Privacy Policy

General
Personal dataThis data protection declaration is directed to all persons who visit our website. All personal designations refer to both male and female and diverse persons and language forms and are always to be understood with the addition of "(m/f/d)".

Data protection at a glanceAccording to Article 12 of the General Data Protection Regulation (henceforth DSGVO), website operators are obliged to inform visitors in a precise, transparent and comprehensible manner about how personal data is processed. We want to make a sincere contribution to this and summarize our data protection statement as follows. The details can be found under the summary:

In the following cases, we process personal data to establish, execute and/or terminate contracts: Paypal, Digistore24, sofortüberweisungen, copecart, Mollie, calendly, Klick-Tipp, Zapier, Woodpecker, Hubspot.

In the following cases, we process personal data based on your consent: Google Analytics, Google Optimize, Google Tagmanager, Hotjar, social networks with advertising tools (Facebook, LinkedIn), Google Ads, Google Remarketing, YouTube, Klick Tipp, Hubspot.

In the following cases, we process personal data on the basis of our legitimate interest: Informational use Internet site, transient cookies, rights management with external legal advice, Trustpilot, Postaffiliate Pro.

In the following cases, we process personal data with the help of automated decision-making (including profiling, if applicable): No processing takes place here.

ResponsibilityThe person responsible within the meaning of Article 4(7) DSGVO for processing the personal data of visitors to this website is:

PATHADVICE International GmbH
Represented by Dr. Michael Suitner (CEO)
Serlesweg 3, 6161 Natters, Austria
E-Mail: info@pathadvice.at
‍Tel: +43 676 415 9000

Rights(1)   Data subjects have several rights with regard to the personal data processed in accordance with the GDPR, in particular the right to
1. information about the stored personal data,
2. rectification of inaccurately stored personal data,
3. deletion of personal data for the further storage of which there is no basis for authorization,
4. restriction of the processing of stored personal data,
5. data portability
6. a complaint to the competent supervisory authority for data protection.
(2) Insofar as the factual prerequisites of the respective claims are given and we can identify you, we will fulfill your claims promptly.

Automated Decision Finding including ProfilingIf no processing operations are described under "General section /Data protection at a glance" after the line "In the following cases, we process personal data with the aid of automated decision-making (including profiling, if applicable): ...", these do not take place. Otherwise, please refer to our separate data protection declaration.

Data transfer to bodies outside the European Union(1) It is possible that we transfer personal data to bodies that are located outside the European Union or at least cannot exclude this (henceforth:third country body). In these cases, we must guarantee in accordance with Article 44 of the GDPR that the level of protection provided by the GDPR will not be undercut. As a precaution, we would like to point out that the third country agency can be both a controller and a processor.
(2) Insofar as we refer to a so-called adequacy decision in the following declaration, this means that the third country agency is located in a country, territory or specific sector for which the Commission has decided that it offers an adequate level of protection. This guarantee then follows from Article 45 GDPR.
(3) Insofar as we refer to the so-called standard contractual clauses in the following declaration, this means that the third country body accepts the so-called EU standard contractual clauses and has thus contractually committed itself to respecting the level of protection of the General Data Protection Regulation. This guarantee then follows from Article 46 (1) and (5) of the GDPR.
(4) Insofar as we refer in the following statement to the fact that you have consented to the transfer to the third country body, this means that you have been informed about all existing possible risks of such transfers for which there is no adequacy decision or other guarantees and have nevertheless consented to the data transfer. This guarantee then follows from Article 49 (1) (a) of the GDPR. For reasons of transparency, we describe the corresponding risks in a separate section.
(5) We are only providing this information as a precautionary measure. It only applies if we refer to it in the following declaration. There is also the possibility that we do not make use of this.

