+43 42 77 200 35 institut@umh.at

Privacy statement

Personal data

We, the Institute for Water and Environmental Improvement Ing. Bernhard Ratheiser GmbH, FN 372458 h, (hereinafter abbreviated to “UMH” or “we“, “us” respectively “our“), collect, store, process and transmit your personal data on our website for the purposes agreed with you or if there is another legal basis in accordance with the GDPR; this in compliance with data protection and civil law provisions.

We only collect personal data that is required for the implementation and processing of our services or that you have voluntarily provided to us.

Personal data is all data that contains information about the personal or factual circumstances of living people, for example master data such as name, address, e-mail address, telephone number, date of birth, age, gender, content data such as video recordings, photographs or voice recordings of people, traffic data for the purpose of forwarding messages, in particular access data such as identifier and password, other location data that indicate the geographical location of your telecommunications terminal equipment, for example, but also information that only allows identifying conclusions to be drawn about specific persons by comparing it with other data, such as the IP address, unique device ID, browser string data or other online identifiers.

Purposes and legal bases

We process your personal data that we collect in connection with our website for the following purposes:

  • To provide the ordinary website functions, such as the correct display of the website in your browser, but also monitoring of the IP addresses accessing the website and the web server behind it to be able to guarantee its function, by our Internet provider, A1 Telekom Austria AG, based in Austria (“A1”).
  • Legal basis: According to Art. 6 para. 1 lit. f DSGVO, we have a legitimate interest in making our website available to its visitors in a readable and usable form that is at least as weighty as your interest in keeping your IP address or other only identifiable data that we need to process in order to make our website available to you in this form. The same applies to A1’s legitimate interest in protecting the functionality and security of its server.
  • Possible consequences of non-provision: If you do not provide us with your IP addresses and the date of their access for this processing purpose, this may result in limited functionality of the website or even in its inaccessibility.
  • Logging on to our dealer website to access the information we offer there for dealers of our products, whereby we also store the access data assigned to you here in addition to your contact data.
  • Legal basis: fulfillment of a contract and pre-contractual measures according to Art. 6 para. 1 lit. b GDPR.
  • Possible consequences of non-provision: If you do not provide us with your data for this processing purpose, you will not be able to access the information provided for you.
  • Sale of products offered for sale on the website, whereby you provide us with your traffic and content data only when contacting us via e-mail, which we then store and process in the event of contract execution.
  • Legal basis: fulfillment of a contract and pre-contractual measures according to Art. 6 para. 1 lit. b GDPR.
  • Possible consequences of non-provision: If you do not provide us with your data for this processing purpose, you will not be able to access the information provided for you.
  • Assertion of own and defense of third-party legal claims, such as defense against liability claims, collection of outstanding purchase prices or enforcement of legal or contractual claims of UMH before courts and authorities.
  • Legal basis: According to Art. 6 para. 1 lit. f in conjunction with Art. 9 para. 2 lit. f DSGVO, we have a legitimate interest in using your personal data – if necessary – to assert, exercise or defend legal claims, which is at least as weighty as your interest in keeping the data used for this purpose confidential.
  • Possible consequences of non-provision: If you do not wish to provide us with your data for this processing purpose, we may safeguard this right in legal or administrative proceedings.
  • Statistical evaluation of visitor frequency with integration of A1 functions.
  • Legal basis: According to Art. 6 para. 1 lit. f DSGVO, we have a legitimate interest in having a small amount of personal data, which can only be traced back to you by means of linking with other data, evaluated by our Internet provider for statistical purposes in order to adapt our website to the needs and wishes of our visitors. This interest is at least as important as your interest in the confidentiality of your IP address or other data which can only be determined and which we process for this purpose or have processed by third parties.
  • Possible consequences of not providing: If you do not provide us with your data for this processing purpose, you will also not be able to benefit from the advantages of a website adapted to your needs.
  • Collection and storage of your data by our internet provider A1 to fulfill the legal mandates of our Internet provider according to the 12th section of the Telecommunications Act (TKG), for example to monitor telecommunications traffic according to § 94 TKG in accordance with the provisions of the Code of Criminal Procedure or to fulfill the storage obligation for traffic data according to § 99 TKG, for master data according to § 97 TKG, for content data according to § 101 TKG and for location data other than traffic data according to § 102 TKG.
  • Legal basis: According to Art. 6 para. 1 lit. f DSGVO, we have a legitimate interest in operating a website with an Internet provider that complies with the data protection provisions of the TKG and in enabling this provider to collect personal data within the scope of its legal mandates, which is at least as important as your interest in the confidentiality of the personal data collected in the process, especially since the interest of our Internet provider is based on a balancing of the interest in data protection protected by fundamental rights on the one hand and important public interests – such as the administration of criminal justice – on the other.

