NAME AND CONTACT DETAILS OF THE PERSON RESPONSIBLE FOR DATA PROTECTION
RIGHT OF APPEAL TO THE COMPETENT SUPERVISORY AUTHORITY
In the event of violations of data protection law, the person affected by the data collection and/or data processing has a right of appeal to a competent supervisory authority. The competent supervisory authority for data protection issues is the österreichische Datenschutzbehörde (Austrian Data Protection Authority). However, a complaint may also be lodged with the data protection agency responsible for the data subject’s usual place of residence or work.
COLLECTION AND STORAGE OF PERSONAL DATA AND THE NATURE AND PURPOSE OF THEIR USE
When using this website
When you access the website www.magnoliatree.org, the browser used on your terminal device automatically sends information to MagnoliaTree’s server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and is stored until it is automatically deleted:
- IP address of the requesting computer,
- date and time of access,
- name and URL of the retrieved file,
- website from which the access takes place (referrer URL),
- the browser used and, if applicable, the operating system of your computer and the name of your access provider.
The above-mentioned data will be processed by us for the following purposes:
- to ensure a smooth connection of the website,
- guarantee a comfortable use of our website,
- evaluation of system security and stability,
- for other administrative purposes.
When you commission MagnoliaTree, we collect the following information:
- master data such as your name, address, date of birth, telephone number, email address, fax
- if applicable, bank details and UID number, FN number
- contract data
- data from consulting/coaching/training activities
- image and sound data (e.g. photos in CVs and for documentation during coaching sessions, video recordings for practice sessions)
For what purposes and on what legal basis are your personal data processed?
Your personal data are processed lawfully based on Article 6(1) of the GDPR for the following purposes:
- Processing and transmission of data in the context of the provision of pre-contractual measures such as the offering of products and services [Article 6(1)(b) GDPR]
- In order to fulfil our contractual obligations to provide consulting, training and coaching services to clients/participants and those involved in the consulting process, including computer-assisted creation and archiving of text documents (such as minutes, correspondence) in this matter [Article 6(1)(b) GDPR]
- To fulfil legal obligations such as tax law [Article 6(1)(c) GDPR]
- For the purpose of legitimate interests of our company or due to legitimate interests of third parties, namely for the purpose of advertising MagnoliaTree products/services (digital, website and analogue) or for the purpose of internal administration [Article 6(1)(f) GDPR]
- Within the scope of your express consent [Article 6(1)(a) GDPR]: provided that you have given us your consent to do so, processing of data will also be carried out for the purposes and to the extent specified in the consent. Such consent can be revoked by you at any time. Revocation of the consent does not, however, affect the lawfulness of data processing carried out on the basis of the consent prior to revocation.
You can revoke consent at any time. A revocation of consent has the consequence that we will no longer process your data for the above-mentioned purposes from this point on.
Please contact us for a revocation: Sabine Gromer, [email protected]
Who receives your data?
In order to fulfill the requirements of our services, it may be necessary to transfer your data to the following recipients: tax consultants, tax authorities, licensors in the case of potential analyses, possibly seminar room landlords, IT and email service, website providers and support staff, banks/legal representatives/courts/administrative, and authorities/collection agencies in the event of an incident.
How long will your data be stored?
We will only store your data for as long as it is necessary to complete the purposes for which we have collected your data. In this context, it should be noted that for tax law reasons, contracts and other documents from our contractual relationship must always be retained for a period of 7 years. In individual cases, for example in the case of pending official proceedings, this storage period can also be longer than 7 years. Apart from these individual cases, we will in any case delete your data after these 7 years or 5 years after our last contact should we no longer be able to contact you (depending on which event occurs first).
Rights of Legal Appeal
You are fundamentally entitled to the rights of information, correction, deletion, restriction, data transferability and revocation. Please contact us for this purpose. If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, the Datenschutzbehörde (Data Protection Authority) is responsible for such cases.
External hosting by Host-Europe
This website is hosted by an external service provider (hoster). The host is Host Europe GmbH, Hansestraße 111, 51149 Cologne (hereinafter referred to as “Host Europe”). Personal data that is recorded on this website is stored on Host Europe’s servers. This can include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.
Host Europe is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit.b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Paragraph 1 lit.f GDPR).