Special constellation: EU standard contractual clauses and third-country entities based in the USA(1) In addition to the explanations under "Data transfer to bodies outside the European Union" - paragraph 3, we would like to draw your attention to a special constellation. In the case of transfers to third-country bodies based in the USA, the possibility of invoking the EU standard contractual clauses is restricted. Therefore, if we intend to (or already do) invoke the EU standard contractual clauses in this context, please note the following:
(2) We will not rely on the EU Standard Contractual Clauses to transfer personal data to US third country entities unless we have first conducted a thorough review of the facts involved. In doing so, we first determine a risk level (type and, in particular, sensitivity of the data concerned, scope of data processing, purpose of data processing, susceptibility to abuse). We then check whether the contractual commitments of the US third-country office and the technical and organisational measures taken there (e.g. processing of data exclusively in EU-based data centres, encryption technology) sufficiently minimize the risks identified in advance. Only if we come to the conclusion that the EU standard contractual clauses are also a sufficient guarantee for aUS third-country office by way of exception, will we invoke this.
(3) We are only providing this information as a precautionary measure.It only applies if we refer to it in the following declaration. There is also the possibility that we do not make use of this.

Special constellation: Consent to transfer to third-country entities located in the USA, including risk notices(1) In addition to the explanations under "Data transfer to bodies outside the European Union" - paragraph 4, we would like to draw your attention to another special constellation. In the case of transfers to third-country bodies based in the USA, the possibility of invoking the EU standard contractual clauses is limited. Therefore, in some cases, the only option is to ask for your consent to this transfer. However, before you give this consent, we ask you to take note of the following risks and consider them when deciding whether to consent:
(2) We urge you to note that data transfers to the US without the protection of an adequacy decision may involve significant risks. In particular, please note the following risks:
‍1. There is no uniform data protection law in the USA; certainly not one that would be comparable to the data protection law applicable in the EU. This means that both US companies and government agencies have more possibilities to process your personal data, especially for advertising targeting, profiling and conducting (criminal) investigations. Our ability to take action against this is significantly limited.
2. The US legislator has granted itself numerous access rights to your personal data (cf. for example Section 702 of FISA or E.O. 12333 in conjunction with PPD-28), which are not compatible with our understanding of the law. In particular, there is no proportionality test before access comparable to those in the European Union.
3. Citizens of the European Union cannot expect effective legal protection in the USA.
‍(3) We make this declaration merely as a precaution. It only applies if we refer to it in the subsequent declaration. There is also the possibility that we do not make use of this.

Note on the legal obligation to processOnly insofar as we refer to Article 6 (1) sentence 1 lit. c DSGVO in the following data protection declaration is there a legal obligation to process.

Processing operations necessary for the performance of contracts (primary legal basis: Article 6 (1) sentence 1 lit. b DSGVO)
General information on the purpose and legal basis of the processing operations described below
‍(1) The purpose of the processing operations described below is the establishment, performance, termination of contracts as well as the defence against claims on your part which are directly or indirectly related to the respective contract.  
(2) Insofar as the purpose of the processing is the establishment, performance, termination of contracts, the legal basis for the processing of your personal data is Article 6 (1) sentence 1 lit. b DSGVO. According to this provision, the processing of your personal data is also permissible without your consent if it is necessary for the performance of a contract to which you are a party or for the performance of pre-contractual measures which are carried out at your request.
(3) Insofar as the purpose of the processing is the defence against claims on your part which are directly or indirectly related to the respective contract, in addition to Article 6 (1) sentence 1 lit. b DSGVO, Section 212 UGB paragraph 1, 2nd half sentence in connection with Article 6 (1) sentence 1 lit.b DSGVO is also applicable. Article 6 paragraph 1 sentence 1 lit. c DSGVO is the legal basis. According to this, we are obliged to store your data for as long as they are relevant for pending judicial or official proceedings in which we have party status.
(4) The legal basis we have mentioned under paragraph 2 also applies if we process your data in your capacity as an applicant or current or former employee on this website.
(5) Insofar as we refer to Article 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing, which in cases of justified objection leads to an end to the processing based on this. And insofar as we do not expressly refer to Article 6 (1) sentence 1 lit. c DSGVO, there is no obligation to process.

