Data protection

Last updated: November 2018

1. Data Protection Declaration

Data Protection Declaration of E-Quadrat Communications GmbH ("E2"; "we"), Rathausstraße 19, 1010 Vienna, Austria, concerning the Website https://www.e-2.at/en/ ("Website").

Below we inform you in detail to what extent we process your personal data and what rights you have in this regard. The protection of your privacy is a high priority to us. The following declaration is intended to inform you comprehensively on what (personal) data we collect while using our services as well as how we deal with it and which rights you have within this context. Our Data Protection Declaration complies with the General Data Protection Regulation of the European Union ("GDPR").

Data protection regulations must always be observed when personal data is processed. For the scope of this Data Protection Declaration, the definitions of the GDPR are relevant. Thus, the "processing" of personal data essentially includes any handling of the same. As far as data processed by us are human-related and — even if only through third parties, in a summary or by means of additional knowledge — make you identifiable as a person (in particular, have your full name brought to light), it is basically personal data.

This Data Protection Declaration refers exclusively to the above-mentioned Website. If you are forwarded to other websites via links on our Website, please inform yourself directly on the target page about the respective handling of your personal data. We cannot assume any responsibility or liability for the content of third party websites that are linked via our Website.

Our Website serves as presentation of the E-Quadrat Communications GmbH.

Different partners are involved in the provision of our services. This applies to data collection as well as to the placement of the advertising offer. These partners take on different roles depending on the tasks involved. According to the GDPR, these are to be qualified as independent controllers or processors.

2. Data Processing following the Access of Our Website

When you visit our Website, we collect the following data: IP address.

You may use our Website without providing any information about yourself. When accessing our Website, we will only process data regarding the access (e.g. IP-Address, surfing behavior(s), additional meta data, date and time of retrieval, volume of transferred data, requesting provider) in server log files. This data processing is carried out for the purpose of visitor traceability, checking the effectiveness of advertising measures, playing off targeted advertising elements and messages as well as for the purpose of technical safety and improving the quality of our offer and is based on Art 6 paragraph 1 lit f GDPR (legitimate interests, namely achieving the above-mentioned purposes). However, this information does not enable us to draw any conclusions to you as a person. You can therefore to a large extent view all the contents of our Website without providing any personal data.

3. Rights of the Data Subject

A central aspect of data protection regulation is the implementation of adequate opportunities to allow the disposition of personal data even after such data has been processed. For this purpose, a series of rights of the data subject are set in place. E2 shall comply with your corresponding requests to exercise your rights without undue delay and in any event within 1 (one) month after receipt of the request. To exercise your rights, please contact us at the following e-mail address: dataprotection@e-2.at. Specifically, the following rights are entailed:

  1. If you exercise your right to information and there are no legal restrictions, we will inform you in detail about our processing of your data. To this end, we will send you (i) copies of the data (emails, database extracts, etc.), as well as information on (ii) specifically processed data, (iii) processing purposes, (iv) categories of processed data, (v) recipients, (vi) the storage period or the criteria for its determination, (vii) the origin of the data and (viii) further information as the case may be. Please note, however, that we cannot hand over any documents that could impair the rights of other persons.
  2. With the right to correct, you may request that we correct incorrectly recorded, incorrect or (for the respective processing purpose) incomplete data. Subsequently your request will be reviewed and the data processing concerned may be restricted upon request for the duration of the examination.
  3. The right to (data) deletion may be exercised (i) in the absence of any need for processing purposes, (ii) in the event of the revocation of a consent granted by you, (iii) in the event of a special objection, provided that the data processing concerned is based on the legitimate interests of E2, (iv) in the event of unlawful data processing, (v) in the event of a legal obligation to delete and (vi) in the event of data processing by minors under 16 years of age.
  4. In special cases, there is an accompanying right to restrictions, of which the data concerned may be stored. In addition to the possibility of restricting the examination period for data corrections, (i) the unlawful data processing (if no unless (no) deletion is required) and (ii) the duration of the examination of a special request for objection are covered.
  5. With the right to data portability, you may request to receive the data in a structured, commonly used and machine-readable format and transmit those data to another controller.
  6. In addition, you have a fundamental right of objection to data processing at any time. However, this only applies if the processing is based on the legitimate interests of E2.
  7. You may also exercise your right of appeal to the Supervisory Authority (see point 12).

Please also note that we may not be able to comply with your request due to compelling reasons worthy of protection for processing (balancing of interests) or processing due to the assertion, exercise or defense of legal claims (on our part). The same applies in the case of excessive requests, whereby a fee may be charged here as well as in the processing of manifestly unfounded requests.

