Austria

Privacy policy

Here you can find out everything about our privacy policy, cookies and much more.

Eine Frau sitzt auf einem Balkon und arbeitet an einem Laptop

Table of contents

I. Name and address of the responsible person

II. Name and contact of the data protection officer

III. General information on data processing

IV. Provision of the website and creation of log files

V. Note on data transfer to the USA and other third countries

VI. Use of cookies

VII. Data transfer and data exchange in case of payment

VIII. Newsletter

IX. Personal registration for ticket purchase

X. Captcha – verification as human user for card activation

XI. Contact form and contact via email

XII. Online presence in social media

XIII. Social media buttons and links

XIV. Google Analytics

XV. Google Maps

XVI. Google-Re/Marketing-Services

XVII. Facebook Custom Audiences and Facebook Marketing Services

XVIII. Facebook Social Plugins

XIX. Business processing and marketing purposes

XX. Integration of partner programs/affiliates

XXI. Integration of third-party services and content

XXII. Job applications

XXIII. Rights of the data subject

XXIV. Austrian data protection authority

XXV. Right of objection

I. Name and address of the responsible person

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is the:

eduverify GmbH
Marxergasse 24/2
1030 Wien
Austria
Tel.: +49 (0)40 / 41 46 49 – 0
E-Mail: hallo@isic.at
Website: www.isic.at

II. Name and contact of the data protection officer

The data protection officer of the controller is:

Frank Henkel
Lawyer
E-Mail: datenschutz@isic.de

III. General information on data processing

1. Scope of the processing of personal data

As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional website as well as our content and services. The collection and use of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR as the legal basis for processing.

3. Data deletion and storage duration, storage location

The personal data of the data subject shall be deleted, blocked or made anonymous as soon as the purpose of the storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Deletion, blocking or anonymization of the data will also take place if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

All data is processed on servers in the European Union or EEA countries, currently Germany (eduverify) and in an external data center in Ireland. The mandatory data from the application forms is stored there in encrypted form. The operator of the data center has no access to the personal data of the cardholders. Access is exclusively granted to eduverify GmbH, the ISIC umbrella organization represented by the ISIC Service Office, Starine Novaka 1, 1000 Belgrade, Serbia and GTS Alive s.r.o., Na Maninach 1092/20, Prague 7, Czech Republic, as service provider of eduverify GmbH. Data voluntarily provided to eduverify GmbH is stored on servers in Germany and is exclusively accessible by rds GmbH.

4. Safety

To ensure the confidentiality of communication with you, we use TLS encryption for the transmission of our website. According to the current state of the art, the 128-bit encryption thus possible is to be regarded as secure. All browsers of the younger generation achieve this level of security. If necessary, you should update the browser on your PC.
Our employees are bound to data secrecy, which includes Art. 5 para. 1 lit. f and para. 2 GDPR as a confidentiality principle, compliance with which must be demonstrated. Data processing and our technical security precautions are continuously adapted to current circumstances and requirements.

If you use PayPal as a payment method, please note that PayPal does not guarantee uninterrupted, continuous and secure access to these services under all circumstances in its terms of use.

5. Links

Our website contains links to external websites. By clicking on such a link you will leave our website. As these other website providers may have different data protection practices and third countries may not have the same level of data protection as Germany or Europe, we recommend that you read the relevant data protection policies of these other website providers.

6. Links to www.isic.org

Our website contains numerous links to the external website www.isic.org. It is global website of ISIC Association, of which we are a member. The ISIC Association website is operated from Denmark on servers in the EU. We recommend that you also read the privacy policy of this external website.

7. Links to the Aliveplatform

Our website contains links to the external service portals of the GTS Alive Group that are affiliated with us. This concerns, for example, the online application form, which is built on the Aliveplatform. GTS Alive Group is a service provider of several European ISIC organizations and is operated from the Czech Republic on servers in the EU. We recommend that you also read the privacy policy of this external website.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Whenever our website is accessed, we collect data on the basis of our legitimate interests about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

The data is also stored in the log files of our system. For security reasons (e.g. for the clarification of abuse or fraud), the data is stored for a maximum of seven days and then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Possibility of objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

V. Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. When these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, U.S. companies are obligated to release personal data to security authorities without you, the data subject, being able to take legal action against this. It can therefore not be ruled out that U.S. authorities (e.g. intelligence agencies) process, evaluate and permanently store your data located on U.S. servers for monitoring purposes. We have no influence on these processing activities.