General information on the retention period of data in the context of the processing operations described below
‍(1) We store the data for as long as is necessary to establish, perform and, if applicable, terminate the contract and/or to defend ourselves against claims by you that are directly or indirectly related to the respective contract.  
(2) If a contractual relationship is concluded between us, we shall store the data additionally until the expiry of our statutory retention periods. The legal basis for this is Article 6 paragraph 1 sentence 1 lit. c DSGVO in conjunction with. § SECTION 212 UGB. According to these regulations, some of the above-mentioned data must also be retained beyond the time when the purpose has been achieved. For example, we may be obliged to keep personal data relating to you, consisting of books, inventories, opening balances, annual financial statements including management reports, consolidated financial statements including group management reports, business letters received, copies of business letters sent and receipts for entries in the books to be kept in accordance with § 190 UGB (accounting records) for seven years.
(3) If we process your data in your function as an applicant, we will generally store the data until a final decision has been made on your application and1. In the event of rejection for a further six months after rejection, whereby the legal basis for the six-month storage is Article 6 (1) sentence 1lit. f DSGVO and our legitimate interest follows from the right to defend ourselves against complaints under the GlBG (cf. Section 15 GlBG),2. In the event that we ask you whether you wish to be included in our applicant pool and you say yes, until the time of revocation of your consent, whereby the legal basis for this storage is your consent pursuant to Article 6 (1) sentence 1 lit. b DSGVO. In the cases of paragraph 3 clauses 1 and 2, we only reserve the right to store data, but this data protection declaration does not create an obligation to store data.
(4) Insofar as we refer to Article 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing, which in cases of justified objection leads to an end to the processing based on this. And insofar as we do not expressly refer to Article 6 (1) sentence 1 lit. c DSGVO, there is no obligation to process.

Processing operations for which your consent is required (primary legal basis: Article 6 (1) sentence 1 lit. a DSGVO)General information on the purpose and legal basis of the processing operations described below
‍(1) The purpose of the processing operations described below is described separately for each tool.
(2) The legal basis for the respective data processing is your consent pursuant to Article 6 (1) sentence 1 lit. a DSGVO. According to this provision, the processing of your personal data is permissible if you have given your consent to the processing of the personal data concerning you for one or more specific purposes.

General information on the retention period of data in the context of the processing operations described below
‍(1) We generally store the data until you have revoked your consent. You can declare your revocation at any time, for example by sending an informal message to one of the above-mentioned contact channels.
(2) This does not apply to all data for which a reason for storage other than your consent applies. In particular, we store the information that you have consented and how you have consented for three years, whereby the period begins to run on 31 December of the calendar year in which you revoke your consent. The legal basis for this is Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. Article 7 (1) DSGVO, as we are obliged to document the granting of consent. Moreover, this longer storage is also justified by Article6(1) sentence 1 lit. f DSGVO, as it is in our legitimate interest to defend ourselves against claims for damages based on the fact that no consent was given. This interest in storage exists at least until the expiry of the statutory limitation period (§ 1489 ABGB).

‍Notes on the legal basis "Consent”
‍(1) Insofar as we obtain consent from you for processing, you have the right to revoke this consent at any time with effect for the future. As a rule, this is possible by sending an informal message to us (cf. "Person responsible." above). Furthermore, we would like to point out that we process further of your personal data in the course of obtaining your consent. These are, on the one hand, identity features (such as your name, your e-mail address, your IP address) and, on the other hand, protocol data on consent (time of consent, status of consent, scope of consent). We base this data processing on Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. Article 7 paragraph 1 DSGVO. The purpose is the need to prove that you have given your consent.