4. Data Security; Deletion of data

E2 takes all appropriate technical and organizational measures to ensure that only personal data, whose processing is absolutely necessary for business purposes are processed by default. The measures we have taken concern both the amount of data collected, the processing scope and its storage period and accessibility. Based on these measures, we ensure that personal data by default is only made available to a narrowly limited and necessary number of persons. Under no circumstances will other persons be granted access to personal data without the express consent of the data subject. We also use various protection mechanisms (backups, encryption) to secure the Website and other systems. This should serve to protect your (personal) data as best as possible from loss or theft, destruction, unauthorized access, alteration and dissemination.

In accordance with the provisions of the GDPR, all (personal) data collected by us via the Website or App will only be kept for as long as it is required with regard to the legal basis of the processing, unless long-term storage is provided for by law. Furthermore we fulfil our deletion obligation on the basis of our specific internal company deletion policy, whereby we can provide you with further information on request.

All E2 employees have been sufficiently informed about all applicable data protection regulations, internal data protection regulations and data security precautions and are required to keep secret all information entrusted or made available to them in the context of their professional employment. The requirements of the GDPR are strictly observed and personal data is only made available to individual employees insofar as this is necessary with regard to the purpose of data collection and our obligations arising therefrom.

If we use contractors, they are also obliged to comply with all applicable data protection regulations on the basis of specific framework agreements. Furthermore, when handling your (personal) data, they are strictly bound to our guidelines, in particular with regard to type and scope.

5. Data transmission

For the purposes explained in this Data Protection Declaration, we will transfer your (personal) data to recipients of the following categories:

Within our organization, those departments or employees who need your data to fulfil their contractual or legal obligations and as a result of data processing based on our legitimate interests, will receive it. Due to our organizational structure, it is also necessary for certain information to be transmitted to our subsidiary / daughter company E-2 Communications Malta Ltd., 10, Lapsi Street, Fl. No.1, STJ 1261 St. Julians, Malta.

Furthermore, (external) contractors commissioned by us receive your data if they require the data to provide their respective services (whereby access to personal data is sufficient). All contractors are contractually obliged to treat your data confidentially and to process it only within the scope of the provision of services. This includes the following categories of recipients:

  • Management
  • Customer Management
  • Product Management
  • Marketing
  • Legal Departments
  • IT Support
  • Hosting Provider
  • Payment Provider
  • Analytics

We have a constantly updated list of our recipient categories with regard to data transfers and contract processors.

Some of the recipients mentioned above are located outside the EU or they process your (personal) data there. However, we take measures to ensure that all recipients have an adequate level of data protection. To this end, we conclude standard contractual clauses, for example, which can be submitted on request. Alternatively, we use providers that are certified according to the EU-US Privacy Shield and for this reason have an appropriate level of data protection according to the GDPR (according to the adequacy decision of the European Commission).

If we use contract processors, they are bound to our data protection practice as previously mentioned and will treat your personal data strictly confidential. Under no circumstances will they transmit your data to third parties or use it for purposes other than those intended to fulfil their obligations towards E2 or in accordance with our express instructions without our express consent.

6. Cookies

We use cookies, which are small text files that are stored on your computer when you access our Website. They help us to make our offer more user-friendly, attractive and secure. In many cases, these are "session cookies", which are deleted without your intervention as soon as you end your current browser session. Other cookies (e.g. for storing your language setting) remain for a longer period of time or until you remove them manually.

Most browsers automatically accept cookies. However, you have the option of adjusting your browser settings so that cookies are either generally rejected or only certain types are permitted (e.g. restriction of refusal to third-party cookies). If you change your browser's cookie settings, however, our Website may no longer be used in full. You will find the setting options for the most common browsers under the following links:

  1. Internet Explorer™: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
  2. Edge™: https://www.thewindowsclub.com/allow-or-block-cookies-in-microsoft-edge
  3. Safari™: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
  4. Chrome™: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
  5. Firefox™: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
  6. Opera™: https://help.opera.com/en/latest/web-preferences/#cookies

7. Google Analytics

Our Website uses web analysis tools of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), which enable us to analyze how you use this Website. Since a login to our Website is not intended or possible, you will only be assigned a client ID, which will be regenerated for different devices. The tracking code analytics.js (Java Script) is used for tracking. In this context, we process your data on the basis of our legitimate interest in producing easy-to-use Website access statistics in a cost-efficient manner (Art 6 Paragraph 1 lit f GDPR).

By using the software, a cookie is set (for the client ID), which is stored on your computer. The information generated by the cookie about your use of this Website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymization on this Website, your IP address will be reduced by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to its transmission to a Google server in the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on Website activity and providing other services relating to Website and internet usage. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. Google cannot find out who you are.

