Privacy Policy & Imprint

What categories of data do we collect?

Every time you visit our website, your IP address and other pieces of information are saved in an anonymized form. If you register an account with us, your contact information will be stored. If you order products from us, your address and payment information will also be stored. Based on the Austrian law we have to keep your invoices for 7 years to be able to send them to Finance authorities anytime.

We do not have any trackers implemented in our infrastructure. In addition we have tried our best to not to use services which include trackers such as Google services. However, in some instances we have no option but to use third-party solutions. For instance Youtube services which we have uses on some of our pages. In such cases we have provided you with warning messages on the respective pages.

In particular, we save the following data from you:

Registration data

When you register an account in our system, we collect and process certain personal data from you as your registration data. For example, we need your name, address information, telephone number, payment information and your email address to process your order. If you pay using a credit card, we do not collect and store any payment information such as credit card numbers or verification codes. You disclose this information only to the respective payment service provider (in our case Stripe.com). One exception with credit card payments is what is known as the pseudo card number: in order for you not to have to enter your credit card information for every payment, a pseudo card number is saved for your account. The pseudo card number only enables payment for products on our website that you order using your customer account. A pseudo card number is not identical to the credit card number. We delete all your registration information either: within 24 months, as soon as you delete your user account with us, or once the statutory retention period expires. You can delete your user account with us by contacting us through our ticketing system and creating a deletion request. The legal basis for this data processing is Art. 6 (1) lit. b GDPR. In addition to all these measures, we are encrypting all the collected payment information in our database.

Email addresses

If you subscribe to our newsletter or request that you receive automated messages from MySecure.Space, we also store your email address. We delete your email address once you delete your user account or if you unsubscribe from our newsletter. The legal basis for this data processing is Art. 6 (1) lit. a or Art. 6 (1) lit. b GDPR.

Server log files

Whenever you visit our websites, we automatically store certain data. This includes your IP address, type and version of the browser you use, time, date, website from which you come to our site. Your IP address is saved anonymized. You can then no longer be identified. The legal basis for this data process is Art. 6 (1) lit. f GDPR.

Who we forward your data to

We are not cooperating with any advertising companies including Google, Facebook, Apple, Microsoft and such. Your data will not in any circumstances be shared with any third party. Some of our external service providers such as our data center and server admins may have access to your data while they assist us in providing our services. However, in 99% of the cases your data will be completely encrypted and annonymyzed. As an Austrian company, we have to follow the Austrian and European laws, meaning we will have to provide the requested information following legal cases with the governmental entities.

In particular, this may occur in the following cases:

Domain registration

If we register a domain for you, we provide the required data to the corresponding registration service provider.

Payment via credit card:

When paying via credit card, the payment is processed by an external service provider. For credit card payments, your information is collected directly by Stripe (Please click here to their privacy policy for more information )

Debt collection agency

If you as a customer fail to pay your invoices on time, your necessary data are passed on to an external debt collection agency.

Third countries

Data is transferred to third countries in adherence to the legally regulated admissibility requirements. We will not transfer your data to a third country if it does serve the purpose of performing our contract with you; we have no consent from you; the transfer is not necessary to assert, exercise or defend legal claims; and there are no other exceptions. We will only transfer your data to a third country if there is an adequacy decision in accordance with Art. 45 GDPR or appropriate safeguards in accordance with Art. 46 GDPR. Once such adequacy decision (regarding an adequate level of protection) is the “Privacy Shield” for the USA. For transfers to a company certified under the Privacy Shield, the data privacy level is considered essentially as adequate within the meaning of Art. 45 GDPR. However, we usually do not rely on the Privacy Shield, but rather create appropriate privacy guarantees and complete the EU standard data privacy clauses issued by the European Commission with the receiving party. Together these actions establish appropriate safeguards in accordance with Art. 46 GDPR and provide an adequate level of protection.

Other categories of recipients

State authorities and courts

Where do we process your data?

We process your data exclusively in our data centers in Germany and in Finland.

