Data protection declaration – SustSol | Innovationen für bildgebende diagnostische Verfahren

SustSol GmbH Data protection declaration

Company name and contact details of those responsible

SustSol GmbH
Mariatroster Str. 378b/7
8044 Graz
Austria

Tel: +43 (0)660 885 1001
Mail: office@sustsol.com

Regional court for ZRS Graz, FN 345553
UST-ID: ATU65805934

Managing Directors: Ing. Karl Rößl, Michael Koller

Data protection officer

derSchenner Consulting GmbH & Co KG
Bürgergasse 40, 8200 Gleisdorf
Ing. DI(FH) Harald Schenner, CMC, CDISE, CDC
Mail: dsba@derschenner.at

Contact via email or phone:

If you send us an email (or use our contact form on the homepage) or call us, the personal data you provide will be processed to answer and process your request or your order. We store the data for a period of 6 months. They will be deleted afterwards, unless the data is processed in accordance with the preparation of an offer or the placing of an order (see the following points). The legal basis for the processing of personal data for answering or processing your request is Art. 6 Para. 1 lit b GDPR.

Offer preparation:

Your data (name, address, telephone number, email address, or other data provided by you) will
be processed for the purpose of initiating a contract. This data is stored for a period of 10
years. The legal basis for the processing of personal data for contract initiation is Art. 6 Para.
1 lit b GDPR and Art. 6 Para. 1 lit f GDPR with regard to our storage period.

Order placement, order processing, invoicing:

Your data (name, address, telephone number, email address or other data provided by you) will be processed for the purpose of fulfilling the order. The documentation of the order and the invoicing (including delivery notes) are stored for a period of 10 years after the end of the business relationship. The legal basis for the processing of personal data for the fulfillment of the contract is
Art. 6 Para. 1 lit b GDPR or Art. 6 Para. 1 lit c and f GDPR with regard to storage duration.

Sub-contractorgnehmer

The sub-companies commissioned by us process parts of your order placed with us either under
the provisions of Art. 28 Para. 1 GDPR in compliance with a corresponding contract in
accordance with Art. 28 Para Accessories for order fulfilment can be seen), or pass on your
data to independent persons responsible, provided that your data are mere accessories for
order fulfilment.

The legal basis for the processing of personal data for the fulfilment of the contract is Art. 6 Para. 1
lit b GDPR or Art. 6 Para. 1 lit c and f GDPR with regard to storage duration.

Recipient categories

We transmit data to the following categories of recipients, some of which correspond to the
definition of contract processors in accordance with Art. 28 Paragraph 1 GDPR (with
corresponding contracts in accordance with Art. 28 Paragraph 3 GDPR):

Payroll accounting, bookkeeping, tax advice; IT and system administration; email, web and ICT
providers; Lawyers or debt collection service; Insurance companies (liability – claims settlement)
or all recipients of the data protection declaration mentioned above.

Use of the website and our online services

Web server, IP address

The temporary storage of the IP address by the system is necessary to enable the website to be
delivered to the user’s computer. To do this, the user’s IP address must be stored for the duration
of the session.

The following data is collected: the browser type and version used, the user’s operating system, the
user’s internet service provider, host name of the accessing computer, date and time of access,
websites from which the user’s system accessed our website as well as websites that are accessed
by the user’s system via our website.

The storage in log files takes place in order to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. This data is not merged with other data sources.

The data is stored for a period of 3 months and then automatically deleted. The legal basis for processing the IP address is Article 6 Paragraph 1 Letter b GDPR. The storage of the data for the above period is subject to Art. 6 Paragraph 1 Letter f GDPR.

We use TLS encryption to ensure that your visit to our website is tap-proof. You can recognize the
encrypted connection by the (green or gray) lock in the URL line or by the “https” in front of our web address.

hCaptcha

To protect the contact forms from unwanted, automated messages, we use the hCaptcha service from Intuition Machines, Inc., San Francisco, USA. In accordance with the principle of data economy, only the data that is really necessary for the captchas to detect bots is collected. It is used on the basis of our legitimate interests in avoiding misuse and spam within the meaning of Article 6 (1) (f) GDPR. The hCaptcha privacy policy can be found at https://www.hcaptcha.com/privacy

Use of cookies

Our website uses so-called “cookies”. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser. For example, your language settings and other user preferences are stored in the cookies so that they can be retained even after changing pages.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit (the so-called “session”). Some cookies remain stored on your device until you delete them. They enable us to recognize your browser the next time you visit. If you do not want this, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases. Deactivating cookies may restrict the functionality of our website.

The legal basis for the processing of personal data using the cookies described is Article 6 Paragraph 1 Letter f GDPR. Our legitimate interest in data processing lies in the technically error-free and optimized provision of our services.

Rights of the data subject

We would like to point out that you as the data subject have the right to information, deletion, restriction, correction, objection and data portability, depending on the situation (and individual case) within the meaning of the GDPR. To exercise your rights, please contact the person responsible listed above. We would also like to responsible listed above. We would also like to point out that you have the right to lodge a complaint with the supervisory authority (data protection authority) if you believe that a data
protection violation has occurred on our part. We are of course always available for questions and
information.