Google is a participant in the EU-US Privacy Shield, which obliges the company to comply with the agreement and to maintain a level of data protection in line with European data protection standards. The Privacy Shield certification can be viewed at https://www.privacyshield.gov/list.

With the procedure described under point 6 you can prevent the storage of cookies by a corresponding setting of your browser software (possibly limited to third party cookies). You can also prevent Google from collecting data generated by cookies and relating to your use of the Website (including your IP address) and from processing this data by downloading and installing an appropriate browser plug-in (https://tools.google.com/dlpage/gaoptout?hl=en). Alternatively, you can also click here to set an opt-out cookie, which is stored on your device and also prevents Google Analytics from collecting your data. If you delete your saved cookies, however, this step is required again. However, we would like to point out that you may then not be able to use all functions of the Website to their full extent.

Further information on data protection in connection with Google Analytics and your options in this regard can be found at https://www.google.com/analytics/learn/privacy.html?hl=en-GB.

8. Website tracking for marketing and advertisement purposes

On our Website and optionally during the provision of our services, we collect data about the surfing behavior of website users by means of Cxense of Cxense ASA, Karenslyst Allé 4, 0278 Oslo, Norway. This is required in order to place customized advertisements. By using this software, cookies are set that are stored on the devices. The information generated by the cookie or script about your use of the Website is usually sent to and stored on a server of Cxense.

In opt-out mode, potentially personal data processing could take place automatically. Data collection by E2 using Cxense is based on Article 6 (1) (f) GDPR (legitimate interest). The purpose of data processing is the analysis and collection of potentially personal data.

The legitimate interest of E2 lies in the collection of data about the surfing activities of users, which is necessary for the financing of the Website. These data form the basis for customized advertisements and thus represent an important source of financing for the service offering. In order to safeguard this legitimate interest, it is necessary to carry out data collection and analyze surf-related data.

In general, the following potentially personal data may be processed:

  • The recording of Website visits and other Website interactions to compile statistics, user profiles and content profiles.
  • Cookies, device information and information about Website visits as well as pseudonymous identifiers,
  • Other arbitrary data that can be included in the Cxense system including for example: age, gender, group information and other first data information.

These data may be used to create aggregated user interest profiles, which could be used for individual advertisements.

These collected data may be transmitted to Cxense and to any other (sub)processors.

Further information on data protection in connection with Cxense's (sub)processors and your options in this regard can be found at https://www.cxense.com/about-us/privacy-policy.

E2 und Cxense process data that are subject to the GDPR only within the European Economic Area (EEA).

The storage time of the data can be seen in our deletion concept.

Neither E2 nor Cxense makes a decision on the basis of the automatically processed data, which could have a legal effect or lead to a significant impairment of the data subject within the meaning of Article 22 GDPR. Therefore, there is no profiling within the meaning of the GDPR, which would require special measures.

In order to prevent or to object to personal data collection in any case, you can use this link (opt-out-option): https://www.cxense.com/preferences?optOutStatus=true.

9. Data processing through the use of Oddsserve

On our Website and optionally in the provision of our services on third party websites, advertising is displayed for the purpose of financing the website offer. In most cases, this advertising is customized to the user (unless the opt-out option has been selected). Oddsserve is a so-called ad system in which advertising content (banner, widgets, lading pages, native integrations, etc.) may be delivered using a sports database via an adserver. Oddsserve uses the adserver of ADITION technologies AG, Oststraße 55, 40211 Düsseldorf, Germany as the processor. In addition, Oddsserve also delivers content such as subsites via directly created HTML Codes.

The service that Oddsserve offers is the creation and distribution of (personalized) advertising through various channels and technical possibilities. The purpose of the commission of Oddsserve is to show the Website users, based on their current browsing and search behavior, advertisements and products that are as relevant to them as possible.

To collect this data, tracking-cookies and similar technologies (including scripts) are used, which are placed through the user's browsers. Alternatively, data may also be processed via advertising-IDs in settings, which do not support cookies, such as apps.

Data processed by Oddsserve include:

  • events relating to activities on the advertiser's website (e.g. number of pages viewed, products viewed on this website, search terms, files viewed such as graphics, date and time of access),
  • information about the terminal device (device type, operating system, version),
  • imprecise location information and information resulting from a shortened IP address,
  • events relating to the placement of advertisements by us, for example, the number of advertisements displayed,
  • used browsers, Internet Service Provider (ISP), link or exit pages.

The purpose of data processing is the analysis and collection of potentially personal data. Since possibly personal data may be available in this respect, the processing is carried out in the overriding legitimate interest within the meaning of Article 6 (1) (f) GDPR.

