As the operator of this website and as the “responsible entity” within the meaning of the General Data Protection Regulation (GDPR)
and the data protection amendment act (DSG 2018) we take the protection of your personal data very seriously. We hereby inform you about the
processing of your personal data and your data protection claims and rights.
The responsible entity within the meaning of the General Data Protection Regulation (GDPR) is:
NEXT Vertriebs- und Handels GmbH
Liebenauer Tangente 4
The use of our website is possible to a limited extent without the provision of any personal data. If personal data are collected on our pages or forms, this is done on a voluntary basis as far as possible.
The legal basis of the data processing
We process your data to fulfil contractual obligations (Art 6 para 1b GDPR), within the scope of your consent / registration (Art 6 para 1a GDPR) and,where necessary, to comply with legal obligations (Art 6 para 1c GDPR). Furthermore, we have the right to process your data to safeguard legitimateinterests (Art 6 para 1f GDPR), for the purposes of advertising or market and opinion research, if you have not objected to their use in accordance with Art 21 GDPR.
Data use and data Transfer
Within NEXT Vertriebs- und Handels GmbH your data are transmitted to those offices/staff members who require them to meet contractual obligations and obligations consented to as well as legal obligations or for legitimate interests. In addition, we pass on your data to order processors commissioned by us, if they need these data to fulfil the respective contractual services. All order processors are contractually obligated to treat your data confidentially and only process them within the agreed framework. The data are not passed on to third countries. The data are also not used for automated decision-making.
Categories of order processors
Order processors (e.g. IT and back office service providers) commissioned by us and sales partners receive your data if they require the data to fulfil their respective contractually agreed service. All order processors and sales partners are contractually obligated to treat your data confidentially and only process them as part of the service provision.
Where a legal or regulatory obligation is in place, public bodies and institutions as well as our owners may be recipients of your personal data.
The following categories of order processors exist: Providers in general, IT service providers, telecommunications service providers
We only process data which users have previously published on social media voluntarily.
Duration and place of data storage
All data and posts are automatically removed from the system and deleted from the servers after 18 months; when a user deletes a post from his account, this post will also be deleted from the board promptly and irrevocably, i.e. when we next check our servers. In addition, you can request the deletion of a post simply and easily by sending an email to firstname.lastname@example.org; this request will be processed as quickly as possible. The tool/software runs on the Amazon computer centre in Frankfurt, Germany; i.e. within the European Union.
In addition, we process your personal data, where required, for the entire duration of the service provision and beyond in accordance with the legal retention periods and documentation obligations. These are based, among other things, on the Austrian commercial code (UGB), the federal fiscal code (BAO) and the general civil code (ABGB).
When you contact us (by contact form or email) the user’s information will be used to process the contact inquiry and its processing in accordance with Art. 6 para. 1 lit. b) GDPR. The user’s information can be stored in our customer relationship management system (CRM system) or a similar inquiry organisation system. We delete inquiries if they are no longer required. We check whether this is necessary every two years; inquiries from customers who have a customer account will be stored permanently, and we refer to the information about the customer account regarding their deletion. Where there are legal archiving obligations, the data are deleted after their expiry (end of commercial retention period (6 years) and fiscal retention period (10 years)).
Online social media presence
We have an online presence on social media networks and platforms where we communicate with customers, prospective customers and users and inform them about our services. When users access these networks and platforms, the terms of business and the data processing guidelines of the respective operators apply.
Unless otherwise specified in our data protection declaration, we process the data of users when they communicate with us on the social networks and platforms (e.g. publish posts on our online pages or send us messages)
Server log files
The technical provider of our web pages is Grizzly Creative GmbH, Mondscheingasse 6, 8010 Graz. They automatically collect and store information which your browser automatically transmits to us in so-called server log files.
- Browser type/browser version
- Operating system used
- Referrer URL (the page previously visited)
- Host name or IP address of the accessing computer
- Time of server request
These data cannot be used to identify a person. These data cannot be merged with other data sources. We reserve the right to retrospectively check these data if there is concrete evidence of illegal activity.
Integration of Services and third-party content
As part of our online offerings we may integrate third-party content such as YouTube videos, maps of Google Maps, RSS feeds or graphics from other websites. This always means that the provider of this content (hereinafter referred to as “third-party provider”) becomes aware of the user’s IP address. Because without the IP address, the content cannot be transmitted to the user’s browser. This means that the IP address is required to display this content. We endeavour to only use content where the respective provider only uses the IP address to deliver their content. However, we have no influence over whether the third-party provider uses the IP address for statistical purposes for example. Insofar as we are aware of this, we will inform the user.
Data protection declaration for the use of Google Analytics
This website uses features of the web analytics service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. Cookies are text files that are stored on your computer and that allow the analysis of the use of the website. The information generated by the cookie about your use of the website will usually be transmitted to and stored by Google on servers in the USA.
