Österreich

Privacy policy

Here you can find out everything about our privacy policy, cookies and much more.

Eine Frau sitzt auf einem Balkon und arbeitet an einem Laptop

1. Name and address of the person responsible

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is the:

eduverify GmbH
Marxergasse 24/2
1030 Vienna
Austria
Phone: +49 (0)40 / 41 46 49 – 0
E-Mail: hallo@isic.at
Website: https://isic.at/

2. Name and contact of the data protection officer

The data protection officer of the controller is:

Frank Henkel
Lawyer
E-Mail: datenschutz@isic.de

3. General information on data processing

Scope of the processing of personal data

As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional website as well as our content and services. In this respect, processing takes place regularly within the scope of our legal possibilities. Processing beyond this is carried out at most on the basis of the consent of our users.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR as the legal basis for processing.

Data erasure and storage duration, storage location

The personal data of the data subject will be deleted in accordance with Art. 17 GDPR, inter alia as soon as the purpose of storage ceases to apply and there are no statutory retention obligations.

Eduverify has entrusted rds GmbH, based in Hamburg, with the operational execution of business activities relating to the issuing of cards and the operation of the website. rds GmbH is the exclusive representative of ISIC in Germany.

All data is processed on servers in the European Union or EEA countries, currently Germany (rds GmbH) and in an external data center in Ireland. The mandatory data from the application forms is stored there in encrypted form. The operator of the data center has no access to the personal data of the cardholders. Access is exclusively granted to eduverify GmbH, rds GmbH, the ISIC umbrella organization, represented by the ISIC Service Office, Starine Novaka 1, 1000 Belgrade, Serbia and GTS Alive s.r.o., Na Maninach 1092/20, Prague 7, Czech Republic, as service provider of eduverify GmbH. Data voluntarily provided to eduverify GmbH is stored on servers in Germany and is exclusively accessible to eduverify GmbH and rds GmbH.

Security

To ensure the confidentiality of communication with you, we use TLS encryption for the transmission of our website. According to the current state of the art, the 128-bit encryption thus possible is to be regarded as secure. All browsers of the younger generation achieve this level of security. If necessary, you should update the browser on your PC.
Our employees are bound to data secrecy, which includes Art. 5 para. 1 lit. f and para. 2 GDPR as a confidentiality principle, compliance with which must be demonstrated. Data processing and our technical security precautions are continuously adapted to current circumstances and requirements.

If you use PayPal as a payment method, please note that PayPal does not guarantee uninterrupted, continuous and secure access to these services under all circumstances in its terms of use.

Links

Our website contains links to external websites. By clicking on such a link you will leave our website. As these other website providers may have different/different data protection practices and the level of data protection in third countries may not be the same as in Austria or Europe, we recommend that you read the relevant data protection policies of these other website providers.

Links to www.isic.org

Our website contains numerous links to the external website www.isic.org. It is global website of ISIC Association, of which we are a member. The ISIC Association website is operated from Denmark on servers in the EU. We recommend that you also read the privacy policy of this external website.

Links to the Aliveplatform

Our website contains links to the external service portals of the GTS Alive Group that are affiliated with us. This concerns, for example, the online application form, which is built on the Aliveplatform. The GTS Alive Group is a service provider for several European ISIC organizations and the Aliveplatform is operated from the Czech Republic on servers in the EU. We recommend that you also read the privacy policy of this external website.

4. Provision of the website and creation of log files

Description and scope of data processing

Whenever our website is accessed, we collect data on the basis of our legitimate interests about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

The data is also stored in the log files of our system. For security reasons (e.g. for the clarification of abuse or fraud), the data is stored for a maximum of seven days and then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident. This data is not stored together with other personal data of the user.

Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

5. Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. When these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, U.S. companies are obligated to release personal data to security authorities without you, the data subject, being able to take legal action against this. It can therefore not be ruled out that U.S. authorities (e.g. intelligence agencies) process, evaluate and permanently store your data located on U.S. servers for monitoring purposes. We have no influence on these processing activities.

6. Use of cookies

Description and scope of data processing

‘Cookies’ are small files that are stored on users’ computers. Different information can be stored within the cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example the contents of a shopping cart in an online store or a login status are stored. “Permanent” or “persistent” cookies are those that remain stored even after the browser is closed. For example, the login status can be saved when users visit the website after several days. Likewise, such a cookie may store the interests of users, which are used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the responsible party that operates the website (otherwise, if they are only its cookies, they are referred to as “first-party cookies”). We use temporary and permanent cookies and explain this in our privacy policy. A detailed description of each cookie and the status of your consent can be found on the Cookie Statement page.

