The entity responsible within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

TIMETOACT GROUP Österreich GmbH
Canettistraße 5
1100 Vienna

Below you will find information on the various data protection–relevant areas of our websites:

• General Information
• Cookies and Encryption
• Newsletters and Forms
• Google Services
• Fontawesome
• Customer Satisfaction Survey
• Data Protection Officer

Under data protection law, the term “personal data” always refers to information relating to an identified or identifiable natural person (i.e., a specific individual, as opposed to a legal entity such as a company).

“Identifiable” means that it is possible to determine who the specific person is — regardless of whether their name or similar information is known. A personal identification number, an online identifier (such as a login name), or data that, when combined, allows unique identification (e.g., location data or an IP address and timestamp — such as “the person who sat in the kitchen chair yesterday at 3:03 p.m.” or “the user who visited our website today at 8:17 a.m. from a specific IP address”) are sufficient to constitute the processing of personal data.

Using the contact details of our Data Protection Officer provided above, you may exercise the following rights at any time:

• Access to the data stored about you and information on its processing,
• Rectification of incorrect personal data,
• Erasure of data stored about you,
• Restriction of data processing where we are not yet permitted to delete your data due to legal obligations,
• Objection to the processing of your data by us, and
• Data portability, provided you have consented to the data processing or have entered into a contract with us.

If you have given us your consent, you may withdraw it at any time with effect for the future.

We process your personal data only for the purposes stated in this privacy policy. Your personal data will not be transferred to third parties for purposes other than those listed. We will only share your personal data with third parties if:

• you have given your explicit consent,
• the processing is necessary for the performance of a contract with you, or
• the processing is necessary for compliance with a legal obligation.

Processing may also take place to safeguard legitimate interests, provided there is no reason to believe that you have an overriding, legitimate interest in the non-disclosure of your data.

When visiting any website, personal data is processed. In order for the pages to be sent to your internet browser and displayed correctly, the IP address of your device must always be processed. Additionally, information about the browser you used to access the site is required to ensure error-free display.

We are legally obligated under data protection law to ensure the confidentiality and integrity of personal data processed by our IT systems.

For this purpose, we log:

• the IP address of the accessing computer (for a maximum of 7 days),
• the operating system of the accessing computer,
• the browser version of the accessing computer,
• the name of the file or page accessed,
• the date and time of access,
• the amount of data transferred, and
• the referring URL.

The IP address is deleted from all systems involved in the operation of this website no later than seven days after use. From the remaining data, it is no longer possible for us to establish a personal connection.

The data is also used to correct errors on the website.

Like many other websites, we also use so-called “cookies.” Cookies are small text files that are transferred from a website server to your hard drive. Through this, we automatically receive certain data such as your IP address, the browser you use, your operating system, and your internet connection.

Cookies cannot be used to start programs or transmit viruses to a computer. The information contained in cookies helps us make navigation easier for you and ensure that our web pages are displayed correctly.

Under no circumstances will the data we collect be shared with third parties, nor will it be linked to personal data without your consent.

Of course, you can also view our website without cookies in principle. Internet browsers are usually set to accept cookies automatically. In general, you can disable the use of cookies at any time through your browser settings. Please use your internet browser’s help function to find out how to change these settings. Please note that certain features of our website may not function properly if you have disabled the use of cookies.

Matomo

When cookie settings are displayed and stored, two independent tracking pixels are transmitted to the domain matomo.synaigy.io (which belongs to TIMETOACT GROUP GmbH). The collection and processing of this data are based on our legitimate interest in ensuring proper and error-free functionality—particularly in connection with campaigns, landing pages, and users’ first visits to our services.

Only the loss rate within web analytics is determined. For this purpose, the current URL and the consent or rejection of the different consent categories are recorded. No personal data is collected, and no conclusions can be drawn about individual users or their behavior.

In addition, we use SSL/TLS encryption from Cloudflare to protect you and our online presence. At the same time, Cloudflare ensures the protection of our websites against so-called DDoS attacks. Consequently, all requests are automatically routed through Cloudflare’s servers and consolidated into non-deactivatable statistics. According to Cloudflare, the collected raw data is usually deleted within 4 hours, but no later than after 3 days. Here you can find information about the data collected there and about security and data protection at Cloudflare. 

The legal basis for this data processing is Article 6(1)(f) of the GDPR. Our “legitimate interest” within the meaning of Article 6(1)(f) lies in the operation of the website and the implementation of the protection objectives of confidentiality, integrity, and availability of data.

