operate our Website and the connected services, to distribute web server requests in our server pool, for detection and rectification of errors as well as for security reasons (for clarification of abusive and fraudulent activities or unauthorised attempts to access), for a maximum duration of 15 days. Thus, this data processing activity is necessary to ensure our legitimate interests in operating error-free and secure Websites and Online Services.
2.3. Usage data
Based on your consent to Reporting Cookies, we collect and process the following data about your use and interaction with our Website: IP-address of your device, used internet browser, browser language, operating system, downloaded files/product information, screen resolution, colour depth, surfing behavior (date, time and duration) as well as the internet site from which you have visited us (referrer URL). You can withdraw your consent at any time via the "Cookie Settings" or through your browser settings (see point 3.4 below) with effect for the future and free of charge.
This data is collected through the Reporting Cookies "Google Analytics" and, in parts, "Microsoft Clarity" and "Leadfeeder" (see point 3.5 below). We use this usage data for (i) web analysis, (ii) improvements of our Online Services and our Website, (iii) increasing usability. Your consent is not necessary for the use of the Online Presence.
On the basis of your consent declaration (obtained through double opt-in process; after registration you receive an e-mail for confirmation of your registration) we process the personal data that you provided us with voluntarily in the course of the registration for the newsletter (your e-mail address and potentially your name) (i) for sending you e-mail newsletters about our current projects, marketing and product information as well as (ii) for measuring your reading habits of our newsletter and (iii) to transmit your provided data to IXOLIT and IXOPAY, which can send you e-mail newsletters for the same purposes as well.
Reading habits: Our newsletters contain a mechanism for measuring your reading habits. With that we can determine whether our newsletter is opened, when it is opened and what links are clicked. These statistical evaluations are serving solely the detection of the reading habits of our newsletter recipients and to adjust our contents accordingly.
You can withdraw your consent to the receipt of our newsletter at any time (via e-mail to email@example.com or through the unsubscribe link in our e-mail newsletters) with effect for the future and free of charge. After receipt of your withdrawal IXOLIT and IXOPAY will cease the further sending of e-mail newsletters immediately and erase your personal data from the mailing list.
2.5. Registration and User Account
When you are registered on our Website and have a user account for the use of our Online Services, we process the following personal data: title, name, company, e-mail address, address, telephone number, IP address, VAT number as well as your access data.
We process the data of your user account solely for operating your account, the provision of our Online Services as well as for the billing of our services. This data processing is therefore necessary for the fulfilment of our (pre)contractual obligations.
3.1. Cookies are files that are transmitted from our web server to your web browser and are stored on your device for later retrieval. Through such cookies, our Website can store important data to provide you with our services and to make the use of our Website more comfortable for you.
3.2. Most of the cookies that are used by us are so called "session cookies" that are stored on your device for the time of your current visit of our Website, only. These temporary cookies make a conformable use of our Website possible for you. Session cookies are valid for the duration of your specific visit of our Website only and are erased automatically thereafter. Moreover, we also use "persistent cookies" that stay on your device and are not erased automatically when you close your browser. You can erase these cookies yourself at any time. Persistent cookies are particularly used to improve your user experience by customising the Website to your personal needs and thus to optimise the loading time accordingly. Please find an overview of all purposes of session cookies and persistent cookies, and options to enable or disable cookies in our tool "Cookie Settings" (cf Section 3.4).
3.3.a) Google Tag Manager: Our Website uses the "Google Tag Manager". This service is strictly necessary to implement and manage the Google Analysis and Marketing services into our Website according to your Cookie Settings. Google Tag Manager does not use or set cookies.
3.3.b) Referrer ID: Our Website uses a "ReferrerID Cookie" for the duration of the session if you visit links on websites of our business partners that refer to our Website, for the purpose of statistical evaluations regarding the website from which you were referred to our Website. By means of this cookie we do not process personal data (§ 96 (3) TKG) and do not use "hidden identifiers" or other similar devices. Third parties cannot access the collected anonymous information.
3.4. Cookie Settings
You can accept or reject individual or all types of cookies that are not strictly necessary easily via our tool "Cookie Settings". Thereunder, we also inform you on the types of cookies we use on this Website.
