1. Scope of Application
1.1 Virnect Europe GmbH (hereinafter “Virnect”, “we”, “us”) at Austria Campus 2, Jakov-Lind-Straße 2, Stiege 1, 5.OG, 1020 Vienna, FN 579504, respects your privacy (“User” or “you”). This Privacy Policy applies to the provision of
a. the "SQUARS.io" website (“Website”);
b. the Services of SQUARS (“Services”), as SQUARS offers “Content Authoring & Result Sharing services”.
1.2 As the provision of the above-mentioned Website and Services (hereinafter jointly referred to “SQUARS Services”) may require processing of personal data by Virnect, such data processing activities are subject to the General Data Protection Regulation (“GDPR”) and the Austrian Data Protection Act (“DSG”).
1.3 This Privacy Policy provides information about the lawful processing of personal data carried out by Virnect. We use the terms set out in the GDPR. For better understanding, please find below the most relevant terms according to their legal definition.
· Personal data: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
· Processing: Any operation or set of operations which is performed on personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
· Data subject: The person whose personal data are processed.
· Controller: The natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
· Processor: The natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
· Consent (of the data subject): any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
· Personal Data Breach: The breach of security that, whether accidentally or unlawfully, results in the destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data that has been transmitted, stored, or otherwise processed.
2. Who is responsible for data processing Activities?
2.1 As for the provision of the SQUARS Services, Virnect is considered the data controller within the meaning of Art 4(7) GDPR.
2.2 You can reach Virnect at:
Virnect Europe GmbH (FN 579504)
Austria Campus 2, Jakov-Lind-Straße 2, Stiege 1, 5.OG
1020 Vienna
2.3 Should you have questions concerning the processing of your personal data,
please reach out to our Privacy Desk: [Contact us]
3. Virnect Processes your personal data for the following purposes:
3.1 Provision of the website and contact via the website
a. In order to be able to provide you with the Website (Art 6(1)(b) GDPR) and to be able to detect, prevent and investigate attacks on the Website (Art 6(1)(f) GDPR), we process the following personal data:
- URL;
- Date and time of the call of the Website;
- IP address of the used device;
- Name and version of the browser;
- Type of the browser and settings;
- Operating system; and
- Referral URL.
b. The legitimate interest of Virnect is to be able to detect, prevent and investigate attacks on the Website and thus ward off damage to Virnect and the users.
c. We store the above-mentioned personal data for as long as this is necessary to provide the SQUARS Services, respectively for the duration of the current contractual relationship. The personal data of the user will however be stored for a longer period despite the termination of the contractual relationship if this is necessary for the fulfilment of a legal obligation of Virnect (e.g. according to § 132 Abs 1 BAO; §§ 190, 212 UGB: 7 years) or as long as this is necessary to pursue or defend legal claims (as a rule for a maximum period of 3 years, however, a longer processing of the data may be necessary in the case of an emerging or concrete proceeding).
d. The provision of the above-mentioned personal data is voluntary. If you do not provide these personal data, you will not be able to use the SQUARS Services.
3.2 Registration and use of the SQUARS Services
a. In order to be able to provide you with the SQUARS Services, we process the following personal data (Art 6(1)(b) GDPR):
- Name and/or username;
- Password;
- Email address;
- Date and time of the registration;
- Payment data;
- Further information you voluntarily provide to us, in particular AR content generated by you when using the SQUARS Services.
b. We store the above-mentioned personal data for as long as this is necessary to provide the SQUARS Services, respectively for the duration of the current contractual relationship. The personal data of the user will however be stored for a longer period despite the termination of the contractual relationship if this is necessary for the fulfilment of a legal obligation of Virnect (e.g. according to § 132 Abs 1 BAO; §§ 190, 212 UGB: 7 years) or as long as this is necessary to pursue or defend legal claims (as a rule for a maximum period of 3 years, however, a longer processing of the data may be necessary in the case of an emerging or concrete proceeding).
c. Providing the above personal data is required for registration. You will not be able to register and therefore not able to use the SQUARS Services, if you do not provide the above personal data.
3.3 Handling of inquiries
a. We provide you with the possibility to contact us. In this case, the following personal data will be processed by Virnect for the purpose of answering the inquiry (Art 6(1)(f) GDPR):
- Name;
- Email address;
- Content of the inquiry;
- Time of the inquiry;
- Version of the Service/App;
- Device version and system language;
- OS version;
- Information about the browser (browser, version, resolution, color depth, language, operating system);
b. The legitimate interest of Virnect is to be able to answer inquiries of customers and potential customers and thus to provide a good customer service.
c. We store the above-mentioned personal data as long as it is necessary to answer the inquiry. The personal data will however be stored for a longer period if this is necessary to pursue or defend legal claims (as a rule for a maximum period of 3 years, however, a longer processing of the data may be necessary in the case of an emerging or concrete proceeding).
d. The provision of the above-mentioned personal data is voluntary. However, if you do not provide your personal data, we might not be able to respond to the inquiry.