VI. Use of cookies

1. Description and scope of data processing

‘Cookies’ are small files that are stored on users’ computers. Different information can be stored within the cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example the contents of a shopping cart in an online store or a login status are stored. “Permanent” or “persistent” cookies are those that remain stored even after the browser is closed. For example, the login status can be saved when users visit the website after several days. Likewise, such a cookie may store the interests of users, which are used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the responsible party that operates the website (otherwise, if they are only its cookies, they are referred to as “first-party cookies”). We use temporary and permanent cookies and explain this in our privacy policy. A detailed description of each cookie and the status of your consent can be found on the Cookie Statement page.

2. Elimination possibility

If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

3. Right of objection

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of the services, especially in the case of tracking, via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by means of their deactivation in the browser settings. Please note that then not all functions of this online offer can be used.

VII. Data transfer and data exchange in case of payment

Your data will only be passed on to third parties if we are legally obliged to do so in the context of contract processing or if we commission an external service provider to process your information. These service providers receive only the information needed to perform their tasks. They may not use it for any other purpose and are obliged to treat the information in accordance with German and European data protection laws. We conclude corresponding confidentiality agreements or order processing contracts with each partner in accordance with Art. 28 GDPR.

Personal data, i.e. data that has not been at least previously anonymized, is not passed on by us to so-called third countries outside the EU. If, as a result of the special technologies of this website, which we describe below, it may nevertheless come to a transmission of the IP address in exceptional cases, we explicitly point this out in this context. These are then cases that we cannot influence.
In this context, we will provide you with options to prevent this data collection from the outset, if such options are available (see “Google Analytics”). In doing so, we also mention the guarantees provided in the country in question by the recipient of the data to ensure a level of data protection equivalent to that in the EU.

1. Special data transfers in the context of the site – legal bases

The individual situations mentioned below in the course of your navigation through our website require the transfer of data, at least your IP address, to third parties.
The legal basis for this in these situations is, on the one hand, the preparation, implementation or processing of a contractual relationship with you on the basis of Art. 6 para. 1 lit. b GDPR.
In other cases, where we respond to individual queries from you through interactive website outputs, we may rely on the legitimate interests of responding to your requests for information as an information portal (Art. 6 para. 1 lit. f GDPR). If external databases of our partners are queried, they provide the answers on our behalf and according to our instructions. This also applies insofar as you receive immediate individual responses to personal inquiry inputs.

2. Search fields according to service offers

In various places on our website (e.g. in the blog), you have the option of searching for service offers, in particular those of our partners, via the integrated, direct entry of search terms. Even if no personal data is requested, your IP address is processed during this process in order to provide you with the requested information.

3. Competitions

We organize raffles on our website at irregular intervals. If you participate in one of our competitions, please note the applicable conditions of participation.

Personal data provided by participants will be used exclusively within the framework of the competition and will only be passed on to the partner company for the purpose of sending the prizes or prize transfers.
In addition to determining the winners, the use within the scope of the sweepstakes also includes the processing of the sweepstakes. The names of the winners will not be published.

4. Your request for card issuance

As part of the processing of the ISIC/ITIC/IYTC card application within the framework of the conclusion of the contract, the collected data first name, last name, date of birth, photo (if digitally available), e-mail address (if available) will be transferred to the ISIC Association (the official issuer of the ISIC/ITIC/IYTC) in Denmark. The disclosure is relevant for the activation of the card number, the possibility to use offers that can be accessed online, as well as for the use of the ISIC app and the virtual card available with it.

5. Payment via PayPal

If you use PayPal to pay for an online order, your transaction data will be transmitted there in accordance with PayPal’s terms of use and privacy policy. We would like to point out that data may then also flow into computer networks in countries that do not have a level of data protection comparable to that of the European Union within the scope of payment processing. Data may also be passed on to companies of the PayPal Group, among others. We have no influence on these data transfers.
Terms of use and privacy policy of PayPal:
https://www.paypal.com/de/webapps/mpp/ua/useragreement-full
https://www.paypal.com/de/webapps/mpp/ua/privacy-prev
You can ask questions about PayPal’s privacy policy at this link at PayPal:
https://www.paypal.com/de/selfhelp/contact/email/privacy
If you log in to your PayPal user account, you can get further direct help by calling the customer service phone number listed there.

Alternatively, you can choose payments by invoice in the form of a bank transfer, that is, without the involvement of the PayPal system.

