Updated: 25 May 2021
1. Contact Details of the Controller
Joint controllers for the processing of personal data in connection with the use of the services are:
byrd technologies GmbH
Wiedner Hauptstraße 24/12a
1040 Vienna, Austria
byrd technologies Germany GmbH
Friedrichstraße 76/Floor 7 c/o Wework
10117 Berlin, Germany
For information and suggestions on the subject of data protection, please contact us at the above addresses or at email@example.com. Upon request, we will also be happy to provide you with the essentials of the joint controller agreement pursuant to Art. 26 (2) sentence 2 GDPR. You can reach our data protection officer via the address addition "Data Protection Officer" as well as at firstname.lastname@example.org.
Information on your rights as a data subject can be found under Your Rights.
2. Processing Purposes and Legal Bases
We process your personal data for various purposes and on various legal bases.
With your consent, we process your personal data for the following purposes:
You have the option of subscribing to our email newsletter, which we use to provide you with regular updates on our services as well as other company news, e-commerce & logistics news and partner collaborations. In order to measure the addressees' interactions with the newsletter (e.g. measurement of opening- and click-through rates), we use standard market technologies such as small graphics (so-called pixels) and special links embedded in the newsletter. We use the personal data collected in this way for general evaluations as well as for the individualisation and further development of our content and our customer communication. They are linked to other personal data about you, that is stored by us. If you do not want us to analyse your interactions with the newsletter, you can unsubscribe by using the unsubscribe link at the bottom of the newsletter or by contacting us using the contact details provided under Contact Details of the Controller. Alternatively, you can also deactivate graphics by default in your email program to prevent the analysis of your interactions with the newsletter. In this case, however, the newsletter will not be displayed to you in full. The legal basis for this data processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
2.1.2 Online Presence in Social Media
We have online presences in various social media to communicate with our customers and interested parties and to inform them about our services. When you interact with these online presences, your personal data is processed for market research and advertising purposes and an interest-based, individual usage profile of you, is created. For this purpose, cookies and other identifiers, i.e. pseudonymised individual identifiers, are stored on your end device. On the basis of the usage profiles created in this way, individualised advertisements are placed within the social media but also on third-party websites. The legal basis for this data processing is your consent given to the respective operator of the social media (Art. 6 para. 1 sentence 1 lit. a GDPR).
We receive aggregated statistics on the use of our online presence from the respective operator of the social media service. These statistics include aggregated data on page activity (actions taken on the page), page views, "likes", reach, post interactions, videos and page subscribers. Insofar as we collect your personal data in our online presences in social media jointly with the respective operator of the social media service, we are joint controllers with this operator pursuant to Art. 26 GDPR. The legal basis for this data collection is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
Under the following links, you will find more detailed data protection information on those social media in which we maintain online presences, including explanations on how you can change your personal advertising settings and revoke your consent:
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Sieblin 2, Ireland)
- Advertising settings
- Page Insights Data Information
- Shared responsibility agreement
- Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Sieblin 2, Ireland)
- LinkedIn (Linkedin Ireland Unlimited Company)
2.1.3 Other purposes
In addition, we also process your personal data for other purposes (as indicated in the respective consent), if and to the extent that you have consented to this processing (Art. 6 para. 1 sentence 1 lit. a GDPR).
2.2 Pre-contractual Measures and Contract Performance
If you register for our services or contact us for this purpose, we collect personal data in order to conclude a contract with you, to fulfill this contract and to bill our services. If you are already registered for our services and communicate with us in a contract-related manner, we process your data to fulfill the contract with you, including the provision of customer service (Art. 6 para. 1 sentence 1 lit. b GDPR).
2.3 Fulfillment of Legal Obligations
We process your personal data in order to comply with our legal obligations (Art. 6 (1) sentence 1 lit. c GDPR). This includes the following processing purposes:
- Participation in proceedings (including legal proceedings) carried out by state authorities, in particular for the purpose of clarifying, investigating and prosecuting unlawful acts.
- Prevention, detection and containment of unlawful acts, where we are legally obliged to do so.
