Privacy Policy

This is the privacy policy of Kohn-Consulting (hereinafter "we" or "us"). Data protection and data security are very important to us. This privacy policy informs you about what personal data we collect and for what purposes we use this data. You can view, save or print this privacy policy at any time at https://www.kohn-consulting.at.

1. Responsible Person And Scope

The responsible person in the sense of the GDPR and national data protection laws is

Andreas Kohn
Zellergasse 3a
2301 Neu-Oberhausen
Austria

E-Mail: andreas.kohn@kohn-consulting.at

Website: https://www.kohn-consulting.at

The scope of this data protection declaration extends to the internet offer of Kohn-Consulting. This can be accessed under the domain https://www.kohn-consulting.at (hereinafter: the "Website") and the corresponding subdomains.

2. Concept Of Personal Data

"Personal data" means any information relating to you as an identified or identifiable natural person (hereinafter "you" or "data subject") (name, age, address, e-mail address, IP address, telephone number, ...). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

If no reference to your person can be established via certain data (or if a disproportionate effort is required to do so), there is no "personal data". When we process your personal data, we do so only on the basis of a specific legal basis.

3. External Service Providers / External Hosting

We use external service providers (hosters) as part of the hosting of our website. Your personal data is thus stored on the hoster's servers. This concerns in particular the following data: Meta and communication data, IP addresses, website accesses, other data generated via a website.

As a legal basis regarding the interposition of the hoster, we refer to Art 6 para 1 lit f GDPR. We have a legitimate interest in the smooth, immediate and efficient provision of our website and therefore use the external hoster to outsource the provision of our website to a competent partner.

As external hoster we use:

Squarespace Ireland Ltd. Le Pole House
Ship Street Great
Dublin 8,
Ireland
(hereinafter: "Squarespace")

Insofar as your data is transferred to the USA through the use of Squarespace, Squarespace has undertaken to handle personal data from the EEA in a secure and data protection-compliant manner and to comply with the standard contractual clauses of the European Commission when processing data. Accordingly, data transfers to the USA are based on the EU Commission's standard contractual clauses. Details and further information on the topic of security and data protection at Squarespace can be found here: https://support.squarespace.com/hc/de/articles/360000851908-GDPR-und-Squarespace

Squarespace will process your personal data only to the extent and for the duration necessary to fulfill its performance obligations.

4. Processing Of Data On Our Website 4.1. Provision And Use Of The Website

When you visit our website, your browser automatically transmits personal data to the server that hosts our website. This data is stored temporarily.

Without any further action on your part being required, the following personal data is processed in this context: IP address, date and time of access, name and URL of the accessed file, website from which the access is made (referrer URL), browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

We process this data for the following purposes: We want to ensure an unimpeded establishment of the connection to our website and enable you to use our website in a secure and user-friendly manner.

The data processing described under this point is carried out on the basis of our legitimate interest in an unimpeded establishment of the connection to our website and on the basis of our interest in enabling you to use our website in a secure and user-friendly manner in accordance with Art 6 para 1 lit f GDPR. There are no higher interests on your part as a website user, our interest prevails.

If the data is no longer required to display the website, it will be deleted. The processing of the data is mandatory to ensure the operability of the website, which is why there is no possibility of objection on your part. We do not delete your data insofar as storage beyond the point in time at which the data is no longer required to display the website is required by law in individual cases.

4.2. Contacting

On our website you will find a "contact button" which you can click on. After clicking on it, the e-mail program you use on your operating system will open automatically and you can contact us by e-mail.

If you make use of this option, we will process at least the following personal data: salutation/title, name, e-mail address.

In addition, we process the following data voluntarily provided by you: Address, postal code, city of residence, telephone number, payment information and account number.

The specification of salutation/title, name and e-mail address serves the processing of your request. Likewise, the processing of address, postal code, city of residence and telephone number serve the processing of your request. It is possible for you to specify preferences regarding the modalities of contact (for example, via telephone or postal mail at your expense).

We only process payment information or account numbers optionally provided by you if you wish to process a payment or if an amount is to be refunded by our side. The purpose of the processing is then the allocation of your account to a payment made or to be made.

In the context of contact by you, no personal data will be disclosed to third parties.