The legitimate interest is the collection of data on surfing behaviour, which is necessary for website financing. These data provide the basis for customized advertisements and thus constitute an important source of financing for our services. The legitimate interest therefore consists in the purposes necessary for website financing - measuring reach, marketing advertising space and displaying usage-based online advertising as well as the targeting of advertising elements. In order to safeguard the interest, it is necessary to collect data and analyse surfing data.

Neither E2 nor Oddserve makes a decision on the basis of the automatically processed data, which could have a legal effect or lead to a significant impairment of the data subject within the meaning of Article 22 GDPR. Therefore, there is no profiling within the meaning of the GDPR, which would require special measures.

The collected data may be transmitted to ADITION technologies AG and any other subcontract data processors.

Further information on data protection in connection with (sub)processors and your options in this regard can be found at: https://www.adition.com/datenschutz/.

The storage time of the data can be seen in our deletion concept.

In order to prevent or to object to personal data collection in any case, you can use this link (opt-out-option): https://www.adition.com/datenschutz/.

10. Social-Plugins and "2-Click-Solutions"

Our Website uses so-called social plugins ("Plugins") of the social networks Facebook, Google+ and the microblogging service Twitter.

Facebook is operated by Facebook Inc, 1601 Willow Road, Menlo Park, CA 94025, USA ("Facebook"). An overview of Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins

Google+ is operated by Google. An overview of the Google+ plugins and their appearance can be found here: https://developers.google.com/+/web/

Twitter is operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). An overview of the Twitter buttons and their appearance can be found here: https://twitter.com/about/resources/buttons

In order to increase the protection of your data when you visit our Website, the plug-ins are integrated into the site by means of a so-called "2-click solution". This integration ensures that when you visit a page of our Website that contains such Plugins, no connection to the Facebook, Google and Twitter servers is established. Your browser does not establish a direct connection to the Google, Facebook or Twitter servers until you activate the Plugins and thus give your consent to data transmission. The content of the respective Plugin is then transmitted directly to your browser and integrated into the page. By activating the Plugins, the providers receive the information that your browser has called up the corresponding page of our Website, even if you do not have a profile with the corresponding provider or are not currently logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider in the USA and stored there. If you are logged in to one of the services, the providers can immediately assign your visit to our Website to your profile on Facebook, Google+ or Twitter. If you interact with the Plugins, e.g. press the "Like", the "+1" or the "Twitter" button, the corresponding information is also transmitted directly to a server of the respective provider and stored there. The information is also published on the social network or on your Twitter account and displayed to your contacts there.

For information on data collection by the providers and your rights and setting options for protecting your privacy, please refer to the providers' data protection information.

Privacy policy of Facebook: https://www.facebook.com/privacy/explanation

Privacy Policy of Google: https://developers.google.com/+/web/buttons-policy

Privacy policy of Twitter: https://twitter.com/privacy

If you do not want Google, Facebook or Twitter to associate the data collected via our Website directly with your profile at the respective service, you must log out of the corresponding service before activating the Plugins.

Please note that Facebook, Google and Twitter participate in the EU-US Privacy Shield, which obliges companies to comply with the agreement and to maintain a level of data protection that meets European data protection standards. The EU-US Privacy Shield has been granted an adequate level of data protection by an adequacy decision of the European Commission; data transfers to certified companies in the third country USA are therefore permitted to a large extent. The Privacy Shield certifications can be viewed at https://www.privacyshield.gov/list.

11. Your Online Choices

The Website http://www.youronlinechoices.com/ of online advertising agencies of the "European Interactive Digital Advertising Alliance" (EDAA) provides you with sustainable information on use-based online advertising and online data protection. Furthermore, certain setting options are made available to you in the web interface ("preference management") at http://www.youronlinechoices.com/uk/your-ad-choices, which, for example, allow you to view/edit your cookie settings with regard to numerous companies. A beta plugin for the browsers Google Chrome and Mozilla Firefox is also available at http://www.youronlinechoices.com/uk/browser-extension to prevent the accidental deletion of cookies and save your preferences. Companies that are designated as "edaa certified" must comply with certain self-imposed industry guidelines.

12. Right of Appeal

If you are of the opinion that we violate applicable data protection laws when processing your data, you have the right to file a complaint with the relevant national data protection authority. The requirements for such a complaint are based on the respective national implementation law of the GDPR, as the GDPR itself does not provide for any regulation in this respect. However, we ask you to contact us in advance in order to clarify any questions or problems.

13. Contact Details regarding Data Protection Issues

In case you have any questions or requests concerning our privacy practices or if you would like to exercise your right of information, rectification or deletion, please send us a written request outlining your desire to:

E-Quadrat Communications GmbH
Rathausstraße 19
1010 Vienna
Austria

E-Mail: dataprotection@e-2.at