Please also note: Most internet browsers accept cookies by default. You can adjust your internet browser settings so that cookies are only placed with your explicit consent, are generally rejected or stored cookies are removed. In order to do so, please follow the instructions provided by your respective internet browser’s producer:
- Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Chrome: https://support.google.com/chrome/answer/95647?hl=en
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/en/latest/web-preferences/#cookies
3.5. Cookies for which consent is required
If you have consented to the use of Reporting Cookies, we use "Google Analytics", a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") on our Website. The information generated through the Google Analytics Cookie about the use of the Website are usually transmitted to the servers of Google in the United States of America and stored there, whereby both Google and state authorities have access to this data. Google commits under current data processing agreements to maintain a mechanism that facilitates transfers of personal data outside of the EU as required by the GDPR.
Google will use this information to evaluate the usage of our Website by the users, to assemble reports about the activities on our Website and to deliver to us further services connected to the use of the Website. In doing so, pseudonymised user profiles of users can be generated from the processed data. Google will also potentially transmit the data to third parties if legally required or third parties process the data on behalf of Google.
If you have not given your consent, we use Google Analytics only with activated IP anonymization. This means that IP addresses are shortened by Google as soon as data is received by the Analytics Collection Network, before any storage or processing takes place. To our knowledge, the IP address transmitted from your browser is not merged with other data of Google.
In addition to configuration of our 'Cookie Settings' tool, you can prevent the general use of Google Analytics by downloading and installing the browser plug-in available through the following link: https://tools.google.com/dlpage/gaoptout. Google will link the usage data with other data about you, such as search history, personal accounts, usage data from other devices, and any other data that Google processes about you as a user. More information about the data usage by Google, settings and objection possibilities are available on the websites of Google: https://www.google.com/intl/en/policies/privacy/partners
If you have consented to the use of Reporting Cookies, we use "Leadfeeder", a web analytics service of Liidio Oy, Mikonkatu, 00100 Helsinki, Finland, to detect corporate visits and their geographic location. Leadfeeder only shows company visits, automatically filtering out all users visiting from residential IP addresses. All visit data is aggregated on the company level (no reference to natural persons). IP address anonymization erases the last part of the IP address, thereby making the IP anonymous. Via a connection to Google Analytics, Leadfeeder shows company visitors' interactions on the Website (pages viewed, visitor source and duration of session). Leadfeeder also enriches that company data with contact data for individuals from publicly available data sources (eg. LinkedIn). Please see further information on Leadfeeder's GDPR compliance and the Leadfeeder Privacy Notice.
We use the online marketing service "Google Ads" (formerly: "Google Adwords"). Google Ads is considered as profiling. Through the information collected, we can access statistics and find out the total number of users that have clicked on our advertisements or that were forwarded to a Website of our Online Presence through a Google search or through the Google Display Network.
On our behalf, Google Ads furthermore uses advertising functions of the Google Analytics service, on the basis of consent given by the individual user to Google, to place advertisements to target groups provided by Google.
You can object to these processing activities by using the Opt-out service provided by Google: https://adssettings.google.com/authenticated. Please find more general information about data use for marketing purposes by Google through the data protection notice of Google under https://www.google.com/policies/privacy/partners/
If you have consented to the use of Marketing Cookies, we use the Conversion Tracker of the services Google Ads and Microsoft Advertising. This allows us to obtain information to assess the advertisement efficiency (so-called 'conversion') across our Websites and on websites of our marketing- & advertising partners.
Google Ads: For further information of Google regarding Conversion-Tracking please see https://support.google.com/google-ads/answer/1722022
Microsoft Advertising: The Universal Event Tracking (UET) Cookie collects your IP address, and contains a global unique identifier assigned to your browser, and/or an identifier assigned to a user as long as it authenticated through their Microsoft account. Microsoft does not resell this data to third parties or share it with other advertisers. For further information of Microsoft please see https://privacy.microsoft.com/en-us/privacystatement
4. Additional embedded services and contents of third parties
Within our Online Services, we use further services and contents of third party providers to incorporate their contents and services on the basis of our legitimate interests in the provision, optimisation and economical operation of our Online Services. This requires that the third parties providing said content receive the IP address of the user, as otherwise they are not able to send the requested contents to the right browser. The IP address is therefore necessary for the display of these contents and the use of the embedded services.
