D A T A  P R O T E C T I O N  I N F O R M A T I O N  

“Hunter meets Hunter”

 

(1) Processing activities

Online service for information about hunting events and for purchasing tickets for hunting events

 

(2) Controller 

Hunter meets Hunter GmbH

Sprinzenstein 4, 4150 Rohrbach-Berg

Email: info@huntermeetshunter.com

 

(3) Contact person responsible for data protection or the Data Protection Officer

Lelio Spannocchi, General Manager

 

(4) Responsible for the contract of the event

With the purchase of tickets for hunting events, an "event contract" is created between the user and the organiser, for the fulfillment and processing of which the organiser alone is responsible; in case of an exchange both contracting parties are organisers. The organiser will be shown separately (as responsible person) when a ticket is purchased. The transmission of the data necessary for the execution of the purchase contract to the organiser (and vice versa) is absolutely necessary for the fulfillment of the purpose of the contract. When handling the ticket sales contracts, Hunter meets Hunter GmbH acts as processor for the organiser and bases its data processing on a contract data processing contract.

 

(5) Purposes of data processing 

5.1 on the legal basis ofperformance or preparation of contracts

(a) Keeping information about hunting event retrievable

(b) Providing services for recommending events based on the interests of the user (with opt-out at any time)

(c) Availability of online shops and online exchanges of the organizer for the purchase/exchange of tickets (see the comments under point 4)

(d) Providing communication channels for disseminating the content and servicing the customer relationship

(e) Fulfillment of the contractual obligations from the service contract to the person responsible

(f) Fulfillment of the contractual obligations arising from the purchase and event contract concluded with the organizer

5.2 on the legal basis of the (overriding) legitimate interests

(g) Distribution of (including advertising) information for services and events by means of direct marketing ("marketing purposes"), to the extent permitted by law

(h) Maintaining and increasing customer satisfaction and retention by analyzing usage patterns to improve service offerings using Google Analytics

(i) Provision of (also advertising) newsletters to customers on the legal basis of § 107 (3) TKG with opt-out possibility at any time

(j) Transmission of user's electronic identification data to third parties for incorporating content through posts on social networks (e.g., youTube) and other applications (e.g., Google Maps).

(k) Transmission of the user's electronic identification data via Facebook Pixel to Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2

5.3 of consent

(l) Provision of (also promotional) newsletters to customers based on their consent with opt-out at any time

 

(6) Legal basis for data processing

6.1 Performance of the contract 

a) Online use:The use of the online service is already based on a contract as defined in Art. 6 (1) (b) GDPR (Kühling/Buchner  DS-GVO [GDPR] 2017, Art. 6 (59)) ; a registration relationship is established upon registration. 

b) Conclusion of ticket purchase contracts:In the case of the purchase of tickets, the data processing of the organizer is based on the contract concluded in each case and serves the purpose of fulfilling the contract (see the comments under point 4).

6.2 Additional Services: Consent.

For individual services (such as newsletters), the person responsible explicitly solicits the customer's consent. This consent can be withdrawn at any time with effect for the future.

6.3 Predominant legitimate interests(see point 7)

 

(7) Description of (overriding) legitimate interests for the purposes  

7.1 of IT security:

The controller will store the IP addresses of its customers for a period of 7 days in order to protect against targeted attacks in the form of server overloads (Denial of Service attacks) or other damage to the systems. The controller has an overriding legitimate interest in such data processing for the purposes of maintaining the functionality of its online services (Recital 49 GDPR).

7.2 the distribution of information / direct marketing

The person responsible processes the customer data (but not children's or special categories of personal data in the sense of Art 9 GDPR ("sensitive data") in order to use them for purposes of direct advertising for (further) offers by the person in charge. The Responsible person has a legitimate interest in the processing of personal data for the purpose of direct advertising (Recital 47, last sentence of the GDPR) .In this case, only those customer data are processed which the person in charge has a contractual relationship and for which the storage period is still running. An extension of the retention period does not take place. The primary objective of the data processing is the acquisition of customers, whereby the person responsible relies on his conventionally and constitutionally protected freedom of work (Article 6 StGG) and freedom of communication (in Art 10 ECHR, which also protects advertising measures) and on the rights

• for the transmission of postal advertising;

• for the transmission of electronic mail after consent and in accordance with § 107 para. 3 TKG.