For payments via PayPal you need to enter your PayPal username and password. This data is not stored by us.
If you use PayPal as your login method, PayPal will, according to its terms of use, in turn communicate your login status to us. We will also receive such personal and account information that you have agreed to share with PayPal so that we can identify you.

VIII. Newsletter

1. Newsletter notes

The following information explains the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

2. Newsletter content

We send newsletters, sweepstakes information, e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. Insofar as the contents of the newsletter are specifically described in the course of registration, they are decisive for the user’s consent. In addition, our newsletters contain information about online and digital marketing as well as our services.

3. Double opt-in and logging

The registration for our newsletter takes place in a so-called double opt-in process. I.e. after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can log in with foreign e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the subscription process in accordance with legal requirements. This includes the storage of the login and confirmation time, as well as the IP address. Likewise, changes to your data stored with the shipping service provider are logged.

4. Subscription form

The registration for the newsletter via the integrated registration form on our website takes place via a direct connection to the newsletter dispatch service provider.

5. Mailing provider

The newsletter is sent using the GTS Alive Platform, whose publisher is the EU-based GTS ALIVE GROUP CENTRAL OFFICE – Na Maninach 1092/20, Prague 7, Czech Republic (hereinafter referred to as the “Shipping Service Provider”). You can view the privacy policy of the mailing provider here: https://www.isic.cz/o-nas/pravni-dokumenty/zasady-ochrany-osobnich-udaju/.

6. Data storage

The e-mail addresses of our newsletter recipients, as well as their other data described in the context of these notes, are stored on the servers of the dispatch service provider. The mailing provider uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, the mailing provider may use this data in pseudonymous form, i.e. without assigning it to a user, to optimize or improve its own services, for example. for the technical optimization of the dispatch and the presentation of the newsletters or for statistical purposes to determine from which countries the recipients come. However, the mailing provider does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

7. Subscription data

To subscribe to the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to provide your first name, last name, educational institution and place of residence, for the purpose of personal addressing and topic/location-specific newsletters.

8. Statistical survey and analyses

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked (success measurement). For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the shipping service provider to monitor individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

9. Legal basis of statistical surveys and analyses

The use of the shipping service provider, performance of statistical surveys and analyses without performance measurement as well as logging of the registration process, are carried out on the basis of our legitimate interests in accordance with the German Data Protection Act. Art. 6 para. 1 lit. f GDPR. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users.

The measurement of success is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this at any time. However, we will then no longer be able to send you a newsletter.

10 Termination / Revocation

You can cancel the receipt of our newsletter at any time, i.e. revoke your consents. You will find a link to cancel the newsletter at the end of each newsletter. When users have cancelled their subscription, their personal data will be deleted. In the event that users still have a currently valid card, only the newsletter subscription will be deleted. The remaining data will be deleted, blocked or anonymized as soon as they are no longer required to achieve the purpose for which they were collected.

IX. Personal registration for ticket purchase

1. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data in order to purchase various ID cards. The data is entered in an input mask and transmitted to us and stored. As part of the processing of the ISIC/ITIC/IYTC card application within the framework of the conclusion of the contract, the collected data first name, last name, date of birth and e-mail address (all mandatory) as well as photo (if digitally available) will be transferred to the ISIC Association (the official issuer of the ISIC/ITIC/IYTC) in Denmark. The following data is collected as part of the registration process:

– as mandatory fields in each case:
First name, last name, date of birth, e-mail, passport photo, copy of a photo ID (only for matching first and last name, date of birth and photo; we ask that all other data be made unidentifiable), enrollment or teaching certificates, associated educational institution

– in each case only as a mandatory field for shipping plastic types, otherwise optional:
(Delivery) address data

– each as optional fields:
Phone number, gender.

2. Legal basis for data processing

Since the registration serves the implementation of pre-contractual measures and the direct establishment of a contractual relationship, of which the user is a contracting party, the legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

Registration of the user is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures.

Should the processing of personal data of the contracting party be required by law for the contracts offered by you upon conclusion of the contract, the respective standards from which the obligation arises must be stated.

4. Duration of storage

The data will be deleted, blocked or anonymized as soon as they are no longer required to achieve the purpose for which they were collected.
This is the case for the data collected during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.

Continuing obligations require the storage of personal data for the duration of the contract. In addition, the storage of data for tax purposes must be taken into account. The storage periods to be complied with in this respect must be determined for the respective contracts and contracting parties concluded in each individual case and specified here.

