Privacy policy
1. General information
For loomobox FlexCo ("we" or "us") as the controller for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR), the protection of your personal data has the highest priority. When processing personal data, we therefore comply with all requirements of the EU General Data Protection Regulation (GDPR), the Data Protection Act (DSG) and other national and European legislation and endeavour to ensure the best possible transparency. With regard to data security, we take the appropriate technical and organisational measures to ensure that your personal data is safe with us.
We process personal data in accordance with the principles of lawfulness, good faith, transparency, accuracy, purpose limitation, data minimisation, storage duration limitation, integrity and confidentiality.
Please read this privacy policy carefully. If you have any questions or require further information, you can contact us at any time. You can find our contact details under point 2.
We would also like to draw your attention to the fact that various data transmissions, such as the sending of unencrypted e-mails, do not offer comprehensive protection against access by third parties.
2. Responsible person
loomobox FlexCo
Schießstattgasse 33
[email protected]
https://loomobox.com
3. Receiver
Depending on the respective processing, it may be necessary to forward your personal data to standard industry service providers such as postal service providers, lawyers, tax consultants, auditors, payment service providers or other third parties. In view of the fact that some of these industry service providers are commissioned on a project-related basis, it is currently not possible to name the exact service providers.
Depending on the purpose of the processing, we pass on your personal data to processors commissioned by us if this is necessary to fulfil the respective task. When selecting our processors, we ensure compliance with data protection regulations. In addition, agreements have been made with the processors to ensure that the personal data is processed confidentially and carefully.
We forward your personal data to the following recipients (AV: Processor; V: Controller; GV: Joint Controller):
-
SrNr. Name Address Service AV/V/
GVEU/third country 1. Cloudflare Germany GmbH Rosental 7, c/o Mindspace, 80331 München Webhost AV EU/USA 2. Google Ireland Limited Gordon House, Barrow Street, Dublin 4 (Irland) Analysis (TagManager); advertising (AdSens); security services (ReCaptcha) AV EU/USA 3. Stripe, Inc. 354 Oyster Point Boulevard, South San Francisco, California 94080 (USA) Payment service provider V USA 4. Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 (Ireland) Social Media GV EU 5. LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2 (Ireland) Social Media GV EU 6. Calendly Inc 115 E Main St., Ste A1BBuford, GA 30518USA Appointment booking AV USA 7. Airbrake Technologies Inc. 98 San Jacinto Blvd, Suite 1300 Austin, Tx 78701 Monitoring AV USA 8. Microsoft Ireland Operations Limited One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 (Ireland) Analyse; Bing Ads AV EU/USA 9. OneTrust LLC 1200 Abernathy Rd., Suite 600, Atlanta, Georgia 30328, USA Consent Management Provider AV USA 10. CookieYes Limited 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom Consent Management Provider AV USA 11. Amazon Webservice Inc. 410 Terry Avenue North, Seattle, WA 98109-5210 (USA) IT infrastructure AV USA 12. monday.com Ltd Yitzhak Sadeh St 6, Tel Aviv-Yafo, Israel Customer management AV Israel 13. Pinterest Europe Ltd. Palmerston House, 2nd Floor, Fenian Street, Dublin 2 Analysis AV/GV with 16. EU 14. Pinterest, Inc. 651 Brannan St., San Francisco, CA 94107, USA Analysis AV/GV with 15. Israel 15. MongoDB, Inc. MongoDB, Inc, 1633 Broadway, Suite 38, New York, NY Database management AV USA 16. Okta, Inc. 100 First Street, Floor 6 San Francisco, CA 94105 USA Authentifikation AV USA 17. MailerLite Limited 38 Mount Street Upper, Dublin 2, D02 PR89 Ireland Newsletter AV EU 18. Dropbox Inc 333 Brannan Street San Francisco, CA 94107 USA Cloud storage AV EU
4. Processing of your personal data
Below we describe how we process your personal data.
4.2 Categories of personal data
Depending on the purpose, the following categories of personal data may be subject to processing:
a) Personal details: name/company/other business name, address, telephone number, e-mail address, date of birth, etc.
b) Log files: IP address, operating system, referrer URL, entry and exit page, browser type, browser version, country, date and time of server request, mail data (IP address of sender/recipient, date and time of mail, mail server, etc.), etc.
c) Payment data: Bank and credit card details, bank transfer information, etc.
d)Appointment data: Date and time of the (desired) appointment, location, title of the appointment, etc.
4.2 Guests of our website
When you visit our website, we will process your personal data.
a) Processing of personal data
Log files
b) Purpose of data processing
We process your personal data to ensure stable website use, to identify, analyse and rectify problems and to prevent attacks on our website. This enables us to operate our website properly, stably and securely and to improve and further develop our web presence.
c) Legal basis for data processing
Data processing is based on our legitimate interest. We have a legitimate interest in ensuring that our website can be operated properly and securely. On the one hand, we want to protect our website visitors and, on the other hand, we want to transport our website content to our website visitors accordingly. This data is not merged with other data sources. We use external service providers to realise these goals.
d) Recipient
Your data will be transmitted to the recipients LfdNr 1, 2, 7, 8, 9, 10, 15 and 16.
