(hereafter “onebytezero”, “we” or “us”)
Due to the General Data Protection Regulation (GDPR) of the European Union becoming effective on May 25, 2018, we inform you with the following statement about which personal data is collected, processed, used and protected by us.
1/ (General) data collection and data processing during your visit to our website and use of our services
In the case of internet access to our website or our services, your internet browser automatically supplies data, such as the URL of the referring web page, browser type, browser version, date and time of your access, amount of data sent, your IP address, the file you requested and other similar data and information to our web server.
When using this general data and information, we draw no conclusions about the person involved with this access. Rather, this information is needed to (1) correctly deliver the contents of our website, (2) to optimize the contents of our website, (3) to ensure the continued functioning of our information technology systems and the technology of our website, and (4) to provide the information necessary for prosecution to law enforcement agencies in the case of a cyberattack. This anonymously collected data is statistically evaluated and used to improve data protection and data security and in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.
2/ Contact possibility
Due to legal regulations, our website contains information that enables quick electronic contact to our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If you contact us by e-mail or via a contact form, the personal data you provide (such as personal data and contact details) will be automatically saved. Such personal data transmitted by you to us on a voluntary basis will be stored to process your request or to contact you.
3/ Live Chat
By using cookies the information and offers on our website can be optimized for the user. Cookies allow us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of an internet page using cookies does not have to re-enter his credentials every time he visits the internet site because this is done by the cookie and the cookie stored on the user’s computer system.
You can prevent the setting of cookies through our website at any time by means of an appropriate setting of the Internet browser used and thus permanently deny the use and storage of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
5/ Use of Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). We have concluded an appropriate contract data processing contract with the provider.
The relationship with the web analytics provider is based on the European Union’s Privacy Shield Agreement with the United States. Google has been licensed under the Privacy Shield Framework since September 2017. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You can prevent this by setting up your browser so that no cookies are stored.
The data processing takes place on the basis of the legal regulations of the § 96 Abs 3 TKG as well as the art 6 Abs 1 a) (consent) and/or f (legitimate interest) of the GDPR.
Our concern in the sense of the GDPR (legitimate interest) is the improvement of our offer and our website. Since the privacy of our users is important to us, the user data is pseudonymized.
By activating IP anonymization on this website, however, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The pseudonymized IP address provided by Google Analytics within the scope of Google Analytics will not be merged with other data provided by Google.
You can prevent the storage of cookies by setting your browser software accordingly; however, please note that in this case, you may not be able to use all the functions of this website to the full extent. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by using the link below -able browser plugin download and install http://tools.google.com/dlpage/gaoptout?hl=de.
6/ Use of the Facebook Pixel
The Site uses the Facebook Pixel service of Facebook Inc. (“Facebook”). The service allows us to follow the actions of users after they are redirected by clicking on a Facebook advertisement. We are thus able to record the efficacy of Facebook advertisements for statistical and market research purposes. The collected data are saved and processed by Facebook. Facebook is able to connect the data with your Facebook account and use the data for their own advertising purposes. For more information regarding Facebook Conversion Tracking, please visit Facebook’s website, and pages that describe Facebook Conversion Tracking and Custom Audience Pixels, such as www.facebook.com, where you can also revoke permission for this service.
7/ Use of Google AdWords Retargeting-Technology
We use Google AdWords Remarketing technology to to provide relevant and targeted advertisements through retargeting.AdWords remarketing will display relevant ads tailored to you based on what parts of the our website you have viewed by placing a cookie on your computer or device. Google AdWords Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you. If you do not wish to participate in our Google AdWords Remarketing, you can opt out by visiting Google’s Ads Preferences Manager www.google.com
8/ Subscription to our newsletter
On our website and through our services, users are given the opportunity to subscribe to our newsletter. When ordering the newsletter via our website, the e-mail address, first name and last name are sent to us.
We inform our customers at regular intervals by means of a newsletter about offers of the company. The newsletter of our company can only be received by you if (1) you have a valid e-mail address and (2) you have registered for receiving the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address registered by you for the newsletter dispatch in a double-opt-in procedure. This confirmation email is used to check whether the owner of the e-mail address originally authorized the receipt of the newsletter.
