Privacy Policy and Revocation Notice by atenas nxt by hgc

This page is in English. There is also an German version available.

The following information applies to the use of the atenas nxt by hgc web interface as well as the atenas nxt by hgc app, hereinafter referred to as the platform.

Responsible in the sense of the General Data Protection Regulation is:

HGC Software Development & Service GmbH
Florianistrasse 4
5721 Piesendorf
dsgvo@hgc.at

Content

General information on data processing and the legal basis
1. This privacy policy describes the nature, scope and purpose of the processing of personal data within our service and the associated platform, regardless of the domains, systems, platforms, and devices used (e.g. desktop or mobile).
2. The definitions of the terms used here, such as "personal data" or their "processing," can be found in Art 4 GDPR.
3. We process personal data only in compliance with the legal requirements (in particular Art 6 para 1 GDPR). Accordingly, data is processed only if there is a legal permission; especially if the data processing is necessary for the fulfillment of our contractual services (e.g. provision of the platform) is required by law or if a consent from you as a user exists or an overriding legitimate interest on our part exists (e.g., interest in the analysis and optimization of our application).
DATA PROCESSING AS A CONTRACT PROCESSOR FOR YOUR EMPLOYER (ART 4 NO. 8 GDPR)
1. A significant part of the data processing we perform is only carried out on behalf of your employer. In relation to the services we offer to your employer, we act not as a controller (Art 4 No. 7 GDPR), but only as a processor (Art 4 No. 8 GDPR). Therefore, your employer, as the controller, can provide you with information about the processing of your data. Please contact your employer for questions.
2. All data processing activities that we carry out as a controller (Art 4 No. 7 GDPR) will be described in more detail in the following section 3.
PROCESSED DATA CATEGORIES AND LEGAL BASIS OF PROCESSING
1. The personal data you provide during registration (especially email address) is processed exclusively with your (revocable) consent in accordance with Art 6 Para 1 lit a GDPR.
2. Through the platform, in the context of our offer, the following of your personal data for contract performance (Art 6 Para 1 lit b GDPR) or on the basis of our legitimate interest (Art 6 Para 1 lit f GDPR) are processed.
3. Structured basic data is stored within the user profile, and additional content can be added voluntarily. These informations can be changed or removed at any time via the account settings. Some technical data is automatically collected to provide the platform.
  - Inventory data (such as: name, addresses, contact, connection data)
  - Contract data (such as: agreed working hours, agreed remuneration, activity)
  - Usage data (Such as: IP address, geo-data, IMEI, accesses, browser & device)
  - Correspondence data (such as: texts of messages, comments, tasks, images)
  - Support data (such as: inquiries, error logs)
PURPOSES OF DATA PROCESSING
1. Since your employer has decided to use our platform, the aforementioned personal data are processed for the following purposes:
  - for the proper performance of the contractual relationship with your employer and the fulfillment of all contractually rented modules and functions.
  - to provide our platform with the desired quality and to continuously improve and make it more user-friendly for you.
  - to improve the usability of our platform based on analyses of anonymized usage behavior.
  - to improve and structure operational workflows in your organization.
  - to process and respond to your inquiries in the event of errors as best as possible.
PUSH NOTIFICATIONS & REPORTING
1. Important information can be received via push notification on the platform. Furthermore, we allow ourselves to send notifications on special occasions, this can be the case with larger updates, updates on privacy, the terms of service or technical issues. You can deactivate the receipt of push notifications at any time via the settings of your device for the platform.
2. To quickly detect and specifically fix errors in the app, anonymous crash reports are transmitted in the event of crashes. These are limited to technical data (platform versions, device info, etc.). These logs do not contain any personal information from you.
TRANSFER OF DATA TO THIRD PARTIES AND THIRD PARTY PROVIDERS
1. A transfer of data only takes place within the framework of legal requirements. Accordingly, we only transfer data if this is required for the execution of the contract in accordance with Art 6 Para 1 lit b GDPR or on the basis of a legitimate interest according to Art 6 Para 1 lit f GDPR in the economical and effective operation of our business.
2. If we use subcontractors to provide our services, we take appropriate legal precautions as well as relevant technical and organizational measures to ensure the protection of personal data according to the relevant legal regulations. Furthermore, we point out that if we use subcontractors, they are located in the EU or the EEA. A transfer to third countries does not take place.
DURATION OF STORAGE
1. Data stored by us are deleted or completely anonymized or pseudonymized as soon as they are no longer required for their purpose and the deletion does not conflict with any legal storage obligations or the data is needed for the clarification of legal disputes.
2. Legally, for example according to § 132 BAO, we are obliged to keep data relevant to social security for a period of at least 7 years (in case of legal disputes longer).
3. Your data will be deleted within 45 days if you wish and request it in writing.
YOUR RIGHTS IN CONNECTION WITH THE PROCESSING OF PERSONAL DATA
1. Among other rights, you are entitled to verify whether and which personal data we have stored about you and to obtain copies of these data (access), to request the correction, addition, or deletion of your personal data that are incorrect or not processed in compliance with the law (correction), to request us to restrict the processing (restriction), and under certain circumstances to object to the processing of your personal data or to revoke the consent given for processing (objection), to request data portability (data portability), to know the recipients or categories of recipients to whom your personal data are transmitted, and to file a complaint with the Austrian Data Protection Authority (www.dsb.gv.at) (complaint).
COOKIES & REACH MEASUREMENT, DURATION OF STORAGE
1. Cookies are information that is transferred from our cloud or third parties to the user's platform and stored there for later retrieval. Cookies can be small files or other types of information storage that are stored on your device.
2. If you do not want cookies to be stored on your devices, you are asked to deactivate the corresponding option in the system settings of your device. Stored cookies can be deleted at any time. However, we would like to point out that excluding cookies may lead to functional restrictions of our platform.
CHANGES TO THE PRIVACY POLICY
1. Since, for example, the legal situation or our services including the associated data processing can change, we reserve the right to adjust this privacy policy accordingly. However, this only applies to declarations on data processing. If we need your consent for the data processing or if parts of this privacy policy contain regulations of the contractual relationship with the users, changes will only be made with your consent.