Specifically, we use the following services and contents of third parties in our Online Services:
5. Is your data transmitted to third parties?
5.1. To the extent necessary, we provide your personal data to the following service providers (acting as “processors”) outside IXOLIT Group that support us in the performance of our Online Services:
- IT-service providers and/or providers of data hosting solutions or similar services;
- Other service providers, providers of tools and software solutions that support us with the performance of our services as well and operate on our behalf (including providers of marketing tools, marketing agencies, communication service providers).
All our processors have been contractually bound to process your data only on our behalf and on the basis of our instructions so that we can provide you with our Online Services.
5.2. Processing of your data in a third country outside the European Union (EU), respectively the European Economic Area (EEA) or when using services of third parties is only carried out where it is necessary for the performance of our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of legitimate interests. We have implemented suitable and appropriate guarantees to develop a way of transmission of your data to the respective third country compliant with data protection (eg. by concluding so-called "EU-Standard Contractual Clauses"). Upon your request we can transmit a copy of those suitable guarantees to you, provided that we process or let your data be processed in third countries.
6. Retention period
6.1. We store your personal data just as long as necessary for the purposes for which they are processed. Beyond that, we are potentially obligated to store your data for longer in accordance to legal retention periods.
6.2. Specifically, we store your data in connection with the establishment of contact with us in accordance with legal retention periods (inter alia § 212 BAO, §132 UGB) for a time period of usually seven years.
6.3. Server log files are stored for a maximum time period of 15 days and are erased subsequently.
6.4. We store your usage data for the time period stated in Cookie Settings, "Report Cookies", but at the latest until you withdraw your consent (eg. by disabling cookies).
6.5. If you are no client of us and have registered for our newsletter only, we store your data until you withdraw your consent.
6.6. We store data in connection with your registration and your user account until the end of your client relationship with us, or respectively beyond that until the expiry of the respective legal retention periods (usually for a time period of seven years, see above).
6.7. Apart from that, we store your personal data for a time period beyond the above-mentioned, as long as legal claims out of the relationship between you and us are enforceable and only if such litigation becomes apparent, or respectively until the definitive settlement of an incident or court proceedings. Such processing is based on legitimate interests for the establishment, exercise or defence of legal claims.
7. Your Rights under applicable Data Protection Law
7.1. You have the right to access your personal data that is being processed by us (Art 15 GDPR). Apart from that, you have the right to rectification of inaccurate or incomplete data (Art 16 GDPR). You have a right to erasure if (i) your personal data is no longer necessary for the purposes for which we have collected it, (ii) you withdraw your consent and there is no other legal basis for processing by us (cf. Section 3), (iii) you object to the processing and there are no overriding legitimate grounds for the processing (except in the case of processing for direct marketing purposes), (iv) your personal data has been unlawfully processed or (v) for compliance with our legal obligations (Art 17 GDPR)be. Additionally, you have the right to restriction of processing (Art 18 GDPR) as well as the right to data portability concerning the data you have provided us with (Art 20 GDPR).
7.2. We may process your data on the basis of legitimate interests (in particular cf. Section 2.2) in which case you have the right to object. In the case you object to the processing, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing of this data which override your interests, rights and freedoms (weighing of interests) or for the establishment, exercise or defence of legal claims.
In particular, you may object at any time to the processing of your data for the purposes of direct marketing of IXOLIT and/or IXOPAY. In the case of such an objection, we will no longer process your personal data for these purposes (no weighing of interests).
7.3. Additionally, you have the right to withdraw your consent at any time with effect for the future.
7.4. Finally, you have the right to lodge a complaint with the responsible supervisory authority (Art 77 GDPR).
7.5. If you have questions relating to this or to make use of your data subject rights, please feel free to contact us at:
IXOLIT GmbH / IXOPAY GmbH
Mariahilfer Straße 77-79, 1060 Wien
8. Data security
We comply with appropriate technical and organisational security measures pursuant to Art 32 GDPR to, considering the risks, guarantee an appropriate data protection level, especially to protect your personal data against accidental or unlawful destruction, alteration or against loss and against unauthorised disclosure or unauthorised access.
Version: 07. Dec 2020