Data protection notice pursuant to EU Regulation No. 679/2016
The purpose of this notice is to provide information on the methods, scope and purposes of the processing of personal data by Hannes Gasteiger, in compliance with EU Regulation no. 679/2016 (hereinafter GDPR).
The Data Controller is Hannes Gasteiger, with registered offices in Gasteig, in the person of their legal representative Hannes Gasteiger, contact details: Lichtung Woldererhof, Gasteig, Mühlbachlweg 13, 39040 Racines (BZ) | South Tyrol – Italy.
The Data Protection Officer, Hannes Gasteiger, may be contacted either by registered letter or e-mail at the following addresses: Lichtung Woldererhof, Gasteig, Mühlbachlweg 13, 39040 Racines (BZ) | South Tyrol – Italy or firstname.lastname@example.org.
Data Subjects and type of personal data processed:
Hannes Gasteiger processes the personal data of customers, suppliers and persons who voluntarily provide their data personally (whether by telephone, fax or e-mail) and/or by registering on our website, as well as persons whose data have been shared by third parties, for example in public registers and directories, etc. In the case of third parties, processing is limited to basic personal data.
Purpose of data processing:
Personal data are processed exclusively for the following purposes:
1. fulfilment of legal obligations, including tax and accounting requirements
2. execution of a contract
3. activities related to the company’s business, like internal statistics, invoicing and accounting
5. sending newsletters
6. internal statistics
Lawful bases for data processing:
processed in compliance with the applicable law and based on the
following grounds, in accordance with Art. 6 and 7 of the GDPR:
– contract execution, i.e. providing the services required, fulfilling contractual requirements, answering enquiries
– compliance with legal obligations
– pursuing the Company’s legitimate interests
– consent provided by the Data Subject
Methods of data processing:
Data may be processed
with or without the aid of electronic or automated means. Data
processing activities may include the collection, storage, organisation,
filing, consultation, processing in the strict sense of the term, and
modification, selection, extraction, comparison, use, linking, blocking,
transmission and deletion of data.
Data processing is carried out by
the Data Controller as well as by Data Processors and third parties who
may have been entrusted by the Data Controller with processing data for
the purposes outlined in paragraph 3 or in cases where this is required
by law. The Data Controller guarantees that any Processors and third
parties that have been granted access to the personal data also process
them in accordance with the GDPR.
If necessary for the activities and
purposes outlined in paragraph 3, the data will be shared with domestic
and/or foreign natural and/or legal persons. With the exception of
these cases, personal data are not disseminated.
Data are processed using the following methods:
registration, personal data are collected and processed to create a
user account. During registration and login to the user’s account, their
IP address and access times are tracked.
These data will be deleted
as soon as the user’s account is deleted, except in cases where storage
is required for tax or accounting purposes.
When the user contacts the Company via a
contact form, e-mail or social media, their personal data are processed
to reply to enquiries or provide the services they require. In these
cases, the data collected may be stored in a customer relationship
management system or similar systems.
Enquiries are deleted as soon
as no longer necessary, unless the relevant data are required for
compliance with legal obligations.
Google Tag Manager
This website uses Google Tag
Manager, a tag management interface that enables Google marketing
services to be integrated into our online offer. The Tag Manager itself
does not process any personal data; for further information please refer
to the Google Tag Manager use policy:
This website uses analytics
tools provided by Google Inc. for marketing and optimisation purposes.
computer that help us analyse how our website is being used. Data are
collected, transferred to a Google server in the USA and stored there in
anonymous form. The IP address transmitted by the Data Subject’s
browser within the scope of Google Analytics will not be associated with
other Google data. In addition, the “anonymizeIP” function is
integrated into the code, which guarantees that the IP address is
masked; all data are therefore collected anonymously. Only in
exceptional cases may the full IP address be transmitted to a Google
server in the USA and shortened there for anonymisation. The data
collected are not used to personally identify the visitor to this
website; the user remains anonymous and no data are shared with third
parties. Google uses this information to create various reports on
website activity on behalf of the website administrator.
respect, Data Subjects have the right to withdraw their consent at any
time by installing the opt-out browser add-on, available at:
Google Adwords and Conversion measurement
provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA
94043, USA are incorporated into this website, including Google Adwords,
an online marketing tool. Google is certified under the Privacy Shield
Agreement and guarantees compliance with European data protection laws.