Host Europe will only process your data insofar as this is necessary to fulfil its performance obligations, and follow our instructions with regard to this data. Further processing on servers other than those mentioned above by Host Europe will only take place within the framework specified below.
In order to ensure data protection-compliant processing, we have completed an order processing contract with Host Europe. You can find more information on handling user data in Host Europe’s data protection declaration: https://www.hosteurope.de/AGB/Datenschutzerklaerung/.
Information is stored in the cookie that is related to the specific terminal device used. This does not mean, however, that we obtain direct knowledge of your identity.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to make use of our services, we will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.
The data processed by cookies is required for the above-mentioned purposes to protect our legitimate interests and those of third parties in accordance with Article 6(1)(f) of the GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the features of our website.
We send newsletters, e-mails and other electronic notifications containing information (hereinafter referred to as “newsletters”) only with the consent of the recipients or with legal permission. Our newsletters contain information about our work, current publications and references to our offers.
Managing contacts and sending messages.
These types of services allow managing a database of email contacts, phone numbers or any other contact information in order to communicate with the user.
The services may also collect data on what date and time message was read by the user, as well as when the user interacts with incoming messages, for example, by clicking on links contained in them.
SendinBlue Email (SendinBlue SAS).
SendinBlue is a service provided by SendinBlue SAS for managing email addresses and sending messages.
Personal data collected: Cookie; email; usage data.
Processing location: France
User database management
These types of services allow the provider to create user profiles by first using the email address, name or other information submitted by the user to this application, as well as tracking user activity through analytics functionalities. This personal data may also be matched with publicly available information about the user (such as social media profiles) and used to build a personal profile that the provider can display and use to improve this application.
Some of these services may also provide for the sending of timed messages to the user, such as emails that this application links to specific actions.
SendinBlue Marketing Automation (SendinBlue SAS).
SendinBlue is a user database management service provided by SendinBlue SAS.
Personal data collected: Cookie; email; usage data.
Processing location: France
Conclusion of a contract for order processing
We have entered into a contract with SendinBlue in which we require SendinBlue to protect our customers’ data and not to disclose it to third parties.
The tracking measures listed below and used by us are carried out on the basis of Article 6(1)(f) of the GDPR. We use tracking measures to ensure that our website is designed to meet the needs of our customers and is continuously optimized. Additionally, we use tracking measures to record the use of our website statistically and evaluate it for the purpose of optimizing our services for you. These interests are justified in the aforementioned regulation [Article 6(1)(f) GDPR]. The relevant data processing services we use, and data categories we collect are listed below.
For the purpose of designing our pages to meet your needs and continuously optimizing them, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymized user profiles are created and cookies (see section 4) are used. Information about your use of our website is then generated by these cookies. Such information includes,
- browser type/version,
- the operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request,
You can also prevent the collection of data generated by cookies based on your use of our website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially in the case of browsers on mobile devices, you can prevent the collection of data by Google Analytics by clicking on https://tools.google.com/dlpage/gaoptout. An opt-out of cookies will be set to prevent future collection of your information when you visit our website. The opt-out cookie option is only valid on the browser it has been applied to and only functions to prevent cookie collection on our website. If you delete the cookies in this browser, you will need to set the opt-out cookie option again.
Further information on data protection in connection with Google Analytics can be found on the Google Analytics help page (https://support.google.com/analytics/answer/6004245?hl=en).
GOOGLE ADWORDS CONVERSION TRACKING
In order to record statistics on the use of our website and for the purpose of optimizing our website, we also use Google Conversion Tracking. Google AdWords collects cookies (see Section 4) from your computer if you have reached our website via a Google ad.
These cookies lose their validity after 30 days and are not used for personal identification. If the user clicks on a Google Ad for a specific website, Google and the client can recognize that the user clicked on the ad and was redirected to that page.
Each AdWords’ client is assigned a different cookie. As a result, cookies cannot be tracked through the websites of AdWords’ clients. The information collected through the conversion cookie is used to compile conversion statistics for AdWords’ clients who have opted in for conversion tracking. The AdWords’ advertisers learn the total number of users who clicked on their ad and were redirected to a page through a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
GOOGLE WEB FONTS
This site uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you pull up our page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
To do this, the browser you are using must connect to Google’s servers. This enables Google to know that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest in the sense of Article 6(1)(f) of the GDPR.