When subscribing to the newsletter, we also store the IP address of the computer system used by the person at the time of registration as assigned by the Internet Service Provider (ISP), as well as the date and time of registration. The collection of this data is necessary in order to be able to understand the (possible) misuse of the data subject’s e-mail address at a later date and therefore serves as a legal safeguard for the data controller.
The personal data collected in the context of registering for the newsletter will be used exclusively to send our newsletter. In addition, subscribers of the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service. There is no transfer of the personal data collected in the context of the newsletter service to third parties. Subscription to our newsletter may be terminated by you at any time. The consent to the storage of personal data, which you have given us for the newsletter, can be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in each newsletter. It is also possible to unsubscribe from the newsletter at any time in our mobile application in the menu item “Account” or by informing us in a different way.
9/ YouTube embeddings
There are embeddings of YouTube videos on our website that have an enhanced privacy mode enabled, so YouTube does not store information about visitors to our website unless the visitor watches a video. If you would like to view the videos from us via a link on our website, a connection to the servers of YouTube (Google Inc.) will be established and shared with the servers which page of our website you visited. If you are logged in to your YouTube account at the same time, YouTube can direct your surfing behavior to your personal profile. By activating one of the YouTube videos youtube.com and doubleclick.net will create different cookies for the collection of user preferences, advertising etc. Additional privacy information is available directly on the YouTube website.
10/ Registration for our services
Parts and basic functions of our services can be used without registering with an e-mail address. In these cases, only the entry of a first name is required. If you do not specify an e-mail address, an anonymous user account will be created and processed by us. At any time you have the opportunity to register with an e-mail address and password. To complete the registration, we will send you an e-mail confirming your address. In this case, the e-mail address will be used to send you important information about your account. This includes actions such as forgot password and expiration of purchased subscriptions. An automatic registration for our newsletter does not take place.
By submitting the e-mail address, the user agrees that we will inform him about specific activities on our IT platform, such as the resetting of a password or the expiration of a subscription, via this e-mail address.
11/ Processing data connected to your goals
When using our services, users me be able to create individual goals. To provide our reminder services, automated coaching messages and to calculate your progress we automatically process all data connected to this goal on our servers and on client devices. This includes, but is not limited to, the type of goal, length of goal duration and individual activities connected to this goal.
12/ Access control and request limits
When you use our services, in addition to the goal data you supply, we also record information about the frequency of your access and important changes to your user account. This data is used to monitor, for example, brute force attacks, DoS attacks and to enforce rate limits we set for API access. Important changes to your account include, but are not limited to, changing the email address, changing the password, and registering for the newsletter.
13/ Use of reminders, chat messages & community news via push notifications
If you use the reminder feature of our services, you want to be notified about new chat messages, or you want to receive community news, you must agree to the use of push messages. For this purpose, the application-specific device ID assigned by your device is transmitted to us and processed. You can revoke this consent at any time in the account settings.
14/ Participation in chats & other communication channels
As part of our range of services, users of our services have the opportunity to communicate with each other via our IT platform, sharing their questions and experience, and motivating each other.
The communication on our IT platform aims to support each other and to receive concrete suggestions on various topics around our range of services. Communication within our services is visible to all users and therefore publicly available. What is posted and published on the public part of our services can be viewed by all participants using the service or chat.
When using our services and the communication channels within them, we will process your name and, if provided by you, your profile picture; the name and the profile picture appear with all publications of the respective person and are visible to all participants.
If you make personal information “public” on our services to other users or us, you agree that your personal information will be stored, disclosed and used. This includes any personal information that you provide to us voluntarily and that is considered sensitive under applicable law.
15/ Participation in challenges
You can participate in challenges through our services. All participants of a challenge work on the same goal given by the provider of the challenge. By participating in a challenge, your name, profile picture, and individual progress will be posted within this challenge and made available to users of our services. Your performance, calculated on the basis of your target achievement rate, will be listed in a publicly accessible leaderboard.
