1. Processing activities
Provision of information about soil profiles and surrounding images.
Provision of information about soil profiles and surrounding images.
about soil profiles and surrounding images via a publicly available archive. The processing of data takes place in the range of the foundation of freedom of press, freedom of opinion and freedom of communication, which is backed by conventional and constitutional rights (Art 13 StGG; Art 10 EMRK).
b) Online access to information about services of the controller
c) ) Provision of communication channels to spread the contents and to service the customer relation
d) Provision of a newsletter and other notifications (e.g. about new entries) based on the customers consent with the possibility to opt out at any time
e) spreading of (also advertising) information about services and events of the controller in the means of direct advertising (marketing purposes), as far as legally permitted
f) preservation and raising of customer satisfaction and customer loyalty via analysis of the user behavior (utilizing Google Analytics) aiming to improve the services
g) operation of an archive about soil profiles
h) transfer of user’s electronic identification data to third parties to enrich editorial contents with contributions from social media (e.g. youTube) and other applications (e.g. Google Maps).
1) Performance of the contract: The use of the online media of the controller is based on a contract according to Art 6 (1) (b) GDPR. With the registration a registration relationship is established.
2) Additional services: Consent. For single services (e.g. newsletter) the controller explicitly asks the customer for consent. This consent can be revoked at any time with future effect.
3) Overriding legitimate interests (see point 5)
The controller will store the IP-addresses of its customers for a period of 14 days to protect against targeted attacks in the form of server overloads („denial of service“-attacks) and other damages to the systems. The controller has an overriding legitimate interest in such data processing in order to maintain the functionality of its online services (recital 49 GDPR).
The controller operates an online retrievable archive to present soil profiles and surrounding images. Users all over the world can submit their data there. So they can complete the pedigrees and keep them updated. There is public interest in the contents of the archive according to Art 5 (1) (b) GDPR.
The controller uses external fonts from Adobe Fonts (Adobe Typekit). The utilization of Adobe Fonts is in the interest of an appealing presentation of our online services. This is a legitimate interest according to Art. 6 (1) (f) GDPR.
Purpose of archiving: The controller is hereby informing that information is processed in archiving purposes if affected person has no secrecy interest. There is no incompatibility with the purpose of the initial data collection. The customer can contradict the utilization of his personal data for archiving purposes at any time and without giving any reasons.
The controller does not evaluate personal aspects relating to the customers.
The customer is under no obligation to provide data.
The customer is not subject to an automated decision-making that unfolds legal effects on him.
Source | Type of data |
---|---|
Wildbit, LLC (service: „Postmark“) 225 Chestnut St. Philadelphia, Pennsylvania 19106, USA | IP location, preferred e-mail client, source of the login, campaign details (reception, opening, click) |
Newsletter-service “MailChimp”: The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA | IP location, preferred e-mail client, source of the login, campaign details (reception, opening, click) |
A) Integration of content of third parties into the website: Transmission of electronic identification data, especially IP-address:
B) Processors of contract data
The controller explicitly reserves the utilization of other processors of contract data. These are declared in the next “Data protection Information - Soilbook” update following the start of the implementation. The data processing of the processors of contract data takes place under the responsibility of the controller.
The following data will be transmitted to countries outside of the EU in connection with data processing:
Land | Use | Types of data |
---|---|---|
USA | Google (EU-US- Privacy-Shield) | Google Analytics: anonymised IP-address, title of the website, information concerning the browser, information concerning webusage |
USA | „Postmark“ (EU-US-Privacy-Shield) | e-mail-address, user name, content of the e-mails generated in the application |
USA | MailChimp (EU-US-Privacy-Shield) | e-mail-address, name, content of the newsletter |
The controller informs that it keeps independent online appearances retrievable for purposes of advertising and communication with the customers. In these online appearances the data of the customer may be processed outside of the EU, which may result in a higher risk for violation of data protection standards. The operators of the social media channels have been brought together widely under the EU-US-Privacy-Shield, as far as they are located in the USA.
These online appearances are retrievable in the technical environment of the respective social media operator. The social media operators are using the customers visit to the online appearance for their own purposes especially to advertise (interest-based). The social media operators are using the visit to drop cookies on the device of the customer, to read preexisting cookies/identifiers with the purpose to deduce user behavior and interests and to enrich the customer’s user profile or the according identifier with this information. The purpose of that is interest-based advertising targeting the customer, which also may occur later during a visit on websites of third parties.
The processing of personalized data of the customer takes place because of the predominant legitimate interest of the controller regarding advertising measures and customer communication. This is protected by the conventional and constitutional rights of freedom of business (Art 6 StGG) and freedom of communication (esp. Art 10 EMRK, which also protects advertising measures). If the customer is a user of the social media channels, data processing may be covered under the consent of the customer.
The controller informs that the controller has no access to the data of the customer. Therefore the controller is recommending the customer to address the respective social media channel directly in case of an assertion of the customers right for information, correction, deletion, restriction, contradiction and data transferability. The users of social media channels may change privacy rules in the respective settings themselves. If necessary the controller is supporting the customer with these steps.
Further information can be found here:
Non-registered customers: The personal data (esp. IP-address) of (non-registered) website visitors are stored for a period of 14 days for IT-security purposes and are deleted after this period.
Registred customers: The data of registered customers are processed by the responsible party on the basis of the above-mentioned legal basis for the duration of the registration relationship. The user contract ends in any case by deletion of the account.
Legal basis of contractual relationship: The personalized data is processed by the controller based on the registration- and licensing-contract basically up to 40 months after contract termination (= 36 months possible contractual claims for damage + max. 4 months positioning time for legal action). After this period, this data is deleted (at least the personal reference). In case of an existing legal obligation to store data, especially according to § 132 (1) BAO, the processing of personalized and billing-relevant data takes place by the end of the legal retention period (at the time basically 7 years after the end of the fiscal year of the occurrence).
Legal basis | Content |
---|---|
Art 15 GDPR „Access“ | The customer shall have the right to obtain confirmation as to whether or not his personal data is being processed. |
Art 16 GDPR „Rectification“ | The customer shall have the right to obtain without undue delay the rectification of inaccurate personal data or to have them completed. |
Art 17 GDPR „Erasure“ | The customer shall have the right to obtain the erasure of personal data without undue delay as long as the reasons stated in Art17(1) GDPR are fulfilled. |
Art 18 GDPR „Restriction“ | The customer shall have the right to obtain restriction of processing of personal data as long as the reasons stated in Art18(1) GDPR are fulfilled. |
Art 20 GDPR "Data portability" | The customer shall have the right to receive the personal data concerning him in a structured, commonly used and machine-readable format. |
Art 21 GDPR „Objection“ | The customer shall have the right to object to processing of his personal data on the legal basis of a legitimate interest at any time. |
Art 77 GDPR § 24 DSG
Every customer has the right to lodge a complaint with the supervisory authority if he or she considers that the processing of personal data concerning him or her infringes this Regulation.