Data Privacy Statement

Thank you for visiting our website and for your interest in our services. The protection of your personal data is important to us. We process your personal data exclusively within the framework of the applicable data protection law; this includes in particular the provisions of the EU General Data Protection Regulation (hereinafter: “GDPR“) as well as the Austrian Data Protection Act (hereinafter: “DSG“). In the following, we would like to inform you about what personal data we collect and how we process it. 


§ 1 CONTROLLER 

The controller for the processing of your personal data is: Management Factory Corporate Advisory GmbH
Lothringerstr. 14
1030 Vienna
AUSTRIA
E-mail: office@mf.ag 

(hereinafter also referred to as “Management Factory“, “we“, “us“, “our“). 

Contact details of our data protection officer: Mag. Christian Egger, christian.egger@mf.ag

§ 2 DATA PROCESSING AND ITS PURPOSES 

In simple terms, “personal data” is information that allows conclusions to be drawn about your person. Specifically, this includes all information that relates to an identified (or identifiable) natural person. This includes, for example, your name, your date of birth, your address, your e-mail address, or your IP address. 

For ease of understanding, personal data is referred to in this privacy statement only as “data“.

2.1 Data processing in connection with the use of the website 

The use of our website, including access to the publicly accessible content on it, is generally possible without providing your personal data. Only the information provided by your internet provider is collected, including in particular the IP address assigned to you, browser type, internet service provider (ISP), your location, referring/exit pages, operating system, clickstream data, target page and referring URL as well as the duration and time of your visit. An evaluation is carried out exclusively for statistical purposes while preserving the anonymity of the individual users. 

This data is collected for the purpose of optimising our website and for security statistics and is therefore in our legitimate interest according to Article 6(1)(f) GDPR. This data is stored for a maximum of 3 months. 

2.2 Use of cookies 

Cookies are small text modules that are stored by a website on the user’s device. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the person concerned from other internet browsers that contain other cookies. A specific internet browser can be recognised and identified via the unique cookie ID. 

Through the use of cookies, we can provide you with more user-friendly services that would not be possible without the cookie setting. By means of a cookie, the information and offers on the website can be optimised for the benefit of the user. 

The following categories of cookies are distinguished: 

2.2.1. Data processing in connection with strictly necessary cookies 

These cookies are necessary to ensure basic functions of the website. When you use our website, we automatically collect the following data: IP address, location, browser plug-in types and versions, log-in data, operating system and platform, usage time information. This is necessary to provide basic functions of the website and to ensure full functionality and best possible display of the website on your end device. This data processing is therefore based on the legal basis of Article 6(1)(f) GDPR (our legitimate interests in the proper and fully functional operation of the website). 

2.2.2. Data processing in connection with analysis cookies & statistics cookies 

Analytics cookies allow us to analyse your usage behaviour. Statistics cookies allow us to collect data on the usual use of our website. The data processing associated with such cookies serves to better understand your user behaviour and to continuously optimise our offer. In addition to the data categories listed under point 2, your user behaviour is documented (e.g. which pages you look at and for how long) and it is derived from this which content interests you. In addition, the behaviour of all users is generally used to derive how our website is used in order to be able to continuously improve our offer. 

The use of statistics and analysis cookies only takes place if you have actively given your consent in accordance with Article 6(1)(a) GDPR. This consent is voluntary. You can always withdraw your consent (see point 9). If you do not give your consent, no statistics and/or analysis cookies will be used (the absolutely necessary cookies will be used independently – see point 2.2.1.). 

 § 3 DISCLOSURE OF PERSONAL DATA 

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only pass on your data to third parties if: 

  • you have given your consent within the meaning of Article 6(1)(a) GDPR (consent can always be withdrawn, see point 9); 
  • this is necessary for the processing of contractual relationships with you in accordance with Article 6 (1)(b) GDPR; 
  • in the event that there is a legal obligation for the disclosure in accordance with Article 6(1)(c) GDPR or in order to comply with an enforceable official order; or 
  • the disclosure is necessary in accordance with Article 6(1)(f) GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data. 

Some of the recipients mentioned above may be located outside of Austria or may process your personal data outside of Austria. The level of data protection in other countries may not be the same as in Austria. We therefore take steps to ensure that all recipients provide an adequate level of data protection. 

§ 4 LINKS TO OTHER WEBSITES 

Our website may contain, at certain points, links to other websites that are not under our control. These links are provided for information purposes only. If you click on one of these links, data about you may be collected by the operators of the respective websites. The data processing may differ considerably from the data processing described here (information on this can be found in the data protection declarations of the respective websites). We have no influence on these data processing operations and therefore accept no responsibility or liability whatsoever. Likewise, we do not assume any responsibility or liability for their contents. 

§ 5 NEWSLETTER

If you register for our newsletter on our website and give your consent in accordance with Article 6(1)(c) GDPR, we will use the data you provide separately (name and email address) in order to send you our email newsletter on a regular basis. Unsubscribing from the newsletter (i.e. revoking consent, see point 9) is possible at any time and can be done either by sending an e-mail to us or via the link provided for this purpose in the newsletter. After revoking your consent/unsubscribing from the newsletter, we will no longer send you a newsletter and will delete your data from our recipient list. 