Possibility of elimination

If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

Right of objection

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of the services, especially in the case of tracking, via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by means of their deactivation in the browser settings. Please note that then not all functions of this online offer can be used.

7. Competitions

We organize raffles on our website at irregular intervals. If you participate in one of our competitions, please note the applicable conditions of participation.

Personal data provided by participants will be used exclusively within the framework of the competition and will only be passed on to the partner company for the purpose of sending the prizes or prize transfers.
In addition to determining the winners, the use within the scope of the sweepstakes also includes the processing of the sweepstakes. The names of the winners will not be published.

8. Payment service provider

If you incur costs when ordering one of our products, you can make the payments on our website. We use the following service providers for this purpose, who may receive personal data from you.

Paypal:

If you use PayPal to pay for an online order, your transaction data will be transmitted there in accordance with PayPal’s terms of use and privacy policy. We would like to point out that data may then also flow into computer networks in countries that do not have a level of data protection comparable to that of the European Union within the scope of payment processing. Data may also be passed on to companies of the PayPal Group, among others. We have no influence on these data transfers.
Terms of use and privacy policy of PayPal:
https://www.paypal.com/de/webapps/mpp/ua/useragreement-full
https://www.paypal.com/de/webapps/mpp/ua/privacy-prev
You can ask questions about PayPal’s privacy policy at this link at PayPal:
https://www.paypal.com/de/selfhelp/contact/email/privacy
If you log in to your PayPal user account, you can get further direct help by calling the customer service phone number listed there.

Alternatively, you can choose payments by invoice in the form of a bank transfer, that is, without the involvement of the PayPal system.

For payments via PayPal you need to enter your PayPal username and password. This data is not stored by us.
If you use PayPal as your login method, PayPal will, according to its terms of use, in turn communicate your login status to us. We will also receive such personal and account information that you have agreed to share with PayPal so that we can identify you.

Stripe:

provider of these payment services:

Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2

If you select payment via Stripe, the following data will be transmitted to Stripe:

Name of the cardholder, e-mail address, customer number, order number, bank details, credit card details, credit card expiry date, credit card verification number (CVC), date and time of the transaction, transaction amount, name of the provider and location.

We cannot process a payment via Stripe without the transmission of your personal data. However, you have the option of choosing a different payment method.

Stripe assumes a dual role as controller and processor for data processing activities. As the controller, Stripe uses your submitted data to fulfill regulatory obligations. This corresponds to our legitimate interest (pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR) and serves the execution of the contract (pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR).

Stripe has implemented compliance measures for international data transfers. These apply to all global activities in which Stripe processes personal data of natural persons in the EU. Third country transfers are carried out on the basis of EU standard contractual clauses (SCCs). The parent company Stripe, Inc. (USA) is also listed under the EU-US Data Privacy Framework (DPF), so that an adequate level of data protection is guaranteed in accordance with the adequacy decision of the EU Commission.

You can find more information about the DPF here: https://www.dataprivacyframework.gov/s/.

Further information on objection and removal options vis-à-vis Stripe can be found at: https://stripe.com/privacy-center/legal

Your data will be stored by us until the payment process has been completed. This also includes the time required to process refunds, receivables management and fraud prevention. In accordance with § 147 AO / § 257 HGB, a statutory retention period of ten years applies to us.

9. Newsletter

Notes on the newsletter

The following information explains the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

Content of the newsletter

We send newsletters, sweepstakes information, e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. Insofar as the contents of the newsletter are specifically described in the course of registration, they are decisive for the user’s consent. In addition, our newsletters contain information about online and digital marketing as well as our services.

Double opt-in and logging

The registration for our newsletter takes place in a so-called double opt-in process. I.e. after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can log in with foreign e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the subscription process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. Likewise, changes to your data stored with the shipping service provider are logged.

Registration form

The registration for the newsletter via the integrated registration form on our website takes place via a direct connection to the newsletter dispatch service provider.

Shipping service provider

The newsletter is sent via the GTS Aliveplatform, whose publisher is the EU-based GTS ALIVE GROUP CENTRAL OFFICE – Na Maninach 1092/20, Prague 7, Czech Republic (hereinafter referred to as the “sending service provider”). You can view the privacy policy of the mailing provider here: https://www.isic.cz/o-nas/pravni-dokumenty/zasady-ochrany-osobnich-udaju/.

