Privacy Notice
for the Website www.medikit.net
The protection and security of your personal data are important to us. In this privacy notice, we, hotelkit GmbH (“hotelkit“), inform you about which of your personal data we process, for what purposes, on what legal basis, and how you can make use of your rights granted by the European General Data Protection Regulation (“GDPR“). We process your personal data exclusively in accordance with the provisions of the GDPR, the Austrian Telecommunications Act and the Federal Act concerning the Protection of Personal Data (“Data Protection Act” – “DSG“).
Below, we explain to you in accordance with Article 13 and 14 of the GDPR, which data we collect in connection with your visit to our website (www.medikit.net) and how your data is processed.
1. Name and Address of the Controller
The controller within the meaning of Article 4 (7) of theGDPR is hotelkit GmbH
1.1 Contact
hotelkit GmbH
Altes Mühlhaus, Marie-Andeßner-Platz 1
5020 Salzburg
Austria
Telephone: 0662 238080
1.1 Contact Data Protection Officer
Please direct all data protection related inquiries to our data protection officer, Eric Schicht at: eric.schicht@hotelkit.net.
2. Processing Activities
We process personal data we receive from you during your visit on our website. Personal data refers to any information relating to an identified or identifiable natural person.
2.1 Access to Website – Access Data
2.1.1 Purposes of Data Processing and Legal Basis
When accessing the website, log data is stored in so-called server log files without being associated with your person. These logs are used for statistical analysis for the purpose of operating and optimizing the website. In addition, data is collected for security reasons, such as detecting and investigating cases of misuse. This is our legitimate interest according to Article 6 (1)(f) of the GDPR.
For the provision of our website, we use services of Hetzner Online GmbH. For further information on this, please refer to Section 3.3.
2.1.2 Categories of Data Processed
In connection with access data, the following information is collected:
- Visited website
- Date and time of access
- Amount of data sent in bytes
- Source/referrer from which you accessed the website
- Browser and operating system used
- IP address used
2.1.3 Storage Period
The server log files are stored for a maximum of 14 days and are then automatically deleted unless we have a specific suspicion of a criminal offense. Only our server administrators have access to the log files
2.2 Website Access – Use of Cookies
Cookies are small text files stored by a website on the user’s device. Many cookies contain a unique identifier called cookie ID. A cookie ID is a string of characters that allows websites and servers to associate the specific internet browser in which the cookie is stored. This enables visited websites and servers to distinguish the browser of the data subject from other internet browsers that contain different cookies. A particular internet browser can be recognized and identified via the unique cookie ID.
By using cookies, we can provide you with more user-friendly services that would not be possible without setting the cookies.
Cookies allow for the optimization of information and offerings on the website according to the user’s preference.
The following categories of cookies are distinguished:
- Strictly necessary cookies: These cookies are essential to ensure basic functionality of the website.
- Performance cookies: Performance cookies collect and store information about the use of the website. Among other things, they store information associated with the username. We also use cookies that allow us to collect data on the general use of the website, which we use to continuously improve the website’s usability.
- Functionality cookies: These cookies allow the website to be tailored to the needs of the user in order to enhance the user experience.
- Session cookies: These are temporary cookies that remain on the user’s computer until the browser is closed and are then deleted automatically.
- Persistent cookies: For a better user experience, these cookies are stored on your device and allow us to recognize your browser on your next visit.
- Third-party cookies: Our website may also use cookies from partner companies with whom we collaborate for advertising, analysis, or functionality purposes. For details on the purposes and legal bases of processing such third-party cookies, please refer to the information provided below.
You can prevent or restrict the installation of cookies by adjusting your internet browser settings. You can also delete already stored cookies at any time. However, the necessary steps and measures for this depend on the specific internet browser you are using. If you have any questions, please consult the help function or documentation of your internet browser or contact its manufacturer or support.
Please note that for Flash cookies, the processing cannot be prevented through browser settings. Instead, you will need to change the settings of your Flash Player. The necessary steps and measures for this depend on the specific Flash Player you are using. If you have any questions, please consult the help function or documentation of your Flash Player or contact the manufacturer or user support.
The legal basis for processing data in connection with strictly necessary cookies is our legitimate interest in the proper and fully functional operation of the website (Article 6 (1)(f) of the GDPR).
The legal basis for processing data (e.g. analysis/statistics, tracking, etc.) in connection with the use of other cookies is the user’s consent in accordance with Article 6 (1)(a) of the GDPR in conjunction with
Section 165 (3) of the Austrian Telecommunications Act. This consent is voluntary, and you can withdraw it at any time (see Section 4). If you do not give your consent, no statistical and/or analysis cookies will be used (strictly necessary cookies will be used nonetheless).