For sending our newsletters we use eyepin, a service of eyepin GmbH, Billrothstraße 52, 1190 Vienna. Eyepin is a service with which, among other things, the dispatch of newsletters can be organised and analysed. The data you enter for the purpose of receiving the newsletter is stored on eyepin’s servers in the European Economic Area. If you do not want eyepin to analyse your data, you have to unsubscribe from the newsletter. We provide a link with which you can unsubscribe in every newsletter. 

With the help of eyepin, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked. In this way, we can determine, among other things, which links have been clicked on particularly often. 

The newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Such personal data collected via the tracking pixels contained in the newsletters and the newsletter tracking are stored and analysed by the controller in order to optimise the newsletter dispatch and to better adapt the content of future newsletters to the interests of the data subject. This personal data is not passed on to third parties. 

Data subjects are entitled at any time to withdraw the relevant separate declaration of consent submitted via the double opt-in procedure to unsubscribe from receiving the newsletter. After revoking, no further data will be collected and the address will be placed on a blacklist to document the unsubscription and prevent further mailings. 

For detailed information on the functions of eyepin, see the following link: https://www.eyepin.com/de/e-mail-newsletter.  

§ 6 CONTACT REQUESTS 

If you contact us by phone, e-mail or contact form, the data you provide will be used to process your enquiry. The processing is based on the legitimate interest pursuant to Article 6(1)(f) GDPR; our legitimate interest is to respond appropriately to customer enquiries; if the enquiry is aimed at concluding a contract, the processing can also be based on the legal basis pursuant to Article 6(1)(b) GDPR. Your data will be deleted if your enquiry has been conclusively answered and the deletion does not conflict with any statutory retention obligations, e.g. in the case of any subsequent contract processing. 

§ 7 DURATION OF STORAGE 

We only store your personal data for as long as is necessary to achieve the above-mentioned purposes or as required by law. We delete your data within the statutory deletion periods and therefore usually after a maximum of seven years (tax retention period). In addition, data could be retained within the statutory deletion periods as evidence for any legal disputes. Data retention is thus based either on the legal basis of of Article 6(1)(c) GDPR (if processing is necessary for compliance with a legal or statutory obligation to which we are subject) or on the legal basis of Article 6(1)(f) GDPR (if processing is necessary to protect our legitimate interests; e.g. as evidence for legal disputes). 

§ 8 DATA SECURITY 

The protection of your data is important to us. Therefore, we use appropriate security measures to protect the data we process against unauthorised access, collection, use, disclosure, copying, modification or deletion. 

§ 9 RIGHTS OF THE DATA SUBJECTS 

If your personal data is processed, you are a “data subject” within the meaning of the GDPR. You have the following rights vis-à-vis us as the data controller: 

Right of access: You can request information about whether we process personal data about you. If this is the case, you have a right of access to this personal data as well as to further information related to the processing (Article 15 GDPR). Please note that this right of access may be restricted or excluded in certain cases. 

Right to rectification: In the event that personal data about you is not (or is no longer) accurate or incomplete, you may request that this data be corrected and, if necessary, completed (Article 16 GDPR). 

Right to erasure or restriction of processing: If the legal requirements are met, you can request the erasure of your personal data (Article 17 GDPR) or the restriction of the processing of this data (Article 18 GDPR). However, the right to erasure pursuant to Article 17(1) and (2) GDPR does not apply, among other things, if the processing of personal data is necessary for compliance with a legal obligation (Article 17(3)(b) GDPR). In such a case, we will inform you accordingly. 

Right to object: For reasons arising from your particular situation, you may also object to the processing of personal data relating to you by us at any time (Article 21 GDPR). If the legal requirements are met, we will no longer process your personal data (see below for details). 

Right to data portability: You are entitled, under the conditions of Article 20 GDPR, to demand that we provide you with the personal data concerning you that you have provided to us in a structured, common and machine-readable format. 

Right of withdrawal: You have the right to withdraw your consent at any time. The revocation is only effective for the future; this means that the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation. 

Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority – in particular in the member state of your residence – if you are of the opinion that the processing of your personal data by us violates the GDPR. 

The supervisory authority responsible for us is: 

Österreichische Datenschutzbehörde (Austrian Data Protection Authority) 
Barichgasse 40-42   
1030 Vienna 
Austria / Europe 
Phone: +43 1 52 152-0 
E-mail: dsb@dsb.gv.at  

The website of the data protection authority is available at the following links: https://www.dsb.gv.at (German); https://www.data-protection-authority.gv.at (English). 

However, we recommend that you always direct a complaint to our Data Protection Officer in the first instance. 

Your requests concerning the exercise of your rights should, if possible, be addressed in writing to the address given in point 1. 

§ 10 CHANGES TO THIS DATA PRIVACY STATEMENT 

We will update our data privacy statement is updated from time to time. The current version of our data privacy statement is always available on our website.