Privacy policy according to the GDPR

The controller responsible for data processing is

MASSIVE ART WebServices GmbH
Gütlestraße 7a
6850 Dornbirn
Austria
Phone: +43 (0) 5572 / 906090
E-mail: datenschutz@massiveart.com 
Website: www.massiveart.com

Scope of processing

We collect and use our users' personal data only to the extent necessary to provide a functional website and our content and services. The collection and use of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by law.

Legal basis for the processing of personal data

Insofar as we obtain your consent for the processing of personal data, Art. 6 para. 1 a serves as the legal basis.
When processing data that is required to fulfil a contract with you, Art. 6 para. 1 b serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as data processing is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 c serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and your interests and fundamental rights do not outweigh the former interest, Art. 6 para. 1 f serves as the legal basis.

Data erasure and storage duration

Your data will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this is provided for by European or national regulations, laws or other provisions to which we are subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

- Information about the browser type and version used
- The user's operating system
- The user's internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user's system accesses our website
- Websites that are accessed by the user's system via our website

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Article 6(1)(f).

4. Duration of storage

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies on our website that enable an analysis of the user's surfing behaviour. The following data can be transmitted

- Search terms entered
- Frequency of page views

The user data collected in this way is anonymous. It is therefore not possible to assign the data to the user accessing the website. The data is not stored together with other personal user data. When accessing our website, users are informed about the use of cookies for analysis purposes by an information banner. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings. The following cookies are used and are associated with Google Universal Analytics

- _gat
- _gid
- _ga

2. Legal basis for data processing

The legal basis for the processing of your data using technically necessary cookies is Article 6(1)(f) GDPR. For cookies for analysis purposes, the legal basis is Article 6(1)(a) if you have given your consent.

3. Purpose of the data processing

The purpose of using cookies that are not technically necessary is to analyse the surfing behaviour of users. All functions of our website can also be offered without the use of these cookies.

The purpose of using analytics cookies is to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer. These purposes also constitute our legitimate interest in processing your data in accordance with Article 6(1)(f) GDPR.

4. Duration of storage, objection and removal options

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. There are several ways to manage cookies. The help button in the toolbars of most browsers shows you how you can stop accepting cookies, how you can be notified when a new cookie is set and how you can block cookies. If you block cookies, you may not be able to register, log in or use the services to their full extent.

The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the Flash Player settings.

1. Description and scope of data processing

You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input screen is transmitted to us. Specifically, we need your e-mail address, your first and last name including title and your information as to whether it is a private or a company address.

The following data is also collected during registration

- IP address of the accessing computer
- Date and time of registration

Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy.

In connection with the data processing for sending our newsletter, the data is passed on to third parties by sending our newsletter via the services of MailChimp of Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA. These contain a web beacon, also known as a tracking pixel. This allows us to determine whether the emails have been opened or whether the links contained in the emails have been clicked on. We use this information to improve our email service and analyse which information is read or clicked on the most. We link this data to actions you have taken on our website. The information collected in this way is stored by the newsletter provider MailChimp on its server in the USA. MailChimp is authorised to pass on your user data to third parties in certain cases. You can object to this tracking at any time by clicking on the separate link provided in every email or by informing us via the email address[webservices@massiveart.com].

Mailchimp is a Privacy Shield certified company. These data transfers are permitted on the basis of the adequacy decision of the European Commission (EU) 2016/1250.

The purpose and scope of the data collection and the further processing and use of the data by MailChimp as well as your rights in this regard and setting options to protect your privacy can be found in the data protection information: mailchimp.com/legal/privacy and the Mail Chimp terms of use mailchimp.com/legal/terms.

When the email is deleted, the web beacon is also automatically deleted. Our normal text emails do not contain web beacons. With the exception of the use of the newsletter tool Mailchimp, your data will be used exclusively for sending the newsletter and will not be passed on to third parties.

2. Legal basis for data processing

The legal basis for the processing of your data after registration for the newsletter is Article 6(1)(a) if the user has given consent.

3. Purpose of the data processing

The purpose of collecting your email address is to send you the newsletter.

4. Duration of storage

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user's e-mail address is therefore stored for as long as the subscription to the newsletter is active.

The other data collected during the registration process is generally deleted after a period of seven days.

5. Right of objection and cancellation

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. When the email is deleted, the web beacon is also automatically deleted. Our normal text emails do not contain web beacons.

This also makes it possible to withdraw consent to the storage of personal data collected during the registration process.

We use the following services on our website to analyse the web and/or measure reach.

Google Analytics

We use Google Analytics from Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. These analysis services create user profiles that are stored in text files (so-called "cookies") on your computer. This information is used to analyse your use of the website, to compile reports on website activity for us as the website operator and to provide other services relating to website activity and internet usage. The IP addresses of users are also stored through the use of Google Analytics. However, we use available IP masking procedures (pseudonymisation by shortening the IP address) to protect users.

