Data Privacy

Data protection information for customers or partners of

Co – Victory GmbH, in particular in the area of the “Jewish Heritage Austria” project.

 

1. general information

This privacy policy clarifies the nature, scope and purpose of the processing (including collection, processing and use) of personal data within our offer and the associated websites, functions and content (hereinafter collectively referred to as “online offer” or “website”). The privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the offer is executed.

The provider of the online offer and the body responsible for data protection is Co – Victory GmbH (hereinafter referred to as “provider”, “we” or “us”). For contact details, please refer to our legal notice.

The term “user” includes all customers and visitors to our online offering. The terms used, such as “user”, are to be understood as gender-neutral.

The protection of your personal data is important to us. We process your personal data exclusively on the basis of the statutory provisions (GDPR, DSG, TKG 2003).

In this privacy policy, we inform you about the processing of your personal data and the claims and rights to which you are entitled under data protection regulations.

 

We are responsible for the processing of your personal data:

Co – Victoy GmbH

office@co-victory.com

 

2. data processing around our website

Within our website, we process information provided to us by you, logs created by servers and cookies.

The web server for the operation of our website is technically operated by CPanel, Hostinger and WordPress as processors.

To block third-party cookies, follow the internal settings of your browser. In Safari, they are switched off by default.

 

2.1 Data processing for the operation and protection of the website

When you visit our website, the web server collects usage data, also known as server logs. The collection of this information is necessary to establish the connection to our server and to enable the technical use of the website. In addition, this data is used to defend against and analyze potential attacks. The collected server logs include the IP address of the requesting device, the date and time of the request, the requested file name and the associated URL, the amount of data transferred, the success message of the request, identification data of the browser and operating system used and the website from which the access was made if it was made via a link.

The legal basis for processing this data is based on our legitimate interest in ensuring the smooth operation of the service and protecting the systems from security risks.

The recipients of this data are the web servers that process the operation of our website on our behalf. In the event of a hacker attack, the data from the server logs can be used to identify the perpetrator.

The server logs are stored for a maximum of one day, and the information generated by CPanel or Hostinger is usually transferred to a Hostingerserver in Lithuania or France or the Netherlands and stored there. The transfer takes place in accordance with the standard contractual clauses pursuant to Art. 46 GDPR, which ensures an adequate level of protection. Further information on the standard contractual clauses and data protection guarantees can be found at https://www.hostinger.com/legal/privacy-policyHostingeracts as a processor and may only use the transmitted data to process specific orders, whereby compliance with data protection laws is contractually agreed.

 

3. data processing for advertising purposes

3.1 Web analysis

We use the tool listed below to process data about your use of our website, with the aim of customizing the website to your needs as far as possible.

The tool used is Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

We use Google Analytics, a web analysis service of Google Inc. (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually stored and processed on a Google server in the EU.

Google uses this information to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can find further information on the use of data for advertising purposes by Google, setting and objection options on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when you use our partners’ websites or apps”), http://www.google.com/policies/technologies/ads (“Data use for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to show you advertising”) and http://www.google.com/ads/preferences (“Determine which advertising Google shows you”)

Recipient of the data: The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. The appropriate level of data protection for the transfer is guaranteed by standard contractual clauses in accordance with Art. 46 GDPR. Further information on the standard contractual clauses and appropriate guarantees can be found at https://privacy.google.com/businesses/processorterms/ .

Google acts as a processor and may only use the transmitted data to process specific orders, whereby compliance with data protection laws is contractually agreed.

Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).

As part of Google AdWords, we use what is known as conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking.

Cookies are small text files that the Internet browser stores on the user’s computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.

Each Google AdWords customer receives a different cookie. The cookies cannot be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your Internet browser under user settings. You will then not be included in the conversion tracking statistics.

The storage of “conversion cookies” takes place on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

You can find more information about Google AdWords and Google Conversion Tracking in Google’s privacy policy: https://www.google.de/policies/privacy/.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser.

