+43 660 375 8455
office@roark.at

Data protection information

ROARK GmbH privacy notice under Articles 13 and 14 GDPR, including processing purposes, legal bases, and your data subject rights.

We would like to inform you about how ROARK GmbH processes your personal data, what rights you have in the area of ​​data protection and who you can contact if you have any questions about data protection.

Responsible person

ROARK GmbH
Bossigasse 24/8
1130 Vienna
Austria

Managing Director: Juliamarie Curto
Managing Director: Marcello Curto

Email: datenschutz@roark.at
Telephone: +43 660 375 8455

This website is operated by ROARK GmbH. We are responsible for the processing of your personal data. Further contact details can be found in Imprint.

Personal data is any data that could be used to personally identify you. This individual information includes your name or your contact details, such as telephone number, address and email address, but also your network address (IP address).

The European Union's General Data Protection Regulation (GDPR) regulates which processing of this data is permitted.

The information you provide regarding data collection and processing on your website is generally correctly formulated and reflects the requirements of the General Data Protection Regulation (GDPR), which also applies in Austria. However, here are some additional considerations and minor adjustments to keep in mind to make the description more precise and specific to the Austrian context:

What data is collected on this website?

1. Access data and log files

If you use this website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, only the data that your browser transmits to our server for technically necessary reasons will be collected. When you access our website, the following data is collected in particular, which is technically necessary to display the website to you:

  • IP address (network address): The IP address is only saved for specific reasons, such as suspected misuse or cyber attacks such as denial of service.
  • Address of the website you came from
  • Address of the retrieved files (access address = URL)
  • Date and time of a call
  • Operating system and browser version of your device (user agent)

Collecting data means that we (mainly our server) become aware of this data. Not all data collected is stored. IP addresses are only stored for a short time, if at all, for a maximum of five days, in order to secure the operation of this website and prevent misuse.

When using this data, we do not draw any conclusions about you personally. The information collected is only required for:

  • Ensuring a smooth connection to the website
  • Ensuring comfortable use of our website
  • Ensuring system security and stability
  • other administrative purposes

The statistical evaluation is only carried out using anonymized data sets in order to understand which posts were viewed and how often. So-called fingerprinting does not take place, as this would be equivalent to tracking your activities.

The legal basis for our data processing is Art. 6 Para. 1 f GDPR. The legitimate interest arises from the data collection purposes mentioned above. Server log file data is always stored separately from any personal information you provide. Merging this data is not possible.

2. Cookies

No cookies are used on our website. In particular, this means that we do not use tracking or advertising cookies to analyze your use of our website.

3. Hosting the website

As part of processing on our behalf, a third-party provider based within a country of the European Union provides us with the services of hosting and displaying the website. This includes infrastructure services, computing capacity, storage and database services, maintenance services and security services. We or our hosting provider process all data that arises when using our website, including:

  • Inventory data
  • Content data
  • Usage Data
  • Meta and communication data from interested parties and visitors to our online offering

In order to ensure the security and protection of your data, we have concluded an order processing agreement (AVV) with our hosting service provider in accordance with Art. 28 GDPR. This contract ensures that the data is processed in a manner that complies with the requirements of the GDPR and ensures the protection of your rights.

The processing is carried out on the basis of our legitimate interest in the efficient and secure provision of this online offer, in accordance with Art. 6 Para. 1 f GDPR in conjunction with Art. 28 GDPR.

4. Communication via email

If you contact us by email, your email address will be collected for technically necessary reasons based on our legitimate interest. This also applies if we write to you and have received your email address from you or from a public source.

Your email address and the content of your email will not be passed on to third parties unless this is necessary due to the occasion, requested by you, explicitly permitted or required by law.

How long is your data stored?

We process and store your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), in particular Article 17 (right to erasure) and Article 18 (right to restriction of processing). The data is only stored for as long as is necessary for the respective processing purposes.

As soon as the data is no longer needed for its original purposes, consent given is revoked or other permissions no longer apply, this data will be deleted. This always happens in accordance with legal requirements.

However, there are cases in which we are obliged to retain data for longer due to commercial or tax regulations. In such cases, we restrict processing and block the data for further use. The relevant legal retention periods in Austria include:

  • 7 years in accordance with Section 132 Paragraph 1 of the Federal Tax Code (BAO), for documents, accounting vouchers, records, business papers, outgoing invoices, confirmations of receipt, invoices and other tax-relevant documents.
  • 7 years in accordance with Section 212 of the German Commercial Code (UGB), for trading books, inventories, opening balance sheets, annual financial statements, management reports, consolidated financial statements and accounting documents, unless other specific regulations provide for longer periods.

In addition, it may be necessary to retain personal data for the period in which claims could be asserted against our company. This is based on the statutory limitation period, which in Austria is usually between three and thirty years, depending on the type of claim. According to Section 1489 of the General Civil Code (ABGB), the general limitation period for civil law claims is usually three years from the date of knowledge of the damage and the perpetrator.

