Privacy statement of ITRIS GmbH according to Article 13 and 14 GDPR

  1.  Introduction
    Data protection is important – please take note of the following privacy statement.
    ITRIS GmbH (hereinafter referred to as “ITRIS”) has published this privacy statement with regard to the entry into force of the General Data Protection Regulation (GDPR). In the following we would like to give you an overview of the processing of your personal data by us as well as your rights deriving from data protection.
  2.  Who is responsible for data processing and who can I contact?
    ITRIS GmbH in 1030 Vienna is responsible for processing your data. You can reach the data protection coordinator of our company at:
    ITRIS GmbH, Data protection, Modecenterstrasse 14b, A-1030 Vienna, E-Mail: datenschutz@itris.at.
  3.  What data do we use and what sources does this data come from?
    We process personal data that we receive from our customers as part of our business relationship. In addition, we process—where necessary for the provision of our services—personal data that we permissibly obtain from public sources (Internet, press, publicly accessible company directories with their decision-makers, Commercial Register, land registers, debtor registries, etc.) or that are legitimately transmitted to us by other companies of the ITRIS Group or other third parties (e.g. a credit report).
    The following categories of personal data can be processed by us in connection with our services:
    •    Master data: This includes, for example, first name, family name, address (business).
    •    Communication data: This includes, for example, telephone number, mobile phone number, e-mail address, possibly fax number, communication content (e.g. e-mails, letters, faxes).
    •    Contract data: This includes, for example, address, contact persons, and the place where the service is provided, etc.
    •    Financial data, such as payment details.
    •    Voluntary information: This includes data that you provide to us on a voluntary basis without us expressly asking for it.
  4.  What do we process your data for (purpose of processing) and on what legal basis?
    We process personal data in accordance with the provisions of the GDPR.
  5. a)    To comply with contractual obligations /Article 6(1)(b) GDPR/
    Data processing takes place for the provision of IT services as well as the delivery of IT products as part of the implementation of our contracts with our customers or for the implementation of pre-contractual measures, which take place upon request. The purposes of data processing are primarily based on the specific services (e.g. maintenance and support services or sales for computer systems, servers, PC-s and peripheral devices) and can include, among others, system analysis, consultation, troubleshooting, repair, maintenance, installation and integration etc. Further details on data processing purposes can be found in the relevant contract documents and terms and conditions.
  6. b)    As part of the balancing of interests /Article 6(1)(f) GDPR/
    Where necessary, we process your data beyond the actual performance of the contract to safeguard our legitimate interests or those of third parties, for example:
     Consultation and data exchange with information centers (e.g. debt collection register) to determine default or credit risks,
    •    Examination and optimization of procedures for needs assessment for the purpose of direct customer contact
    •    Advertising or market and opinion research, unless you have formulated objections against the use of your data,
    •    Assertion of legal claims and defense in legal disputes,
    •    Ensuring IT security and IT operations in our society,
    •    Prevention and investigation of criminal offenses,
    •    Measures for building and plant security (e.g. access controls)
    •    Measures to ensure domiciliary rights (including video surveillance),
    •    Measures for business management and further development of services and products,
    •    Collection of personal data from public sources for the purpose of customer acquisition.
  7. c)    Based on your consent /Article 6(1)(a) GDPR/
    In case you have given us your consent to process personal data for specific purposes, the lawfulness of this processing is given on the basis of your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into effect, i.e. before May 25, 2018. The revocation of the consent does not affect the lawfulness of the data processed up to the revocation.
  8. d)   Due to legal requirements /Article 6(1)(c) GDPR/
    According to Article 6(1)(c) GDPR, data processing is lawful if it is necessary for compliance with a legal obligation to which we are subject.
  9.  Collection of data via our website /Article 6(1)(f) GDPR/
    For the purpose of system security, our servers save—by default and temporarily—the connection data of the requesting computer, the pages you call up on our site, the time of the visit, the identification data of the browser and operating system type used as well as the website from which you visit us. Personal data is not collected, unless you provide this information voluntarily, e.g. when using our contact form.

Contact form: If you contact us via the contact form or directly via e-mail, we will only use your personal data to answer your request.

