Gradient

Data protection declaration

The protection of your data is an important concern for Cyber Trust Services GmbH (hereinafter referred to as "CTS"). We therefore process your data exclusively on the basis of the statutory provisions in accordance with the EU General Data Protection Regulation (GDPR). In this privacy policy, we inform you about the most important aspects of data processing within our company.

Responsibilities

The controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) is

  • CTS Cyber Trust Services GmbH
  • Wienerbergstraße 11/12A A-1100 Vienna
  • You can reach our data protection officer at: datenschutz@cyber-trust.at
I. Collection of data when using our website

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.

For technical reasons, the following data, which your Internet browser transmits to us or to our web space provider, is recorded (so-called server log files):

  • Browser type and version
  • Operating system used
  • Website from which you visit us (referrer URL)
  • Website you visit
  • Date and time of your access
  • Your Internet Protocol (IP) address.

This anonymous data is stored separately from any personal data you may have provided and therefore does not allow any conclusions to be drawn about a specific person. It is evaluated for statistical purposes in order to optimise our website and our offers. Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way.

Our website uses the pixel-code technology of WiredMinds GmbH (www.wiredminds.de) to analyse visitor behaviour. This involves processing the IP address of a visitor. The processing is carried out exclusively for the purpose of collecting company-relevant information such as the company name. IP addresses of natural persons are excluded from further use (whitelist procedure). The IP address is not stored in LeadLab under any circumstances. When processing the data, it is in our particular interest to protect the data protection rights of natural persons. Our interest is based on Art. 6 para. 1 lit. (f) GDPR. The data collected by us does not allow any conclusions to be drawn about an identifiable person at any time. WiredMinds GmbH uses this information to create anonymous user profiles based on the behaviour of visitors to our website. The data obtained is not used to personally identify visitors to our website. Furthermore, no data is passed on to advertising providers. The LinkedIn Insight Tag Manager provides us with information about who comes to our website from LinkedIn. Only job titles and company names are transmitted, but generally no personal names.

II. Data collection and use when contacting us and using forms

When you contact us by e-mail or via one of our forms, the data you provide (this may include: Your e-mail address, your name, your telephone number or other information you provide) will be stored by us. If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR. This also includes the sending of information and newsletters. You can withdraw your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

In order to process your orders, we collect and store the following data: First name, surname, email address, telephone number, company, role, sector and address. The legal basis for this processing is contract initiation and fulfilment in accordance with Art. 6 para. 1 lit. b GDPR.

III. Data erasure and storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies or until you withdraw your consent. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law) or these are necessary for the fulfilment of the contract; in these cases, the deletion will take place after these reasons no longer apply.

IV. Transmission of data to processors

CTS uses third parties for processing, particularly in the area of IT. These process the data as so-called processors, i.e. on the basis of a written contract in accordance with Article 28 GDPR, in which the details of the data processing on behalf of CTS are regulated and in which the processor undertakes to handle the data with care. For example, such order processing exists if CTS stores data in an external data centre. The processors are carefully selected by CTS with particular regard to the suitability of the technical and organisational measures taken by them and checked for compliance. CTS generally processes the data in Austria and in the European Union.

The personal data collected on this website is stored on the servers of the hoster(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of contract fulfilment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Our hosters will only process your data to the extent necessary to fulfil their service obligations and follow our instructions with regard to this data.

We use the following hosters:

internex GmbH
Alserbachstrasse 30
1090 Vienna
Austria

EASY2 GmbH
Kurt-Schumacher-Strasse 226c
46539 Dinslaken
Germany

V. Data transfer to third parties

We do not share personal data with third parties unless this is necessary for our legitimate business needs and contract fulfilment, and/or if this is required or permitted by law or professional standards. For the creation of the Cyber Risk Rating required for Standard Silver and Gold Labels, the necessary contact details are passed on to the company KSV1870 Nimbusec GmbH in Austria; this is necessary for the fulfilment of the contract. Reference is also made to the KSV1870 Nimbusec GmbH privacy policy. For the creation of the Platinum Label, we use the platform of Segusoft GmbH in Germany, to which contact data is forwarded; this is necessary for the fulfilment of the contract. Please also refer to the Segusoft GmbH privacy policy.

VI. Security of data processing

We use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties (e.g. TLS encryption for our website), taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including its probability and effects) for the data subject. Our security measures are continuously improved in line with technological developments. We also demand appropriate security standards from our partners and obtain evidence of these.

VII. Your rights

You have the following rights vis-à-vis us with regard to your personal data:

  • Right to information,
  • Right to rectification or erasure,
  • Right to restriction of processing,
  • Right to object to the processing,
  • Right to data portability.

Furthermore, you also have the right to lodge a complaint with the competent supervisory authority (in Austria, the data protection authority based in Vienna). The data protection authority can be contacted at the following address:

  • Austrian Data Protection Authority
  • Barichgasse 40-42 1030 Vienna
  • Phone: +43 1 52 152-0
  • e-mail: dsb@dsb.gv.at
VIII. Updating the privacy policy

We reserve the right to make changes to this privacy policy at any time. The privacy policy will be updated regularly and all changes will be published automatically.