You can find more information about how Google Analytics handles user data in the data protection declaration of Google: https://support.google.com/analytics/answer/6004245?hl=de
You can prevent the installation of cookies by selecting the appropriate settings in your browser; please note, however, that in this case you may not be able to use all the features of this website. You can additionally prevent the collection of data produced by the cookie and associated with your use of the website (including your IP address), its transmission to, and its processing by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
Objection to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie is set, which prevents the future collection of your data when visiting this website: Disabling Google Analytics
Order data processing
We have entered into an order data processing contract with Google and fully comply with the strict provisions of the data protection authorities
when using Google Analytics.
We use the “activation of the IP anonymisation” feature on this website. This means that your IP address will be stored by Google in shortened form within Member States of the European Union or in other states that are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to analyse your use of the website, compile reports on website activity and provide the website operator with other services related to website usage and internet activity. The IP address sent by your browser as part of Google Analytics will not be associated by Google with any other data. By using this website users give their consent to the processing of data collected by Google about them in the manner described above and for the aforementioned purpose.
This website uses Google AdSense, a service for the integration of advertisements of Google Inc. (“Google”). Google AdSense uses “cookies”, which are text files placed on the user’s computer to help analyse the use of the website. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons enable the analysis of information such as visitor traffic on the pages of this website.
The information about how you use this website that is generated by a cookie and web beacons (including your IP address) is transmitted to a server of Google in the US and stored there. Google may pass on this information to contractual partners of Google. Google will not associate your IP address with your other stored personal data.
Users can adjust their browser software to prevent the installation of cookies; however, the provider would like to point out that should the user do this, it may not be possible to use all the features of this website to their full extent. By using this website users give their consent to the processing of data collected by Google about them in the manner described above and for the aforementioned purpose.
Data protection declaration for the use of Facebook plugins (Like and Share button)
Our website uses plugins provided by the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can identify Facebook plugins by the Facebook logo or the “like” button on our website. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/.
When you visit our website, a direct connection between your browser and the Facebook server is established by means of the plugin. This enables Facebook to receive the information that you have visited our website from your IP address. If you click on the Facebook “like” button while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate the visit to our website to your user account. We must point out that, as operators of this website, we have no knowledge of the content of the data transmitted to Facebook and how Facebook uses that data. For more information, please see the data protection statement of Facebook at http://de-de.facebook.com/policy.php.
If you do not wish Facebook to associate your visit to our web pages to your Facebook account, please log out of your Facebook account.
Data protection declaration for the use of Twitter
The features of Twitter are integrated on our web pages. These features are made available by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use Twitter and the “re-tweet” feature, the web pages visited by you are linked to your Twitter account and other users are notified. In doing so, data are also transmitted to Twitter. We must point out that, as operators of this website, we have no knowledge of the content of the data transmitted to Twitter and how Twitter uses the data. For more information about the data protection declaration of Twitter go to http://twitter.com/privacy.
You may change your Twitter data privacy settings in your account settings at http://twitter.com/account/settings.
Data protection declaration for the use of Instagram
The features of Instagram are integrated on our web pages. These features are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, then by clicking the Instagram button you can link the contents of our web pages to your Instagram profile. This allows Instagram to associate the visit to our website with your user account. We must point out that, as operators of this website, we have no knowledge of the content of the data transmitted to Instagram and how Instagram uses the data.
For more information about the data protection declaration of Instagram, go to: http://instagram.com/about/legal/privacy/
Data protection declaration for the use of CloudFlare
Below, we provide you with information about the content of our newsletter, about the registration, transmission and statistical evaluation procedures as well as about your rights of objection. By subscribing to our newsletter, you agree to receiving it and to the procedures described.
Content of the newsletter: We send our newsletters, emails and other electronic notifications with advertising content (hereinafter “newsletter”) only with the consent of the recipient or a legal permission. If, when you subscribe to the newsletter, its specific consent is described, then this is decisive for the consent of the user. In addition, our newsletters contain information about our products, offers, campaigns and our company.
Double opt-in and logging: The registration for our newsletter is subject to a so-called double opt-in procedure. This means that once you have signed up, you will receive an email asking you to provide confirmation. This confirmation is required so that nobody can sign up using someone else’s email address. The newsletter signing up processes are logged in order to be able to show that the signing up process complies with legal requirements. This includes the storage of the time of registration and the time of confirmation as well as the IP address. Similarly, changes to the data stored with the service provider are also logged.
Shipping service provider: The newsletter is sent out via Auth Mailer, Kuninkaankatu 22, FI-33210 Tampere, FINLAND, hereinafter referred to as “shipping service provider”. You can view the data protection regulations of the shipping service provider here: http://www.authmailer.com/public/privacy.
Furthermore, the shipping service provider (according to information provided by them) may use these data in pseudonymous form (i.e. without identifying a user) to optimise or improve their own services, such as to technically optimise the shipping and presentation of the newsletter or for statistical purposes, to ascertain which countries the recipients are from. However, the shipping service provider does not use the data of our newsletter recipients to write to them himself or to pass them on to third parties.
