All references to the gender of persons are intended to be gender neutral and are used solely for easier readability.
1 Data Controller for data processing
The Data Controller pursuant to Art. 4 (7) General Data Protection Regulation (GDPR) is
Ithuba Capital AG
Stallburggasse 4, A-1010 Vienna
Tel.: +43 1 512 38 83 – 0
Fax: +43 1 512 38 83 – 300
E-mail: office@ithubacapital.com
The company has voluntarily appointed a data protection officer. That person may be reached at datenschutz@ithubacapital.com.
2 Processing of data of potential customers, customers, suppliers and business associates
We store data that potential customers, customers, suppliers or business associates provide to us through their own communications, for example in the context of an enquiry by e-mail or by concluding a contract or establishing a business relationship. This includes, for example, data such as gender, title, first name and surname, first name and surname of employees, address and e-mail address, telephone number, fax number, bank details, contract data.
We will only pass on personal data to third parties where this is necessary for purposes of processing the contract or where it is required by legal regulations or, in addition, only on the basis of the Data Subject’s consent. We have concluded legally compliant data processing agreements with all third parties, wherever necessary.
We will erase the data as soon as storage of the data is no longer required or where legal retention obligations, such as obligations to keep sales tax records, have lapsed. If the basis of the processing is the Data Subject’s consent, we will restrict our processing or erase the data upon the withdrawal of that consent, unless there are legal provisions mandating to the contrary.
When you contact us by e-mail, we will store the data you provide in order to respond to your queries. We erase the data we gather in this context after the storage is no longer necessary or we will restrict the processing thereof if retention obligations apply.
The legal basis for data processing is
- contract initiation and performance pursuant to Art. 6 (1) (b) GDPR, in order to be in a position to respond to your enquiries to your fullest satisfaction.
- legal obligations under Art. 6 (1) (c) GDPR, which we must comply with, such as legally required storage and documentation obligations.
- legitimate interests of our company pursuant to Art. 6 (1) (f) GDPR.
- Art. 6 (1) (a) GDPR, where we have obtained consent.
3 Processing of personal data in cases involving applications
3.1 Job applicants
3.1.1 Generally
If you send your application documents to us, we will process your personal data contained therein as well as your CV and references for purposes of personnel selection in order to fill the position. In the event of rejection, we will erase your documents 7 months after sending the rejection letter to you.
Legal basis: Art. 6 (1) (b) GDPR
Should you consent to our retaining your application on record in order to contact you at a later date, we will approach you with a separate request to transmit your consent to us. If you explicitly give us your consent, we will store that declaration of consent. If there is no further opportunity to fill a position within our organisation within one year, we will erase all of your applicant data one year after your consent was transmitted to us.
Legal basis: Art. 6 (1) (a) GDPR
3.1.2 Application platform
We also use application platforms to recruit employees for our company, for example currently karriere.at. Individuals interested in working for us can apply directly on these application portals, using a form provided by the operator of that platform. Applicants themselves decide which data to provide when using such an online portal. They also have the option of uploading application documents. Personal data entered and documents uploaded are forwarded to us by the operator of the application portal. Both the application platform and our company will process this data as the Data Controller within the meaning of the GDPR. Please refer to the data protection statements/privacy statements of the respective portal operators. Sec. 3.3.1 applies to us in this context.
For further information, please refer to the privacy policy of karriere.at
https://www.karriere.at/datenschutzerklaerung
Legal basis: Art. 6 (1) (b) GDPR
4 Collection of your personal data when you visit our website
4.1 Informational use of the website
In cases in which your use of our website is merely for informational purposes, we will only collect such personal data as your browser transmits to our server. If you wish to view our website, we will collect at most such data as are technically necessary to enable us to display our website to you and to ensure its stability and security:
- IP address
- Date and time of request
- Time zone difference to Coordinated Universal Time (UTC)
- Content of the request (specific page)
- Access status/HTTP status code
- Website from which the request originated
- Browser
- Operating system and its interface
- Language and version of your browser software
Legal basis: Art. 6 (1) (f) GDPR
4.2 Cookies
In addition to the previously referenced data, cookies will be stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and are assigned to the browser you are using and by which the entity setting the cookie (in this case: us) receives certain information. Cookies cannot execute programs or transfer viruses to your computer.
A cookie allows you to be recognised when you visit our website without having to re-enter data you have already entered previously.
The information contained in the cookies is used, for example, to determine whether you are logged in or what data you have already entered, or to recognise you as a user when a link is established between our website server and your browser. Cookies are automatically accepted by most web browsers.
By using our website, you agree to the use of such cookies, to the extent that cookies are accepted based on your browser settings.
4.2.1 Transient cookies
Transient cookies are automatically deleted when you close your browser. These include session cookies. They store a so-called session-ID, by which various requests by your browser can be assigned to the common session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
4.2.2 Persistent cookies
Persistent cookies are deleted automatically after a specific period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
4.2.3 Third-party cookies
These originate from providers other than the website operator. They may, for example, be used to collect information for advertising, custom content and web statistics.
4.2.4 Browsers
Most browsers are set by default to accept all cookies. You may set your browser so that you are informed about the setting of cookies and individual cases, you may refuse to accept cookies for certain cases or in general, and you may activate the automatic deletion of cookies when closing your browser. If cookies are deactivated, the functionality of our website may be limited.
You can remove cookies stored on your PC at any time by deleting the temporary Internet files.
Legal basis: Art. 6 (1) (f) GDPR (for technical cookies), Art. 6 (1) (a) (for all other cookies)
5. Data use for Google services
We have entered into a contract with Google Ireland Limited (“Google”), a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. However, it is possible that data will be transferred from Europe to the United States, a matter over which we as a company have no control.