The personal data you provide will be collected, processed, and used for the purpose of deciding whether to establish an employment relationship in accordance with § 26 (1) of the German Federal Data Protection Act (BDSG). The provision of your personal data is necessary for processing the application procedure and for making a decision about establishing an employment relationship. If you do not provide this data, unfortunately, we will not be able to consider you in the selection process for the advertised position.

No automated decision-making takes place.

The required information pursuant to Article 13 of the GDPR will be provided to you upon receipt of your application via a response email. To assess your application, your documents will be forwarded to the responsible employees and the relevant contact persons or department heads of the department for which the application is intended.

Other legal entities within the TIMETOACT GROUP are, in principle, independent data controllers. The individuals involved in the recruitment process may belong to different companies within the TIMETOACT GROUP, depending on the position. Therefore, your data may be shared with the respective persons within the TIMETOACT GROUP.

An exchange of your personal data with other legal entities within the TIMETOACT GROUP takes place in particular for the fulfillment of contracts and on the basis of our legitimate interest in organizing internal workflows (e.g., shared services or cross-entity transfers).

Your personal data will be shared with the following external third party:

Personio GmbH & Co. KG
Rundfunkplatz 4
80335 Munich

Your personal data provided by you will not be transferred to a third country or an international organization, nor is such a transfer planned.

Your application documents will be stored with us for the duration of the application process and subsequently retained for an additional three months to enable us to respond to any questions you may have. After this period, the documents will be deleted. In the case of postal applications, the documents will either be returned or destroyed after three months. If you are hired, your application documents will be added to your personnel file.

If you choose to be included in our talent pool, all companies within the TIMETOACT GROUP may access your personal data in the event of future job openings and contact you to invite you to an interview. You can join the talent pool by checking the corresponding box during the application process. Your data will be processed based on Article 6 (1) (a) of the GDPR.

Only with your explicit written consent pursuant to Article 6 (1) (a) of the GDPR will we store your data until revoked, so that we may contact you in the future regarding job opportunities that may be of interest to you within our company.

You have the right to withdraw your consent at any time with effect for the future. The legality of data processing up to the point of withdrawal remains unaffected.

The personal data you provide to us when subscribing to the job alert will be stored until you withdraw your consent to receive these updates. Upon unsubscribing, your data will be removed from the distribution list.

We use Microsoft Dynamics 365 Marketing (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland; hereinafter “Microsoft Dynamics 365 Marketing”) for management of services such as newsletters. The data entered for newsletter purposes is stored on Microsoft servers in Dublin, Ireland and Amsterdam, the Netherlands. Newsletters sent via Dynamics allow analysis of recipient behavior (e.g. open rates, link clicks). Conversion tracking can analyze predefined actions (e.g. signing up for a service on our website). Behavioral data are stored in our CRM (Dynamics 365 Sales) and deleted after one year.
Legal basis is your consent under Art. 6 (1) a GDPR and § 25 (1) TTDSG. You may withdraw consent at any time for the future. Processing prior to revocation remains lawful. If you refuse analysis via Dynamics 365 Marketing, you must unsubscribe from the newsletter. Every newsletter includes an unsubscribe link.
Data entered for newsletter purposes are stored by us until unsubscription, then deleted from Microsoft servers. Data stored for other purposes (e.g. business email addresses) remain unaffected.
Further details can be found in Microsoft’s privacy policy.

You can contact us via the email address provided on our website. You can also contact us via the telephone number provided on the website. If you make use of these options, the personal data transmitted will be stored and collected and processed solely for the purpose of processing and responding to your enquiry.
By contacting us, you give your consent to data processing in accordance with Art. 6 (1) (a) GDPR.
If you are interested in an offer, your personal data will be processed for the purpose of initiating a contract in accordance with Art. 6 (1) (b) GDPR.

If you do not provide this information, we will unfortunately not be able to process your request. No automated decision-making is carried out. Your personal data will not be passed on to external third parties.

The personal data you provide will not be transferred to a third country or an international organization, nor is this planned.
You have the right to withdraw your consent at any time with effect for the future. The lawfulness of the data processing carried out until the withdrawal remains unaffected.

Your personal data that you provide to us will be stored by us for the duration of the processing of your request until the expiry of the relevant statutory periods.

When you register with us for an event or webinar, you voluntarily give us your consent to collect data for the purpose of organizing the event. For this purpose, a valid email address, your first and last name, the name of your company, and, if applicable, the number of participants are required. Providing any additional information is optional.