Please note that disabling cookies may restrict the functionality of this website.
You can adjust your cookie settings at any time by following this link:
2.3 Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc (“Google”), for more information on Google please refer to Section 3.1.
Google Analytics uses cookies that enable an analysis of how you use the website. The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there.
The legal basis for data processing (e.g. analysis/statistics, tracking, etc.) based on the use of Google Analytics as well as the associated reading and/or storage of data is the respective consent of the user pursuant to Article 6 (1)(a) of the GDPR in conjunction with Section 165 (3) Austrian Telecommunications Act.
In case of activation of IP anonymization on this website, your IP address will be truncated by Google within member states of the European Union or the European Economic Area before being transmitted to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there. IP anonymization is active on this website. On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide us with further services related to website usage and internet usage.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by adjusting the settings of your browser software; however, please note that if you do this, you may not be able to use all the functions of this website to their full extent.
Furthermore, you can prevent Google from collecting and processing the data generated by the cookie about your use of the website (including your IP address) by downloading and installing the browser plugin available here: http://tools.google.com/dlpage/gaoptout?hl=en.
2.4 Google Tag Manager
This website uses Google Tag Manager with which we manage website tags. We have concluded a data processing agreement (see 3.1 Google Inc.). Google Tag Manager is an auxiliary service and, as a cookie-less domain, does not store any personal data; it only processes data for technically necessary purposes. Google Tag Manager takes care of loading other components, which in turn may collect data. Google Tag Manager does not access this data. You can find more information on the Google Tag Manager in Google’s data privacy statement.
The legal basis for the data processing based on the use of Google Tag Manager is the respective consent of the user pursuant to Article 6 (1)(a) GDPR in conjunction with section 165 (3) of the Austrian Telecommunications Act. This consent is voluntary, and you can withdraw it at any time (see Section 4).
2.5 LinkedIn Insight Tag
Our website uses “LinkedIn Insight Tag”, a conversion tool provided by LinkedIn Ireland Unlimited Company. This tool creates a unique cookie in your web browser, which enables the collection of the following data: IP address, device and browser characteristics, and page events (e.g., page views). Data is encrypted, removed within seven days, and the pseudonymized data is deleted within 90 days. LinkedIn does not share any personal data with hotelkit but provides anonymized reports on the website audience and ad performance. Additionally, LinkedIn offers the option of retargeting for website visits, allowing the website owner to display targeted ads outside of their website without identifying you as a website visitor.
The legal basis for data processing (e.g., analysis/statistics, tracking, etc.) based on the use of the LinkedIn Insight Tag, as well as the associated reading and/or storing of data, is the user’s consent (Article 6(1)(a) of the GDPR in conjunction with Sec 165(3) of the Austrian Telecommunications Act). This consent is voluntary, and you can withdraw it at any time (see Section 4).
For more information about LinkedIn Ireland’s data processing activities, please refer to https://www.linkedin.com/legal/privacy-policy. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
2.6 Facebook Ads Conversion-Tracking (Facebook-Pixel)
Provided you have consented to marketing cookies, we use “Facebook Pixel” on our website. Facebook Pixel is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook“).
The legal basis for data processing (e.g. analysis/statistics, tracking, etc.) based on the use of Facebook Pixel and the associated reading and/or storage of data is the respective consent of the user pursuant to Article 6 (1)(a) of the GDPR in conjunction with section 165 (3) of the Austrian Telecommunications Act. This consent is voluntary, and you can withdraw it at any time (see Section 4).
With the help of Facebook Pixel, Facebook can determine you as a target audience for the display of ads, known as “Facebook Ads.” Accordingly, the Facebook Pixel is used by hotelkit to display Facebook Ads only to Facebook users who have shown an interest in our website. This means that with the help of Facebook Pixel, we want to ensure that Facebook Ads correspond to the potential interests of users and do not appear bothersome. Additionally, Facebook Pixel allows hotelkit to track the effectiveness of Facebook advertisements for statistical and market research purposes by showing whether users were redirected to the hotelkit website after clicking on a Facebook advertisement.
If you provide your consent, Facebook Pixel will store the cookie “_fbp” on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our website will be recorded in your profile. The data collected about you is not visible to hotelkit and does not allow us to draw conclusions about the identity of the users. However, the data is stored and processed by Facebook, enabling a connection to the respective user profile.
For more information on how the remarketing pixel works and the display of Facebook Ads, please refer to Facebook’s Data Policy at www.facebook.com/policy.
For more information on settings for interest-based advertising and the option to object to the use of your data for displaying Facebook Ads, please visit the page set up by Facebook at www.facebook.com/settings.
2.7 Embedding YouTube Videos
We use YouTube.com to upload and make our own videos publicly available. YouTube is a service provided by a third party not affiliated with us, namely Google LLC.