Cookies and the right to object to direct advertising

“Cookies” are small files that are stored on a user’s computer. Cookies can store different kinds of data. Cookies are primarily used to store information about users. They are stored on the users’ devices during and/or after users visit a website or online store. “Temporary cookies”, “session cookies”, or “transient cookies” are cookies that are deleted after users leave an online store and close their browsers. With such cookies, for example, the content of a shopping basket can be stored in an online shop or a login bottleneck. However, other cookies are referred to as “permanent” or “persistent” and remain stored even after the browser is closed. For example, users’ login status can be saved when they visit a shop after several days. Likewise, permanent cookies can measure the “range” of a website (where the users are geographically located) or information on the users’ interests. This information is used for marketing purposes. “Third-party cookies” are cookies that are offered by the original providers (who operate the online store or website) to other parties. (If the original provider is the one using the cookies, they are often called “first-party cookies”). It is useful to know the above terms so that you understand our cookie policies and data protection agreement. If, as a AiOEX GmbH customer or as a visitor to our websites or interfaces, you do not wish cookies to be stored on your computer, we ask you to deactivate the corresponding option in the system settings of your browser. You can also delete stored cookies in the system settings of your browser. However, if you do these things, it will likely lead to problems when you try to use AiOEX GmbH websites and interfaces. If you would like to “opt out” of the use of cookies for online marketing and tracking purposes, you may be interested these two sites to help you:
1) the US site http://www.aboutads.info/choices/
2) the EU site http://www.youronlinechoices.com/.
Furthermore, you can deactivate cookies from being stored on your computer or device by changing your browser settings. However, if you do this, it will likely lead to problems when you try to use AiOEX GmbH websites, interfaces, and features on the interfaces.

Social media data

YouTube

We integrate videos from the YouTube platform provided by Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated. The legal basis for this data processing is Art. 6 (1) lit. f GDPR.

We have included warning messages before loading the Youtube files on the page and the Youtube videos will only be available when you click on the respective area.

Online presence on social media

We maintain online presence on social networks and platforms in order to communicate with our customers, interested parties, and users and to inform them about our services. We use Facebook, Twitter, and Instagram, among others. When visiting each of these platforms, you as a user agree to the terms and conditions and the data processing guidelines of the corresponding operator.

Unless stated otherwise in our data privacy notice, we process user data if users communicate with us on these social networks and platforms, e.g. publish posts on our pages or send us messages.

We at MySecure.Space process users’ data only when it is in the customer’s legitimate interest for us to do so in accordance with Art. 6, (1) lit. b GDPR. As a company, we have a legal right to obtain general customer information to use in customer accounts. We also use customers’ data for communication purposes. If any of the providers below request users for consent for processing their data, the legal basis for data processing is Art. 6 para. 1 lit. a. GDPR.

For detailed information about the data processing operations of the providers below, as well as their opt-out options, please check the links that we have listed below.

• Facebook:
  Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland, Joint Data Processing Agreement Data privacy agreement: https://www.facebook.com/about/privacy/ Opt-out: https://www.facebook.com/settings?tab=ads. Facebook has committed itself to adhering to EU data protection laws in compliance with the Privacy Shield Framework: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
• Twitter:
  Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Data protection policy: https://twitter.com/de/privacy Opt-out: https://twitter.com/personalization Twitter has committed itself to adhering to EU data protection laws in compliance with the Privacy Shield Framework: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
• Instagram:
  Provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA Data protection policy & opt-out: http://instagram.com/about/legal/privacy/.

Google Universal Analytics

Although analytics is one of the most important part of our business however, due the weak privacy practices of Google, we have not integrated (and we are not using) the Google analytics service.

Chat Support System

For the chat-support system we are using an open-source project called “ChatWoot”. To respect our users privacy and also  to be in accordance with the GDPR data protection law, we host ChatWoot on our own servers located in Germany. Therefore, your data is not transferred out of our network.

Your rights as a “data subject”

You have the right to information about your personal data that we process. If you do not make requests for information in writing, please bear in mind that we might ask you to provide proof that you who you claim to be. Furthermore, you have a right to rectification or deletion or restriction of processing, as it is applicable to you under the law. Furthermore, in accordance with legal requirements, you have the right to object to us processing your data. You also have the right of data portability.

Right to lodge a complaint

You have the right to lodge a complaint about the processing of your personal data by us to a supervisory authority for data protection.

 

Voluntary nature of data provision

There is no statutory obligation for you to provide your data to MySecure Space GmbH. However, you cannot use some of our services if you do not provide your data to us. Your decision to provide us with your personal data is completely voluntary.

Google Maps:

To protect the privacy of our customers, we are not using Google Maps service in our services.

 

No-Tracker Policy:

We are not in the data-business. Therefore, we do not and will not have any contract with any third-party company to track our users by placing trackers in our website or our services.