Please do not visit our website if you do not want us to process your data.
4.3. Newsletter
You have the option of subscribing to our newsletter. We require your consent for this. If you do not give us your consent to send you the newsletter, we will not be able to send you any information as part of the newsletter. We process the personal data of our newsletter subscribers as follows:
a) Processing of personal data
E-mail address, names and log files
b) Purpose of data processing
We process your personal data in order to be able to send you our newsletter and to inform you about news, products or services, events and our company as part of our newsletter. We use external service providers to realise these goals.
c) Legal basis for data processing
Data processing is based on your consent. You can withdraw your consent at any time without giving reasons, for example by clicking on the unsubscribe link in every newsletter or by contacting us using the contact details provided above. The withdrawal of your consent does not affect the lawfulness of data processing based on your consent before its withdrawal.
d) Recipient
Your data will be transmitted to the recipient LfdNr 17.
There is no obligation to give your consent to receive the newsletter. However, if you do not give or withdraw your consent, we will no longer be able to keep you informed about the latest news.
4.4 Making contact, communication
If you contact or communicate with us by e-mail, contact form, messenger or in any other way, we process your personal data as follows:
a) Processing of personal data
Personalien, Log-Files und die uns sonst bekannt gegebenen personenbezogenen Daten
b) Purpose of data processing
If you contact us or communicate with us, the personal data you provide us with will be processed by us for the purpose of processing your enquiry and in the event of follow-up questions.
c) Legal basis for data processing
The lawfulness of the data processing is based on Art. 6 para. 1 lit. b GDPR; this means that the processing of personal data based on your enquiry is necessary to carry out pre-contractual measures or to fulfil a contract. In other cases, we process your personal data in accordance with Art. 6 para. 1 lit. f GDPR; this means that the processing of personal data is based on our legitimate interest in processing your enquiry. It is important to us to process requests submitted to us and to ensure fast and secure communication.
d) Recipient
Your data will be transmitted to the recipients LfdNr 1, 2 and 7.
If you do not want us to process your personal data, we will not be able to process your enquiry.
4.5 Business partners and customers
If you are our (future) business partner or customer, we process your personal data as follows:
a) Processing of personal data
Personal data, log files, payment data or data relating to (i) the delivery of goods, (ii) the provision of services and/or (iii) other contracts.
b) Purpose of data processing
The personal data is processed in order to (i) process or fulfil the respective contract with you, in particular to process the payment or to assert our claims arising from or in connection with the respective contract, (ii) to conclude new contracts and/or (iii) to maintain existing contracts.
In addition, we may use your personal data for direct marketing, i.e. to send you information about our products, services, our company and promotions.
We also process your personal data as part of the management of the company (e.g. accounting, controlling).
c) Legal basis for data processing
The lawfulness of personal data processing is based on Art. 6 para. 1 lit. b GDPR; this means that the processing of personal data is carried out for the fulfilment of the contract, initiation of the contract and/or maintenance of the contract. Furthermore, we are also legally obliged to process your personal data (e.g. reporting suspected money laundering).
In addition, we have a legitimate interest in data processing in order to conduct proper and efficient business management and to carry out various process and business management optimisations as well as to offer you our products and services. We also have a legitimate interest in processing your personal data for direct marketing purposes in order to be able to make you appropriate offers and inform you about new products and services and about our company.
In some cases, we will send you direct advertising based on the consent you have given us.
As part of our business relationship, you are only obliged to provide personal data that is required for the establishment, execution and termination of a business relationship or that we are legally obliged to collect. Without this personal data, we will generally have to refuse to conclude a contract or will no longer be able to fulfil an existing contract or may have to terminate the contract.
4.6 Customer management
We process the personal data of our customers as part of the Monday.com management software:
a) Processing of personal data
Personal details, log files and payment data
b) Purpose of data processing
The processing takes place in order to manage your user account, to provide you with our service and to analyse your user behaviour. Based on the analysis, we can improve our service and provide you with appropriate offers and information as well as optimisation suggestions.
c) Legal basis for data processing
The lawfulness of the data processing is based on Art. 6 para. 1 lit. b GDPR; this means that the processing of personal data is carried out for the fulfilment of the contract, initiation of the contract and/or maintenance of the contract. Furthermore, we are also legally obliged to process your personal data (e.g. reporting suspected money laundering).
Furthermore, we have a legitimate interest in data processing in order to be able to offer you a comprehensive service, to improve our service and to provide you with relevant information on offers (direct advertising), etc.
d) Recipient
Your data will be transmitted to the recipient LfdNr 12.