5. Possibility of objection and elimination

As a user, you have the option to cancel the registration at any time in accordance with the card terms and conditions. You can have the data stored about you changed at any time.

If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early deletion, blocking or anonymization of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

X. Captcha – verification as human user for card activation

1. Description, purpose and scope of data processing

When submitting forms, we use a CAPTCHA tool. This will show you human readable characters only, which you will need to re-enter before submitting the form. If there is a match, it is assumed that you, as a human, made the entry. This serves to prevent the input from being misused by machine and automated processing, in particular by so-called “robots”. We use it to secure our databases from damaging manipulation.

2. Legal basis for data processing

Our legal basis for this processing is Art. 6 I f GDPR in the exercise of legitimate interests. These lie in the protection of our databases against misuse.

XI. Contact form and contact via email

1. Description and scope of data processing

A contact form is available on our website, which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored in order to process the contact request and handle it. In addition to optional entries, this also concerns data such as the date and time of registration, IP hash and browser version.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation.

2. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to handle customer communications in line with customer expectations. If the contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

The processing of personal data from the input mask serves us solely to process the contact.
The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Possibility of objection and elimination
If the user contacts us, he or she may object to the storage of his or her personal data in accordance with Art. 21 (1) DGDPR. For more details, see under XXIII.). In such a case, the conversation cannot be continued.

All personal data that was also stored in the course of contacting us will be deleted in this case.

XII. Online presence in social media

1. General note

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

2. Description and scope of data processing

Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. make contributions to our online presences or send us messages.

XIII. Social media buttons and links

The links/buttons to social networks and platforms (hereinafter referred to as “social media”) used within our online offer do not establish direct contact between social networks and users. Their function corresponds to the mode of operation of a regular online link.

XIV. Google Analytics

1. Notes on Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (“Google”), on the basis of your consent for the analysis, optimization and economic operation of our online offer. Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.

2. EU standard contractual clauses

A transfer to the USA is based on the EU standard contractual clauses. These guarantee an adequate level of data protection within the meaning of Art. 44 et seq. GDPR. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

3. Description and scope of data processing

Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Thereby, pseudonymous usage profiles of the users can be created from the processed data.

For more details, please refer to our cookie settings under “Statistics”.

A transmission to Google only takes place if you have given us your consent via our cookie banner.

4. IP-Anonymization

We use Google Analytics only with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

5. Google Analytics and browser settings

The IP address transmitted by the user’s browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

6. Further information on data use by Google

For more information about Google’s data use, settings and opt-out options, please visit Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when you use our partners’ websites or apps”), https://policies.google.com/technologies/ads (“Data use for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information Google uses to serve ads to you”).

XIV. Google Maps

1. Description, purpose and scope of data processing

This website uses Google Maps to display maps. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

2. EU standard contractual clauses

A transfer to the USA is based on the EU standard contractual clauses. These guarantee an adequate level of data protection within the meaning of Art. 44 et seq. GDPR. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

3. Data processing

By using this website and the Google Maps functions, you consent to the collection and use of the automatically determined data and the data entered by you by Google in the USA within the meaning of Art. 6 para. 1 lit. a GDPR. (see also „Google Analytics“). Google Maps uses at least your IP address to deliver up-to-date map displays. If you specify a desired location display in more detail in a data entry field on our site (e.g. location information), this non-personal information will probably be linked to the IP address during processing by Google, which identifies you in more detail. We do not have any detailed knowledge of these processes. As an end user of the feature, please check the Google Maps Terms of Service for more information. In the context of the presentation of Google Maps, Google acts on its own responsibility and not bound on our behalf.

XV. Google-Re/Marketing-Services

1. Notes on Google-Re/Marketing-Services

Based on your consent, we use the marketing and remarketing services (in short “Google marketing services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) for the analysis, optimization and economic operation of our online offer.

2. EU standard contractual clauses

A transfer to the USA is based on the EU standard contractual clauses. These guarantee an adequate level of data protection within the meaning of Art. 44 et seq. GDPR. Please find more details here: https://privacy.google.com/businesses/controllerterms/mccs/

3. Operation and data collection

Google’s marketing services allow us to display advertisements for and on our website in a more targeted manner to present users only with ads that potentially match their interests. If a user e.g. is shown ads for products that he or she was interested in on other websites, this is referred to as “remarketing. For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which web pages the user has visited, which content the user is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring web pages, time of visit and other information about the use of the online offer. The IP address of the user is also recorded, whereby we inform you within the scope of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is transferred in full to a Google server in the USA and shortened there. The IP address is not merged with user data within other Google offerings. The above information may also be combined by Google with such information from other sources. When the user subsequently visits other websites, they can be shown ads tailored to their interests.