If cookies are deactivated, the functionality of this website may be restricted.

 

3.2 Data processing in the context of our social media presence (e.g. for advertising purposes)

3.2.1 Social media plug-ins

We integrate so-called “social media plugins” on our website, which enable us to display interaction elements and content (such as text contributions, graphics, images and videos) from social media services. Through these plugins, data, including personal data, can be transferred to the providers of social media services and may be used by them.

If you visit our website and have therefore consented to data transmission, a direct connection is established between your browser and the server of the social media service provider.

We currently use social media plugins from the following services:

– Instagram/ Facebook:

The social networks Facebook.com and Instagram, operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), use so-called social plugins. These plugins can be recognized by one of the Facebook logos, for example the white “f” on a blue tile, the terms “Like” or “Gefällt mir” or a “thumbs up” sign, or they are marked with the addition “Facebook Social Plugin”. A list and the appearance of the Facebook social plugins can be viewed at https://developers.facebook.com/docs/plugins/.

When a user accesses a function of this online offering that contains such a plugin, a direct connection is established between the user’s device and Meta’s servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the online offering. User profiles can be created from the processed data. We have no influence on the scope of the data that Facebook collects with the help of this plugin and inform users according to our level of knowledge.

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offering. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. If the user interacts with the plugins, for example by clicking the “Like” button or posting a comment, the corresponding information is transmitted directly from their device to Facebook and stored there. Even if a user is not a member of Facebook, it is possible for Facebook to find out their IP address and store it. According to Facebook, only an anonymized IP address is stored.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the relevant rights and setting options for protecting the privacy of users, can be found in Facebook’s data protection information at https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about them via this online service and link it to their membership data stored on Facebook, they must log out of Facebook and delete their cookies before using our online service. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings at https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. These settings apply across all platforms for all devices, such as desktop computers or mobile devices.

3.2.2 Facebook/ Instagram (meta) (re)marketing:

In our online offering, we use so-called “Facebook pixels” of the social network Facebook, operated by Meta Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The Facebook pixel enables Facebook to determine the visitors to our website as a target group for the display of ads, so-called “Facebook ads”. We use the Facebook pixel to ensure that our Facebook ads are only displayed to users who have shown an interest in our website. In other words, we want to use the Facebook pixel to ensure that our ads correspond to the potential interest of users and are not perceived as annoying. The Facebook pixel also allows us to track the effectiveness of Facebook ads for statistical and market research purposes by determining whether users have been redirected to our website after clicking on a Facebook ad.

The Facebook pixel is integrated directly by Facebook when you visit our website and can store a so-called cookie, i.e. a small file, on your device. If you later log in to Facebook or visit Facebook while logged in, your visit to our website will be recorded in your profile. The data we collect is anonymous and does not allow any conclusions to be drawn about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile can be established. The data is processed by Facebook in accordance with Facebook’s Data Usage Policy. Further information on how the remarketing pixel works and how Facebook ads are displayed in general can be found in Facebook’s privacy policy: https://www.facebook.com/policy.php.

You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads. To do this, you can go to the relevant Facebook page and follow the instructions for setting usage-based advertising: https://www.facebook.com/settings?tab=ads or declare your objection via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings apply across all platforms, i.e. they are adopted for all devices such as desktop computers or mobile devices.

3.2.3 YouTube:

On our website, we use plugins from the YouTube service, which can display interaction elements or content such as videos, graphics or text contributions. Data may be transmitted to YouTube and used by YouTube, but only with your consent.

Cookies that are stored on your device by YouTube or Google depend on the privacy settings of your browser.

Further information on YouTube and details on data processing can be found in Google’s privacy policy at https://policies.google.com/privacy. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for data processing.

3.2.6 Data agreement for the use of newsletters

Purpose of data processing: After registering for our newsletter, you will receive regular e-mail information about us and our range of services. If you do not wish to receive any further communications from us, this is not a problem.

