Since the protection of your personal data is very important to us, we strictly adhere to the legal provisions of the Data Protection Act and the GDPR when collecting and processing your personal data.
1. personal data
The use of our website is generally possible without providing personal data. However, different regulations may apply to the use of individual services, which we will point out to you separately.
Personal data is any information relating to an identified or identifiable natural person. This includes, for example, your name, your address, your telephone number or your date of birth, but also your IP address or geolocation data that allow a conclusion to be drawn about you.
2. collection and processing of personal data on our website
Personal data is processed by us in the context of the operation of our website only if you provide it to us voluntarily, for example, when you register with us, enter into a contractual relationship with us or otherwise contact us. This is exclusively contact data and information about the concerns with which you approach us.
We use the personal data provided by you only to the extent necessary to fulfill the respective purpose of the processing (e.g. registration, sending newsletters, sending information material and advertising, answering a question, enabling access to certain information) and as permitted by law (esp. according to Art. 6 or Art. 9 GDPR).
The purpose of processing your data is the operation of our website and the targeted provision of specific information regarding the EUREKA Transnational Lightweighting Call.
Any further use of your data will only take place if you have expressly consented to it beforehand, if we need your data to fulfill a contract concluded with you, or if we are obliged to store it due to a legal provision. You can revoke any consent given – as explained in detail below – at any time for the future.
3. storage period
Data that you have provided to us exclusively for customer service or for marketing and information purposes will generally be stored until three years after our last contact. However, if you wish, we will also delete your data before this period expires, provided that there is no legal obstacle to this.
In the event of a contract being initiated or concluded, we will process your personal data after the contract has been fully processed until the expiry of the warranty, guarantee, limitation and statutory retention periods applicable to us, and furthermore until the end of any legal disputes in which the data is required as evidence.
4. data transmission
As a matter of principle, your data will not be transferred to third parties unless we are legally obligated to do so, the transfer of data is necessary for the implementation of a contractual relationship concluded between us, or you have previously given your express consent to the transfer of your data.
External order processors or other cooperation partners will only receive your data insofar as this is necessary for the processing of the contract, we have a legitimate interest in doing so, which we always disclose separately in the event of an occasion, or insofar as this is necessary due to special standards, with your consent.
We do not sell or otherwise market your personal data to third parties. If our contractual partners or order processors are based in a third country, i.e. a state outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
If one of our processors comes into contact with your personal data, we ensure that they comply with the provisions of data protection laws in the same way as we do.
b. Data transfer to the USA?
We occasionally offer some services in the course of which a data transfer to the USA takes place or may take place. However, in order to use these services – unless there is another justification, such as the fulfillment of contractual obligations – it is necessary that you consent to the use of your data collected via these services, if necessary also in the USA (Art. 49 para. 1 lit. a GDPR).
We record this consent – depending on the service – via our cookie banner or separately by corresponding declaration of consent directly before the use of an offered service.
Your consent is required because, according to recent decisions by authorities and courts and the case law of the ECJ, the USA is not certified as having an adequate level of data protection in the processing of personal data (C-311/18, Schrems II). In particular, these decisions by authorities and courts critically point out that access by U.S. authorities (FISA 0702) is not comprehensively restricted by law, does not require approval by an independent authority, and no relevant legal remedies are available to the data subjects in the event of such interventions.
We have no direct influence – apart from the contracts concluded with US service providers – on access by US authorities to personal data transferred to service providers in the USA when using these services. Even if we assume that our service providers take the necessary steps to ensure the promised level of protection in accordance with the contractual agreements concluded with us, access by US authorities to data processed in the USA is nevertheless conceivable.
We therefore request your consent to the processing of data in the USA before using such services. We will point out separately for each service or application that there is a possibility of data transfer to the USA.
5. our online services
We use numerous technical and organizational security measures to protect your personal data against manipulation, loss, destruction and against access by unauthorized persons. Our security measures are continuously improved in line with technological developments on the Internet. If you would like more information about the type and scope of the technical and organizational measures we have taken, we will be happy to provide you with corresponding written inquiries at any time.
7. your rights
Pursuant to the EU GDPR and the Austrian Data Protection Act, you as a data subject of our data processing have the following rights and may exercise the following remedies:
- Right to information (Art. 15 GDPR)
As a data subject of the above-described and other data processing, you have the right to request information as to whether and, if so, which personal data about you are being processed. For your own protection – so that no unauthorized person receives information about your data – we will verify your identity in an appropriate form before providing information.
- Right to rectification (Art. 16) and deletion (Art. 17 GDPR)
You have the right to request without undue delay the rectification of inaccurate personal data concerning you or – taking into account the purposes of the data processing – the completion of incomplete personal data as well as the deletion of your data, provided that the criteria of Art. 17 GDPR are met.
- Right to restriction of processing (Art. 18 GDPR)
You have the right to restrict the processing of all collected personal data under the legal conditions. As of the restriction request, this data will only be processed with your individual consent or for the assertion and enforcement of legal claims.
- Right to data portability (Art. 20 GDPR)
You may request the unimpeded and unrestricted transfer of personal information that you have provided to us to you or to a third party.
- Right of objection (Art. 21 GDPR)
You may object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is necessary for the purposes of protecting our legitimate interests or those of a third party. Your data will no longer be processed after objection, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. You may object to data processing for the purpose of direct marketing at any time with effect for the future.
- Revocation of consent
If you have separately given your consent to the processing of your data, you may revoke this consent at any time. Such revocation affects the permissibility of processing your personal data after you have expressed it to us.
If you take steps to assert your rights under the aforementioned General Data Protection Regulation, BizUp will take a position on the requested action and/or comply with the request without undue delay, but no later than one month after receipt of your request.
We will respond to all reasonable inquiries free of charge and as quickly as possible within the legal framework.
Requests concerning a breach of your right of access or your rights to confidentiality, rectification or erasure should be addressed to the competent data protection authority. Their contact details are as follows:
Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna
8. contact information/contact person
a. Contact information of the controller
Business Upper Austria – OÖ Wirtschaftsagentur GmbH
A-4020 Linz, Hafenstraße 47-51
FN 89326m, Landesgericht Linz
b. Contact information of the data protection officer
Mag. Philipp Summereder
Summereder Pichler Wächter Rechtsanwälte GmbH
Dr. Herbert-Sperl-Ring 3, A – 4060 Leonding
firstname.lastname@example.org | +43 732 272887 | www.spwr.at
Version: January 2023