Privacy policy
Version. 3.0, status: August 2021
A. Fundamentals
This privacy policy provides information on how Variocube GmbH, Franckstraße 45, 4020 Linz, office@variocube.com (controller), handles personal data in the context of its business activities, in particular for the websites operated by Variocube GmbH and for the cloud services offered by Variocube GmbH. The processing of personal data is carried out in accordance with the requirements of the EU General Data Protection Regulation and in compliance with the applicable Austrian data protection regulations. The transfer of data for processing within and outside Variocube GmbH for the purpose of order processing is carried out in compliance with the General Data Protection Regulation. Variocube GmbH takes your data protection very seriously and treats your personal data confidentially and in accordance with the statutory provisions. As new technologies and the constant further development of this website and our services may result in changes to this privacy policy, we recommend that you read the privacy policy again at regular intervals. Definitions of the terms used (e.g. "personal data" or "processing") can be found in Art. 4 GDPR. Automated decision-making (including profiling) within the meaning of Art. 22 GDPR is not used. There is no obligation to provide us with personal data - without the data described below, however, a contractual relationship or advertising approach would not be possible.
B. Customers / suppliers / business partners / interested parties / their contact persons
1 What data is processed and where does this data come from?
1.1 Directly collected data of data subjects Variocube GmbH processes the following personal data collected directly from the data subject.
- We process personal data that we receive in the context of a business relationship (customers, suppliers, partners, support requests) for the fulfilment of a contract or for the implementation of pre-contractual measures.
- We process personal data that is provided to us directly by the customer.
- We process personal data that is required to fulfil a legal obligation.
- We process personal data for which the data subject has given consent to processing for one or more specific purposes.
- We process personal data for the optimisation of our services and their further development. This also includes demographic data.
This personal data includes title, first name(s), surname, e-mail address(es), address(es), telephone number(s), fax number, company register number, creditworthiness data, VAT number, date of birth (if specified), contract data (including contact details of the contractual partners and contact persons there), other case-related information (correspondence, communication data, dunning and complaint data, transaction data, bank/billing/payment data). If you make use of our support services, we process data about your support enquiry (date, time, problem description, log files, attachments, screenshots, communication, documentation of the problem solution, contact details of the persons involved).
1.2 Data not collected from the data subject
We also process personal data from publicly accessible sources such as websites, corporate social networks (e.g. LinkedIn, Xing), social media platforms (Facebook, Instagram). This data is not collected from the data subjects themselves. This includes the following data: Telephone number, job function, gender, company name, company size, title, industry, street, postcode, city and country. This also applies to professional contact details of contact persons that we receive from our customers, suppliers or business partners.
2 For what purposes and on what legal basis is personal data processed?
2.1 Contract initiation; contract processing/fulfilment
The processing of personal data of (potential) customers takes place as part of pre-contractual measures for the preparation of offers, including the analysis of customer needs. In the context of concluded contracts, data processing takes place in order to provide and invoice our products and services in accordance with the requested/ordered scope. The legal basis in this respect is Art. 6 para. 1 lit. b GDPR (pre-contractual measures on request or contract fulfilment). The processing of personal data of (potential) suppliers or other business partners takes place as part of pre-contractual measures relating to the solicitation of offers. In the context of concluded contracts, data processing takes place in order to make use of a commissioned service or to process the contract and fulfil the payment obligation. The legal basis in this respect is Art. 6 para. 1 lit. b GDPR (pre-contractual measures or contract fulfilment).
2.2 Fulfilment of legal obligations
Insofar as the processing of personal data is necessary to fulfil a legal obligation (e.g. storage/documentation obligations) to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis for data processing.
2.3 Smooth communication and traceability
Contact details of contact persons of the customer or supplier or business partner are processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) for the purpose of smooth communication and traceability of responsibilities. Processing may be necessary for the conclusion of a contract (with your employer as our contractual partner) and the fulfilment of the contract.