You can obtain further instructions via the cookie settings.

4. Pseudonymous data processing

User data is processed pseudonymously as part of Google’s marketing services. I.e. Google does not store and process e.g. the name or e-mail address of users, but processes the relevant data on a cookie basis within pseudonymous user profiles. I.e. from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.

5. Integration of Google Adwords
The Google marketing services we use include the online advertising program “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked through the websites of AdWords customers. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

6. Integration of Doubleclick

We may integrate third-party advertisements based on the Google marketing service “DoubleClick”. DoubleClick uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or other websites on the Internet.

7. Integration of AdSense

We may integrate third-party advertisements based on the Google marketing service “AdSense”. AdSense uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or other websites on the Internet.

8. Integration of Google Optimizer

Likewise, we can use the service “Google Optimizer”. Google Optimizer allows us to track the effect of various changes to a website (e.g. changes to input fields, design, etc.) as part of so-called “A/B testing”. Cookies are placed on users’ devices for these testing purposes. Only pseudonymous data of the users is processed.

9. Integration of Google Tag Manager

Furthermore, we use the “Google Tag Manager” to integrate and manage the Google analysis and marketing services on our website.

10. Further information on the use of data for marketing purposes by Google

For more information about Google’s use of data for marketing purposes, please visit the overview page: https://policies.google.com/technologies/ads, Google’s privacy policy is available at https://policies.google.com/privacy.

11. Possibility of objection and elimination

If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated.

XVI. Facebook Custom Audiences and Facebook Marketing Services

1. Notes on Facebook Custom Audiences and Facebook Marketing Services

Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes.

2. EU standard contractual clauses

Meta Platforms Ireland Limited may transfer personal data as part of its data processing to Meta Platforms, Inc. based in the USA. To the extent that personal data is transferred to a country that is neither a member state of the European Union nor a state party to the Agreement on the European Economic Area (third country) in accordance with this privacy policy, this will be done on the basis of adequacy decisions by the EU Commission or using standard data protection clauses. For more details, click here: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

3. use of the meta pixel

With the help of the meta pixel, it is possible for Facebook to determine the visitors of our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the meta pixel to display Facebook ads only to Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the meta pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the meta pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

4. Data processing by Facebook

The processing of the data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, general guidance on the display of Facebook Ads, in Facebook’s Data Usage Policy: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s Help section: https://www.facebook.com/business/help/651294705016616.

5. Possibility of objection

You can object to the collection by the meta pixel and use of your data to display Facebook ads. To set what types of ads are shown to you within Facebook, you can go to the page set up by Facebook and follow the instructions there for usage-based advertising settings: https://www.facebook.com/settings?tab=ads. The settings are made in a platform-independent manner, i.e. they are applied to all devices, such as desktop computers or mobile devices.

Furthermore, you can object to the use of cookies that are used for reach measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

XVII. Facebook Social Plugins

1. Notes on Facebook Social Plugins

We use social plugins (“plugins”) of the social network facebook.com, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), based on your consent for the analysis, optimization and economic operation of our online offer. The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white “f” on blue tile, the terms “Like”, “Like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

2. EU standard contractual clauses

Meta Platforms Ireland Limited may transfer personal data as part of its data processing to Meta Platforms, Inc. based in the USA. To the extent that personal data is transferred to a country that is neither a member state of the European Union nor a state party to the Agreement on the European Economic Area (third country) in accordance with this privacy policy, this will be done on the basis of adequacy decisions by the EU Commission or using standard data protection clauses. For more details, click here: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

3. Use of the social plugin

When a user calls up a function of this online offer that contains such a plugin, his or her device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated by the user into the online offer. In doing so, usage profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge.

4. Data processing by Facebook

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store his or her IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found in the privacy policy of Facebook: https://www.facebook.com/about/privacy/.