If you do not want us to process your personal data, we will generally no longer be able to fulfil an existing contract.
4.7 Fan page in general
We operate a so-called "fan page" on various social media platforms. By clicking on the respective link, you will be redirected to our "fan page" on the respective social media site.
a) Processing of personal data
We process all messages, likes, photos, content and other interactions that you submit, share, otherwise add or set on our social media pages as well as your log files.
b) Purpose of data processing
The purpose of this processing is to increase our web presence on various social media channels and to provide you with information about our company and our products and services. Insofar as the processing of personal data takes place in the context of communication between us and you, it serves to process customer feedback on our products and services and to improve our offerings. In addition, we would like to learn more about the opinions of our customers and their interactions with our products and services in order to better respond to customer needs and provide optimal customer care, as well as to offer you the opportunity to exchange information about our company with other people. In this context, we may process your personal data that you have published on social media in connection with us.
c) Legal basis for data processing
The lawfulness of the data processing is based on our legitimate interest in the data processing (Art 6 para 1 lit f GDPR) in order to increase our web presence, to transport information to potential customers and to achieve the above-mentioned purpose as well as to carry out pre-contractual measures (Art 6 para 1 lit b GDPR). In addition, we process your personal data on the basis of your consent.
4.7.1 Shared responsibility with Facebook and Instagram
a) Name and contact information
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
b) Privacy policy
https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect
c) Information on joint responsibility
Meta and we are joint controllers with respect to your personal data processed in connection with the Fanpage. You can find the relevant agreement at
https://de-de.facebook.com/legal/terms/page_controller_addendum
d) Recipient
Meta is also a recipient of your personal data
4.7.2 Shared responsibility with LinkedIn
a) Name and contact information
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
b) Privacy policy
https://de.linkedin.com/legal/privacy-policy
c) Information on joint responsibility
LinkedIn and we are joint controllers with regard to your personal data used in connection with the fan page. You can find the relevant agreement at
https://legal.linkedin.com/pages-joint-controller-addendum
e) Recipient
LinkedIn is also a recipient of your personal data
4.8 Calendar
We have integrated a calendar service from a third-party provider on our website. This service can be used to book appointments or transfer appointments to a user's calendar.
a) Processing of personal data
Log files, personal details and appointment data
b) Purpose of data processing
The purpose of processing is to enable users to easily manage and book appointments
c) Legal basis for data processing
The lawfulness of the data processing is based on your consent, which you have given in the Consent Manager.
d) Recipient
Your data will be transmitted to the recipient LfdNr 6.
Please do not visit our website if you do not want us to process your data.
4.9 IT infrastructure
We do not operate our own IT infrastructure or servers, but obtain services from AWS in this regard. AWS is a US cloud computing provider.
a) Processing of personal data
Personal details, log files and payment data
b) Purpose of data processing
The purpose of the processing is to host and process your personal data on a ready-made infrastructure.
c) Legal basis for data processing
The lawfulness of data processing is based on Article 6(1)(b) GDPR; this means that the processing of personal data is carried out for the fulfilment of the contract, initiation of the contract and/or maintenance of the contract.
Furthermore, we are also obliged to process your personal data on the basis of the applicable laws (Art. 6 para. 1 lit c GDPR) (e.g. suspicion of money laundering).
We have a legitimate interest (Art. 6 (1) (f) GDPR) in ensuring that data processing is efficient and economical. By outsourcing IT infrastructure, we can offer you a high-quality service at competitive prices.
d) Recipient
Your data will be transmitted to the recipient LfdNr 11.
If you do not want us to process your personal data, we will generally no longer be able to fulfil an existing contract.
5. Processing of special categories of data
No special categories of personal data are processed.
6. Cookies
6.1 General information
When using our website seedback.at, so-called cookies and similar technologies (e.g. pixel tags) are used. A cookie is a small text file that is downloaded and stored on your device's hard drive via your browser. Cookies are used to enable the correct functioning of our website, to expand the functionality of the website, to optimise its functions and to make our website more user-friendly. Cookies can also be used to collect statistical data and for marketing purposes.
Cookies, with the exception of essential and certain functional cookies (see also point 6.2.), can be activated and deactivated via the Consent Manager on our website. If cookies are deactivated, the functionality of our website may be restricted.
Further information is available in the Consent Manager.
6.2 Types of cookies
The least privacy-invasive type of cookies are essential cookies (also known as necessary cookies). Essential cookies are technically absolutely necessary for the operation or visit of our website. We use these cookies without the user's consent in accordance with Section 165 (3) TKG 2021. Essential cookies cannot be deactivated.