3.4 Recruiting Process
a. We process the following personal data in order to be able to process applications and to organize the application process (Art 6(1)(f) GDPR):
- Name; Prefix; Suffix;
- Gender;
- Address;
- Date/place of birth;
- Driver´s license (yes/no);
- Email address;
- Telephone number;
- Citizenship;
- Position you apply for;
- Letter of application and application documents (diplomas, certificates, etc.);
- Type of application (e.g. email, LinkedIn etc.);
- Signature;
- Photo;
- Any other personal data provided by you during the application process.
b. We process the above-mentioned data on the basis of our legitimate interests according to Art 6(1)(f) GDPR which is to guarantee an efficient application process and to ensure that we fill our vacancies with suitable jop applicants.
c. Provided that you expressly consent within the application process (Art 6(1)(a) GDPR), we will hold on to your above-mentioned personal data in order to be able to consider and contact you for future job advertisements.
d. We store the above-mentioned personal data either (i) for the duration of the application process, however no longer than for 7 months or (ii) in case you consent to us holding on to your application for future consideration until you withdraw your consent. We store the above-mentioned personal data for a longer period, if this is necessary for the fulfilment of a legal obligation of Virnect (e.g. according to § 132 Abs 1 BAO; §§ 190, 212 UGB: 7 years) or as long as this is necessary to pursue or defend legal claims (e.g. in the case of an emerging or concrete proceeding).
e. The provision of the above-mentioned data is voluntary. If you do not provide us with these personal data, we may not be able to process your application.
3.5 Electronic advertising
a. We will send you electronic mail (by email, SMS, messenger, etc.) to promote Virnect's products or services (“Promotional Messages”) after you enter into a Contract (i.e. if you register to our SQUARS Service(s)).
b. You can object to receiving promotional messages at any time by sending us an e-mail stating your objection. We will also provide you with the opportunity to opt-out of receiving further promotional messages with each promotional message.
c. The legal basis for sending advertising messages is Section 174 (4) Austrian Telecommunications Act 2021 – TKG 2021.
a. You can subscribe to our newsletter (online) on our website.
b. The legal basis for sending the newsletter is Section 174(3) TKG 2021 in conjunction with Art 6(1) lit a DSGVO.
3.7 Legal prosecution
a. In the event of a dispute, the personal data necessary for the appropriate prosecution will be transmitted to legal representatives, courts, administrative authorities or similar.
b. In this context, we process in particular your contact details (e.g. first and last name, academic title, address) as well as other data related to the litigation in question (e.g. your conduct in relation to the use of the website).
c. We process the aforementioned personal data on the basis of our legitimate legal interests (Art 6(1) lit f DSGVO).
4. recipients of your personal data
In the course of our data processing, we transfer your personal data to the following recipients to the extent necessary: service partners, service providers, legal representatives, courts and administrative authorities as well as companies that are commissioned to support our internal IT infrastructure (software, hardware). Due to regular changes of the aforementioned third parties, it is not possible to name such third parties in our policy, however we are happy to provide you with an updated list upon request.
5. What rights do you have?
5.1 You have the right of access information under Art 15 GDPR, the right to rectification under Art 16 GDPR, the right to erasure under Art 17 GDPR, the right to restriction of processing under Art 18 GDPR, the right to object under Art 21 GDPR, the right not to be subject to automated decision-making in individual cases, including profiling, and the right to data portability under Art 20 GDPR. In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Art 77 GDPR). You can find more information about your rights at: Datenschutzbehörde
5.2 Should you have any questions about how Virnect processes your personal data, please contact our Privacy Desk at [Contact us].
5.3The competent supervisory authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna (https://www.dsb.gv.at/).
As a general rule, businesses need the user's to be allowed to send direct marketing information via SMA or email. However, if there is an upright business relationship between the user and the business, the business is allowed to send sms or emails about their own similar products and services to their customers, unless the user obejcts to it.
Therefore, it must be ensured that objections to electronic advertising are possible. A corresponding reference to the possibility of objection must be included in every sms or email.
1. What are cookies?
1.1 Cookies are small text files that collect and store data to identify specific individuals whenever they visit a website. As web servers cannot store data on their own, cookies are used to store limited information from a web browser session on a given website that can then be retrieved in the future. When a user visits a website, the domain creates a cookie and sends it to that user’s computer. The user’s browser stores that file, or cookie, which contains a unique ID that allows the website to identify them when they return to the site.
1.2 The website “SQUARS.io” uses cookies to recognize users or their end devices, to store user preferences (e.g., language settings) or information for the duration of surfing or in the event of a return to the website. Further, in case the user gave his/her consent, cookies are also able to analyse for example the user’s surfing behaviour on a website and to display behaviour-based advertising.
2. What types of cookies are there?
2.1 Differentiation according to the domain
2.1.1 First-party cookies are created and used on a single domain. In other words, they are not shared with other websites or advertising partners. First-party cookies are generally used to improve and personalize the user’s experience on a website.
2.1.2 Third-party cookies are set and read by domains of other service providers. Their primary function is to track user activity online and then display advertisements based on that activity.
2.2 Differentiation according to the storage period
2.2.1 Session cookies (session-id): Temporary cookies are automatically deleted when the browser is closed. Session cookies allow the recognition of the user's movements on the website so that information is retained.