Data storage

The e-mail addresses of our newsletter recipients, as well as their other data described in the context of these notes, are stored on the servers of the dispatch service provider. The mailing provider uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, the mailing provider may use this data in pseudonymous form, i.e. without assigning it to a user, to optimize or improve its own services, for example. for the technical optimization of the dispatch and the presentation of the newsletters or for statistical purposes to determine from which countries the recipients come. However, the mailing provider does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

Login data

To subscribe to the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to enter your first name and surname for the purpose of personal contact and topic/location-specific newsletters.

Statistical survey and analyses

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked (success measurement). For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the shipping service provider to monitor individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Legal basis for statistical surveys and analyses

The use of the shipping service provider, performance of statistical surveys and analyses without performance measurement as well as logging of the registration process, are carried out on the basis of our legitimate interests in accordance with the German Data Protection Act. Art. 6 para. 1 lit. f GDPR. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users.

The measurement of success is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this at any time. However, we will then no longer be able to send you a newsletter.

Cancellation/revocation

You can cancel the receipt of our newsletter at any time, i.e. revoke your consents. You will find a link to cancel the newsletter at the end of each newsletter. When users have cancelled their subscription, their personal data will be deleted. In the event that users still have a currently valid card, only the newsletter subscription will be deleted. The remaining data will be deleted, blocked or anonymized as soon as they are no longer required to achieve the purpose for which they were collected.

10. Personal registration when purchasing tickets

Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data in order to purchase various ID cards. The data is entered in an input mask and transmitted to us and stored. As part of the processing of the ISIC/ITIC/IYTC card application when the contract is concluded, the mandatory data collected is transferred to the ISIC Association (the official issuer of the ISIC/ITIC/IYTC) in Denmark. The following

Data is collected as part of the registration process. Depending on the application and issuing process, some of this data may be requested as mandatory fields:

First name, surname, title, date of birth, e-mail, passport photo, copy of a photo ID (only to compare first and last name, date of birth and photo; please make all other data unrecognizable), proof of matriculation or teaching qualifications, associated educational institution,
(delivery) Address data, telephone number, gender, unique identifier of the university (e.g. when issuing an ISIC with ESC function), membership number (e.g. in application sections of cooperation partners for reporting purposes).

Purpose and legal basis for data processing

The processing of the mandatory fields is carried out on the legal basis of Art. 6 para. 1 S. 1 lit. b GDPR (contractual purpose). All data is required for issuing the requested card and the associated verification of the applicant’s identity as well as for the necessary communication with the applicant.

The optional data is processed on the legal basis of Art. 6 para. 1 S. 1 lit. f GDPR (balancing of interests). The telephone number is used to contact the applicant quickly in order to be able to make enquiries about the application if necessary. The information on gender is used to address you correctly in the context of communication.

Duration of storage

The data will be deleted, blocked or anonymized as soon as they are no longer required to achieve the purpose for which they were collected.

We initially process the aforementioned data categories for the duration of the contract. After termination of the contract, your data will be deleted if and insofar as it is not subject to statutory retention obligations. According to the provisions of the German Commercial Code and the German Fiscal Code, we must store business letters and accounting documents and the data required for this (such as, in particular, names, addresses, contract data, invoice documents, payment data) for six and ten years respectively.

Possibility of objection and removal

As a user, you have the option to cancel the registration at any time in accordance with the card terms and conditions. You can have the data stored about you changed at any time.

If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early deletion, blocking or anonymization of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

11. Captcha – verification as a human user for card activation

Description, purpose and scope of data processing

When submitting forms, we use a CAPTCHA tool. This will show you human readable characters only, which you will need to re-enter before submitting the form. If there is a match, it is assumed that you, as a human, made the entry. This serves to prevent the input from being misused by machine and automated processing, in particular by so-called “robots”. We use it to secure our databases from damaging manipulation.

Legal basis for data processing

Our legal basis for this processing is Art. 6 para. 1 S. 1 lit. f GDPR in the exercise of legitimate interests. These lie in the protection of our databases against misuse.

12. Contact form and e-mail contact

Description and scope of data processing

A contact form is available on our website, which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored in order to process the contact request and handle it. In addition to optional entries, this also concerns data such as the date and time of registration, IP hash and browser version.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation.

Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to handle customer communications in line with customer expectations. If the contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

Purpose of data processing

The processing of personal data from the input mask serves us solely to process the contact.
The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

Possibility of objection and removal

If the user contacts us, he or she may object to the storage of his or her personal data in accordance with Art. 21 (1) DGDPR. For more details, see under XXIII.). In such a case, the conversation cannot be continued.