Registration data: To sign up for the newsletter, all you need to do is provide your email address. You have the option of providing us with your name so that we can address you by your name in the newsletter.
Performance measurement – The newsletters contain a so-called “web beacon”, which is a pixel size file that is retrieved from the server of the shipping service Provider when the newsletter is opened. As part of this retrieval, technical information is initially collected, such as information about the browser and your system, as well as your IP address and the time of retrieval. This information is collected for the technical improvement of the service based on the technical data or the target groups and their reading behaviour using their retrieval locations (which in turn can be determined using the IP address) or access times. Statistical data collection also means determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, neither we nor the shipping service provider have any intention of monitoring individual users. Rather, the analyses help us identify the reading habits of our users and to adjust our content to them or to send different content in line with the interests of our users.
The sending of the newsletter and the performance measurement is carried out on the basis of the recipient’s consent in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with section 107 para. 2 telecommunications law (TKG) or on the basis of the legal permission in accordance with section 107 para. 2 and 3 telecommunications law (TKG).
The logging of the registration process is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR and allows us to prove your consent to
receiving the newsletter.
Termination/Revocation – You can terminate your subscription to the newsletter at any time, i.e. revoke your consent. To terminate the newsletter, you click on the link at the end of each newsletter. When users have registered for the newsletter and terminated this registration, their personal data will be deleted.
Social Wall Snapshotboard
On our website we use the Social Media Wall Snapshotboard by Grizzly New Technologies GmbH, Mondscheingasse 6, 8010 Graz. You can identify this tool by the link to content on Facebook, Instagram, YouTube and on some other social media platforms. Facebook content and the content of other social media platforms are integrated into our website; when a page is loaded, a plugin creates a direct connection between your browser and the respective servers of third-party providers. Via this connection, browser-specific data can be transmitted and third-party cookies of Facebook or other social media platforms can be stored, which can identify the user’s browser, among other things. We must point out that we, as the operator of the web pages, have no knowledge of or way of checking the full content of the data transmitted and linked or how Facebook and other social media platforms use them. For more information about this service, please consult the data protection declaration of the respective Snapshotboard.
Web push notifications
Web push notifications can be sent only with the explicit permission of the user. The unique transmission key is securely stored in a database without any personal data being associated with that key. Users who have consented to such a push notifications can revoke their consent without the involvement of the sender by revoking this permission in the settings menu of their browser. As soon as the consent is revoked, the key automatically becomes invalid and the sender is not able to send further notifications.
Integration of services and third-party content
In our online offerings, based on our legitimate interests (i.e. interest in the analysis, improvement and economical operation of our online offerings within the
meaning of Art. 6 para. 1 lit. f. GDPR) we use third-party content and services to integrate their contents and services, such as videos or fonts (hereinafter referred to as “content”). This always means that the third-party provider of this content becomes aware of the IP address of the users, because without the IP address they would not be able to send content to their browser. This means that the IP address is required to display this content. We endeavour to only use content where the respective provider only uses the IP address to deliver their content. Furthermore, third-party providers can use so-called pixel tags (invisible graphics, also called “web beacons”) for statistical and marketing purposes. These pixel tags enable the analysis of information, such as visitor traffic on the pages of this website. In addition, the pseudonymous information can be stored in cookies on the user’s device and, among other things, obtain technical information about the browser and the operating system, referring websites, time of visit and other information about the use of our online offerings and be linked to such information from other sources.
Below, you find an overview of third-party providers as well as their content, including links to their data protection declarations, which contain further information about the processing of data and, some of which is already mentioned here, appeal options (opting out):
– If our customers use the payment services of third parties (such as PayPal or instant transfer), the terms and conditions and the data protection notice of the
respective third-party provider apply, which can be accessed on their website or transaction application.
– External fonts of Google, LLC., https://www.google.com/fonts (“Google Fonts”). Google Fonts are integrated by server call to Google (usually in the US).
Data protection declaration: https://policies.google.com/privacy,
Opting out : https://adssettings.google.com/authenticated.
– Maps of the “Google Maps” service by the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA are provided.
Data protection declaration: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
– Videos of the “YouTube” platform of the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Data Proton : https://policies.google.com/privacy,
Opting out: https://adssettings.google.com/authenticated.
Right to information, correction, deletion, restriction
You have the right to request information at any time about your stored personal data, data source and data recipients and the purpose of the data processing as well as a right to correction, deletion or restriction of these data. You also have the right to appeal against their processing as well as the right to data portability. You are not required to give your consent to the processing of data which are not relevant or legally required for contract fulfilment.
If you have any more questions about data protection, please feel free to email our data protection officer on email@example.com or send a letter to Energie Steiermark AG, z.H. Datenschutzbeauftragter, Leonhardgürtel 10, 8010 Graz.
You also have the right to file a complaint with the Austrian data protection authority, Wickenburggasse 8, 1080 Vienna.
Adaptions of these terms
We can adapt these data protection terms if required. The binding and up-to-date information is available on this website under menu item “data protection regulations” in the footer.