2.2.2 Persistent cookies: Permanent cookies can be manually deleted or are deleted after a certain period of time. These cookies help the website to remember certain users and settings, e.g., language selection, menu preferences, internal bookmarks, or favorites.
2.3 Differentiation according to type of use
2.3.1 Technically necessary cookies : These cookies are essential to ensure the functionalities and features of a website and a web application and cannot be disabled as a user could otherwise not use basic features such as logging into a website or adding items to a shopping cart without such cookies (e.g. a shopping cart cookie, a cookie that stores the information about the submission/non-submission of your consent).
2.3.2 Analytics cookies: These cookies collect information to create statistics to better understand user behavior on the website and in the web application and to improve the application. Such cookies are also known as “performance cookies”.
2.3.3 Marketing/Tracking cookies: These cookies store information for creating user profiles for advertising purposes, or to track the user on a website or across several websites for similar marketing purposes.
3. Which cookies do we use?
|
Name |
Storage period and purpose |
Legal basis |
Categories of data processed |
|
|
_ga: 2 years to distinguish individual users; _gid: 24 hours to distinguish individual users; _gat: 1 minute to throttle request rate |
Virnect processes personal data of users on the basis of the user’s consent |
|
The cookie policy should be made available via separate link. The ToS should make reference to the cookie policy.
When cookies are used, the information requirements of Section 165 (3) of the Telecommunications Act 2021 (TKG 2021) must be met (as a special regulation in the area of electronic communications, these take precedence over the regulations of the General Data Protection Regulation (GDPR)).
Consequently, when cookies are used, Virnect as the operator of the website must inform the user which personal data it will process through cookies, the legal basis and the purposes for which this is done, and for how long the data will be stored.
The aforementioned information obligation applies to all cookies (as well as similar technologies). In addition, cookies (as well as similar technologies), which are not technically necessary cookies, require the consent of the user.
An examination of the website www.SQUARS.io has revealed that a tracker from "events.framer.com" is currently being used there.
In addition, it can be seen from the Terms of Service that Google Analytics is to be used. In addition, the Cookie Policy provides information about which cookies could be used in the future (e.g. YouTube, Twitter, Facebook, etc. and their associated advertising services). In this context, we would like to point out that the cookie policy, which is to be linked to in the cookie banner, must always inform about the data processing currently carried out by the website operator. Information about cookies that are currently not in use but may be used in the future is not transparent for the user and is therefore not permitted.
We have first included the information relevant to the use of Google Analytics. Please also see our additional comments on the use of Google Analytics in the commentary below.
If other cookies should be used on the website, the relevant information according to § 165(3) TKG 2021 must be added to this table. The cookies used by "events.framer.com", including the required information, must also be listed. Unfortunately, we do not have any more detailed information on the specific cookies used. In this case, we request that you consult with us.
Regarding the use of Google Analytics, in light of recent decisions by the Austrian data protection authority (as well as further decisions by other European data protection supervisory authorities), we would like to point out the following:
According to the decisions of the Austrian Data Protection Authority (DPA) of December 2021 as well as April 2022, the use of Google Analytics entails risks of a violation of the General Data Protection Regulation.
Should Virnect wish to continue using Google Analytics, we recommend taking the following steps in any case:
1) Obtaining the consent of the website user for data processing by Google Analytics: This requires the insertion of a corresponding risk notice and obtaining consent before data will be transferred to a third country with an insufficient level of data protection, such as the USA. We are happy to provide you with an appropriate text for the cookie banner upon request. Depending on the choice of technical provider (e.g. One Trust), the specific presentation methods differ here.
2) It should be checked that the contract (data processing agreement according to Art. 28 DSGVO) with Google regarding the use of Google Analytics with the company "Google Ireland Ltd" (and not Google Inc. or Google LLC., which are located in the USA) include the new standard contractual clauses with Google Ireland Ltd.
3) Activation of the anonymization functionality. Even if the above steps are taken, however, there remains a risk that data protection authorities would see a data protection violation in the use of the tool by Virnect in the course of an audit procedure
(see also https://www.dsb.gv.at/download-links/bekanntmachungen.html#Google_Analytics).
Please be aware that to this date, there is no decisions by the data protection authority on Google Analytics and whether the responsible party (website operator) relied on a validly obtained consent as the legal basis for the data transfer.
4. Consent to data processing & transfer of personal data to third country
This website uses cookies to recognize users, to store preferences or information for the duration of surfing or in the event of a return to the website.
Subject to the user‘s consent, cookies are also set to analyze the user’s surfing behavior on this website and to display behavior-based advertising.
Subject to the user‘s consent, personal data is transferred to processors based in the USA. According to the ruling of the European Court of Justice (C-311/18, Schrems II), there is no level of data protection in the USA that is adequate to level ensured by GDPR, especially since the EU-US Privacy Shield has been declared invalid. There is therefore a risk that your usage data may be accessed by US authorities, that this access may not be limited to what is absolutely necessary, and that you may not have any effective legal remedies against this.
Consent to the transfer of data to the USA is given by accepting all cookies and can be revoked at any time via your browser settings with effect for the future. You can find more information in our privacy policy and cookie information.