The data processing described under this point takes place on the basis of your consent pursuant to Art 6 para 1 lit a GDPR, provided that you expressly agree to data processing in the context of your contact. Otherwise, the described data processing is based on our legitimate interest in an efficient and effective processing of customer inquiries pursuant to Art 6 para 1 lit f GDPR. There are no higher interests on your part as a website user, our interest prevails.

As soon as your inquiry has been conclusively processed / clarified, we delete your data disclosed in the course of correspondence. However, we do not delete your data if storage beyond this is required by law in individual cases.

5. Disclosure Of Data To Third Parties

Your data is safe with us. Personal data will only be passed on to third parties if at least one of the following circumstances is met:

  • Art 6 para 1 lit a GDPR: you have given your consent to the transfer in accordance with the GDPR.

  • Art 6 para 1 lit b GDPR: the transfer of data is necessary for the fulfillment of a contractual relationship with you.

  • Art 6 para 1 lit c GDPR: there is a legal obligation for the transfer of data

  • Art 6 para 1 lit f GDPR: the disclosure of data is necessary for the protection of legitimate business interests and for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the

    non-disclosure of your data.

    Personal data will not be passed on to third parties outside the European Union or the European Economic Area – apart from the data transfer described in point 3 and point 7.

6. Cookies And Their Use

We use so-called "cookies", which are text files. We send cookies to the browser you use. There they are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal device until you delete them manually or an automatic deletion takes place. Cookies do not harm your browser or your device. They cannot contain viruses.

Cookies can also be stored on your terminal device by third-party companies when you visit our websites (third-party cookies). This enables us or you to use certain services of the third- party company (e.g. cookies for processing payment services).

In some cases, cookies are technically necessary because certain functions would not work without them (e.g. a shopping cart function or playing videos). Other cookies have the purpose of evaluating user behavior or displaying advertising. You can easily find out which cookies are used by visiting the corresponding page of your browser.

Cookies that are necessary for the provision and processing of the online offer and electronic communication (necessary cookies) or for the provision of certain functions (functional cookies, e.g. for a shopping cart function) or for the optimization of the websites (e.g. cookies for measuring web presence) are stored on the basis of Art 6 para 1 lit f GDPR. As a website operator, we have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services.

In particular, with regard to functional cookies and cookies that are necessary to optimize the website, consent / approval is obtained after visiting a website. If consent to the storage of cookies has been obtained, the storage of the corresponding cookies is also based on this consent (Art 6 para 1 lit a GDPR); consent can be revoked at any time.

Many browsers are set to automatically consent to the processing of cookies. However, you can change this setting. You can set your browser so that you are informed about the setting/saving of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. In this case, however, the functionality of the respective website may be impaired.

The data transmitted to us by cookies is deleted as soon as the data is no longer necessary for the respective purpose. If this is required by law, further storage may also take place.

The cookies we use on our website can be found here, although we expressly point out that not all of the cookies listed are used because our website does not have all of the specified functions (for example, no store or scheduling feature): https://support.squarespace.com/hc/de/articles/360001264507#toc-check-your-cookies

7. Tracking And Analysis Tools

A web analytics service provided by Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland (hereinafter "Squarespace") is used on our website.

In order to statistically record the use of this website by visitors and thereby further develop our online offer and to learn more about your activity on this website and thus improve the user experience, this website collects personal data which is used as the basis for website analytics by Squarespace.

Personal information collected includes: Information about your browser, network and device, web pages you visited before coming to this website, your IP address. This information may also include details about your use of this website, including: clicks, internal links, pages visited, scrolling, searches, timestamps.

The data processing described under this point is carried out on the basis of our legitimate interest in the further development of our online offer in accordance with Art 6 para 1 lit f GDPR. There are no higher interests on your part as a website user, our interest prevails. If you have given us your consent to the use of cookies on the basis of a notice ("cookie banner") issued by us on this website, the legality of the use is additionally based on Art 6 para 1 lit a GDPR.

The above description of the tracking and analysis tools also indicates the respective processing purposes and the data processed: statistical collection of the use of this website by visitors; further development of our online offer; insight into your activity on this website to improve the user-friendliness of the website.