On our website, we directly embed some videos stored on YouTube. This embedding displays content from YouTube in certain sections of a browser window. However, YouTube videos are only loaded when specifically clicked on. This technique is also called “framing.” When you visit a page on our website where YouTube videos are embedded in this way, a connection is established with YouTube servers, and the content is displayed on the webpage through your browser.
The embedding of YouTube content is done in the “extended data protection mode.” This mode is provided by YouTube itself and ensures that YouTube does not initially store cookies on your device. However, when you access the respective pages, your IP address and other data mentioned in Section 2 are transmitted, informing YouTube in particular which of our webpages you have visited. However, this information cannot be attributed to you unless you have logged in to YouTube or another Google service before accessing the pages or are permanently logged in.
Once you start playing an embedded video by clicking on it, YouTube, in the extended data protection mode, only stores cookies on your device that do not contain personal data, unless you are currently logged in to a Google service. These cookies can be prevented through appropriate browser settings and extensions.
The legal basis for the data processing based on the integration of YouTube videos and the associated reading and/or storage of data is the respective consent of the user pursuant to Article 6 (1)(a) of the GDPR in conjunction with Section 165 (3) of the Austrian Telecommunications Act. This consent is voluntary, and you can withdraw it at any time (see Section 4).
Further information on data protection at Youtube can be found in the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy/.
2.8 Contact by Email or Contact Form
2.8.1 Purposes of Data Processing and Legal Basis
If you contact us via email or the contact form, we will store your data for the purpose of processing your inquiry and in case of follow-up questions. This also serves our legitimate interest in accordance with Art 6(1)(f) of the GDPR. When using the contact form, the processing of your data is also based on the initiation of a contractual relationship (Article 6 (1)(b) GDPR).
We use Google services for the receipt and sending emails. You can find more information on this under Section 3.1.
2.8.2 Categories of Data Processed
When contacting us via email or contact form, the following information is processed:
- Your name
- Your email address (sender address)
- Time of contact
- Content of the correspondence
When you contact us via the contact form, we also store the following information – insofar provided on a voluntary basis:
- Your position in the company
- Name of your company
- The phone number you have provided
- The website you have specified
We only store and use further personal data if you consent to this or if this is legally permissible without special consent.
2.8.3 Storage Period
The personal data collected will be deleted when it is no longer needed for the purpose of contacting you, i.e. when your request has been sufficiently clarified. However, please note that there may be cases where longer storage of the data is required by law.
2.9 Webinars
2.9.1 Purposes of Data Processing and Legal Basis
The legal basis for the processing of the above-mentioned personal data is the setting of pre-contractual measures with regard to a potential, future conclusion of a contract with you upon your request pursuant to Article 6 (1)(b) of the GDPR. If you work for a company, which is interested in a contractual cooperation with us, we process your data or any data of other employees on the basis of our legitimate interest in communicating and initiating a contract with the respective company as well as on the basis of the similar interest of your employer/client (Article 6 (1)(f) of the GDPR).
We use dynamic forms from Google (“Google Forms”) for the collection; for more information on this, see Section 3.1.
2.9.2 Categories of Data Processed
The following information is processed regularly:
- Your name
- Your email address
- Company name of the company for which you are participating in the webinar
- Position in the above-mentioned company
2.9.3 Storage Period
The personal data collected will be deleted when it is no longer needed for the purpose of conducting the webinar. However, please note that there may be cases where longer storage of the data is required by law.
2.10 Direct Marketing
2.10.1 Purposes of Data Processing and Legal Basis
We contact potential customers as well as existing customers to draw attention to our services. In doing so, we only process data that has been provided to us for this purpose and for which explicit consent for direct marketing has been granted by the data subject (Article 6 (1)(a) of the GDPR in conjunction with section 174 (1) of the Austrian Telecommunications Act).
If we have obtained your email address in connection with the conclusion of a contract and the provision of our products, and you have not objected to this, we reserve the right to regularly send you offers for similar products. You can object to the use of your email address for this purpose at any time by sending an email to the contact information described below or by using the designated link in the respective email, without incurring any costs other than the transmission costs according to basic rates. In this case, the data processing is based on our legitimate interest pursuant to Article 6(1)(f) of the GDPR in conjunction with Section 174(4) of the Austrian Telecommunications Act. Our legitimate
interest is based on our economic interests in conducting advertising measures and target group-oriented advertising.
For direct marketing and the associated management of contact data, we use the service provider “Salesforce”. For more information, please refer to section 3.2.
2.10.2 Categories of Data Processed
In the context of direct marketing, we usually store your professional contact details such as employer, position in the company, work phone number and email address or reference to any professional social media profiles.