Google Adwords is used to place ads on the Google Advertising Network to
be displayed to users who are likely to be interested. This allows for
more targeted advertising of the contents of and within this website,
with users being presented only with ads that potentially correspond to
their interests. On websites belonging to the Google Advertising
Network, Google directly executes a code that integrates so-called
marketing tags into the website, downloading an individual cookie on the
user’s device. The cookie tracks which websites the user visits, which
contents he/she is interested in, as well as technical information about
the browser, operating system and time of visit to the website. Google
also uses conversion cookies to generate statistics that count the total
number of users who have viewed the ad. However, users themselves are
not personally identifiable, as Google only processes cookie-related
data within anonymous user profiles unless a user expressly consents to
Google processing their data without anonymisation. For further
We have integrated a Twitter widget into
our customer management system so that the tweets from our account are
displayed directly on our website. Through this connection, log data are
transmitted to Twitter and a cookie is set on the user’s computer.
After a maximum of ten days, Twitter will begin deleting, anonymising or
aggregating the collected data. For more information, please refer to
This website integrates plug-ins from
the social network Facebook, 1601 South California Avenue, Palo Alto, CA
94304, USA. The plug-ins are recognisable by the Facebook logo or
“Like” button and establish a direct connection between the user’s
browser and the Facebook server. Facebook receives the information that
the user has visited this website and makes it possible to link the
contents of the website to the user’s Facebook profile through the
“Like” button. For more information, please refer to the Facebook
This website uses social plug-ins
provided by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA.
Recognisable by the Instagram logo, the plug-ins establish a direct
connection between the user’s browser and the Instagram server located
in the United States, so that Instagram receives information that the
user has visited the relevant page. If the user is logged into the
social network, Instagram can directly associate the data with the
respective account. For further information, please refer to the
Instagram data policy
Presence on social media
Hannes Gasteiger maintains an online presence within various social networks and platforms to communicate with customers, users and anyone interested and inform them about its services. In this context, the data protection policies of each respective social network apply.
Transfer of data for domain registration
registration requires that personal data be transmitted to the relevant
national or international registrars. In this respect, we only transmit
the minimum amount of data required. Users may view and consult the data
provided to the registrars if they so wish. The registries prohibit the
use of personal data for commercial or abusive purposes.
Transfer of data to certification purposes
data are transferred to the competent authority for the issuance of an
SSL certificate. In this respect, we only transmit the minimum amount of
data required. The Data Subject consents to his/her data being
automatically transferred to the authority for the purposes of
Business analyses and market research
website carries out analysis and profiling activities using personal
data to identify current market trends and meet the wishes of users and
clients. The data processed for these purposes include contact details,
contract and invoicing data, payment data and usage data, as well as
metadata of contractual partners, interested parties, customers and
visitors to our website. Analysis of these data serves to increase
user-friendliness, optimise our offer and increase efficiency; the data
collected will not be disclosed to third parties.
When you visit this website, session
cookies are generated that are only stored for the duration of your
visit. These cookies are not shared across domains nor used to track
Provision of personal data and refusal
provision of personal data is optional but strictly necessary for the
purposes listed in paragraph 3; failing to provide the data requested
will result in the impossibility to perform the said activities.
Storage of personal data
Unless expressly stated
otherwise in this notice, processed data will be deleted as soon as they
are no longer required for the purposes outlined in paragraph 3,
provided that storage is not or no longer required by law. As a general
rule, personal data will not be kept for longer than two years.
deletion is not possible for legal reasons, data processing will be
restricted, i.e. the data will be blocked and not used for any other
Rights of Data Subjects:
Pursuant to the GDPR, Data Subjects have the following rights:
1. The right to access their personal data that the Data Controller
stores about them, to demand the erasure or rectification of data and
the restriction of processing as well as the right to object to
2. The right to data portability, i.e. to receive their
own data from the Data Controller in a structured and comprehensible
format, and to request the transmission of data to another Controller;
The right to revoke their consent to the processing of data at any time
provided that the lawful basis of the processing is the Data Subject’s
consent, without prejudice to the legitimacy of data processing carried
out on the basis of consent until the time of revocation;
4. The right to file a complaint with the competent Supervisory Authority.
To exercise these rights, Data Subjects may send a request by certified e-mail to the following e-mail address email@example.com or by registered letter with acknowledgement of receipt to: Lichtung Woldererhof, Gasteig, Mühlbachlweg 13, 39040 Racines (BZ) | South Tyrol – Italy.