In general, no clear user data (such as e-mail addresses or names) is stored as part of the online marketing process, but pseudonyms. We and Google, as the provider of the online marketing processes, do not know the actual identity of the users, but only the information stored in their profiles. The information in the profiles is generally stored in cookies or by means of similar procedures. These cookies can generally also be read later on other websites that use the same online marketing process, analysed for the purpose of displaying content and supplemented with further data and stored on the server of the online marketing process provider.

In exceptional cases, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing process we use and the network links the user profiles with the aforementioned data. Please note that users can make additional agreements with the providers, e.g. by giving their consent during registration.

In principle, we only receive access to summarised information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., for example, to the conclusion of a contract with us. The conversion measurement is used solely to analyse the success of our marketing measures.

Facebook Pixel/Facebook Audiences

We use the "Facebook Pixel", a service of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA. The data collected through the integration of cookies, web beacons or similar third-party technologies allows us to measure and organise our advertising activities on Facebook more effectively and, for example, to display posts or advertisements only to visitors to our website. We only use cookies, web beacons and similar, proven and widely used third-party technologies to collect this data. With the help of the Facebook pixel, Facebook is able to determine the visitors to our online offering as a target group for the display of adverts (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of the partners cooperating with Facebook (so-called "Audience Network " https://www.facebook.com/audiencenetwork/) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook adverts for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook advert (so-called "conversion measurement").

Extended comparison for the Facebook pixel: When using the Facebook pixel, the additional function "extended matching" is used. In this context, data such as e-mail addresses or Facebook IDs of users are transmitted (encrypted) to Facebook to form target groups.

We do not pass on lists with personal data to Facebook or upload them to Facebook. The data collected is only transmitted to Facebook in encrypted form. Any personal data of individual users is not visible to us.

Hubspot

We use HubSpot, a digital marketing tool, on our website. The service provider is the American company HubSpot, Inc, 25 First St 2nd Floor Cambridge, MA, USA. The company also has a registered office in Ireland at 1 Sir John Rogerson's Quay, Dublin 2, Ireland.

HubSpot also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.

HubSpot uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or for data transfer there. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, HubSpot undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among others: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

• The Data Processing Agreement, which corresponds to the standard contractual clauses, can be found at https://legal.hubspot.com/dpa
• You can find out more about the data that is processed through the use of HubSpot in the Privacy Policy at https://legal.hubspot.com/de/privacy-policy. All texts are protected by copyright.
   

Hotjar

We use Hotjar Technology "Testing and Optimisation", a service provided by Hotjar Ltd, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta. For more information about Hotjar, please refer to the website https://www.hotjar.com as well as the privacy policy https://www.hotjar.com/legal/policies/privacy and the cookie policy: https://www.hotjar.com/legal/policies/cookie-information.

Leadfeeder

Together with Google Analytics, we use Leadfeeder, a web analytics service and analysis tool provided by Liidio Oy / Leadfeeder (Mikonkatu 17 C, 00100 Helsinki).
Leadfeeder collects the IP address of visitors and links it to information about the companies found on the Internet.

• You can prevent Leadfeeder from storing a user profile or data about your use of our website by using an opt-out option, see: https://yourdata.leadfeeder.com/
• Further information about Leadfeeder and the data collected can be found at 
  https://www.leadfeeder.com/privacy/
• For information about Leadfeeder and GDPR compliance, please visit: https://help.leadfeeder.com/en/articles/1521996-is-leadfeeder-ready-for-gdpr

Mouseflow

This website uses Mouseflow: a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymised IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser. If you'd like to opt-out, you can do so at https://mouseflow.com/opt-out. If you'd like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at privacy@mouseflow.com.
For more information, see Mouseflow's Privacy Policy at http://mouseflow.com/privacy/.
For more information on Mouseflow and GDPR, visit https://mouseflow.com/gdpr/.
For more intormation on Mouseflow and CCPA visit https://mouseflow.com/ccpa.

1. Legal basis for the processing of personal data

The legal basis for the processing of users' personal data is Article 6(1)(f).

2. Purpose of the data processing

The processing of users' personal data enables us to analyse the surfing behaviour of users, for example by measuring reach (e.g. access statistics, recognition of returning visitors), tracking (e.g. interest/behavioural profiling, use of cookies), visitor action evaluation, profiling (creation of user profiles), click tracking, A/B tests, feedback (e.g. collection of feedback via online services).e.g. collecting feedback via online forms), heat maps (mouse movements by users that are summarised to form an overall picture), surveys and questionnaires (e.g. surveys with input options, multiple-choice questions). By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness.

In addition to web analysis, we may also use test procedures, e.g. to test and optimise different versions of our online offering or its components. For these purposes, so-called user profiles can be created and stored in a file (so-called "cookie") or similar procedures with the same purpose can be used. This information may include, for example, content viewed, websites visited and elements used there and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed, depending on the provider. The IP addresses of users are also stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored for web analysis, A/B testing and optimisation purposes, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.

These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 (1) (f). By pseudonymising the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.