2.4 Improving our products and services
In order to improve our products and services, we invite you to take part in surveys. The surveys can be answered without disclosing personal data. Providing personal data is voluntary and not necessary. The legal basis for this is your consent (Art. 6 para. 1 lit. a GDPR) and/or our legitimate interest in the further development and optimisation of our offer (Art. 6 para. 1 lit. f GDPR).
2.5 Newsletter; sending of product information / company-related news
We use personal data to send our customers and, where applicable, their contact persons emails (newsletters), letters or advertising brochures. This is generally done on the basis of consent (Art. 6 para. 1 lit. a GDPR) and/or on the basis of our legitimate interest in customer loyalty (Art. 6 para. 1 lit. f GDPR). The customer has the right to object to this processing of the customer's data for the purpose of direct marketing at any time without giving reasons (please send an email to office@variocube.com or a letter to Variocube GmbH, 4020 Linz, Franckstraße 45).
2.6 Pursuing and enforcing legal claims
If the pursuit, enforcement or defence of legal claims should become necessary within the framework of the (pre-)contractual relationship, the associated data processing is in our legitimate interest (Art. 6 para. 1 lit. f. GDPR).
3 Who receives personal data?
Access to personal data is granted to those employees, departments, cooperation partners and vicarious agents who need it to fulfil contractual or legal obligations and in the case of legitimate interest. We also transfer your data to tax consultants and auditors for the purposes of tax advice and auditing and, in individual cases, to lawyers and courts if this is necessary for legal advice or legal enforcement. In addition, we work together with various processors to whom personal data is transmitted to fulfil the respective service. In individual cases, other recipients may be Authorities, insurers, third-party financiers, investors, companies in the corporate group, otherwise involved business partners, IT service providers. With regard to advertising, these may include, in particular, IT service providers and dispatch service providers. Data is stored by web service providers on servers at EU locations, by housing and hosting providers, on rented data centre infrastructure and by providers of management, sales and administration software. In principle, there is no intention to transfer data to a third country (outside the EU); if such a transfer takes place in individual cases, this is done in compliance with the requirements of data protection law.
4 How long will the data be stored?
We store personal data to the extent necessary for the duration of the entire business relationship from the initiation, implementation / execution to the termination of a contract and beyond in accordance with the statutory retention and documentation obligations. (e.g. retention obligations under commercial and tax law (generally 7 years in accordance with § 132 BAO and §§ 190, 212 UGB), or as long as limitation periods for potential legal claims have not expired (up to 30 years in accordance with the General Civil Code).
C. Users of the (web-based) Variocube lockers from the commercial provider Variocube GmbH
1 What data is processed and where does this data come from?
1.1 Directly collected data of data subjects
If you decide to use Variocube lockers, which are commercially offered and operated by us (Variocube GmbH), we collect and process the data required for use, depending on the service used (e.g. Click&Collect; Safe Cube, Service Cube). As a rule, this is your registration, login, usage, communication and, if applicable, billing data, such as name, telephone number, e-mail address, login/registration time, delivery/collection status. Status notifications. If an authorised person authorised by the user accesses the corresponding service, we also process this usage/access data.
1.2 Data not collected from the data subject
We process data of other persons authorised to use/access the website if the registered user provides such other persons including data (including name, telephone number, e-mail address). This data is not collected from the data subjects themselves.
2 For what purposes and on what legal basis is personal data processed?
2.1 Contract initiation; contract processing/fulfilment
The processing of personal data of (potential) users takes place in the context of pre-contractual measures or in the context of the use of the services offered in order to provide and bill them according to the requested/ordered scope. The legal basis in this respect is Art. 6 para. 1 lit. b GDPR (pre-contractual measures on request or fulfilment of contract). Data of other authorised users, which are authorised or specified by the user, are processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) for the purpose of smooth processing of the desired service.
2.2 Fulfilment of legal obligations
Insofar as the processing of personal data is necessary to fulfil a legal obligation (e.g. storage/documentation obligations) to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis for data processing.
2.3 Improving our products and services
In order to improve our products and services, we invite you to take part in surveys. The surveys can be answered without disclosing personal data. Providing personal data is voluntary and not necessary. The legal basis for this is your consent (Art. 6 para. 1 lit. a GDPR) and/or our legitimate interest in the further development and optimisation of our offer (Art. 6 para. 1 lit. f GDPR).