All personal data that was also stored in the course of contacting us will be deleted in this case.

13. Online presence in social media

General note

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Description and scope of data processing

Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within social networks and platforms, e.g. make contributions to our online presences or send us messages.

14. Social media buttons and links

The links/buttons to social networks and platforms (hereinafter referred to as “social media”) used within our online offer do not establish direct contact between social networks and users. Their function corresponds to the mode of operation of a regular online link.

15. Google Analytics

Notes on Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (“Google”), on the basis of your consent for the analysis, optimization and economic operation of our online offer. Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.

EU standard contractual clauses and DPF

A transfer to the USA is based on the EU standard contractual clauses. These guarantee an adequate level of data protection within the meaning of Art. 44 et seq. GDPR. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google LLC is also certified in accordance with the US Data Privacy Framework (DPF). According to the EU Commission’s adequacy decision of 10.07.2023, such certification also guarantees an adequate level of data protection.

You can find more information about the DPF here: https://www.dataprivacyframework.gov/s/.

Description and scope of data processing

Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Thereby, pseudonymous usage profiles of the users can be created from the processed data.

For more details, please refer to our cookie settings under “Statistics”.

A transmission to Google only takes place if you have given us your consent via our cookie banner.

IP anonymization

We use Google Analytics only with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

Google Analytics and browser settings

The IP address transmitted by the user’s browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on the use of data by Google

For more information about Google’s data use, settings and opt-out options, please visit Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when you use our partners’ websites or apps”), https://policies.google.com/technologies/ads (“Data use for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information Google uses to serve ads to you”).

16. Google maps

Description, purpose and scope of data processing

This website uses Google Maps to display maps. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

EU standard contractual clauses and DPF

A transfer to the USA is based on the EU standard contractual clauses. These guarantee an adequate level of data protection within the meaning of Art. 44 et seq. GDPR. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google LLC is also certified in accordance with the US Data Privacy Framework (DPF). According to the EU Commission’s adequacy decision of 10.07.2023, such certification also guarantees an adequate level of data protection.

You can find more information about the DPF here: https://www.dataprivacyframework.gov/s/.

Data processing

By using this website and the Google Maps functions, you consent to the collection and use of the automatically determined data and the data entered by you by Google in the USA within the meaning of Art. 6 para. 1 lit. a GDPR. (see also „Google Analytics“). Google Maps uses at least your IP address to deliver up-to-date map displays. If you specify a desired location display in more detail in a data entry field on our site (e.g. location information), this non-personal information will probably be linked to the IP address during processing by Google, which identifies you in more detail. We do not have any detailed knowledge of these processes. As an end user of the feature, please check the Google Maps Terms of Service for more information. In the context of the presentation of Google Maps, Google acts on its own responsibility and not bound on our behalf.

17. Google Re-/Marketing Services

Notes on Google Re/Marketing Services

Based on your consent, we use the marketing and remarketing services (in short “Google marketing services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) for the analysis, optimization and economic operation of our online offer.

EU standard contractual clauses and DPF

A transfer to the USA is based on the EU standard contractual clauses. These guarantee an adequate level of data protection within the meaning of Art. 44 et seq. GDPR. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google LLC is also certified in accordance with the US Data Privacy Framework (DPF). According to the EU Commission’s adequacy decision of 10.07.2023, such certification also guarantees an adequate level of data protection.

You can find more information about the DPF here: https://www.dataprivacyframework.gov/s/.

Functionality and data collection

Google’s marketing services allow us to display advertisements for and on our website in a more targeted manner to present users only with ads that potentially match their interests. If a user e.g. is shown ads for products that he or she was interested in on other websites, this is referred to as “remarketing. For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which web pages the user has visited, which content the user is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring web pages, time of visit and other information about the use of the online offer. The IP address of the user is also recorded, whereby we inform you within the scope of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is transferred in full to a Google server in the USA and shortened there. The IP address is not merged with user data within other Google offerings. The above information may also be combined by Google with such information from other sources. When the user subsequently visits other websites, they can be shown ads tailored to their interests.

You can obtain further instructions via the cookie settings.

Pseudonymous data processing

User data is processed pseudonymously as part of Google’s marketing services. I.e. Google does not store and process e.g. the name or e-mail address of users, but processes the relevant data on a cookie basis within pseudonymous user profiles. I.e. from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.