- Ensuring the security of information related to our services.
- Fulfillment of legal storage obligations.
- Fulfillment of obligations under data protection law (e.g., when exercising rights of data subjects).
2.4 Safeguarding Legitimate Interests
We process your personal data, as described in more detail below, in order to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms requiring the protection of your personal data, are overridden (Art. 6 para. 1 sentence 1 lit. f GDPR).
When using our services, certain information is automatically transmitted by your end device and stored by us in so-called log-files. The log-files are stored by us, exclusively for the purpose of investigating malfunctions and for security reasons (e.g. to clarify attempted attacks), and then deleted after 90 days. Log-files whose further retention is required for evidentiary purposes are exempt from deletion until the final clarification of the respective incident.
The following information is stored in the log files:
- IP address (Internet protocol address) of the end device from which the services are accessed.
- Internet address of the website from which the online service was accessed (so-called Origin or Referer URL)
- Name of the accessed files or information
- Date and time as well as duration of the retrieval
- Operating system and information on the internet browser used, including installed add-ons (e.g. for Flash Player)
- http status code (e.g. "request successful" or "requested file not found")
2.4.2 Prevention of Unlawful Acts
We process your personal data to prevent, detect and contain unlawful acts, unless we are already under a legal obligation to do so.
2.4.3 Information Security
We process your personal data to secure our online access and to avert security threats, unless there is already a legal obligation to do so.
2.4.4 Support of the Respective Other Party
To the extent that the processing of personal data is justified for the performance of a contract, or for the fulfillment of a legal obligation of only one of the byrd companies, the corresponding processing by the other party will be carried out in the course of joint controllership on the basis of our legitimate interests.
3. Transmission of Data
A transfer of your personal data will only take place under the following conditions:
- You have expressly consented to it (Art. 6 para. 1 sentence 1 lit. a GDPR);
- The transmission is necessary for the execution of the contract existing with you or for the implementation of pre-contractual measures (Art. 6 para. 1 sentence 1 lit. b GDPR). On this basis, we share personal data with the following recipients:
- Payment service providers
- Other external service providers who are not order-processors;
- We are legally obliged to transfer data (Art. 6 para. 1 sentence 1 lit. c GDPR). On this basis, we disclose personal data to the following recipients:
- Law enforcement authorities, courts, other government agencies, intergovernmental or supranational bodies.
- Third parties, if they provide us with a legal order, court order or equivalent legal disposition;
- The transfer is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms requiring the protection of your personal data, prevail (Art. 6 para. 1 sentence 1 lit. f GDPR). On this basis, we share personal data with the following recipients:
- byrd technologies GmbH/ byrd technologies Germany GmbH
- Debt collection service providers
- Other external service providers that are not processors
- Law enforcement agencies, courts or other governmental, intergovernmental or supranational bodies, unless there is already a legal obligation to do so
- Other companies in the context of a company acquisition
- Third parties involved in legal proceedings
- Other third parties
In addition, we work together with service providers who act for us as so-called processors. These include, for example, data centers, software providers and IT service providers. These service providers are carefully selected and commissioned by us. They are contractually bound to our instructions and obliged to protect your personal data by appropriate technical and organizational measures.
4. International Data Transfers
We transfer your personal data to countries outside the European Economic Area (EEA). Where applicable, your personal data may also be transferred to third countries by our service providers. Third countries that provide an adequate level of data protection currently include Andorra, Argentina, Canada (with respect to companies covered by the Personal Information Protection and Electronic Documents Act), Switzerland, the Faroe Islands, Guernsey, Israel, the Isle of Man, Japan, Jersey, New Zealand and Uruguay. In other cases, we ensure that the relevant service providers guarantee an equivalent level of data protection by contract or otherwise, e.g. by entering into data protection contracts issued by the European Commission (Standard Data Protection Clauses) or by other measures provided for by law. A copy of the documentation regarding the measures we have taken is available from us upon request.