There are also functional cookies (sometimes called convenience cookies). These cookies allow a website to "remember" the choices a user has made (including saved user IDs, consents given or languages selected) and other personalisation options you have selected while browsing. Functional cookies, which are necessary for the services you have requested, are set without your consent in accordance with Section 165 (3) TKG 2021. Necessary functional cookies cannot be deactivated. These are mainly cookies in connection with a digital shopping basket.
There are also analytics and performance cookies that are used to monitor and improve the functions and services of a website. These can detect problems with the use of a website, facilitate online surveys, record visitor numbers and provide analysis metrics.
So-called session cookies are only stored for the duration of the respective session. Permanent cookies remain stored permanently or for the respective storage period.
First-party cookies are set by us, while third-party cookies are set by third-party providers.
Detailed information can be found in the Consent Manager on our website.
6.3 Legal basis
Cookies, with the exception of essential cookies and necessary functional cookies (see also point 6.2.), are set on the basis of the user's consent. Consent can be withdrawn at any time without giving reasons. The withdrawal of your consent does not affect the lawfulness of data processing based on your consent before its withdrawal.
You can revoke your consent to the processing of your personal data in the context of the storage of cookies in particular by deleting the cookies, which can be done in the settings of your browser, or by revoking your consent in our Consent Manager.
7. Data transfer to a third country
7.1 General information
Data transfers to a third country are permitted under the GDPR if the third country in question has an adequate level of data protection (safe third country).
The EU Commission has issued an adequacy decision for some third countries, which certifies an adequate level of data protection. You can find a corresponding overview at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
7.2 Data transfer to the USA
An agreement ("Data Privacy Framework") was concluded between the USA and the EU for the transfer of data to the USA. On the basis of this agreement, the Commission issued an adequacy decision (see point 7.1.). However, the transfer of data to the USA on the basis of the aforementioned adequacy decision is only permitted if the recipient has signed up to the Data Privacy Framework. The list of companies that have signed up to the Data Privacy Framework is available at https://www.dataprivacyframework.gov/list.
8. Data storage
Unless you are informed of a different storage period, we process, in particular store, your personal data for as long as this is necessary to achieve the respective purpose (e.g. fulfilment of the contract, processing of your enquiry, etc.).
However, we will not delete your personal data even if we are legally obliged to retain this data, for example within the framework of company or tax law provisions. In addition, we will continue to store your personal data for as long as you can assert claims against us. In this respect, we will continue to store the personal data that is necessary for the defence against claims. The statutory limitation periods are generally between three and thirty years in accordance with the Austrian Civil Code.
9. Confidentiality
All of our employees are bound to secrecy with regard to the information entrusted or disclosed to them in the course of their work, even after the employment relationship has ended.
10. Data security
Data security is very important to us. We have taken all necessary technical and organisational measures in accordance with Art. 32 GDPR to ensure the security of data processing and to process personal data in such a way that it is protected against loss, destruction, access, modification or dissemination by unauthorised persons. Our IT infrastructure complies with current security requirements and is regularly reviewed.
Our website uses the industry standard SSL (Secure Sockets Layer) for encryption. This ensures the confidentiality of your personal data over the Internet. You can recognise whether encrypted transmission is taking place by the closed key/lock symbol in your browser display.
Databases or records containing personal data may be breached accidentally or by unlawful intrusion. As soon as we become aware of a data breach, we will notify all affected individuals whose personal data may have been compromised. The notification will be accompanied by a description of the measures taken to remedy any damage resulting from the data breach. The notification will be made as soon as possible after the breach is discovered.
11. Information for children
Our website and services are not directed at children under the age of 16. If we learn that we have collected personal information from a child under the age of 16, we will take reasonable steps to delete that information from our files as soon as possible, unless we are required by law to retain it. Please contact us if you believe we might have any information from or about a child under the age of 16.
12. Safeguarding the rights of data subjects / contact
You are entitled to the following rights:
- Information in accordance with Art 15 GDPR
- Rectification pursuant to Art 16 GDPR
- Erasure in accordance with Art 17 GDPR
- Restriction pursuant to Art 18 GDPR
- Data portability pursuant to Art 20 GDPR
- Objection pursuant to Art 21 GDPR
If your personal data is processed on the basis of your consent, you have the right to withdraw this consent at any time with immediate effect. The lawfulness of the processing of your personal data until the revocation is not affected by the revocation.
You can revoke your consent to the processing of your personal data in the context of the storage of cookies in particular by deleting the cookies, which can be done in the settings of your browser, or by revoking your consent on our website.
If you have any questions about the processing of your personal data, wish to object to the processing of your personal data or revoke your consent, feel that your rights under data protection law have been violated or wish to exercise any other right to which you are entitled, please contact us.
You also have the right to lodge a complaint with the supervisory authority:
Austrian Data Protection Authority,
Barichgasse 40-42, 1030 Wien,
Mail: [email protected].
Valid since 29.04.2024