With regard to the United States, there is currently no adequacy decision by the EU Commission within the meaning of Art. 45 (1) (3) of the General Data Protection Regulation (GDPR). This means that EU Commission has not positively determined that the country-specific data protection level of this country corresponds to that of the European Union, based on the GDPR (Article 46, appropriate safeguards).
The GDPR requires so-called appropriate safeguards for a data transfer to a third country or to an international organisation, Art. 46 GDPR. Such safeguards do not exist for the above-referenced country of destination.
Possible risks that cannot be excluded for you as a Data Subject in connection with the above-referenced information include, in particular:
- Your personal data could possibly be passed on to other parties (e.g. US authorities) by Google USA, beyond the actual purpose of performing the contract.
- You may not be able to assert or enforce your rights to access information against Google USA.
- There may be a greater probability that incorrect data processing may occur, as the technical organisational measures for the protection of personal data do not fully comply with the requirements of the GDPR in terms of quantity and quality.
With your consent to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of your data to the United States. You can remove cookies stored on your PC yourself at any time by deleting the temporary Internet files.
Legal basis: Art. 6 (1) (a) GDPR
5.1 Google Analytics
This website uses the function “Activation of IP anonymisation” (i.e. Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure anonymised collection of IP addresses (so-called IP masking). This means that your IP address will be truncated beforehand by Google within Member States of the European Union or other Contracting States of the Treaty on the European Economic Area. Only in exceptional cases will your full IP address be transmitted to a Google server in the United States and truncated there.
According to Google, Google will use the information obtained for purposes of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and Internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. However, Google may transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. You can prevent the storage of cookies by selecting the appropriate settings in your browser software. However, we would like to point out that, in this case, you may not be able to use all of the functions of these websites to their full extent. You can also prevent collection of data generated by the cookie and related to your use of the websites (including your anonymised IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de).
For more information on the terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html or
https://support.google.com/analytics/answer/6004245?hl=de.
5.2 Google Tag Managers
In order to facilitate recognition of your user behaviour, we use so-called Google Tag Managers. The Google Tag Manager is a solution allowing marketers to manage website tags through a single interface. The tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool takes care of generating other tags, which may in turn collect data. Google Tag Manager does not access this data. If deactivation has occurred at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.
More detailed information is available here:
https://www.google.com/intl/de/tagmanager/faq.html.
Legal basis: Art. 6 (1) (a) GDPR
6 Server logfiles
In order to optimise this website in terms of system performance, user-friendliness and provision of useful information about our services, the provider of the website automatically collects and stores information in so-called server logfiles, which your browser automatically transmits to us. These include the Internet protocol address (IP address) of the requesting computer (including mobile devices), browser and language settings, operating system, referrer URL, your Internet service provider and the date/time.
We do not merge this data with personal data sources. We reserve the right to retrospectively examine this data if we become aware of specific indications of unlawful use, and to pass it on to the law enforcement authorities if a hacker attack has taken place. There will be no further disclosure to any other third parties.
Legal basis: Art. 6 (1) (f) GDPR
7 Content Delivery Network from Cloudflare
Our website uses a so-called “Content Delivery Network” (CDN) from the company Cloudflare Inc., 101 Townsend Street, San Francisco, CA 94107, USA.
With regard to the United States, there is currently no adequacy decision by the EU Commission within the meaning of Art. 45 (1) (3) of the General Data Protection Regulation (GDPR). This means that the EU Commission has not positively determined that the country-specific data protection level of this country corresponds to that of the European Union, based on the GDPR (Article 46, appropriate safeguards).
The GDPR requires so-called appropriate safeguards for a data transfer to a third country or to an international organisation, Art. 46 GDPR. Such safeguards do not exist for the above-referenced country of destination.
Possible risks that cannot be excluded for you as a Data Subject in connection with the above-referenced information include, in particular:
- Your personal data could possibly be passed on to other parties (e.g. US authorities) by Google USA, beyond the actual purpose of performing the contract.
- You may not be able to assert or enforce your rights to access information against Google USA.
- There may be a greater probability that incorrect data processing may occur, as the technical organisational measures for the protection of personal data do not fully comply with the requirements of the GDPR in terms of quantity and quality.
By granting your consent to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of your data to the United States. You can remove cookies stored on your PC at any time by deleting the temporary Internet files.
For more information, please see Cloudflare’s privacy policy:
https://www.cloudflare.com/security-policy.
Legal basis: Art. 6 (1) (a) GDPR
8 Your rights
You have the following rights vis-à-vis us regarding the personal data concerning you:
- Right to access information, right to request rectification and erasure
- Right to restrict processing
- Right to object to processing
- Right of data portability
Please address your enquiries and requests by e-mail to datenschutz@ithubacapital.com or contact us by using the contact details provided.
If you believe that we have violated Austrian or European data protection law in our processing of your data and thereby violated your rights, we would request that you contact us to resolve any issues.
You also have the right to complain to the supervisory authority, which is the Austrian Data Protection Authority:
Austrian Data Protection Authority, Barichgasse 40 – 42, 1030 Vienna, telephone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
9 Amendments to this Privacy Policy
We reserve the right to make amendments to our Privacy Policy from time to time. All amendments to our Privacy Policy will be published by us on this website. In this regard, please refer to the current version of our Privacy Policy.
10 Disclaimer
Ithuba Capital AG accepts no responsibility for the content of external websites to which links are provided. The operators of the linked websites are solely responsible for their content.