5. Duration of Data Storage
We store your data for as long as it is required to provide our services, or we have a legitimate interest in continuing to store it. In all other cases, we delete your personal data with the exception of such data that we must continue to retain in order to comply with contractual or legal (e.g. tax or commercial) retention periods (e.g. invoices). Contractual retention periods may also arise from contracts with third parties (e.g. holders of copyrights and ancillary copyrights). We block data that is subject to a retention period until the period expires. This applies in particular in cases where we may still need the data in question for the further processing of the contract or for legal prosecution or legal defense. The relevant criterion for the duration of the restriction of processing is then the statutory limitation or retention periods. After expiry of the relevant limitation or retention periods, the relevant data will be deleted.
6. Your Rights
Subject to the legal requirements and restrictions, you have the following rights with regard to the processing of your personal data.
To exercise these rights, please use the information in the Contact Details of the Controller section and ensure that we are able to clearly identify you. To exercise your rights, you can choose to contact either byrd technologies GmbH or byrd technologies Germany GmbH. The processing of your request will generally be free of charge. For requests that are obviously unfounded or excessive, we reserve the right in individual cases to demand an appropriate fee (up to a maximum of our actual costs) in accordance with the applicable legal regulations or to refuse to process the request.
6.1 Rights of Access and Rectification
You may request that we confirm whether we process personal data relating to you, and you have a right of access with regard to your data that we process. If your data is inaccurate or incomplete, you may request that your data be corrected or completed without delay. If we have disclosed your data to third parties, we will inform them of the correction, insofar as this is required by law.
6.2 Right to Deletion
You may request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims. If we have disclosed your data to third parties, we will inform them of the deletion to the extent required by law.
6.3 Right to Restrict Processing
You may request the processing restriction of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing.
6.4 Right to Data Portability
You have the right to obtain personal data that you have provided to us, for the fulfilment of a contract or on the basis of consent, in a structured, common and machine-readable format. In this case, you may also request that we transfer this data directly to a third party, insofar as this is technically feasible.
6.5 Right to Withdraw Consent
If you have given us consent to process your data, you may revoke this consent at any time with effect for the future. The lawfulness of your data processing until the revocation remains unaffected.
6.6 Right to Objection
If your personal data is processed on the basis of legitimate interests, you have the right to object to the processing of your personal data, provided that there are grounds for doing so that arise from your particular situation. This also applies to any related profiling. If your personal data is processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
6.7 Right To Lodge A Complaint With A Supervisory Authority
You have the right to file a complaint with a data protection authority. To do so, you can contact a Data Protection Authority of your choice, such as the Data Protection Authority at your usual place of residence, your workplace or the Data Protection Authorities responsible for us.
For byrd technologies GmbH:
Austrian Data Protection Authority
For byrd technologies Germany GmbH:
Berlin Commissioner for Data Protection and Freedom of Information
7. Data Security
We protect your personal data through technical and organisational security measures in order to minimise risks in connection with its loss, misuse, unauthorised access and unauthorised transmission and modification. To this end, we use, for example, firewalls and data encryption, but also physical access restrictions and authorisation controls for data access.
8. Cookies and Similar Technologies
Our cookies and similar technologies have different functions:
- They are technically necessary for the operation of our online services. If you are already registered with us, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. In other cases, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR, whereby our legitimate interest is to present our online offers to you.
- They help us to analyze and improve the use of our online offers and newsletters by creating corresponding statistics. The legal basis for this data processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
- They help us to improve your user experience (e.g. saving font-size and submitted form-data). The legal basis for this data processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
- They enable us to show you personalized advertising in our online offers and on the websites and apps of other providers. The legal basis for this data processing is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
9. Other information
9.1 No Obligation to Provide Personal Data
If we collect personal data from you, you are not legally obligated to provide this data. Without this data, however, we may not be able to conclude a contract with you and provide our services.
9.2 Services Are Not directed At Children
Our services are not directed at children and we do not knowingly collect information from children under the age of 16 years.
9.3 No Automated Decisions
We do not use your personal data for automated decision-making, including profiling, according to Article 22 (1) GDPR.