Your rights as a data subject

As a data subject, you have the right at any time to

  • Information under the contact options indicated at the end of the declaration about your personal data stored by us, its origin and recipients, the purposes and legal bases of data processing, as well as to receive a copy of the data records concerning you;
  • Correction including supplementation of the personal data stored by us;
  • Data transfer for processing by another controller, as far as technically possible, but otherwise in a common standard format;
  • Object to processing in certain cases, in particular in the case of direct advertising or if an important interest of ours in data processing no longer exists;
  • Restriction of processing in certain cases;
  • Deletion of incorrect or inadmissibly processed data and
  • Notification of your request for deletion to recipients of your personal data.

The above rights apply only insofar as they do not contradict any legal obligations applicable to us and – in the event of justified doubts – after any proof of your identity and verification of the proportionality of your request. If there are any changes to your personal data, we request that you notify us accordingly.

You have the right at any time to revoke any consent given in individual cases for the use of your personal data. Your request for information, cancellation, rectification, opposition and/or data transmission may be addressed to our address indicated at the end of this statement, reserving the right to verify your identity by appropriate means in case of doubt.

If you are of the opinion that the processing of your personal data by us violates applicable data protection law or that your data protection rights have been violated in any other way, you have the option of complaining to the competent supervisory authority. In Austria, the data protection authority is responsible for this.

Data security

Your personal data is protected by appropriate organizational and technical precautions, including at A1. These precautions relate in particular to protection against unauthorized, unlawful or even accidental access, processing, loss, use and manipulation.

Notwithstanding efforts to maintain a reasonably high level of due diligence at all times, it cannot be excluded that information you disclose to us via the Internet may be viewed and used by others.

Please note that we therefore accept no liability whatsoever for the disclosure of information due to errors in data transmission not caused by us and/or unauthorized access by third parties (e.g. hacking of website, database, email account or telephone, interception of faxes).

Processing of your data for a specific purpose

We will not process the data provided to us for purposes other than those covered by our contractual or pre-contractual contacts, by your consent or otherwise by a provision in accordance with the GDPR. Any further processing of your data for purposes other than those available and disclosed at the time of collection will only be carried out to the extent that it corresponds to a compatibility check. An exception to this is the further use for statistical purposes, provided that the data provided has been pseudo- or anonymized.

Recipients of your personal data

In order to fulfill your requests and orders, it is necessary to disclose your data to third parties. However, these are exclusively authorities and courts located in Austria, as well as our Internet provider A1, which is based and stores data in Austria.

Your data will only be disclosed on the basis of the GDPR, in particular for the fulfillment of your order or based on your prior consent.

None of the above-mentioned recipients of your personal data are located outside the EU in third countries or process your personal data there, for example via contract or subcontractors. The level of data protection in other countries may not correspond to that in Austria or other EU member states.

If, in individual cases, we do transfer your personal data to third countries, we either transfer it only to countries for which the EU Commission has decided that they have an adequate level of data protection, or we take measures to ensure that all recipients comply with an adequate level of data protection, to which end we agree with them before the data transfer. Standard Contractual Clauses (2010/87/EC and/or 2004/915/EC), or we will consider whether there is an exception applicable to the individual case, such as a necessity for the performance of the contract or your consent.

Data breach disclosure

We strive to ensure that data breaches are identified at an early stage and, if necessary, reported to you or the relevant supervisory authority without delay, including the respective categories of data affected.

Storage period of the data retention

We will not store data for longer than is necessary for the fulfillment of our contractual or legal obligations and for the purpose of their processing, but in particular for the defense of any liability claims.

While we generally only retain data for the purpose of conducting business with you until the contract has been fulfilled, we retain some of this data for a maximum period of up to 30 years for the purpose of asserting or defending warranty claims or claims for damages, insofar as we anticipate that such claims will arise in individual cases. Invoice data for the processing of purchases and other personal data contained in our books of account, on the other hand, are kept by us for 7 years from the end of the business year in which the calendar or business year ends for which the entry was made in the books or to which a voucher relates, due to the legal obligation pursuant to Section 132 (1) BAO.

Server log files

In order to optimize this website in terms of system performance, user-friendliness and the provision of useful information about our services, the website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes your Internet Protocol address (IP address), browser and language setting, operating system, referrer URL, your Internet Service Provider, and date/time.

As a matter of principle, this data is not merged with personal data sources that identify you. Nevertheless, we reserve the right to check this data subsequently and to establish a personal reference if we become aware of concrete indications of unlawful use.

Person responsible:
Institute for Water and Environmental Improvement
Ing. Bernhard Ratheiser GmbH, FN 372458 h
Sonnrainweg 4-5, 9554 St. Urban

Tel: +43 4277 200 35 0
Fax: +43 4277 200 35 20
email:
in******@um*.at

UID: ATU66860337
Competent supervisory authority: Carinthian Chamber of Commerce, Europaplatz 1, 9021 Klagenfurt am Wörthersee