We share this information with the Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland (hereinafter "Squarespace"). Insofar as your data is transferred to the USA through the use of Squarespace, Squarespace has undertaken to handle personal data from the EEA in a secure and data protection-compliant manner and to comply with the European Commission's standard contractual clauses when processing data. Accordingly, data transfers to the US are based on the EU Commission's standard contractual clauses. Details and further information on the topic of security and data protection at Squarespace can be found here: https://support.squarespace.com/hc/de/articles/360000851908-GDPR-und-Squarespace

8. Hyperlinks

If our website contains hyperlinks to websites of third parties, we assume no responsibility for the processing of your data on these websites. The processing of your data on these websites can be found in the respective data protection declarations. You will recognize that you have clicked on a hyperlink by the change of the URL ("Internet address") in the address line of your browser.

9. Your Rights As A Data Subject

The General Data Protection Regulation contains the following rights that you can assert as a data subject:

  • Art 15 GDPR: You have the right to request confirmation from us as to whether personal data relating to you is being processed by us; if this is the case, you also have the right to obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the planned duration for which the personal data will be stored or the criteria for determining this duration, the existence of a right to rectification or erasure of the personal data concerning you or to restriction of processing by us or a right to object to such processing, the existence of a right to lodge a complaint with a supervisory authority if the personal data is not collected from you, any available information on the origin of the data and the existence of automated decision-making.

  • Art 16 GDPR: You have the right to demand that we, as the controller, correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

  • Art 17 GDPR: You may request (in accordance with the categories of cases mentioned in Art 17 GDPR) the erasure of personal data processed by us, provided that

    • the data are no longer necessary for the purposes for which they were collected

    • you withdraw your consent on which the processing was based

    • you object to the processing pursuant to Art 21 para 1 and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art 21 para 2

    • the personal data have been processed unlawfully

    • the erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject

    • the personal data has been collected in relation to information society services offered pursuant to Art 8 para 1.

      However, you do not have this right if the processing is necessary,

    • for the exercise of the right to freedom of expression and information;

    • for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;

    • for reasons of public interest in the area of public health pursuant to Art 9 para 2 lit h and lit i and Art 9 para 3 GDPR;

    • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art 89 para 1, insofar as the right referred to in para 1 is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

    • for the assertion, exercise or defense of legal claims.

  • Art 18 GDPR: You may request the restriction of processing under the following conditions:

    • If you dispute the accuracy of the personal data for the period that allows us to verify the accuracy of the personal data;

    • If the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

    • If we no longer need the personal data for the purposes of processing, but you need it for the establishment, exercise or defense of legal claims; or

    • If you have objected to the processing pursuant to Art 21 para 1, as long as it has not yet been determined whether our legitimate grounds override those of the data subject.

You also have this right if you have objected to the processing pursuant to Art 21 GDPR.

  • Art 20 GDPR: You have the right to receive the personal data concerning you that you have provided to us as the controller in a structured, commonly used and machine- readable format, and to transfer this data to another controller without hindrance from us, provided that (i) the processing is based on consent pursuant to Art 6 para 1 lit a or Art 9 para 2 lit a or on a contract pursuant to Art 6 para 1 lit b and (ii) the processing is carried out with the aid of automated processes. When exercising this right to data portability, you have the right to obtain that the personal data be transferred directly from us to another controller, where technically feasible.

In accordance with Art 7 para 3 GDPR, you have the right to revoke your consent given to us at any time. To do so, please use the address or e-mail address provided above. After revocation, we can no longer carry out processing that was based on your consent.

  • Art 77 GDPR: If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority. In principle, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters for this purpose. In Austria, the competent authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna.

10. Your Right To Object

Insofar as the processing of your personal data is carried out in accordance with Art 6 para 1 lit f GDPR, you have the right to object to the processing of your personal data in accordance with Art 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation, or the objection is directed against direct advertising.

In the case of direct advertising, there is a fundamental right of objection, which we will implement without giving reasons / regardless of a particular situation.

11. Data Security And Security Measures

We always treat your personal data confidentially. We regularly take, review and improve our technical security precautions so that we can guarantee a consistently high level of data protection despite advancing technology and to effectively counteract the loss or manipulation of your processed data.

Data published or disclosed on the Internet without encryption can be viewed by third parties. We cannot prevent this, nor do we have any influence on it. The data provided by you must also be secured by you by means of encryption or in another suitable manner.

Due to the structure of the Internet, it is also possible that third parties do not observe the rules of data protection and violate them.