The following types of data are processed for the above-mentioned purposes Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

3. Duration of storage

The data is deleted as soon as it is no longer required for our recording purposes. The cookies set by the respective services have a different "lifespan". Some remain valid for up to 365 days, some only during the current visit. You can find out how to deactivate cookies etc. in the section on objection and removal options.

4. Objection and removal options

We refer to the data protection notices of the respective providers and the objection options (so-called "opt-out") specified for the providers. If no explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this may restrict the functions of our online offering.

We therefore recommend the following additional opt-out options, which are offered summarised for the respective areas: a) Europe: https://www.youronlinechoices.eu. b) Cross-territory: http://optout.aboutads.info

Google Analytics:

Website: https://marketingplatform.google.com/intl/de/about/analytics/; Further information on data protection can be found in Google's privacy policy at: https://policies.google.com/privacy; Opt-out option: Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of adverts: https://adssettings.google.com/authenticated

Facebook:

Further information on this can be found in Facebook's privacy policy at www.facebook.com/about/privacy. If you do not wish data to be collected via "Facebook Pixel" or Custom Audience, you can deactivate this via the link https://www.facebook.com/settings?tab=ads.

Both Facebook and Google are Privacy Shield-certified US companies, which guarantees an appropriate level of data protection when processing personal data. These data transfers are permitted on the basis of the adequacy decision of the European Commission (EU) 2016/1250.

We are pleased that you are interested in us and that you are applying or have applied for a position in our company. We would like to provide you with the following information on the processing of your personal data in connection with your application.

1. Which of your data do we process? And for what purposes?

We process the data that you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our companies) and to carry out the application process.

2. What is the legal basis for this?

The legal basis for the processing of your personal data in this application process is the version of the EU General Data Protection Regulation (GDPR) that will apply from 25 May 2018. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permitted. Should the data be required for legal prosecution after completion of the application process, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. Our interest then lies in the assertion or defence of claims.

3. How long is the data stored?

Applicants' data will be deleted after 6 months in the event of a rejection. In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. The data will be deleted there after two years. If you have been accepted for a position as part of the application process, the data will be transferred from the applicant data system to our personnel information system.

4. To which recipients will the data be passed on?

Your applicant data will be reviewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers responsible for the respective open position. The next steps are then agreed. Within the company, only those persons have access to your data who need it for the proper conduct of our application process.

5. Where is the data processed?

The data is processed exclusively in Austrian data centres.

6. Your rights

You have the right to information about the personal data we process about you. In the case of a request for information that is not made in writing, we ask for your understanding that we may then require proof from you that you are the person you claim to be. Furthermore, you have a right to rectification or erasure or to restriction of processing, insofar as you are legally entitled to do so. You also have the right to object to processing within the scope of the statutory provisions. The same applies to the right to data portability.

7. Right to lodge a complaint

You have the right to complain to a data protection supervisory authority about the processing of personal data by us.

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis us as the controller:

1. Right to information

You can request confirmation from us as to whether personal data concerning you is being processed by us.

If such processing is taking place, you can request the following information from us

The purposes and categories of personal data being processed, including the recipients or categories of recipients to whom your data has been or will be disclosed and the planned duration of storage of the data concerning you. If we use profiling technologies, we will provide you with meaningful information about the logic involved and the scope and intended effects of such processing for you. We must also inform you of your right to lodge a complaint with the data protection authority. You also have the right to request information as to whether the data concerning you is transferred to a third country or to an international organisation.

2. Right to rectification

You have a right to rectification and/or completion if your processed data is incorrect or incomplete. If applicable, we will make the correction without delay.

3. Right to restriction of processing

You may request the restriction of the processing of your data under the following conditions

(1) if you contest the accuracy of the data concerning you for a period enabling us to verify the accuracy of your data;
(2) the processing is unlawful and you oppose the erasure of your data and request the restriction of the use of your data instead;
(3) we no longer need your data for the purposes of the processing, but you need it for the establishment, exercise or defence of legal claims; or
(4) if you have objected to the processing and it is not yet certain whether our legitimate reasons outweigh your reasons.

If the processing of your data has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

4. Right to erasure

We are obliged to erase your data immediately if one of the following reasons applies:

(1) Your data is no longer necessary for the purposes for which it was collected by us;
(2) You withdraw your consent and there is no other legal basis for the processing.
processing.
(3) You object to the processing pursuant to Art. 21 (1) and there are no overriding legitimate grounds on our part for the processing, or you object to the processing pursuant to Art. 21 (2).
(4) Your data has been processed unlawfully.

The right to erasure does not exist if the processing is necessary

(1) to fulfil a legal obligation that requires processing (e.g. vis-à-vis authorities and offices) or to perform a task that is in the public interest that has been assigned to us
(2) for the establishment, exercise or defence of legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom your data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients.

6. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your data which is based on Article 6(1)(e) or (f), including profiling based on those provisions.

In this case, we will no longer process your data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

If your data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, the data concerning you will no longer be processed for these purposes.

7. Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the data protection authority pursuant to § 24ff DSG 2018 if you believe that the processing of your data violates the GDPR.

The data protection authority will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy.

Dornbirn, March 2022