When using this data, the responsible person complies with the communication regulations, in particular § 107 TKG.

7.3 of Retargeting: 

Facebook uses the "Facebook pixel" set by the person responsible in its services in order to store cookies on the user's device and to read out existing cookies, other identifiers and to enrich the profile created for the identifier or user. The responsible person has access to these data collected by Facebook, but uses them to show advertising to the target group of those interested in the service of the responsible person.

 

(8) Change of purpose

Dissemination of Information / Advertising: The person responsible informs that he also processes the personal data of the customer for the purpose of disseminating information / direct mail and for purposes of retargeting. The responsible person wants to inform about their own services and events of the organizers and to promote them. For this purpose, these data will not be left to third parties under its responsibility. There is no inconsistency with the purpose of the original data collection. The customer may object to the use of his personal data for the purposes of direct advertising at any time and without giving reasons.

 

(9) Evaluating personal aspects of the customer (profiling) 

Evaluation of personal interests with regard to hunting events:

For the purpose of compiling suitable recommendations the controller processes and evaluates search and user behaviour, and draws conclusions about specific personal interests. The controller uses those evaluated interests to send the customer targeted recommendations.    

The customer may object to the use of his personal data for the purpose of profiling at any time and without having to state reasons. Upon objection the controller will no longer use the customer's personal data for the purposes of profiling.

 

(10) Obligation to provide data

The customer is under no obligation to provide data. Reasonable use of the platform is, however, inconceivable without entering any data.

 

(11) Automated decision-making

The customer is subject to noautomated decision-making, which would become legally effective vis-à-vis him.

 

(12) Processed types of data

12.1 provided by the customer 

  • Name/Company name, academic degree
  • Username
  • Phone number
  • Email address
  • Place of residence or address
  • Title
  • Date of birth  Information on newsletter subscription
  • Password
  • Application text 
  • Message contents
  • Voluntary information (Foto, age, sex, interests)

12.2 additionally collected by the controller 

  • IP addresses (log files)
  • Data on the terminal equipment
  • Browser used
  • Equipment used
  • Communications protocol
  • Information on account use (e.g. date created, number of logins, date of the last request)
  • User ID
  • Behavior data of the user (View, Fav, Rate, Add to Cart, Buy)
  • Origin of downloads

 

(13) Data sources (to the extent not provided by the customer nor collected by the controller)

 

Facebook login:

Email, name, gender, Facebook UID, Facebook link, photo

 

MailChimp:

IP location, preferred email client, registration source, campaign details (receipt, open, click)

 

Social media channels:        

Facebook:

Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, https://de-de.facebook.com/about/basics

 

(14) External recipients of data:

A) Integration of third-party services in the platform: Transmission of electronic identification data, in particular IP address:

 

Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA, https://help.instagram.com/       Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA, https://twitter.com/de/privacy

 

Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, https://de-de.facebook.com/about/basics          YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA https://support.google.com/youtube/answer/7671399?hl=de

 

Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

https://policy.pinterest.com/de/privacy-policy    

 

B) Organizer (specified during the purchase process):E-mail, name, address, telephone number, order information

Buyer / Exchange Business Partner (will be indicated at the time of purchase / exchange):Email, Name, Address, Phone Number, Order Details

 

C) Processor:

Domainfactory GmbH, Parkring 10, A-1010 Wien, Austria

 

Google Analytics (mit “anonymize IP”): Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

 

E-Mail-Newsletter „Mailchimp“: The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

 

The person responsible expressly reserves the right to use further order data processors. These are then reported in the update of the privacy policy following the start of the operation. These data processes of the contract data processors take place under the responsibility of the responsible person.

All external recipients can be written to and contacted via the controller with regard to questions under data protection law.

 

(15) Internal recipients

  • System administrator
  • General management
  • Developer
  • internal departments

 

(16) Transfer to third countries

The following data will be transmitted to countries outside of the EU in connection with data processing:

 

Country: USA

Application: Google 

Types of data: Google Analytics: anonymised IP address, website title, browser-specific information, information about website use.

 

Country: USA

Application: Facebook

Types of data: Social plug-ins: IP address, website title, browser-specific information, information about website use.