Integration of Google Adwords

The Google marketing services we use include the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked through the websites of AdWords customers. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

Integration of Doubleclick

We may integrate third-party advertisements based on the Google marketing service “DoubleClick”. DoubleClick uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or other websites on the Internet.

Integration of AdSense

We may integrate third-party advertisements based on the Google marketing service “AdSense”. AdSense uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or other websites on the Internet.

Integration of Google Optimizer

Likewise, we can use the service “Google Optimizer”. Google Optimizer allows us to track the effect of various changes to a website (e.g. changes to input fields, design, etc.) as part of so-called “A/B testing”. Cookies are placed on users’ devices for these testing purposes. Only pseudonymous data of the users is processed.

Integration of Google Tag Manager

Furthermore, we use the “Google Tag Manager” to integrate and manage the Google analysis and marketing services on our website.

Further information on the use of data for marketing purposes by Google

For more information about Google’s use of data for marketing purposes, please visit the overview page: https://policies.google.com/technologies/ads, Google’s privacy policy is available at https://policies.google.com/privacy.

Possibility of objection and removal

If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.

18. Facebook, Custom Audiences and Facebook marketing services

Notes on Facebook, Custom Audiences and Facebook marketing services

Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes.

EU standard contractual clauses and DPF

Meta Platforms Ireland Limited may transfer personal data as part of its data processing to Meta Platforms, Inc. based in the USA. To the extent that personal data is transferred to a country that is neither a member state of the European Union nor a state party to the Agreement on the European Economic Area (third country) in accordance with this privacy policy, this will be done on the basis of adequacy decisions by the EU Commission or using standard data protection clauses. For more details, click here: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

Meta Platforms, Inc. is also certified in accordance with the US Data Privacy Framework (DPF). According to the EU Commission’s adequacy decision of 10.07.2023, such certification also guarantees an adequate level of data protection.

You can find more information about the DPF here: https://www.dataprivacyframework.gov/s/.

Use of the meta pixel

With the help of the meta pixel, it is possible for Facebook and Instagram to determine the visitors of our online offer as a target group for the display of ads (so-called “Facebook Ads” or “Instagram Ads”). Accordingly, we use the meta pixel to display the ads placed by us only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited). With the help of the meta pixel, we also want to ensure that our ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the meta pixel, we can also track the effectiveness of the advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion”).

Data processing by Facebook

The processing of the data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, general guidance on the display of Facebook Ads, in Facebook’s Data Usage Policy: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s Help section: https://www.facebook.com/business/help/651294705016616.

Possibility of objection

You can object to the collection by the meta pixel and use of your data to display Facebook ads. To set what types of ads are shown to you within Facebook, you can go to the page set up by Facebook and follow the instructions there for usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are made in a platform-independent manner, i.e. they are applied to all devices, such as desktop computers or mobile devices.

Furthermore, you can object to the use of cookies that are used for reach measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

19. Facebook social plugins

Notes on the Facebook social plugins

We use social plugins (“plugins”) of the social network facebook.com, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), based on your consent for the analysis, optimization and economic operation of our online offer. The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white “f” on blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

EU standard contractual clauses and DPF

Meta Platforms Ireland Limited may transfer personal data as part of its data processing to Meta Platforms, Inc. based in the USA. To the extent that personal data is transferred to a country that is neither a member state of the European Union nor a state party to the Agreement on the European Economic Area (third country) in accordance with this privacy policy, this will be done on the basis of adequacy decisions by the EU Commission or using standard data protection clauses. For more details, click here: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

Meta Platforms, Inc. is also certified in accordance with the US Data Privacy Framework (DPF). According to the EU Commission’s adequacy decision of 10.07.2023, such certification also guarantees an adequate level of data protection.

You can find more information about the DPF here: https://www.dataprivacyframework.gov/s/.

Use of the social plugin

When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated by the user into the online offer. In doing so, usage profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.

Data processing by Facebook

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store his or her IP address. According to Facebook, only an anonymized IP address is stored in Austria.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found in the privacy policy of Facebook: https://www.facebook.com/about/privacy/.

Possibility of objection and removal

If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offering and link it to his or her membership data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offering. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

20. Business processing and marketing purposes

Notes on business processing and marketing purpose

We use remote communication tools for business and marketing purposes, such as. mail, phone or email. In doing so, we process inventory data, address and contact data as well as contract data of customers, participants, prospective customers and communication partners

Legal basis for data processing

The processing is carried out on the basis of Art. 6 para. 1 lit. a, art. 7 GDPR, art. 6 para. 1 lit. f GDPR in connection with legal requirements for promotional communications. Contact will only be made with the consent of the contact partners or within the scope of legal permissions and the processed data will be deleted as soon as they are no longer required and otherwise with objection/ revocation or discontinuation of the authorization basis or legal archiving obligations.