Diese Website nutzt Google Analytics, einen Webanalysedienst der Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Irland; im Folgenden „Google“), welcher Cookies verwendet. Cookies sind Textdateien, welche auf Ihrem Computer gespeichert werden und eine Analyse Ihrer Nutzung der Website ermöglichen. Cookies übertragen die erzeugten Informationen über Ihre Benutzung dieser Website in der Regel an einen Server von Google in der Europäischen Union (EU) oder Europäischen Wirtschaftsraum (EWR). Da diese Website jedoch eine IP-Anonymisierung vornimmt, wird Ihre IP-Adresse von Google zuvor innerhalb von Mitgliedstaaten der Europäischen Union oder in anderen Vertragsstaaten des Abkommens über den Europäischen Wirtschaftsraum gekürzt.

In Ausnahmefällen wird die volle IP-Adresse an einen Server von Google in den USA übertragen und dort gekürzt. In unserem Auftrag nutzt Google diese Informationen, um Ihre Nutzung der Website auszuwerten, um Reports über die Websiteaktivitäten zusammenzustellen und um weitere mit der Websitenutzung und mit der Internetnutzung verbundenen Dienstleistungen gegenüber dem Websitebetreiber zu erbringen. Es erfolgt keine Zusammenführung der im Rahmen von Google Analytics von Ihrem Browser übermittelten IP-Adresse mit anderen Daten von Google.

Die Erhebung im Rahmen dieses Dienstes erfolgt nur nach Erteilung Ihrer ausdrücklichen Einwilligung. Rechtsgrundlage hierfür ist § 25 Abs. 1 TTDSG. Sie haben das Recht, Ihre Einwilligung jederzeit mit Wirkung für die Zukunft zu widerrufen. Die Rechtmäßigkeit der Datenverarbeitung bis zum Widerruf bleibt unberührt.

Zweck der Erhebung ist die Auswertung der Nutzung unserer Website. Des Weiteren können wir durch den Einsatz von Google Analytics Reports über Websiteaktivitäten erstellen und somit unseren Internetauftritt verbessern Neben uns ist Google als Empfänger der Daten zu nennen.

Die Daten werden gelöscht, sobald sie für unsere Aufzeichnungszwecke nicht mehr benötigt werden. Die Erfassung Ihrer Daten durch Google Analytics können Sie jederzeit auch nach Erteilung Ihrer Einwilligung unterbinden.

Die Datenübertragung durch Google in die USA stützt sich auf die EU-Standardvertragsklauseln, zu denen Sie hier Details einsehen können: https://privacy.google.com/businesses/controllerterms/mccs/. Weitere Informationen finden Sie unter: https://support.google.com/analytics/answer/6004245?hl=de

This website uses Google Ads, a service of Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter referred to as “Google”).

We use the conversion tracking function, for which Google Ads places cookies on your computer if you have reached our website via an advertisement placed by Google. The data collected through these cookies is not user-specific and therefore does not serve to personally identify you. The cookies expire after 30 days. The data is collected for the purpose of creating conversion statistics for Google Ads customers. We only receive information about the total number of users who clicked on our advertisement and were subsequently redirected to a website tagged with a conversion tracking tag.

The purpose of this data collection is to provide you with targeted advertising. The legal basis for this is your consent pursuant to Article 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as consent under the TTDSG concerns the use of cookies or access to information on your device.

You have the right to withdraw your consent at any time with effect for the future. The legality of data processing carried out up to the point of withdrawal remains unaffected.

In addition to us, Google is also considered a recipient of the data. The data will be deleted as soon as it is no longer required for our recording purposes.

Consent is also required by Google under its User Consent Policy, which you can view here:
https://www.google.com/about/company/user-consent-policy.html

Further information about the collection and processing of your data by Google, as well as your rights as a data subject, can be found in Google’s Privacy Policy:
http://www.google.com/policies/privacy/?hl=en

Data transfers by Google to the United States are based on the EU Standard Contractual Clauses, which you can review here:
https://privacy.google.com/businesses/controllerterms/mccs/

This website uses functions of the web analytics service Google Dynamic Remarketing (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter referred to as “Google”).

Google Dynamic Remarketing collects and stores data from which user profiles can be created anonymously using pseudonyms. In this way, visitor behavior can be analyzed, and the website offering can be improved and tailored to user needs. This may involve the use of corresponding cookies.