 

Country: USA

Application: MailChimp

Types of data: Transmission by email (newsletter):email address, name

 

(17) Appearances on social media channels

The person responsible informs that he has independent online presence for the purpose of advertising and communication with the customers in social media channels. In these online appearances, the customer's data may be processed outside of the European Union, which increases the risk of data breach. The operators of the social media channels have, as far as they are based in the US, largely subordinated to the EU-US Privacy Shield.

These online appearances are kept retrievable in the technical environment of the respective social media operator. The social media operators then use the customer's online presence visit for their own purposes, in particular to play out (interest-based) advertising. The social media operators use the visit in order to store "cookies" on the customer's terminal, to read out existing cookies / identifiers, to deduce the user's behavior from the customer's interests and thus to enrich the usage profile specified for the customer or identifier , The aim is to play out interest-based advertising to the customer, which can also be done on subsequently visited third party websites.

The personal data of the customer is processed on the basis of the legitimate interests of the person responsible for the advertising measures and the customer communication, which is governed by the freedom of work (Art. 6 StGG) and freedom of communication (in Art 10 ECHR, which also protects advertising measures) - and constitutionally protected. If the customers are users of the social media channels, the data processing can also be covered by the customer's consent.

The responsible informs that she has no access to the data of the customer. The person responsible therefore recommends that the customer, in the event of the assertion of his rights to information, correction, deletion, restriction, opposition and data portability, address the relevant social media channel directly. The users of social media channels can also make changes themselves in the area of their privacy settings. The responsible person assists the customer if necessary.

Further information can be found at:

 

Facebook(Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) 

Datenschutzerklärung: https://www.facebook.com/about/privacy/ Opt-Out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com 

 

Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)

Datenschutzerklärung: https://twitter.com/de/privacy 

Opt-Out: https://twitter.com/personalization  

 

Google/YouTube(Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

Datenschutzerklärung: https://policies.google.com/privacy

Opt-Out: https://adssettings.google.com/authenticated

 

Instagram(Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)  

Datenschutzerklärung/ Opt-Out: http://instagram.com/about/legal/privacy/

 

Pinterest(Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA)  

Datenschutzerklärung/Opt-Out: https://about.pinterest.com/de/privacy-policy

 

(18) Storage period

Non-registered users:Personal data (in particular the IP address) of (non-registered) visitors to the website will be stored for purposes of IT security for a period of 7 days. 

 

Registered employers:Generally, personal data of registered employers will be processed by the controller on the legal basis stated above for another 40 months after termination of the contract(= 36 months for potential contractual claims for damages + max. 4 months service period for a statement of claim) and then deleted (in any case, links to personal data). In any case the use agreement will end after a period of 7 years of inactivity and will lead to immediate deletion.

 

(19) Rights of the data subject

 

Art 15 GDPR "Access"

The customer shall have the right to obtain confirmation as to whether or not his personal data is being processed.

 

Art 16 GDPR "Rectification"

The customer shall have the right to obtain without undue delay the rectification of inaccurate personal data or to have them completed. 

 

Art 17 GDPR "Erasure"

The customer shall have the right to obtain the erasure of personal data without undue delay as long as the reasons stated in Art 17(1) GDPR are fulfilled.  

 

Art 18 GDPR "Restriction"

The customer shall have the right to obtain restriction of processing of personal data as long as the reasons stated in Art 18(1) GDPR are fulfilled.  

 

Art 21 GDPR "Objection"

Objection to profiling. The customer shall have the right to object to processing of his personal data for the purposes of profiling at any time.   

Objection to direct marketing: The customer shall have the right to object to processing of his personal data for the purposes of direct marketing at any time.  

 

Art 20 GDPR "Data portability"

The customer shall have the right to receive the personal data concerning him in a structured, commonly used and machine-readable format. 

 

(20) Right to lodge a complaint 

Art 77 GDPR

Each customer shall have the right to lodge a complaint with the supervisory authority if he considers that the processing of personal data relating to him infringes this Regulation. 

 

(21) Supervisory authority

Austrian Data Protection Authority

Wickenburggasse 8-10

1080 Vienna

Phone: +43 1 52 152-0

Email: dsb@dsb.gv.at

35