2.10.3 Storage Period
We only store your data for as long as it is necessary to achieve the above-mentioned purposes.
3. Service Providers Used
3.1 Google Inc.
For various services, including the receiving and sending emails, dynamic forms and of website visit analysis (Google Analytics), we use services of Google Inc. based in California, USA. For this purpose, we have concluded a data processing agreement with the company in accordance with Article 28 of the GDPR. In addition, Google guarantees appropriate protection of data when being transferred to third countries. By concluding a contract using the Standard Contractual Clauses (SCC) specified by the EU Commission, an adequate protection of personal data is guaranteed.
Furthermore, Google Inc. adheres to the Privacy Shield agreement between the European Union and the United States and has certified its compliance. This commitment requires Google to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
3.2 Salesforce EMEA
We use the service provider Salesforce to manage contact, address and contract data. We have concluded a data processing agreement in accordance with Article 28 GDPR. Salesforce contractually guarantees that data is within the EU/EEA. However, for the fulfillment of the contract, the provider may engage other entities within its group as sub-processors, including entities based in the USA. For these processing activities, binding corporate rules (BCR) in accordance with Article 47 of the GDPR have been imposed and approved as internal data protection regulations within the corporate group. Additionally, an adequate level of data protection is ensured for any data transfers through the implementation of standard contractual clauses (SCC) provided by the European Commission.
3.3 Hetzner Online
For the provision of our websites, we use services of Hetzner Online GmbH, based in Gunzenhausen, Germany, with whom we have concluded a data processing agreement. No transfer of personal data to third countries outside the EU/EEA takes place.
3.4 Hotjar
Hotjar is an analysis and feedback platform that helps us gain insights into the usability and user experience of our website. With Hotjar, we obtain a comprehensive understanding of how visitors use our website. We have entered into a data processing agreement in accordance with Article 28 of the GDPR. The company is based in Malta.
4. Data Subject Rights
Under applicable laws, you have rights concerning your personal data. If you wish to exercise these rights, please send your request by email to info@medikit.net or by mail, clearly identifying yourself, to the address mentioned in Section 1 above.
Below you will find an overview of your rights according to the GDPR.
4.1 Right to Confirmation and Information
You have the right to obtain confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to request information from us free of charge about the personal data stored about you, together with a copy of this data. This information includes, among others, the purpose of processing, the categories of personal data as well as the recipients.
4.2 Right of Rectification
You have the right to request immediate rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement. We will comply with this request in a timely manner, unless it conflicts with our legitimate interests or legal obligations, and we will correct, supplement, or modify your personal data accordingly.
4.3 Right to Erasure (“Right to be Forgotten”)
You have the right to request that personal data concerning you be erased without undue delay, and we are obliged to delete personal data if one of the reasons specified in Article 17 of the GDPR applies.
4.4 Right to Restrict Processing
You have the right to request restricting the data processing if one of the conditions of Article 18 of the GDPR is met.
4.5 Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to have this data transferred directly from us to another controller.
4.6 Right to Object
You have the right to object to the processing of your data when processing is carried out for direct marketing purposes or for another purpose based on our legitimate interests under Article 6(1)(f) of the GDPR. If we process your data for legitimate purposes, you have the right to object to such processing if there are reasons based on your particular situation.
4.7 Right to Withdraw Consent
You have the right to withdraw your consent to the processing of personal data at any time in writing by sending an email to info@medikit.net. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.
4.8 Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is unlawful.
5. Data Security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
Your personal data is transmitted to us in encrypted form. This applies to your orders as well as to the customer login. We use the SSL (Secure Socket Layer) encryption system, but we would like to point out that data transmission over the internet (e.g., when communicating via email) may have security vulnerabilities. It is not possible to provide complete protection of data from access by third parties.
To secure your data, we maintain technical and organizational security measures in accordance with Article 32 of the GDPR, which we continually adapt to the state of the art.
We do not guarantee that our offer will be available at all times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.
6. Disclosure of Data to Third Parties, No Transfer of Data Outside the EU
In principle, we only use your personal data within our company. If and to the extent that we involve third parties in the fulfillment of contracts (such as logistics service providers), these third parties will only receive personal data to the extent necessary for the corresponding service.
In the event that we outsource certain parts of data processing (“data processing on behalf of a controller”), we contractually obligate the processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.
There is no transfer of data to entities or individuals outside the EU, except in the cases mentioned in Section 2.
7. Automated Decision Making According to Article 22 GDPR
Automated decision-making based on the personal data collected does not take place.
8. Updating of the Data Privacy Notice
We reserve the right to make changes to this privacy notice at any time. The privacy notice is regularly updated and any changes will be published on the website