Cookies: Cookies are small text files that are stored on your computer and saved by your browser. The information contained in them serves to make our offer more user-friendly. They neither damage your hard drive nor do they contain any personal information about you. Rather, they accelerate the navigation on our website and allow us to measure the frequency of page views. Cookies therefore help us recognize particularly popular areas on our homepage so that we can tailor the content as precisely as possible to the interests and wishes of our customers. The cookies we use are so-called “session cookies” and are automatically deleted after your visit.

Google Analytics: “Our website uses Google Analytics, a web analysis service from Google Inc.” (Google). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law or where third parties process this data on behalf of Google. Under no circumstances will Google associate your IP address with other data held by Google. You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. By using this website you consent to the processing of data collected about you by Google in the manner described above and for the purpose stated above.
You can object to the collection and use of your IP address by Google Analytics at any time with effect for the future. For more information, see http://tools.google.com/dlpage/gaoptout?hl=de. We would like to point out that Google Analytics has been expanded to include the code “gat._anonymizeIp ();” on our website in order to ensure an anonymous collection of IP addresses.

Social Plug-Ins: So-called social plug-ins (hereinafter: “plug-ins”) from the following social networks are sometimes used on our website:
•    xing.com
We would like to inform you about the processing of personal data via the function of the XING share button.
The “XING Share Button” is used on our website. When you call up this website, a short-term connection to the XING SE (“XING”) servers is established via your browser, which enables the “XING Share Button” functions (in particular the calculation/display of the counter value). XING does not save any of your personal data when you access this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behavior via the use of cookies in connection with the “XING Share Button”. The current data protection information on the “XING Share Button” and additional information can be found on this website: https://www.xing.com/app/share?op=data_protection

  1.  Who will receive my data?
    Your data will not be passed on to third parties. We only use your data for our own internal purposes. If possible, data is only stored on our own servers. Your data will only be passed on if this is necessary to process your request. Within our company, those departments have access to your data that need it to fulfill our contractual and legal obligations. In addition, our service providers and vicarious agents can also receive data for these purposes. These are companies in the categories of printing services, telecommunications, logistics, debt collection, marketing, software development, advice and consulting.
  2.  Transfer of data to third countries
    In order to provide our services to you, we may be dependent on deliveries and services of companies from a third country, to which we may make your personal data available. The transfer to a third country takes place on the basis of an adequacy decision by the European Commission. If there is no adequacy decision by the European Commission for the respective third country, the transfer to a third country takes place on the basis of appropriate safeguards within the meaning of Article 46(2) GDPR. In addition, we can also transfer your data to a third country under the requirements of Article 49 GDPR. Copies of these safeguards can be requested from us at the above address (see → Section 2). Third countries are all countries outside the European Economic Area. The European Economic Area includes all countries of the European Union as well as the countries of the so-called European Free Trade Association. These are currently Norway, Iceland and Liechtenstein.
  3.  How long will my data be saved?
    We guarantee that your data will be handled with strict confidentiality and will be deleted as soon as they are no longer required to fulfill the intended purpose (see → Section 4). As long as ITRIS is legally obliged to save personal data, it will be saved for the duration of the legal obligation. For commercial documents, which include trading books and receipts (e.g. invoices), this is 10 years (Section 257(4) of the Commercial Code).
  4.  What data protection rights do I have?
    Every person concerned has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, right to restriction of processing in accordance with Article 18 GDPR, the right to object in accordance with Article 21 GDPR, as well as the right to data portability in accordance with Article 20 GDPR. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR).

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into effect, i.e. before May 25, 2018. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.

  1.  Is there an obligation for me to provide data?
    As part of our business relationship, you must provide personal data that is required for the establishment and implementation of a business relationship and the fulfillment of the related contractual obligations or data that we are legally obliged to collect. Without this data, we will normally not be able to conclude or execute a contract with you.
  2.  To what extent is there automated decision-making?
    In general, we do not use fully automated decision-making to establish and implement business relationships in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will inform you about this separately, provided this is required by law.


If you have any questions about the collection, processing or use of your personal data, please contact ITRIS GmbH, Modecenterstrasse 14b, A-1030 Vienna, e-mail: datenschutz@itris.at.