Supplementary information on obtaining consent via "cookie script"
‍Briefly: To obtain your consent for the use of certain cookies, we use the external tool "cookie-script". We use this to collect and store all consent processes that you trigger in this context. Processing and third-party providers in detail: In connection with the use of so-called cookies, we use the tool "cookie-script". The provider is Object is Ltd, Žalgirio st. 88, LT-09303 Vilnius, Lithuania, https://cookie-script.com (privacy policy: https://cookie-script.com/privacy-policy.html ). With this tool, we document your consent to the cookie-based data processing on our website. In this context, we would like to point out that we process personal data about you when we obtain consent.Data that is processed: In this context, we would like to point out that we process personal data from you when obtaining consent. On the one hand, these are identity features and, on the other hand, protocol data on consent.

Google Analytics
‍Briefly: We use cookies to evaluate your usage behavior on and interaction with our website. We then evaluate this information in order to be able to design our website in an even more targeted manner. We use the "Google Analytics" tool for this purpose. The US data transfer, which cannot be ruled out, is justified as the processing only takes place if you consent to it. Processing and third-party providers in detail: To analyze your user behavior on our website, we use the following service provider with its tool described in more detail in the heading: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will additionally be processed by Google Ireland Ltd, Gordon House, Barrow Street,Dublin 4, Ireland. We would like to briefly describe this processing procedure: The tool uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The provider will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The privacy policy of this provider can be found here: https://policies.google.com/privacy?fg=1. The purpose can be described as follows: We use this tool to be able to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. You can find more details on the type and manner of processing via this provider here: https://marketingplatform.google.com/intl/de/about/analytics/.  

Data that is processed: This tool uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by this about your use of this website is usually transferred to a server of the provider in the USA and stored there. However, your IP address will be truncated beforehand by the provider within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of the provider in the USA and shortened there. The IP address transmitted by your browser when using this tool is not merged with other data by the provider. We also use this tool for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal data". For your information, we would like to point out that we use this tool with the extension "_anonymizeIp()". This means that IP addresses are processed in abbreviated form, which means that they cannot be linked to a specific person. If the data collected about you is related to a person, this is immediately excluded and the personal data is immediately deleted.Third country status: The processing is not prevented by the fact that the data is transferred to the USA, possibly in cooperation with Google LLC. This is because we only use this tool if you consent to the associated transfer of data to the USA (cf. Article 49 (1) (a) DSGVO). Please be sure to read our risk information beforehand (cf. General Section/Special Constellation: Consent to Transfer to Third-Party Data Controllers Located in the USA, including the risk information).

Google Tag Manager
‍Briefly: We use a central control tool, namely the "Google Tag Manager", to coordinate various measures that serve to analyze your usage behavior. The US data transfer, which cannot be excluded, is justified as the processing only takes place if you consent to it.

‍Processing and third-party providers in detail: In order to coordinate and carry out our analysis of your user behavior on our website as well as our advertising targeting, we use the following service provider with its tool described in more detail in the heading: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will additionally be processed by Google Ireland Ltd, Gordon House, Barrow Street,Dublin 4, Ireland. We would like to briefly describe this processing procedure: This tool enables us to integrate various codes and services on our website in an orderly and simplified manner. This tool implements the tags or triggers the tags integrated with them. When a tag is triggered, the provider may also process personal data. It cannot be ruled out that the provider also transmits the data to a server in a third country. The privacy policy of this provider can be found here: https://policies.google.com/privacy?fg=1. The purpose can be described as follows: We use the tool to integrate various codes and services in an orderly and simplified manner on our website; this is for the purposes of analyzing user behavior and, if necessary, for advertising purposes. You can find more details about how we process data via this provider here: https://marketingplatform.google.com/intl/de/about/tag-manager/.  

‍Data that is processed: Here, we generally process those data from you that we process in connection with Google analytics tools and Google advertising. We refer to the other explanations in connection with processing operations in which the provider assists us.  