5. Possibility of objection and elimination

If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offering and link it to his or her membership data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offering. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

XVIII. Business processing and marketing purposes

1. Notes on the business transaction and the marketing purpose

We use remote communication tools for business and marketing purposes, such as. mail, phone or email. In doing so, we process inventory data, address and contact data as well as contract data of customers, participants, prospective customers and communication partners

2. Legal basis of the data processing

The processing is carried out on the basis of Art. 6 para. 1 lit. a, art. 7 GDPR, art. 6 para. 1 lit. f GDPR in connection with legal requirements for promotional communications. Contact will only be made with the consent of the contact partners or within the scope of legal permissions and the processed data will be deleted as soon as they are no longer required and otherwise with objection/ revocation or discontinuation of the authorization basis or legal archiving obligations.

XIX Integration of Partner Programs/Affiliates

1. Notes on the integration of partner programs

We use affiliate tracking cookies on our website based on your consent for the analysis, optimization and economic operation of our online offer for the correct recording of sales and/or leads. These tracking cookies do not store any personal data. Instead, only the identification number of the referring partner and the order number of the advertising material clicked on by the website visitor are recorded. This information is required for payment processing between the website operator and the advertiser. The partner identification number is used to allocate the commission to be paid to the referring partner when a transaction is concluded.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can find more information about the protection of your data by affiliates e.g. here: https://www.affili.net/de/publisher/plattform/tracking, https://www.awin.com/de/rechtliches

XX. Integration of services and content of third parties

1. General information and legal basis

Within our online offer, we use content or service offers of third party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in terms of Art. 6 para. 1 lit. f. GDPR) content or service offers of third party providers in order to provide their content and services, such as e.g. videos or fonts (hereinafter uniformly referred to as “content”). This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be combined with such information from other sources.

2. Third-party overview

The following presentation provides an overview of third-party providers and their content, along with links to their privacy statements, which contain further information on the processing of data and, in part already mentioned here, opt-out options:

– If our customers use the payment services of third parties (e.g. PayPal or Sofortüberweisung), the terms and conditions and privacy policy of the respective third party providers apply, which are available within the respective websites or transaction applications.

– External fonts from Google, LLC., https://www.google.com/fonts (“Google Fonts”). The integration of Google Fonts is done by a server call at Google (usually in the USA). Privacy policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

– Videos from the “YouTube” platform of the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

– Videos of the platform “Vimeo” of the third party provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy policy: https://vimeo.com/privacy.

XXII. Job applications

On our website, we offer applicants the opportunity to submit applications to us by providing personal data. The data will be sent to us by e-mail to the address specified in the job description.

All personal data as well as attachments of your application will only be used by us for the purpose of evaluation, analysis and allocation in connection with filling the position.

The data you submit can only be accessed by responsible employees from the Human Resources department who are connected with the applicant selection process. In other respects, data is only passed on to IT contract processors who are dependent on instructions.

The legal basis for the processing of data is the initiation of a contractual relationship and the implementation of pre-contractual measures pursuant to § 26 para. 1 sentence 1 BDSG.

If you send us an unsolicited application, your information will be stored in a database, just as it is when you apply for jobs. Human resources staff associated with applicant selection as well as recruitment can search this database to fill vacant positions with suitable candidates.

Duration of storage:

In the event that you apply for a specific position, your data will be considered for the duration of the selection process. After six months following any rejection, we will anonymize your data. All attachments and communication will be deleted.

If, following a specific application, you would like your data to be considered further for future personnel developments, please send us a separate unsolicited application or we will contact you.

We will hold unsolicited applications for a period of 12 months. After this time we will proceed with these applications as shown above for anonymization.

If you send us an unsolicited application, your information will be stored in a database, just as it is when you apply for jobs. Human resources staff associated with applicant selection as well as recruitment can search this database to fill vacant positions with suitable candidates.

XXIII. Rights of the data subject

1. you have the right:
– to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, blocking or anonymization, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

– in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or completion of your personal data stored by us;

– pursuant to Art. 17 GDPR to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;

– to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;

– pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;

– according to Art. 7 par. 3 GDPR to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing that was based on this consent for the future, and

– complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose. The latter supervisory authority is:

XXIV. Austrian data protection authority

Austrian data protection authority
Barichgasse 40-42
1030 Vienna

E-Mail: dsb@dsb.gv.at

XXV. Right of objection

If your personal data is collected on the basis of legitimate interests pursuant to Art. 6 para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
If you wish to exercise your right of revocation or objection, simply send an e-mail to hallo@isic.at.

TOP SEARCHESFlixbusBooking.comEuropcarAdidasHelloFresh