There is no combination of the pseudonymized usage profiles with personal data about the holder of the pseudonym, unless the data subject has given their explicit consent.

The collection of data within this service takes place only after you have given your explicit consent. The legal basis for this is Section 25 (1) TTDSG.

You have the right to withdraw your consent at any time with effect for the future. The legality of data processing carried out up to the point of withdrawal remains unaffected.

Further information about data protection with Google Dynamic Remarketing can be found at the following link:
https://policies.google.com/privacy?gl=en 

Our website uses Google Maps for the visual presentation of geographical information (e.g., location maps). Google Maps is operated by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter referred to as “Google”). This allows us to make it easier for you to find us or to highlight specific locations.

Google is therefore also considered a recipient of the data. When using Google Maps, information about your use of our website is transmitted to a Google server in the United States and stored there. The information collected and transmitted includes your IP address and your location, if your device settings allow location tracking. When Google Maps is activated, Google Fonts are also loaded into your browser cache to display the relevant texts and fonts as intended.

This data processing is carried out on the basis of Article 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as consent under the TTDSG relates to the use of cookies or access to information on your device. You have the right to withdraw your consent at any time with effect for the future. The legality of data processing up to the point of withdrawal remains unaffected.

This processing is carried out in cooperation with Google on the basis of a joint controller agreement pursuant to Article 26 GDPR, which can be accessed here:
https://policies.google.com/privacy?hl=en

The transfer of data to the United States involves data protection risks. If you do not wish such a transfer to occur, you can disable your consent in the cookie settings. However, please note that in this case, the map display may not function.

For more information about the collection and processing of your data by Google and your rights as a data subject, please refer to Google’s Privacy Policy:
http://www.google.com/policies/privacy/?hl=en

and the additional Terms of Use for Google Maps / Google Earth:
https://www.google.com/intl/en/help/terms_maps.html

Our website uses Google Fonts for the integration of external fonts, a service provided by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter referred to as “Google”).

By integrating Google Fonts, a direct connection is established between your browser and Google’s servers when you visit our website. The fonts can only be transmitted directly from Google to your browser, which then embeds them into the website. It is possible to block connections to fonts.googleapis.com via your operating system or a suitable browser add-on. However, doing so may limit the functionality or correct display of our website. The data is deleted as soon as it leaves our website.

The purpose of this data collection is to ensure a uniform display of fonts and icons provided by Google Fonts. Data processing is carried out on the basis of Article 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as consent under the TTDSG relates to the use of cookies or access to information on your device. You have the right to withdraw your consent at any time with effect for the future. The legality of data processing up to the point of withdrawal remains unaffected.

There is a possibility that, in the course of using this Google service, personal data may be transferred to the United States to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

For more information about the collection and processing of your data by Google and your rights as a data subject, please refer to Google’s Privacy Policy:
http://www.google.com/policies/privacy/?hl=en

To display fonts and visual elements on our website, we use external fonts provided by FontAwesome, a service of

Fonticons Inc.
6 Porter Road, Apartment 3R,
Cambridge, MA 02140, USA
(hereinafter referred to as “FontAwesome”).

When you access our website, a connection is established to FontAwesome’s servers in the United States to enable and update the display of fonts and visual elements.

The legal basis for this data processing is Article 6 (1) (f) GDPR. Our legitimate interest lies in the optimization and efficient operation of our online presence.

Through the connection established to FontAwesome’s server when you visit our website, FontAwesome can determine from which website your request was sent and to which IP address the font should be delivered.

FontAwesome provides further information — including details on how to prevent data usage — at the following link:
https://fontawesome.com/privacy

Furthermore, our website uses the Facebook Pixel function of Facebook Ireland Ltd. (4 Grand Canal Square, Dublin 2, Ireland; hereinafter referred to as “Facebook”). Upon your consent, a so-called pixel is set. Pixels are cookie elements that enable communication between a browser and a server. A pixel is a small, transparent image placed on a website. This allows us to deliver advertisements to the right audience and measure the effectiveness of our ads.

Once the Facebook Pixel has been implemented, it is triggered whenever someone performs a specific action on our website — for example, adding an item to the shopping cart or completing a purchase. The pixel records these actions (so-called “events”). This allows us to retarget customers with additional Facebook ads in the future. The user remains anonymous to us; however, the data processed by Facebook enables a link to the user’s Facebook profile, allowing Facebook to use the collected data for advertising purposes. We have no control over Facebook’s use of this data.

