With the following information, we would like to give you an overview of the processing of your personal data by us and your rights under data protection law. Which data is processed in detail and how it is used depends largely on the services used. For the sake of simplicity, we call xcon GmbH xcon for short, or xcon Group.
Data Protection Officer Franz Huemer
Dr. Herbert- Sperl- Ring 2
Telefon: +43(0)59 777 700
We process those personal data that we receive from you or from a third party commissioned by you in the course of our business relationship. In addition, we process – to the extent necessary for the provision of our service – personal data that we have permissibly received from other companies and service providers (order processors pursuant to Art. 28 DSGVO) in the xcon Group, from credit agencies, debtor directories or from publicly accessible sources (e.g. company register, land register, register of associations, media, Internet).
Relevant personal data includes your personal details as well as company data (name, address, contact details, date and place of birth, nationality), legitimation data (e.g. ID card data) and authentication data (e.g. specimen signature). In addition, this may also include order data (e.g. payment orders), data from the fulfillment of our contractual obligations, advertising and sales data, documentation data (e.g. consultation protocol), registry data, data on electronic business transactions (e.g. cookies, IP address) and other data comparable with the above categories.
We process personal data in accordance with the provisions of the European Data Protection Regulation (DSGVO) and the Data Protection Amendment Act 2018.
For the fulfillment of contractual obligations (Art. 6 para. 1 lit b DSGVO).
The processing of personal data (iSd Art. 4 No. 2 DSGVO) is carried out for the implementation of orders in the context of the implementation of our contracts with you or for the implementation of pre-contractual measures, which are carried out upon request. The purposes of data processing primarily depend on the specific product (e.g. mobile telephony, Internet, VoiP telephone systems, web hosting, electricity, gas) and may include, among other things, needs analyses, consulting, and the execution of transactions. Further details on data processing purposes can be found in the relevant contract documents and terms and conditions.
For the fulfillment of legal requirements (Art. 6 para. 1 lit c DSGVO).
The processing of personal data (iSd Art. 4 No. 2 DSGVO) is carried out for order implementation in the context of the execution of our contracts with you or for the implementation of pre-contractual measures, which are carried out upon request. The purposes of data processing primarily depend on the specific product (e.g. mobile telephony, Internet, VoiP telephone systems, web hosting, electricity, gas) and may include, among other things, needs analyses, consulting, and the execution of transactions. Further details on the data processing purposes can be found in the relevant contract documents and terms and conditions.
Based on your consent (Art. 6 para. 1 lit a DSGVO).
Insofar as you have given us consent to process your personal data for certain purposes (e.g. for advertising measures), the lawfulness of this processing is based on your consent. Consent given can be revoked by you at any time with effect for the future. The revocation of consent does not affect the lawfulness of the data processed until the revocation.
As far as necessary, we will process your data beyond the actual fulfillment of the contract to protect legitimate interests of MBA or third parties. Examples are:
Within the framework of the balancing of interests (Art. 6 para. 1 lit f DSGVO).
Testing and optimization of procedures for demand analysis and direct customer approach;
Advertising or market and opinion research, unless you have objected to the use of your data;
Assertion of legal claims and defense in legal disputes;
Ensuring IT security
Prevention and investigation of criminal acts;
Measures for building and facility security (e.g. access controls);
Measures for business management and further development of services and products
Within the xcon Group, those offices and employees receive access to your data that require it for the fulfillment of contractual, legal and supervisory obligations or on the basis of legitimate interests. In addition, service providers commissioned by us (order processors according to Art. 28 DSGVO) receive your data insofar as this is required for the fulfillment of the respective service. These are companies in the categories of IT services, logistics, telecommunications, debt collection, advice and consulting, and sales and marketing. All order processors and sales partners are contractually bound to secrecy about all facts of which they become aware and must treat your data confidentially.
Within the group of companies, your data may be passed on to the companies of the MBA Group [supplemented by own holdings (service providers, branches, etc. ….] for administrative reasons, for risk management due to legal or official obligations, or because the processing of customer data is necessary.
With regard to the transfer of data to other third parties, we inform you that as an Austrian company in the B2B segment, we are obliged to maintain confidentiality about all customer-related information and facts that come to our knowledge in connection with our business relationship. We may therefore only pass on your personal data if you have expressly confirmed this to us in writing in advance or if legal, contractual or regulatory provisions oblige and authorize us to provide information.
A data transfer to countries outside the European Union (so-called third countries) takes place if this is necessary for the execution of your orders, is required by law or you have given us your express consent. We will inform you separately about details, if required by law.
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. It should be noted that our business relationship is a contractual relationship that is intended to last for several years. If your personal data are no longer required for the fulfillment of contractual obligations, they will be deleted regularly, unless their temporary further processing is necessary for the fulfillment of commercial and tax retention periods, which arise, among others, from the
Company Code (UGB), among other things. The retention and documentation periods specified there are five to seven years.
In addition, the statutory periods of limitation for the purpose of preserving evidence are decisive for the storage period, which, for example, according to the General Civil Code (ABGB) can generally be three years, but in certain cases can also be up to 30 years.
Every data subject has the right of access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), data portability (Article 20 GDPR) and the right to object to data processing (Article 21 GDPR).
You may revoke your consent to the processing of personal data at any time. This also applies to declarations of consent that you have given us before the applicability of the GDPR. Please note that the revocation is only effective for the future. Processing that took place before your revocation is not affected.
If you believe that the processing of your personal data does not comply with data protection law, please contact us to clarify your concerns.
In addition, you have the right to bring your concerns regarding the processing of your personal data to the supervisory authority.
Within the scope of our business relationship, you must provide those personal data that are necessary for the establishment and execution of a business relationship and the fulfillment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order, or will no longer be able to perform an existing contract and may have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the performance of the contract or that is not required by law or supervisory regulations.
In particular, we are obliged to identify you before the establishment of the business relationship, for example by means of your passport, and to collect your name, date of birth, nationality and residential address. In order for us to comply with this legal obligation, you must provide us with the necessary information and documents and notify us immediately of any changes that occur in the course of the business relationship. If you fail to provide us with the necessary information and documents, we may not enter into the business relationship requested by you.
For the establishment and implementation of the business relationship, we generally do not use fully automated decision-making pursuant to Article 22 DSGVO. Should we use these procedures in individual cases, we will inform you about this separately, insofar as this is required by law.
In particular, we are obliged to identify you before the establishment of the business relationship, for example, on the basis of your passport and to collect your name, date of birth, nationality and residential address. To enable us to comply with this legal obligation, you must provide us with the necessary information and documents and notify us without delay of any changes that occur in the course of the business relationship. If you fail to provide us with the necessary information and documents, we may not enter into the business relationship requested by you.
Ongoing information on data protection can be found at any time at www.xcon.at/dataprotection
Ongoing information on data protection can be found at any time at www.xcon.at/dataprotection