You can simply unsubscribe at office@jewishheritage.at or use the unsubscribe link in the newsletter.

Legal basis for data processing: Your data is processed on the basis of your consent.

Recipients of the data: In order to create and send the newsletter on our behalf, the following service providers receive your data:

 

4. data processing in the normal course of business

4.1 Data agreement during the establishment of contact:

Purpose of data processing: When you contact us, whether by e-mail, contact form or telephone, we process the information you provide only to the extent necessary to process your request or handle it.

Legal basis for data processing: Your data is processed as part of pre-contractual measures or to fulfill an existing contractual relationship. Alternatively, it is based on our legitimate interest, in particular for the organization of inquiry processing.

Recipients of the data: Your data will only be passed on if this is necessary to answer your request.

Further information: We store your data for as long as is necessary to process your request. In the event of the conclusion of a contract, the conclusion of a purchase, declarations of intent, etc. or for documentation purposes or follow-up inquiries, your data will be stored for a further seven years after the last contact with you.

Our emails are stored on the “Microsoft Exchange” server service, which is a Microsoft mail server service. The service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft also processes your data in the USA, among other places. OneDrive and Microsoft are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Microsoft also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Microsoft undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information on the standard contractual clauses at Microsoft at https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses

Our documents (contracts, notes, offers, research, etc.) are stored on the “Microsoft One-Drive & Share Point” server service, which is a file hosting service from Microsoft. The service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft also processes your data in the USA, among other places. OneDrive and Microsoft are active participants in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Microsoft also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the standard contractual clauses, Microsoft undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

You can find more information on the standard contractual clauses at Microsoft at https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses

4.2 Data agreement for the processing of events

Purpose of data processing:

If you register for an event or purchase online tickets, we process your data in order to process the registration, send tickets, ensure the organization and execution of the event (also for security reasons), answer your inquiries in connection with the registration and handle the formal aspects of the business cases within the scope of our business relationship.

Legal basis for data processing: Your data is processed to fulfill a contractual relationship.

Recipient of the data:

The following service providers receive your data in order to facilitate and coordinate the services, issue confirmations/tickets for our events and process payment:

– External service providers of Co-Victory GmbH that we need to fulfill your order (in particular tourist guides, tour guides, accommodations, transport companies and other tourist service providers).

– “Bókun”, Nóatún 17, 105 Reykjavík, Iceland, provider of the booking system that we use for online ticket bookings. The provider acts for us as a processor in accordance with Art. 28 GDPR and may only use your data to process the specific orders and is contractually obliged to comply with the statutory data protection regulations.

– “Stripe” from Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. Provider of an online payment service that we use to process payments for ticket bookings. Stripe is a data recipient that processes the information for payment processing. Further information can be found at https://stripe.com/at/privacy.

– “Tally.so”, a survey and form software from the provider Tally BV, August van Lokerenstraat 71, 9050 Ghent (Belgium). This company works for us as a processor for quality measurement and survey validation and may only use your data to process the specific orders and is contractually obliged to comply with the statutory data protection regulations. The appropriate level of protection for the transfer of data to Belgium according to https://tally.so/help/privacy-policy results from standard contractual clauses in accordance with Art 46 GDPR.

 

5. further information:

We only process your data for as long as is necessary for the fulfillment of the contractual relationship or due to legal obligations (e.g. retention obligations under tax and company law). As a rule, we store data for seven years.

Please note that photos and video recordings may be made during the event for documentation and media purposes (e.g. in journals, magazines, publications or on websites and social media platforms).

Images are processed on the basis of our legitimate interest in documenting and presenting our activities. When publishing images, care is taken not to violate the legitimate interests of the persons depicted.

 

6. your rights:

In principle, you have the right to information, correction, deletion, restriction, data portability and objection. To do so, please contact us in writing at office@jewishheritage.at or by post.

If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, thedataprotectionauthorityisresponsible.