The legal basis for this data processing is your consent pursuant to Section 25 (1) TTDSG. You have the right to withdraw your consent at any time with effect for the future. The legality of data processing carried out before the withdrawal remains unaffected.

The personal data collected by this tool falls within the scope of data processing jointly controlled by us and Facebook in accordance with Article 26 GDPR. The joint controllership between Facebook and us as the website operator is limited to the processing activities for which we jointly determine the purposes and means of processing. In the case of Facebook Connect registration, this includes the collection and transmission of personal data.

If you wish to exercise your data subject rights, you can do so directly with Facebook. We are obligated to forward any such requests received by us to Facebook. The joint controllership agreement can be accessed here:
https://www.facebook.com/legal/controller_addendum

Facebook’s Data Policy can be found here:
http://de-de.facebook.com/about/privacy

The full Facebook Data Policy is available here:
https://de-de.facebook.com/full_data_use_policy

Further information on Facebook’s pixel technology can be found here:
https://de-de.facebook.com/business/help/742478679120153

To object to the use and collection of data, please follow this link and adjust your Facebook settings:
https://www.facebook.com/settings?tab=ads

These settings apply across all platforms, meaning they will be effective on all your devices, such as desktop computers or mobile devices.

Data transfers to the United States are based on the EU Standard Contractual Clauses, which you can review here:
https://www.facebook.com/legal/EU_data_transfer_addendum

Our website also uses the Insight Tag technology, which is operated exclusively by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland; hereinafter referred to as “LinkedIn”).

The purpose of the Insight Tag is to enable us to optimize our campaigns, retarget website visitors, and gain insights into our audience. The LinkedIn Insight Tag places a unique LinkedIn browser cookie in a visitor’s browser and allows the collection of the following data for this cookie: metadata such as IP address, timestamp, and page events (e.g., page views). In addition, LinkedIn collects log file information (including URL, referrer URL, IP address, device and browser characteristics, and time of access).

After seven days, the direct identifiers of LinkedIn members are deleted; the remaining data is pseudonymized and deleted after 180 days.

LinkedIn does not share any personal data with us. Instead, it provides aggregated reports on website audiences and ad performance. LinkedIn members can control the use of their personal data for advertising purposes in their account settings. You can also object to the analysis of usage behavior and targeted advertising by LinkedIn here:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

The legal basis for data processing is your consent pursuant to Article 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as consent under the TTDSG relates to the use of cookies or access to information on your device. You have the right to withdraw your consent at any time with effect for the future. The legality of data processing carried out before the withdrawal remains unaffected.

Further information about the LinkedIn Pixel can be found here:
https://www.linkedin.com/help/linkedin/answer/65521

LinkedIn’s Privacy Policy is available at:
https://www.linkedin.com/legal/privacy-policy
and additional GDPR information can be found here:
https://www.linkedin.com/help/linkedin/answer/87150/linkedin-marketinglosungen-und-die-datenschutz-grundverordnung-dsgvo-?lang=en

Data transfers to the United States are based on the EU Standard Contractual Clauses, which you can review here:
https://www.linkedin.com/legal/l/eu-sccs

We process data as part of a customer satisfaction survey in order to assess how satisfied our customers are with the services we provide. This serves in particular to help us continuously improve our services.

The collection of data within this survey takes place only after you have given your explicit consent. The legal basis for processing is Article 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as consent under the TTDSG relates to the use of cookies or access to information on your device.

We use the service “Dynamics 365 Customer Voice” (operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Dynamics 365 Customer Voice is a feedback management application that enables us to easily track our customer satisfaction metrics. For example, it allows us to quickly collect feedback through various channels and create personalized surveys. The insights gained can then be compiled and analyzed using this service.

The personal data collected via Dynamics 365 Customer Voice is processed exclusively within the European Union. Microsoft’s privacy policy can be viewed here:
👉 https://privacy.microsoft.com/de-de/privacystatement

Your personal data will not be transferred to a third country or international organization, nor is such a transfer planned.

You have the right to withdraw your consent at any time with effect for the future. The legality of data processing carried out before the withdrawal remains unaffected.

The personal data you provide to us as part of the customer satisfaction survey will be stored for the duration of the data collection and evaluation process and will then be deleted in compliance with data protection regulations.

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to reflect changes in our services within the privacy policy, for example, when introducing new services. The new privacy policy will then apply to your next visit.

If you have any questions about data protection, please email us or contact the person responsible for data protection in our organization directly:

Aljoscha Schulz
aljoscha.schulz@timetoact.at