16/ Participation in groups
You can join groups through our services. All participants in a group can publish their individual goals within the group. By participating in a group, the name, profile picture, shared goals including name, comments and progress are published and made available to users of our services and the group.
17/ Participation in coaching
You can connect to a coach through our services. By accepting an invitation, your name and profile picture will be shared with the coach. In addition, you allow the creation, editing and monitoring of goals for you by this coach. As part of a coaching relationship, you can also be assigned to a group or challenge. Within this group or challenge, your name, profile picture, and shared goals, including name, comments, and progress, will be published and made available to users of our services and the group. You can revoke a coaching relationship at any time.
18/ Purposes of data processing
We will process your personal information for the following purposes:
- to make this website available to you and to further improve and develop this website;
- to provide you with our services and to further improve and develop these services
- to respond to your request;
- to enable you to communicate with other users within our services;
- to be able to handle any existing contractual relationship with you;
- to send you our newsletter – if you have subscribed to it.
Your personal data is provided voluntarily or might be required to execute a respective contractual relationship (use of our services, etc.). We collect your personal data only to the extent necessary for the use of our services. If you do not provide us with your personal data, we can not offer you our services (in full) or enter into any contractual relationship with you.
19/ Legal basis of data processing
Article 6 (1) (a) GDPR serves our company as the legal basis for data processing
operations, in which we obtain consent for a specific processing purpose.
Is the processing of personal data necessary to fulfill a contract of which you are a party, as is the case, for example, in data processing operations that are required for the provision of a service (settlement of a purchase contract for goods offered by us, participation in a contract, or use of our services), the processing is based on Art 6 para 1 lit b GDPR. The same applies to data processing operations that are necessary to carry out pre-contractual measures, such as in cases of inquiries about our products or services offered by us.
If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Article 6 (a) (c) GDPR.
In the end, processing operations could be based on Art. 6 para 1 lit. f GDPR. On this legal basis, data processing operations that are not covered by any of the above legal bases are required if the processing is necessary to safeguard a legitimate interest of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the data subject prevail. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. In that regard, it is considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, second sentence, GDPR). The transmission of direct mail to our customers is based on this legal basis.
20/ Withdrawl of granted consent
You are entitled to withdraw your consent to data processing at any time; the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
21/ Transmission of your personal data
For the above purposes, we will transfer your personal data to IT service providers and service providers we use. Some recipients are located outside your country or process your personal information there. The data protection level in other countries may not be the same as your country’s. Your personal information obtained when you use our services will be transferred to and stored in the United States. We base ourselves on the legal transfer of personal data to different legal bases, including the EU-US Privacy Shield and, if applicable, the model contract clauses approved by the EU Commission.
In addition, we are entitled to disclose your personal information if we believe it is appropriate and necessary to comply with laws, regulations and legal procedures or comply with regulatory requests to protect the safety of individuals, to counter fraud, or to resolve security or technology issues or to protect our rights and property or the rights and property of users of our services.
22/ Duration of storage
Usage data, as well as personal data disclosed by users of our services on our IT platform, is stored by us for the duration of the use of the respective services. The personal master data and contact details of our customers will be stored for a period of 7 years after termination of the respective contractual relationship. General non-personal information collected during the visit to our website will be stored for a period of 14 months. A longer storage period will only be used if necessary to investigate detected attacks on our website.
23/ Your rights in connection with personal data
You are, among other things, entitled (under the conditions of applicable law),
- to check if and what personal data we have stored and to obtain copies of this data;
- to request the correction, addition or deletion of your personal data that is incorrect or improperly processed;
- to require us to limit the processing of your personal data, and
- in certain circumstances, to object to the processing of your personal data or to withdraw the prior consent for processing;
- to require data portability;
- to know the identity of third parties to whom your personal data is transmitted to and
- to file a complaint with the responsible authority.
24/ Our contact information
If you have any questions or concerns regarding the processing of your personal data, please contact us:
Villefortgasse 13, A-8010 Graz