If your browser does not support Web Fonts, a standard font from your computer will be used.
This site uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an attractive presentation of our online offers and to make it easy to find the places we have indicated on our website. This represents a legitimate interest in the sense of Article 6(1)(f) of the GDPR.
Data Processing through social networks
We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.
Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by means of recording of your IP address. With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) lit. a DSGVO).
Responsible party and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
Our appearances at a glance
When you visit our Instagram page, Instagram and the associated company Facebook collect, among other things, your IP address and other information that is present in the form of cookies on your PC. This information is used to provide us, as operators of the Instagram pages, with statistical information about the use of the Instagram page. Facebook provides more detailed information on this at the following link: https://help.instagram.com/519522125107875?helpref=page_content.
Instagram’s full data policy can be found here: https://help.instagram.com/519522125107875?helpref=page_content
We have no influence on the data collection and further processing by Instagram. Furthermore, it is not recognizable for us to what extent, at which location and for how long the data is stored, to what extent Instagram and Facebook comply with existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on. If you would like to avoid that Instagram and Facebook processes personal data transmitted by you to us, please contact us by other means. Our full contact details can be found in our imprint on Instagram.
The data collected about you in this context is processed by Facebook Ireland Ltd. and may be transferred to countries outside the European Union in the process. What information Instagram/ Facebook receives and how it is used is described in general terms by Instagram/ Facebook in its data usage guidelines. There you will also find information on how to contact Facebook and on the settings options for advertisements. The data usage guidelines are available at the following link: https://help.instagram.com/196883487377501?ref=dp.
Instagram’s full data policies can be found here: https://help.instagram.com/519522125107875?helpref=page_content
In what way Instagram & Facebook uses the data from the visit of Instagram pages for its own purposes, to what extent activities on the Instagram and Facebook pages are assigned to individual users, how long Instagram & Facebook stores this data and whether data from a visit to the Instagram page is passed on to third parties, is not conclusively and clearly stated by Instagram & Facebook and is not known to us.
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you would like to disable LinkedIn advertising cookies, please use the following link:
We have a channel on YouTube. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
RIGHTS OF THE DATA SUBJECT OF THE DATA COLLECTION AND PROCESSING
You have the right:
- To request information about your personal data processed by us in accordance with Article 15 of the GDPR. In particular, you may request information on the processing of personal data, the category of personal data collected, the recipients to whom your data have been or will be disclosed, the planned storage period, the right to rectify inaccurate data, cancellation, restriction of data processing, the right of appeal, the origin of your data (if not collected by us), and the existence of automated decision making including profiling and, if applicable, meaningful information on the details of data collected.
- In accordance with Article 16 of the GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us.
- In accordance with Article 17 of the GDPR, to demand the deletion of your personal data stored with us, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, and to exercise or defend legal claims.
- In accordance with Article 20 of the GDPR, to receive your personal data that you have provided us with in a structured, common, and machine-readable format or to request its transfer to another responsible party.
- In accordance with Article 7(3) of the GDPR to revoke your consent with us at any time. As a result, we may no longer continue data processing based on this consent for the future or complain to a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you can turn to the supervisory authority of your usual place of residence/workplace or to the supervisory authority of our company headquarters.
RIGHT OF OBJECTION
If your personal data is processed on the basis of legitimate interests in accordance with Article 6(1)(f), you have the right to object to the processing of your personal data in accordance with Article 21 of the GDPR if there are reasons for doing so arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without indicating any special situation. If you wish to exercise your right of revocation or objection, simply send an e-mail to [email protected].
We use common SSL (Secure Socket Layer) procedure within our website and the highest encryption level supported by your browser. Usually this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
OBJECTION TO SPAM
We hereby object to the use of contact data published to send advertising and information material not expressly requested. Should the operator receive unsolicited promotional material, such as spam etc., the operator expressively reserves the right to take legal action.
UP-TO-DATENESS AND CHANGES TO THIS DATA PROTECTION DECLARATION
This data protection declaration is currently valid and dated May 2020. Due to the further development of our website and offers above, or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on our website.