‍Third country status: The processing is not prevented by the fact that the data is transferred to the USA, possibly in cooperation with Google LLC. This is because we only use this tool if you consent to the associated transfer of data to the USA (cf. Article 49 (1) (a) DSGVO). Please be sure to read our risk information beforehand (cf. General Section/Special Constellation: Consent to Transfer to Third-Party DataControllers Located in the USA, including the risk information).

Hubspot (Marketingautomation)
‍Briefly: In order to be able to communicate with you in an automated way, for example when sending you useful information, we use marketing automation to send automated messages (e.g. emails, SMS) to you, evaluate your interactions and in turn respond to them in an automated way. The US data transfer, which cannot be excluded, is justified as the processing only takes place if you consent to it.

‍Processing and third party providers in detail: We use the above marketing automation solution. Their provider is: HubSpot, Inc, 25 First Street, Cambridge, MA 02141 (USA), hubspotgermany@hubspot.com. We have commissioned this provider with the processing of your data in accordance with Article 28 DSGVO. You can find the agreement here: https://legal.hubspot.com/de/dpa. You can find the privacy policy of this provider here: https://legal.hubspot.com/de/privacy-policy.  

Data processed: We process all data that we use for advertising purposes, as already described in this data protection declaration. Furthermore, we use so-called"tags" in our communication with you (for example, to process the contract or follow-up emails) and when delivering newsletters and webinars. A tag is a marking of information with additional information, specifications or categories. When tagging, information is linked with suitable keywords, categories or other parameters defined by us in advance. It is important that we use and define these tags in such a way that the provider follows our instructions here.  

‍Third country status: The fact that the provider is located outside the European Union does not prevent processing. This is because we only use this tool if you consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). Please be sure to read our risk information beforehand (cf. General Section/SpecialConstellation: Consent to Transfer to Third-Party Providers Located in the USA, including the risk information).

Informational use of the website
‍Briefly: When you visit our website, so-called transient cookies briefly process data from you in order to display the website to you.

Processing in detail: We use so-called transient cookies on our website. These include, in particular, session cookies. These store a so-called session ID, with which various requests of the visitor's browser can be assigned to the common session. This allows the visitor's computer to be recognized when the visitor returns to your website.  

Data processed: IP address, date and time of the request, time zone difference to Greenwich Mean Time(GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case , website from which the request came, browser, operating system and its interface, language and version of the browser software. We receive this data via cookies and directly from your browser

‍Management of Rights
‍Briefly: When you assert rights against us (e.g. request for information), we process the related communication data in order to be able to prove later how we have dealt with your claims.

Processing in detail: You have a number of rights vis-à-vis us (see General section, Rights of visitors to the website). If you assert rights against us, we process the related contact, communication and transaction data. We process your data as follows:1. we receive your request.2. we examine your request3. we comply with your request if it is justified.4. we store the related data.

Addition to the legal basis: While the processing in the sense of the intention paragraphs 1 to 3 is justified by Article 6 (1) sentence 1 lit. c DSGVO (we are generally obliged to process your concerns on the basis of the DSGVO), the purpose of the storage (paragraph 2 clause 4) is that we store the data in order to be able to defend ourselves against claims on your part at a later date. This is also our legitimate interest. We store your data until the end of the third calendar year following your request/input (cf. Article 6 (1) sentence 1 lit. f DSGVO in conjunction with Section 1489 ABGB).

Data processed: Name, contact details and communication content.

External advice on your claims
‍Briefly: When you assert rights against us (e.g. request for information), in some cases we seek external advice (e.g. legal advice, data protection officer, IT service provider...).

‍Processing in detail: You have a number of rights vis-à-vis us (see General section, Rights of visitors to the website). If you assert rights against us, we forward this request to external service providers for examination, who are in turn sworn to secrecy. The purpose of the processing is that we obtain expert advice in order to process your concerns in accordance with the law. This is in both our and your legitimate interests.

‍Data processed: Name, contact details and communication content.