In any case, we ensure that the processing of your data complies with the highest data protection standards and that your rights are protected at all times.

We process the data generated by visiting this website or using the contact options offered in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG). Depending on the issue for which you contact us via the website, there are different legal bases for this. The specific legal basis for data processing depends on the context in which and for what purpose we receive your data. As a rule, the legal basis for data processing arises from the following options:

  • Art. 6 Para. 1 lit. a GDPR serves as the legal basis for processing operations in which we obtain your consent for a specific processing purpose. You can revoke your consent at any time.

  • If the processing of personal data is necessary to fulfill a contract to which you are a party, the processing is based on Article 6 (1) (b) GDPR.

  • If we are subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Article 6 (1) (c) GDPR.

  • Processing operations that are not covered by any of the aforementioned legal bases may be based on Art. 6 Para. 1 lit. f GDPR. This legal basis is based on our legitimate interests, unless the interests, fundamental rights and freedoms of the person concerned outweigh them. This could be, for example, protecting our business interests or protecting the website from misuse.

Sharing your personal information with third parties

When you visit a website, IP addresses are automatically transferred to the server that provides the website. These IP addresses are always passed on to third parties if a third-party component (a script, an image, a font, another digital resource) is integrated into the website. Which components are integrated on this website are listed in this data protection notice. The recipients of your IP address or categories of recipients can also be derived from this.

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only share your personal information with third parties if:

  • You have given your express consent to this in accordance with Article 6 Para. 1 a GDPR,
  • the disclosure is necessary in accordance with Art. 6 Para. 1 f GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,
  • in the event that there is a legal obligation for the transfer in accordance with Article 6 Para. 1 c GDPR, as well as
  • This is legally permissible and necessary for the processing of contractual relationships with you in accordance with Article 6 Paragraph 1 b of the GDPR.

What data protection rights do you have?

You have the right

  • in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to complain, the origin of your data if it was not collected by us, as well as about the existence of automated decision-making including profiling and, if necessary, meaningful information on its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or completion of your personal data stored by us;
  • in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible;
  • In accordance with Art. 7 Para. 3 GDPR, you can revoke your consent to us at any time. This means that we are no longer allowed to continue the data processing based on this consent in the future;
  • 77 GDPR, without prejudice to any other administrative or judicial remedy, the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or the place of the alleged violation if you believe that the processing of personal data concerning you violates the GDPR.

Consent given can be revoked at any time. You will find revocation options at the appropriate place (e.g. in the newsletter or where consent is given). Unless you find a consent request (often referred to as a “cookie banner”), there are no legitimate processes on the website.

Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.

Here is the corrected text, adapted to Austrian law:

Applications

ROARK GmbH processes your personal data in the application process in accordance with Article 6 Paragraph 1 Letter b of the General Data Protection Regulation (GDPR) and Section 10 of the Austrian Data Protection Act (DSG). This includes your CV and further information about you, your motivation and your ideas about working with us. The processing serves the purpose of carrying out the application process and, if necessary, contacting you for questions or inviting you to further discussions.

If your application is followed up, your data will be further processed in accordance with Article 6 (1) (f) GDPR based on our legitimate interest. Irrelevant data is immediately discarded.

Additional information that goes beyond the standard application data is also used in accordance with Article 6 (1) (f) GDPR.

In the event of legal disputes, we use the necessary data to protect our rights in accordance with Article 9 (2) (f) GDPR.

After a successful application, your data will be included in your personnel file. If your application is unsuccessful, we will delete your data after four months, unless there is a mutual interest in future cooperation and you give your consent to the further storage of your data.

Events

You can register for our events (online or on site). The data you provide will be used in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR for the planning and implementation of these events, including the creation of participant lists.

For paid events, we also process your address and payment information in order to process payments in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR. We store the data for free events for three months unless you give us your consent to inform you about future events. In this case, your data will remain stored until you revoke this consent. For paid events, the storage period is ten years in accordance with tax regulations.

If you would like to receive information about future events, we need your separate consent in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR. You can revoke this at any time by sending an email to office@roark.at. If you no longer wish to receive any further information, we will store the minimum data necessary to ensure this in accordance with Article 6 Paragraph 1 Sentence 1 Letters f and c GDPR.

Photos and video recordings may be taken during the event for reporting and advertising purposes.

Changes to this privacy policy

We reserve the right to change this data protection information if the legal situation or this online offer or the type of data collection changes. However, this only applies to declarations on data processing. If the user's consent is necessary or components of the data protection information contain a regulation of the contractual relationship with users, the data protection information will only be changed with the user's consent.

Please inform yourself about this data protection information if necessary, especially if you provide personal data.