21. Integration of partner programs/affiliates

Notes on the integration of partner programs

We use affiliate tracking cookies on our website on the basis of your consent for the analysis, optimization and economic operation of our online offer for the correct recording of sales and/or leads. These tracking cookies do not store any personal data. Instead, only the identification number of the referring partner and the order number of the advertising material clicked on by the website visitor are recorded. This information is required for payment processing between the website operator and the advertiser. The partner identification number is used to allocate the commission to be paid to the referring partner when a transaction is concluded.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can find more information about the protection of your data by affiliates e.g. here: https://www.affili.net/de/publisher/plattform/tracking, https://www.awin.com/de/rechtliches

22. integration of third-party services and content

General information and legal basis

We use within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 sentence 1 lit. f. GDPR) or on the basis of your consent. GDPR) or on the basis of your consent, we use other content or service offers from third-party providers in order to offer their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

Videos from the “YouTube” platform

Description, purpose and scope of data processing

We provide you with integrations of YouTube of Google Inc., USA, in various places on this website. YouTube includes the option of registering for user accounts and thus joining a Google network.

The YouTube plug-in determines at least the IP address of the user and the page address from which it was activated when the page in which it is integrated is accessed. As long as you are logged in to a YouTube account at the same time, YouTube can observe your usage behavior and associate it with your account. This allows personal profiles to be created that are available to Google.

Legal basis for data processing

We transmit your data exclusively on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Google LLC is certified in accordance with the US Data Privacy Framework (DPF). According to the EU Commission’s adequacy decision of 10.07.2023, such certification also guarantees an adequate level of data protection.

You can find more information about the DPF here: https://www.dataprivacyframework.gov/s/.Im Google acts on its own responsibility and is not bound by our instructions when using data for YouTube.

Duration of storage, objection and removal options

We have no knowledge of the detailed processing by Google and the possibilities to influence it. You can find more details in the data protection center of google.de: Google privacy policy and under the terms of use at www.youtube.com (https://www.youtube.com/t/terms).

If you do not want Google to monitor your usage behavior, please log out of your YouTube account before accessing this page.

External fonts from Google, LLC

We use fonts from Google on our website (Google Fonts). These are provided exclusively by our own servers, so that no IP address is transmitted to Google for this purpose.

23. job applications

On our website, we offer applicants the opportunity to submit applications to us by providing personal data. The data will be sent to us by e-mail to the address specified in the job description.

All personal data as well as attachments of your application will only be used by us for the purpose of evaluation, analysis and allocation in connection with filling the position.

The data you submit can only be accessed by responsible employees from the Human Resources department who are connected with the applicant selection process. In other respects, data is only passed on to IT contract processors who are dependent on instructions.

The legal basis for the processing of the data is the initiation of a contractual relationship and the implementation of pre-contractual measures in accordance with Art. 6 para. 1 S. 1 lit. b GDPR.

Duration of storage:

In the event that you apply for a specific position, your data will be considered for the duration of the selection process. After six months following any rejection, we will anonymize your data. All attachments and communication will be deleted.

If, following a specific application, you would like your data to be considered further for future personnel developments, please send us a separate unsolicited application or we will contact you.

We will hold unsolicited applications for a period of 12 months. After this time we will proceed with these applications as shown above for anonymization.

If you send us an unsolicited application, your information will be stored in a database, just as it is when you apply for jobs. Human resources staff associated with applicant selection as well as recruitment can search this database to fill vacant positions with suitable candidates.

24. Rights of the data subject

You have the right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, blocking or anonymization, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
  • in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
  • pursuant to Art. 7 para. 3 GDPR to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing that was based on this consent for the future, and
  • to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose. The latter supervisory authority is:

25. The Hamburg Commissioner for Data Protection and Freedom of Information in Hamburg

Kurt-Schumacher-Allee 4
20097 Hamburg
E-Mail: mailbox@datenschutz.hamburg.de

26. Right of objection

If your personal data is collected on the basis of legitimate interests pursuant to Art. 6 para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
If you wish to exercise your right of revocation or objection, simply send an e-mail to hallo@isic.at.

TOP SEARCHESFlixbusBooking.comEuropcarAdidasHelloFresh