2.4 Newsletter; sending of product information / company-related news
We use personal data to send our users emails (newsletters), letters or advertising brochures. This is generally done on the basis of consent (Art. 6 para. 1 lit. a GDPR) and/or on the basis of our legitimate interest in user retention (Art. 6 para. 1 lit. f GDPR). The user has the right to object to this processing of the user's data for the purpose of direct advertising at any time without giving reasons (please send an email to office@variocube.com or a letter to Variocube GmbH, 4020 Linz, Franckstraße 45).
3 Who receives personal data?
Access to personal data is granted to those employees, departments, cooperation partners and vicarious agents who need it to fulfil contractual or legal obligations and in the case of legitimate interest. We also transfer your data to tax consultants and auditors for the purposes of tax advice and auditing and, in individual cases, to lawyers and courts if this is necessary for legal advice or law enforcement. In addition, we work together with various processors to whom personal data is transmitted to fulfil the respective service. In individual cases, other recipients may be Authorities, insurers, third-party financiers, investors, companies in the corporate group, otherwise involved business partners, IT service providers. With regard to advertising, these may include, in particular, IT service providers and shipping service providers. Due to the cloud-based software, which is at the core of the functionality of the web-enabled lockers, data is stored by web service providers on servers at EU locations, by housing and hosting providers, on rented data centre infrastructure, by providers of management, sales and administration software, among others. In principle, there is no intention to transfer data to a third country (outside the EU); if such a transfer takes place in individual cases, this is done in compliance with the requirements of data protection law.
4 How long will the data be stored?
We store personal data to the extent necessary for the duration of the entire user relationship from initiation, implementation / execution to termination and beyond in accordance with the statutory retention and documentation obligations. (e.g. retention obligations under commercial and tax law (generally 7 years in accordance with § 132 BAO and §§ 190, 212 UGB), or as long as the limitation periods for potential legal claims have not expired (up to 30 years in accordance with the General Civil Code).
D. Users of the (web-based) Variocube lockers via third-party providers
If you decide to use the Variocube lockers provided by a third-party provider (= customer of Variocube GmbH), we process your personal data in the context of registration, login and use by means of the cloud software responsible for the function of the lockers as a processor for our respective customer. In this case, our customer offers you the respective locker service as a user (e.g. Click&Collect; Safe Cube, Service Cube) and remains responsible for the processing of your personal data as the economic operator under data protection law. We also process access/usage data of the authorised user only as a processor. As a rule, your registration/access data such as telephone number, name and address, time of registration, as well as delivery/collection status and communication regarding status notifications and, in the case of fee-based services, billing data are processed. The cloud-based software, which is the core of the functionality of the web-enabled lockers, stores data on servers with an EU location of AWS - Amazon Web Services, USA. We would like to point out that, as a processor and in this case a purely technical operator, we have no influence on the processing of data by the service providers. Please note the data protection notices and terms of use of the respective service providers. As a user, you have the option of cancelling the connection to these services at any time.
E. Data protection rights of data subjects?
In principle, you have the right to receive free information about what personal data is stored about you. You also have the fundamental right to rectification of incorrect data, restriction of processing, erasure of your personal data or data portability. If you believe that your data has been processed unlawfully, you can lodge a complaint with the competent supervisory authority, which in Austria is the data protection authority. If the processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. If you withdraw your consent to the use of the personal data concerned, we will cease using it immediately. Exceptions arise due to legal or contractual obligations that make storage necessary. If data is processed by us on the basis of a legitimate interest, you have the right to object in this respect. If you exercise your right to object, we will no longer process your personal data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. If you object to processing in connection with direct marketing, the personal data will no longer be used for these purposes. Please send any revocations or objections by email to office@variocube.com or by letter to Variocube GmbH, 4020 Linz, Franckstraße 45, Austria). To avoid misuse, please enclose suitable proof of identity.
Your contact for questions about data protection:
Franz Spindler
office@variocube.com
+43 720 / 676 300-0